CpS 391 Test 1 Chapters 1-5 Exam Questions and Correct
Answers.
You have excellent technical acumen. Part of your responsibilities where you work include
overlooking daily operations as well as analyzing and designing security solutions in a
specific area. You encounter a situation that needs to be escalated. Which of the following
are you most likely to approach with the situation? security administrator, security
manager, CISO, CIO - ✔✔security manager
When analyzing a security breach, Acer determines the attacker was able to change the
price of an item from $200 to $20. What security protection was compromised? -
✔✔Integrity
A visitor is trying to access a military base. The visitor needs to supply their license and
enter other personal information via a kiosk. The visitor is eventually allowed to enter the
base but is limited to certain areas only. What security principles are being employed? -
✔✔Authorization, authentication
Which of the following best describes what Della could do to prevent unauthorized parties
from viewing sensitive customer information at her retail store?
Use software to encrypt data in a secure database.
Limit access to certain areas once access is granted.
Ensure the data cannot be manipulated or changed.
Verify the ID of the party requesting access to the data. - ✔✔Use software to encrypt data
in a secure database
Evin thinks one of the computer systems where he works may have been compromised.
He does not currently have a good way of determining if an unauthorized user logged in
successfully. Which of the following can Evin implement that will, going forward, help him
identify who logs in? - ✔✔Accounting
A friend gets a virus and asks if you can help them fix the problem. You boot the computer
with a bootable flash drive containing security-related tools and remove the virus. What
type of control did you employ? - ✔✔Corrective
As a consultant, you are asked by a company to help them work on a security-related
project that falls under the operational control scope. Which of the following will you help
implement? Install hardware to block malicious content, implement security awareness
training, install a card reader to access the data center, define an acceptable use policy -
✔✔implement security awareness training
Which of the following best describes the differences or similarities between cybersecurity
and information security? Select three. Cybersecurity primarily protects devices,
information security falls under the cybersecurity umbrella, cybersecurity induces a lot
,more inconvenience than information security, cybersecurity guarantees more safety than
information security, information security protects using products, people, and procedures
- ✔✔cybersecurity primarily protects devices, information security falls under the
cybersecurity umbrella, information security protects using products, people, and
procedures
What type of entity would a threat actor most likely attack to steal design documents for a
relatively recently announced government-issued contract to design and build a missile
defense system?
For-profit organization
Enterprise
Government
Individual - ✔✔enterprise
An attacker hacks into a cell phone with the intent of stealing credit card information. The
attacker also tries to extend the nefarious activity to contacts in the victim's phone, and
their contacts as well. What entity was the attacker targeting?
A competitor
An enterprise
An individual
A government agency - ✔✔an individual
A malicious actor lacking technical knowledge uses an attack tool to perform a
sophisticated attack. If the attacker is successful penetrating the defenses of the targeted
organization, what type of activity are they most likely to perform? Select two.
Blackmail
Corrupt data
Disrupt service
Copy data
Manipulate data - ✔✔disrupt service, copy data
To bypass institutional overhead, a well-intentioned networking instructor purchases a
wireless router and connects it to the network. The goal is to allow students to establish
connectivity with each other by connecting through the wireless router. In what activity did
the instructor participate? - ✔✔shadow IT
What would motivate organized crime actors to add cyberattacks to their portfolio of
malicious activities?
Philosophical beliefs
Create chaos
Espionage
Increased financial gain - ✔✔increased financial gain
A criminal organization has decided to leave their traditional ways and pursue
cyberattacks as their new mode of operation. Why would they do this?
Easier to hide their tracks
, Generate disruption
Political beliefs
Less competition - ✔✔easier to hide their tracks
A work-study student works at the registrar's office and is given limited access to a student
database. The student is very technologically savvy and figures out a way of gaining
additional privileges. The student is not pleased with one of their grades and changes it.
Which of the following best describes the type of scenario this activity characterizes? -
✔✔insider threat
A group of threat actors has a strong aversion to certain political ideologies. They launch a
cyberattack against the organization to which its perceived adversarial counterpart
belongs. This type of threat actor could most appropriately be classified under what
category? - ✔✔hacktivist
A broker launches a variety of attacks to find a weakness that will lead to financial gain.
What activity is the broker most likely to engage in?
Steal classified information against a competitor
Sell information about a discovered vulnerability
Create and sell malicious software to the highest bidder
Obtain, repackage, and sell pirated software - ✔✔sell information about a discovered
vulnerability
Company A wants to be first to market with a product forecasted to be very profitable. A few
bad actors in Company A launch an attack against Company B to steal intellectual property
that will help them. What type of threat actor would do something like this? -
✔✔competitors
An entity is determined and decides to commit to a multiyear intrusion campaign with the
goal of obtaining national security information. Which of the following describes the type of
attack the entity is most likely to engage in? Select two.
Data exfiltration
Data breach
Espionage
APT
Service disruption - ✔✔data exfiltration, APT
Which of the following best describes what a nation-state actor is most likely to do if their
attacks against a target are not successful?
Hire more malicious actors.
Continue trying until successful.
Move on to a different target.
Use different attack tools. - ✔✔Continue trying until successful
Answers.
You have excellent technical acumen. Part of your responsibilities where you work include
overlooking daily operations as well as analyzing and designing security solutions in a
specific area. You encounter a situation that needs to be escalated. Which of the following
are you most likely to approach with the situation? security administrator, security
manager, CISO, CIO - ✔✔security manager
When analyzing a security breach, Acer determines the attacker was able to change the
price of an item from $200 to $20. What security protection was compromised? -
✔✔Integrity
A visitor is trying to access a military base. The visitor needs to supply their license and
enter other personal information via a kiosk. The visitor is eventually allowed to enter the
base but is limited to certain areas only. What security principles are being employed? -
✔✔Authorization, authentication
Which of the following best describes what Della could do to prevent unauthorized parties
from viewing sensitive customer information at her retail store?
Use software to encrypt data in a secure database.
Limit access to certain areas once access is granted.
Ensure the data cannot be manipulated or changed.
Verify the ID of the party requesting access to the data. - ✔✔Use software to encrypt data
in a secure database
Evin thinks one of the computer systems where he works may have been compromised.
He does not currently have a good way of determining if an unauthorized user logged in
successfully. Which of the following can Evin implement that will, going forward, help him
identify who logs in? - ✔✔Accounting
A friend gets a virus and asks if you can help them fix the problem. You boot the computer
with a bootable flash drive containing security-related tools and remove the virus. What
type of control did you employ? - ✔✔Corrective
As a consultant, you are asked by a company to help them work on a security-related
project that falls under the operational control scope. Which of the following will you help
implement? Install hardware to block malicious content, implement security awareness
training, install a card reader to access the data center, define an acceptable use policy -
✔✔implement security awareness training
Which of the following best describes the differences or similarities between cybersecurity
and information security? Select three. Cybersecurity primarily protects devices,
information security falls under the cybersecurity umbrella, cybersecurity induces a lot
,more inconvenience than information security, cybersecurity guarantees more safety than
information security, information security protects using products, people, and procedures
- ✔✔cybersecurity primarily protects devices, information security falls under the
cybersecurity umbrella, information security protects using products, people, and
procedures
What type of entity would a threat actor most likely attack to steal design documents for a
relatively recently announced government-issued contract to design and build a missile
defense system?
For-profit organization
Enterprise
Government
Individual - ✔✔enterprise
An attacker hacks into a cell phone with the intent of stealing credit card information. The
attacker also tries to extend the nefarious activity to contacts in the victim's phone, and
their contacts as well. What entity was the attacker targeting?
A competitor
An enterprise
An individual
A government agency - ✔✔an individual
A malicious actor lacking technical knowledge uses an attack tool to perform a
sophisticated attack. If the attacker is successful penetrating the defenses of the targeted
organization, what type of activity are they most likely to perform? Select two.
Blackmail
Corrupt data
Disrupt service
Copy data
Manipulate data - ✔✔disrupt service, copy data
To bypass institutional overhead, a well-intentioned networking instructor purchases a
wireless router and connects it to the network. The goal is to allow students to establish
connectivity with each other by connecting through the wireless router. In what activity did
the instructor participate? - ✔✔shadow IT
What would motivate organized crime actors to add cyberattacks to their portfolio of
malicious activities?
Philosophical beliefs
Create chaos
Espionage
Increased financial gain - ✔✔increased financial gain
A criminal organization has decided to leave their traditional ways and pursue
cyberattacks as their new mode of operation. Why would they do this?
Easier to hide their tracks
, Generate disruption
Political beliefs
Less competition - ✔✔easier to hide their tracks
A work-study student works at the registrar's office and is given limited access to a student
database. The student is very technologically savvy and figures out a way of gaining
additional privileges. The student is not pleased with one of their grades and changes it.
Which of the following best describes the type of scenario this activity characterizes? -
✔✔insider threat
A group of threat actors has a strong aversion to certain political ideologies. They launch a
cyberattack against the organization to which its perceived adversarial counterpart
belongs. This type of threat actor could most appropriately be classified under what
category? - ✔✔hacktivist
A broker launches a variety of attacks to find a weakness that will lead to financial gain.
What activity is the broker most likely to engage in?
Steal classified information against a competitor
Sell information about a discovered vulnerability
Create and sell malicious software to the highest bidder
Obtain, repackage, and sell pirated software - ✔✔sell information about a discovered
vulnerability
Company A wants to be first to market with a product forecasted to be very profitable. A few
bad actors in Company A launch an attack against Company B to steal intellectual property
that will help them. What type of threat actor would do something like this? -
✔✔competitors
An entity is determined and decides to commit to a multiyear intrusion campaign with the
goal of obtaining national security information. Which of the following describes the type of
attack the entity is most likely to engage in? Select two.
Data exfiltration
Data breach
Espionage
APT
Service disruption - ✔✔data exfiltration, APT
Which of the following best describes what a nation-state actor is most likely to do if their
attacks against a target are not successful?
Hire more malicious actors.
Continue trying until successful.
Move on to a different target.
Use different attack tools. - ✔✔Continue trying until successful
