Page |1
ITN 262 MIDTERM EXAM 2025 |QUESTIONS
AND CORRECT ANSWERS |ALREADY
GRADED A+ (NEWEST!!!)
Supervisory control and data acquisition (SCADA) devices are most often associated with: - ANS✓✓ Utilities
What is a worm? - ANS✓✓ Malware
True or False? Botnets can (often) perform distributed denial of service (DDoS) attacks in which thousands of
individual computers send overwhelming amounts of traffic at a victim's computer.
True
False - ANS✓✓ true
Desktop malware may not represent a direct threat to ________- or PLC-based equipment, but practical attacks
exist on these systems.
b) FRA
a) DOS
c) PLC
d) SCADA - ANS✓✓ scada
True or False? In requirement-based security, we identify and prioritize our security needs in a risk assessment
process.
True
False - ANS✓✓ true
Car ignition locks are an example of what type of decision?
c) Rule-based
a) Requirement-based
d) Hunter's dilemma
b) Relativistic-based - ANS✓✓ Rule-based
Both forms of the RMF illustrate a(n) _______ engineering process as a way to plan, design, and build a
complicated system.
a) computer
, Page |2
c) systems
b) security
d) information - ANS✓✓ systems
True or False? The security process and the Information engineering process find their origin in the concept of
Continuous Improvement.
True
False - ANS✓✓ False
True or False? A supervisory control and data acquisition (SCADA) device is a computer that controls motors,
valves, and other devices in industrial applications.
True
False - ANS✓✓ true
A security decision, such as locking your vehicle when not in use, is an example of:
d) None of these is correct.
a) rule-based security.
c) integrity.
b) the hunter's dilemma. - ANS✓✓ rule-based security
Which of the following is an example of a rule-based security decision?
c) Applying "security theater"
d) Trying to outdo a neighbor's security measures
a) Locking a car's ignition
b) Performing a step-by-step security analysis - ANS✓✓ locking a cars ignition
Which of the following is an example of security theater?
a) Locking a car's ignition
b) Installing a fake video camera
c) Trying to outrun a hungry bear
d) Choosing a defense based on a systematic, step-by-step process - ANS✓✓ Installing a fake video camera
True or False? The term "security theater" refers to security measures intended to make potential victims feel
safe and secure without regard to their effectiveness.
, Page |3
True
False - ANS✓✓ true
Risk Management Framework is a way to assess _______________ risks when developing large-scale computer
systems. - ANS✓✓ cybersecurity
True or False? Security Category RMF begins with a high-level estimate of the impact caused by cyber security
failures.
True
False - ANS✓✓ true
True or False? A vulnerability is a weakness in the boundary that protects the assets from the threat agents.
True
False - ANS✓✓ true
True or False? A threat agent is a person who did attack our assets, while an attacker might attack an asset.
True
False - ANS✓✓ false
Which of the following is a person who has learned specific attacks on computer systems and can use those
specific attacks?
a) Cracker
c) Phone phreak
b) Script kiddy
d) Hacker - ANS✓✓ cracker
CIA properties do not include:
c) authentication.
a) confidentiality.
b) integrity.
d) availability. - ANS✓✓ authentication
Which of the following are the CIA properties?
b) Confidentiality
d) Availability
, Page |4
f) Implementation
e) Identity
a) Authentication
c) Integrity - ANS✓✓ Confidentiality
availability
integrity
True or False? A vulnerability is a security measure intended to protect an asset.
True
False - ANS✓✓ false
An attempt by a threat agent to exploit assets without permission is referred to as:
a) an attack.
c) a safeguard.
d) a trade-off.
b) a vulnerability. - ANS✓✓ an attack
An apartment has a large window, which is covered with metal bars to prevent people from going through the
window. When analyzing the apartment's boundary, is the window considered a wall or a doorway?
a) Wall
b) Doorway - ANS✓✓ wall
An apartment has a large window that is provided in part as an emergency exit in case of a fire. The window is
generally left locked, but it may be opened. When analyzing the boundary, is the window considered a wall or a
doorway?
b) Doorway
a) Wall - ANS✓✓ doorway
A __________ is someone who is motivated to attack our assets. - ANS✓✓ threat agent
Alice has performed a security assessment for Acme Widget. The resulting assessment is treated as confidential
and is not shared with Alice's coworkers. Only specific employees are allowed to read it. Which basic security
principle does this illustrate?
b) Least privilege
c) Defense in depth
ITN 262 MIDTERM EXAM 2025 |QUESTIONS
AND CORRECT ANSWERS |ALREADY
GRADED A+ (NEWEST!!!)
Supervisory control and data acquisition (SCADA) devices are most often associated with: - ANS✓✓ Utilities
What is a worm? - ANS✓✓ Malware
True or False? Botnets can (often) perform distributed denial of service (DDoS) attacks in which thousands of
individual computers send overwhelming amounts of traffic at a victim's computer.
True
False - ANS✓✓ true
Desktop malware may not represent a direct threat to ________- or PLC-based equipment, but practical attacks
exist on these systems.
b) FRA
a) DOS
c) PLC
d) SCADA - ANS✓✓ scada
True or False? In requirement-based security, we identify and prioritize our security needs in a risk assessment
process.
True
False - ANS✓✓ true
Car ignition locks are an example of what type of decision?
c) Rule-based
a) Requirement-based
d) Hunter's dilemma
b) Relativistic-based - ANS✓✓ Rule-based
Both forms of the RMF illustrate a(n) _______ engineering process as a way to plan, design, and build a
complicated system.
a) computer
, Page |2
c) systems
b) security
d) information - ANS✓✓ systems
True or False? The security process and the Information engineering process find their origin in the concept of
Continuous Improvement.
True
False - ANS✓✓ False
True or False? A supervisory control and data acquisition (SCADA) device is a computer that controls motors,
valves, and other devices in industrial applications.
True
False - ANS✓✓ true
A security decision, such as locking your vehicle when not in use, is an example of:
d) None of these is correct.
a) rule-based security.
c) integrity.
b) the hunter's dilemma. - ANS✓✓ rule-based security
Which of the following is an example of a rule-based security decision?
c) Applying "security theater"
d) Trying to outdo a neighbor's security measures
a) Locking a car's ignition
b) Performing a step-by-step security analysis - ANS✓✓ locking a cars ignition
Which of the following is an example of security theater?
a) Locking a car's ignition
b) Installing a fake video camera
c) Trying to outrun a hungry bear
d) Choosing a defense based on a systematic, step-by-step process - ANS✓✓ Installing a fake video camera
True or False? The term "security theater" refers to security measures intended to make potential victims feel
safe and secure without regard to their effectiveness.
, Page |3
True
False - ANS✓✓ true
Risk Management Framework is a way to assess _______________ risks when developing large-scale computer
systems. - ANS✓✓ cybersecurity
True or False? Security Category RMF begins with a high-level estimate of the impact caused by cyber security
failures.
True
False - ANS✓✓ true
True or False? A vulnerability is a weakness in the boundary that protects the assets from the threat agents.
True
False - ANS✓✓ true
True or False? A threat agent is a person who did attack our assets, while an attacker might attack an asset.
True
False - ANS✓✓ false
Which of the following is a person who has learned specific attacks on computer systems and can use those
specific attacks?
a) Cracker
c) Phone phreak
b) Script kiddy
d) Hacker - ANS✓✓ cracker
CIA properties do not include:
c) authentication.
a) confidentiality.
b) integrity.
d) availability. - ANS✓✓ authentication
Which of the following are the CIA properties?
b) Confidentiality
d) Availability
, Page |4
f) Implementation
e) Identity
a) Authentication
c) Integrity - ANS✓✓ Confidentiality
availability
integrity
True or False? A vulnerability is a security measure intended to protect an asset.
True
False - ANS✓✓ false
An attempt by a threat agent to exploit assets without permission is referred to as:
a) an attack.
c) a safeguard.
d) a trade-off.
b) a vulnerability. - ANS✓✓ an attack
An apartment has a large window, which is covered with metal bars to prevent people from going through the
window. When analyzing the apartment's boundary, is the window considered a wall or a doorway?
a) Wall
b) Doorway - ANS✓✓ wall
An apartment has a large window that is provided in part as an emergency exit in case of a fire. The window is
generally left locked, but it may be opened. When analyzing the boundary, is the window considered a wall or a
doorway?
b) Doorway
a) Wall - ANS✓✓ doorway
A __________ is someone who is motivated to attack our assets. - ANS✓✓ threat agent
Alice has performed a security assessment for Acme Widget. The resulting assessment is treated as confidential
and is not shared with Alice's coworkers. Only specific employees are allowed to read it. Which basic security
principle does this illustrate?
b) Least privilege
c) Defense in depth
