Chap 01 7e - Whitman
Indicate the answer choice that best completes the statement or answers the question.
1. Which of the following represents a potential risk to an information asset?
a. hacker
b. vulnerability
c. attack
d. threat
ANSWER: d
2. Philip was tasked by Sam, the CISO, to review all the security guidelines within the organization to make sure
they are up to date with current industry standards. Which of the "the six Ps" does Philip's work fall into?
a. planning
b. policy
c. programs
d. protection
ANSWER: b
3. Mary is configuring user access controls in Microsoft Active Directory to ensure that only authorized personnel
can access sensitive data. Which specific action should Mary take to address the appropriate CIA triad
attribute of confidentiality?
a. Set up user permissions to limit access to confidential files.
b. Schedule regular backups to ensure data recovery.
c. Implement checksums to verify data accuracy.
d. Enable logging to track user activities.
ANSWER: a
4. What category of threat would fit the examples of malware, website spoofing, or denial of service?
a. theft
b. technological obsolescence
c. cryptography
d. software attacks
ANSWER: d
Page 1
,Name: Class: Date:
Chap 01 7e - Whitman
5. As a member of the cybersecurity management team, Tammy is tasked to resolve the potential conflicts
between them and the IT management team. How should Tammy address the potential conflicts to ensure
effective information processing and secure operations?
a. Tammy should implement additional security measures to slow down information processing.
b. Tammy should prioritize the cybersecurity management team goals to maintain secure operations.
c. Tammy should facilitate meetings between the two teams to align their goals and resolve any conflicts.
d. Tammy should delegate the responsibility of resolving conflicts to the Chief Information Officer (CIO)
alone.
ANSWER: c
6. Jack's Pizza is a chain restaurant located in 13 states. They have hired a CISO called Max to handle the
cybersecurity operations of all the pizza chains. Max brings all his staff together to discuss the overall
organization's strategy for cybersecurity. He solicits all their input and creates a strategy from the dialogue he
had with his team. What type of leader would Max be considered?
a. influencer
b. democratic
c. laissez-faire
d. autocratic
ANSWER: b
7. Tom is tasked with ensuring that the company's database remains available to users even during a hardware
failure. Which of the following actions should Tom take to achieve this, focusing on the appropriate CIA triad
attribute of availability?
a. Encrypt the database to prevent unauthorized access.
b. Implement RAID (Redundant Array of Independent Disks) to protect against data loss.
c. Apply checksums and hashing algorithms to verify data integrity.
d. Set up multi-factor authentication for accessing the database.
ANSWER: b
Page 2
,Name: Class: Date:
Chap 01 7e - Whitman
8. What is the management theory that uses core principles of planning, organizing, staffing, and controlling?
a. traditional management theory
b. popular management theory
c. modern management theory
d. ancient management theory
ANSWER: a
9. Which is not a category of threats that represent a clear and present danger to an organization's people,
information, and systems?
a. theft
b. technological obsolescence
c. cryptography
d. software attacks
ANSWER: c
10. Suzanne was tasked by Sally, the CISO, to develop strategies for the next five years to ensure confidentiality,
integrity, and availability of information for the organization. Which of the "the six Ps" does Suzanne's work fall
into?
a. planning
b. policy
c. programs
d. protection
ANSWER: a
11. What is the management theory that uses core principles of planning, organizing, leading, and controlling?
a. traditional management theory
b. popular management theory
c. modern management theory
d. new age management theory
ANSWER: b
Page 3
, Name: Class: Date:
Chap 01 7e - Whitman
12. Which characteristic of the CIA triad should you prioritize when implementing a backup system to recover
data in the event of a disaster?
a. confidentiality
b. integrity
c. availability
d. authentication
ANSWER: c
13. What characteristic of the CIA triad is concerned with ensuring the data is accurate and valid?
a. confidentiality
b. integrity
c. availability
d. authenticity
ANSWER: b
14. Susie is a manager at Lisco, a pharmaceutical company in charge of cybersecurity for the organization. She has
been tasked by Julie, her boss, to create a strategy for the next five year period based on what she
accomplished the previous few years. Which of the following phases is Suzie using?
a. planning
b. organizing
c. leading
d. controlling
ANSWER: a
15. The company has recently implemented a security policy that requires all data to be incrementally backed up
daily with full backups weekly. Analyze the policy and determine which characteristic of the CIA triad it best
exemplifies, explaining your reasoning.
a. confidentiality, because it protects data from unauthorized access
b. integrity, because it ensures data remains accurate and unaltered
c. availability, because it ensures data can be restored and accessed even after a disaster
d. non-repudiation, because it ensures that actions can be tracked and verified
ANSWER: c
Page 4
Indicate the answer choice that best completes the statement or answers the question.
1. Which of the following represents a potential risk to an information asset?
a. hacker
b. vulnerability
c. attack
d. threat
ANSWER: d
2. Philip was tasked by Sam, the CISO, to review all the security guidelines within the organization to make sure
they are up to date with current industry standards. Which of the "the six Ps" does Philip's work fall into?
a. planning
b. policy
c. programs
d. protection
ANSWER: b
3. Mary is configuring user access controls in Microsoft Active Directory to ensure that only authorized personnel
can access sensitive data. Which specific action should Mary take to address the appropriate CIA triad
attribute of confidentiality?
a. Set up user permissions to limit access to confidential files.
b. Schedule regular backups to ensure data recovery.
c. Implement checksums to verify data accuracy.
d. Enable logging to track user activities.
ANSWER: a
4. What category of threat would fit the examples of malware, website spoofing, or denial of service?
a. theft
b. technological obsolescence
c. cryptography
d. software attacks
ANSWER: d
Page 1
,Name: Class: Date:
Chap 01 7e - Whitman
5. As a member of the cybersecurity management team, Tammy is tasked to resolve the potential conflicts
between them and the IT management team. How should Tammy address the potential conflicts to ensure
effective information processing and secure operations?
a. Tammy should implement additional security measures to slow down information processing.
b. Tammy should prioritize the cybersecurity management team goals to maintain secure operations.
c. Tammy should facilitate meetings between the two teams to align their goals and resolve any conflicts.
d. Tammy should delegate the responsibility of resolving conflicts to the Chief Information Officer (CIO)
alone.
ANSWER: c
6. Jack's Pizza is a chain restaurant located in 13 states. They have hired a CISO called Max to handle the
cybersecurity operations of all the pizza chains. Max brings all his staff together to discuss the overall
organization's strategy for cybersecurity. He solicits all their input and creates a strategy from the dialogue he
had with his team. What type of leader would Max be considered?
a. influencer
b. democratic
c. laissez-faire
d. autocratic
ANSWER: b
7. Tom is tasked with ensuring that the company's database remains available to users even during a hardware
failure. Which of the following actions should Tom take to achieve this, focusing on the appropriate CIA triad
attribute of availability?
a. Encrypt the database to prevent unauthorized access.
b. Implement RAID (Redundant Array of Independent Disks) to protect against data loss.
c. Apply checksums and hashing algorithms to verify data integrity.
d. Set up multi-factor authentication for accessing the database.
ANSWER: b
Page 2
,Name: Class: Date:
Chap 01 7e - Whitman
8. What is the management theory that uses core principles of planning, organizing, staffing, and controlling?
a. traditional management theory
b. popular management theory
c. modern management theory
d. ancient management theory
ANSWER: a
9. Which is not a category of threats that represent a clear and present danger to an organization's people,
information, and systems?
a. theft
b. technological obsolescence
c. cryptography
d. software attacks
ANSWER: c
10. Suzanne was tasked by Sally, the CISO, to develop strategies for the next five years to ensure confidentiality,
integrity, and availability of information for the organization. Which of the "the six Ps" does Suzanne's work fall
into?
a. planning
b. policy
c. programs
d. protection
ANSWER: a
11. What is the management theory that uses core principles of planning, organizing, leading, and controlling?
a. traditional management theory
b. popular management theory
c. modern management theory
d. new age management theory
ANSWER: b
Page 3
, Name: Class: Date:
Chap 01 7e - Whitman
12. Which characteristic of the CIA triad should you prioritize when implementing a backup system to recover
data in the event of a disaster?
a. confidentiality
b. integrity
c. availability
d. authentication
ANSWER: c
13. What characteristic of the CIA triad is concerned with ensuring the data is accurate and valid?
a. confidentiality
b. integrity
c. availability
d. authenticity
ANSWER: b
14. Susie is a manager at Lisco, a pharmaceutical company in charge of cybersecurity for the organization. She has
been tasked by Julie, her boss, to create a strategy for the next five year period based on what she
accomplished the previous few years. Which of the following phases is Suzie using?
a. planning
b. organizing
c. leading
d. controlling
ANSWER: a
15. The company has recently implemented a security policy that requires all data to be incrementally backed up
daily with full backups weekly. Analyze the policy and determine which characteristic of the CIA triad it best
exemplifies, explaining your reasoning.
a. confidentiality, because it protects data from unauthorized access
b. integrity, because it ensures data remains accurate and unaltered
c. availability, because it ensures data can be restored and accessed even after a disaster
d. non-repudiation, because it ensures that actions can be tracked and verified
ANSWER: c
Page 4
