Chapter 1 NSS

1.

1 point

Why do cyberterrorists target power plants, air traffic control centers, and water systems?

These targets are government-regulated and any successful attack would be con-sidered a major victory.

These targets have notoriously weak security and are easy to penetrate.

The targets are privately owned and cannot afford high levels of security.

They can cause significant disruption by destroying only a few targets.

2.

1 point

What is the first step in the Cyber Kill Chain®?

actions on objectives

exploitation

weaponization

reconnaissance

3.

1 point

Which of the following was used to describe attackers who would break into a computer system without the owner’s permission and publicly disclose the vulnerability?

blue hat hackers

black hat hackers

gray hat hackers

white hat hackers

4.

1 point

________ ensures that individuals are who they claim to be.

Accounting

Authentication

Certification

Demonstration

5.

1 point

Each of the following can be classified as an “insider” EXCEPT

employees

stockholders

contractors

business partners

6.

1 point

Each of the following is a successive layer in which information security is achieved EXCEPT .

products

procedures

people

purposes

7.

1 point

The ___________ is primarily responsible for assessing, managing, and implementing security.

security administrator

security technician

security manager

chief information security officer (CISO)

8.

1 point

Which phrase describes the term “security” in a general sense?

protection from only direct actions

only available on hardened computers and systems

using reverse attack vectors (RAV) for protection

the necessary steps to protect a person or property from harm

9.

1 point

What is a person or element that has the power to carry out a threat?

risk agent

threat agent

exploiter

vulnerability

10.

1 point

_______ ensures that only authorized parties can view the information.

Confidentiality

Integrity

Authorization

Availability

11.

1 point

What is the difference between a hactivist and a cyberterrorist?

Cyberterrorists always work in groups while hactivists work alone.

A hactivist is motivated by ideology while a cyberterrorists is not.

Cyberterrorists are better funded than hactivists.

The aim of a hactivist is not to incite panic like cyberterrorists.

12.

1 point

Why can brokers command such a high price for what they sell?

Brokers are licensed professionals.

Brokers work in teams and all the members must be compensated.

The attack targets are always wealthy corporations.

The vulnerability was previously unknown and is unlikely to be patched quickly

13.

1 point

Which the following is NOT a reason why it is difficult to defend against today’s attackers?

delays in security updating

increased speed of attacks

simplicity of attack tools

greater sophistication of defense tools

14.

1 point

Which act requires enterprises to guard protected health information and implement policies and procedures to safeguard it?

Gramm-Leach-Bliley Act (GLBA)

Health Insurance Portability and Accountability Act (HIPAA)

Hospital Protection and Insurance Association Agreement (HPIAA)

Sarbanes-Oxley Act (Sarbox)

15.

1 point

What is an objective of state-sponsored attackers?

to sell vulnerabilities to the highest bidder

fortune instead of fame

to right a perceived wrong

to spy on citizens

16.

1 point

Which of the following is NOT a characteristic of Advanced Persistent Threat (APT)?

uses advanced tools and techniques

targets sensitive proprietary information

can span several years

is only used by hactivists against foreign enemies

17.

1 point

An organization that purchased security products from different vendors is demon-strating which security principle?

layering

diversity

obscurity

limiting

18.

1 point

What are attackers called who belong to a network of identity thieves and financial fraudsters?

hackers

cybercriminals

brokers

script kiddies

19.

1 point

An example of ___________ is not revealing the type of computer, operating system, software, and network connection a computer uses.

diversity

layering

limiting

obscurity

20.

1 point

Each of the following is a goal of information security EXCEPT

limit access control

avoid legal consequences

prevent data theft

foil cyberterrorism