Chapter 1 Review Questions Solutions
1. Each of the following is a reason why it is difficult to defend against
today’s attackers except _______.
A. complexity of attack tools
B. weak patch distribution
C. greater sophistication of attacks
D. delays in patching hard work software products
2. In a general sense “security” is _______.
A. protection from only direct actions
B. using reverse attack vectors (RAV) for protection
C. only available on hardened computers and systems
D. the necessary steps to protect a person or property from harm
1. _____ ensures that only authorized parties can view the information.
A. Confidentiality
B. Availability
C. Integrity
D. Authorization
2. Each of the following is a successive layer in which information security
is achieved except _______.
A. products
B. purposes
C. procedures
D. people
3. By definition a(n) _____ is a person or thing that has the power to carry
out a threat.
,A. vulnerability
B. exploit
C. threat agent
D. risk
4. _____ ensures that the individual is who they claim to be.
A. Authentication
B. Accounting
C. Access control
D. Certification
5. Each of the following is a goal of information security except _______.
A. Foil cyberterrorism
B. Avoid legal consequences
C. Decrease user productivity
D. Prevent data theft
6. The _____ requires that enterprises must guard protected health
information and implement policies and procedures to safeguard it.
A. Hospital Protection and Insurance Association Agreement (HPIAA)
B. Sarbanes-Oxley Act (Sarbox)
C. Gramm-Leach-Bliley Act (GLBA)
D. Health Insurance Portability and Accountability Act (HIPAA)
7. Utility companies, telecommunications, and financial services are
considered prime targets of _____ because attackers can significantly
disrupt business and personal activities by destroying a few targets.
A. white hat hackers
B. script kiddies
C. computer spies
,D. cyberterrorists
8. After an attacker probed a network for information the next step is to
_______.
A. penetrate any defenses
B. paralyze networks and devices
C. circulate to other systems
D. modify security settings
9. An organization that purchased security products from different vendors is
demonstrating which security principle?
A. obscurity
B. diversity
C. limiting
D. layering
10. Each of the following can be classified as an “insider” except _______.
A. business partners
B. contractors
C. cybercriminals
D. employees
11. _____ are a network of attackers, identity thieves, and financial
fraudsters.
A. Script kiddies
B. Hackers
C. Cybercriminals
D. Spies
12. Each of the following is a characteristic of cybercriminals except
_______.
A. better funded
, B. less risk-averse
C. low motivation
D. more tenacious
13. Each of the following is a characteristic of cybercrime except
A. targeted attacks against financial networks
B. exclusive use of worms and viruses
C. unauthorized access to information
D. theft of personal information
14. An example of a(n) _____ is a software defect in an operating system that
allows an unauthorized user to gain access to a computer without a
password.
A. threat agent
B. threat
C. vulnerability
D. asset exploit (AE)
15. _____ requires banks and financial institutions to alert customers of their
policies and practices in disclosing customer information and to protect all
electronic and paper containing personally identifiable financial
information.
A. California Savings and Loan Security Act (CS&LSA)
B. Gramm-Leach-Bliley Act (GLBA)
C. USA Patriot Act
D. Sarbanes-Oxley Act (Sarbox)
16. The term _____ is sometimes used to identify anyone who illegally breaks
into a computer system.
A. hacker
B. cyberterrorist
C. Internet Exploiter
1. Each of the following is a reason why it is difficult to defend against
today’s attackers except _______.
A. complexity of attack tools
B. weak patch distribution
C. greater sophistication of attacks
D. delays in patching hard work software products
2. In a general sense “security” is _______.
A. protection from only direct actions
B. using reverse attack vectors (RAV) for protection
C. only available on hardened computers and systems
D. the necessary steps to protect a person or property from harm
1. _____ ensures that only authorized parties can view the information.
A. Confidentiality
B. Availability
C. Integrity
D. Authorization
2. Each of the following is a successive layer in which information security
is achieved except _______.
A. products
B. purposes
C. procedures
D. people
3. By definition a(n) _____ is a person or thing that has the power to carry
out a threat.
,A. vulnerability
B. exploit
C. threat agent
D. risk
4. _____ ensures that the individual is who they claim to be.
A. Authentication
B. Accounting
C. Access control
D. Certification
5. Each of the following is a goal of information security except _______.
A. Foil cyberterrorism
B. Avoid legal consequences
C. Decrease user productivity
D. Prevent data theft
6. The _____ requires that enterprises must guard protected health
information and implement policies and procedures to safeguard it.
A. Hospital Protection and Insurance Association Agreement (HPIAA)
B. Sarbanes-Oxley Act (Sarbox)
C. Gramm-Leach-Bliley Act (GLBA)
D. Health Insurance Portability and Accountability Act (HIPAA)
7. Utility companies, telecommunications, and financial services are
considered prime targets of _____ because attackers can significantly
disrupt business and personal activities by destroying a few targets.
A. white hat hackers
B. script kiddies
C. computer spies
,D. cyberterrorists
8. After an attacker probed a network for information the next step is to
_______.
A. penetrate any defenses
B. paralyze networks and devices
C. circulate to other systems
D. modify security settings
9. An organization that purchased security products from different vendors is
demonstrating which security principle?
A. obscurity
B. diversity
C. limiting
D. layering
10. Each of the following can be classified as an “insider” except _______.
A. business partners
B. contractors
C. cybercriminals
D. employees
11. _____ are a network of attackers, identity thieves, and financial
fraudsters.
A. Script kiddies
B. Hackers
C. Cybercriminals
D. Spies
12. Each of the following is a characteristic of cybercriminals except
_______.
A. better funded
, B. less risk-averse
C. low motivation
D. more tenacious
13. Each of the following is a characteristic of cybercrime except
A. targeted attacks against financial networks
B. exclusive use of worms and viruses
C. unauthorized access to information
D. theft of personal information
14. An example of a(n) _____ is a software defect in an operating system that
allows an unauthorized user to gain access to a computer without a
password.
A. threat agent
B. threat
C. vulnerability
D. asset exploit (AE)
15. _____ requires banks and financial institutions to alert customers of their
policies and practices in disclosing customer information and to protect all
electronic and paper containing personally identifiable financial
information.
A. California Savings and Loan Security Act (CS&LSA)
B. Gramm-Leach-Bliley Act (GLBA)
C. USA Patriot Act
D. Sarbanes-Oxley Act (Sarbox)
16. The term _____ is sometimes used to identify anyone who illegally breaks
into a computer system.
A. hacker
B. cyberterrorist
C. Internet Exploiter
