Question 1

Select the information protection item that ensures that information is correct and that no unauthorized person or malicious software has altered that data.&#10;A)availability&#10;B)confidentiality&#10;C)integrity&#10;D)identity

Accepted Answer

Integrity is the information protection item that ensures that information is correct and has not been altered by unauthorized personnel or malicious software. This means that the data remains consistent throughout its lifecycle, and any changes made are legitimate and authorized.

Question 2

What term refers to an action that provides an immediate solution to a problem by cutting through the complexity that surrounds it?&#10;A)unicorn&#10;B)approved action&#10;C)secure solution&#10;D)silver bullet

Accepted Answer

The term "silver bullet" refers to an action or solution that provides a quick and easy fix to a complex problem. It implies a sense of magic or simplicity in finding the solution.

Question 3

To mitigate risk is the attempt to address risk by making the risk less serious.

Accepted Answer

Mitigating risk involves taking actions to reduce the likelihood or impact of a risk event. This can include avoidance, transfer, reduction, or acceptance of the risk. The goal is to make the risk less serious or harmful to the organization or individual.

Question 4

In information security,what can constitute a loss?&#10;A)theft of information&#10;B)a delay in transmitting information that results in a financial penalty&#10;C)the loss of good will or a reputation&#10;D)all of the above

Accepted Answer

All of the options listed can constitute a loss in information security. Theft of information can result in intellectual property loss or violation of privacy. Delay in transmitting information can result in financial penalties and loss of business opportunities. Loss of goodwill or reputation can damage a company's brand and lead to lost business. Therefore, all options are important considerations in information security.

Question 5

Brokers steal new product research or a list of current customers to gain a competitive advantage.

Accepted Answer

The answer of Brokers steal new product research or a...

Question 6

Which position below is considered an entry-level position for a person who has the necessary technical skills?&#10;A)security technician&#10;B)security administrator&#10;C)CISO&#10;D)security manager

Accepted Answer

A security technician is considered an entry-level position for a person who has the necessary technical skills, as they are responsible for implementing and maintaining basic security measures and addressing technical issues. The other positions listed require more experience and expertise in the field.

Question 7

The Security Administrator reports directly to the CIO.

Accepted Answer

The reporting structure for a Security Administrator can vary depending on the organization's size and structure. In some organizations, the Security Administrator may report to the CIO, but in others, they might report to a different IT security manager or director, rather than directly to the Chief Information Officer (CIO).

Question 8

One of the challenges in combating cyberterrorism is that many of the prime targets are not owned and managed by the federal government.

Accepted Answer

Many of the prime targets of cyberterrorism are private businesses and organizations, which may not be directly under the control of the federal government. This makes it difficult to coordinate a unified response to cyber attacks and highlights the need for public-private partnerships in cybersecurity.

Question 9

According to the U.S.Bureau of Labor Statistics,what percentage of growth for information security analysts is the available job outlook supposed to reach through 2024?&#10;A)10&#10;B)15&#10;C)18&#10;D)27

Accepted Answer

The answer of According to the U.S.Bureau of Labor Statistics,what...

Question 10

In what kind of attack can attackers make use of millions of computers under their control in an attack against a single server or network?&#10;A)centered&#10;B)local&#10;C)remote&#10;D)distributed

Accepted Answer

This type of attack is known as a distributed denial-of-service (DDoS) attack, in which attackers use a network of compromised computers (known as a botnet) to flood a target server or network with traffic or requests, overwhelming its capability to function properly.

Question 11

Which of the following ensures that data is accessible to authorized users?&#10;A)availability&#10;B)confidentiality&#10;C)integrity&#10;D)identity

Accepted Answer

The answer of Which of the following ensures that data...

Question 12

Smart phones give the owner of the device the ability to download security updates.

Accepted Answer

The answer of Smart phones give the owner of the...

Question 13

Which of the three protections ensures that only authorized parties can view information?&#10;A)security&#10;B)availability&#10;C)integrity&#10;D)confidentiality

Accepted Answer

The answer of Which of the three protections ensures that...

Question 14

The Sarbanes-Oxley Act restricts electronic and paper data containing personally identifiable financial information.

Accepted Answer

The answer of The Sarbanes-Oxley Act restricts electronic and paper...

Question 15

The CompTIA Security+ certification is a vendor-neutral credential.

Accepted Answer

The answer of The CompTIA Security+ certification is a vendor-neutral...

Question 16

Successful attacks are usually not from software that is poorly designed and has architecture/design weaknesses.

Accepted Answer

The answer of Successful attacks are usually not from software...

Question 17

What information security position reports to the CISO and supervises technicians,administrators,and security staff?&#10;A)security manager&#10;B)security engineer&#10;C)security auditor&#10;D)security administrator

Accepted Answer

The answer of What information security position reports to the...

Question 18

Which term below is frequently used to describe the tasks of securing information that is in a digital format?&#10;A)network security&#10;B)information security&#10;C)physical security&#10;D)logical security

Accepted Answer

The answer of Which term below is frequently used to...

Question 19

A vulnerability is a flaw or weakness that allows a threat to bypass security.

Accepted Answer

The answer of A vulnerability is a flaw or weakness...

Question 20

As security is increased,convenience is often increased.

Accepted Answer

The answer of As security is increased,convenience is often increased....

Question 21

What type of theft involves stealing another person's personal information,such as a Social Security number,and then using the information to impersonate the victim,generally for financial gain?&#10;A)cyberterrorism&#10;B)identity theft&#10;C)phishing&#10;D)social scam

Accepted Answer

The answer of What type of theft involves stealing another...

Question 22

In information security,which of the following is an example of a threat actor?&#10;A)a force of nature such as a tornado that could destroy computer equipment&#10;B)a virus that attacks a computer network&#10;C)a person attempting to break into a secure computer network&#10;D)all of the above

Accepted Answer

The answer of In information security,which of the following is...

Question 23

Which of the following is a common security framework? (Choose all that apply. )&#10;A)ISO&#10;B)COBIT&#10;C)RFC&#10;D)ASA

Accepted Answer

The answer of Which of the following is a common...

Question 24

Under which laws are health care enterprises required to guard protected health information and implement policies and procedures whether it be in paper or electronic format?&#10;A)HIPAA&#10;B)HLPDA&#10;C)HCPA&#10;D)USHIPA

Accepted Answer

The answer of Under which laws are health care enterprises...

Question 25

What term is used to describe state-sponsored attackers that are used for launching computer attacks against their foes?&#10;A)nation state threats&#10;B)cyber military&#10;C)nation state actors&#10;D)state hackers

Accepted Answer

The answer of What term is used to describe state-sponsored...

Question 26

What class of attacks use innovative attack tools and once a system is infected it silently extracts data over an extended period?&#10;A)Inside Attacks&#10;B)Advanced Persistent Threat&#10;C)Embedded Attacks&#10;D)Modified Threat

Accepted Answer

The answer of What class of attacks use innovative attack...

Question 27

Which of the following is a valid fundamental security principle? (Choose all that apply. )&#10;A)signature&#10;B)diversity&#10;C)simplicity&#10;D)layering

Accepted Answer

The answer of Which of the following is a valid...

Question 28

Which of the following are considered threat actors? (Choose all that apply. )&#10;A)brokers&#10;B)competitors&#10;C)administrators&#10;D)individuals

Accepted Answer

The answer of Which of the following are considered threat...

Question 29

What process describes using technology as a basis for controlling the access and usage of sensitive data?&#10;A)technical controls&#10;B)administrative controls&#10;C)control diversity&#10;D)vendor diversity

Accepted Answer

The answer of What process describes using technology as a...

Question 30

What term is used to describe a group that is strongly motivated by ideology,but is usually not considered to be well-defined and well-organized?&#10;A)hactivists&#10;B)hacker&#10;C)script kiddies&#10;D)cyberterrorist

Accepted Answer

The answer of What term is used to describe a...

Question 31

What term best describes any premeditated,politically motivated attack against information,computer systems,computer programs,and data which results in violence against noncombatant targets by subnational groups or clandestine agents?

A)cybercriminal
B)cracking
C)cyberterrorism
D)hacking

Accepted Answer

The answer of What term best describes any premeditated,politically motivated...

Question 32

To date,the single most expensive malicious attack occurred in 2000,which cost an estimated $8.7 billion.What was the name of this attack?&#10;A)Nimda&#10;B)Slammer&#10;C)Love Bug&#10;D)Code Red

Accepted Answer

The answer of To date,the single most expensive malicious attack...

Question 33

Which term is used to describe individuals who want to attack computers yet lack the knowledge of computers and networks needed to do so?&#10;A)cybercriminal&#10;B)hacker&#10;C)script kiddies&#10;D)cyberterrorist

Accepted Answer

The answer of Which term is used to describe individuals...

Question 34

Select the term that best describes automated attack software?&#10;A)open-source utility&#10;B)insider software&#10;C)open-source intelligence&#10;D)intrusion application

Accepted Answer

The answer of Select the term that best describes automated...

Question 35

Those who wrongfully disclose individually identifiable health information can be fined up to what amount per calendar year?&#10;A)$50,000&#10;B)$250,000&#10;C)$500,000&#10;D)$1,500,000

Accepted Answer

The answer of Those who wrongfully disclose individually identifiable health...

Question 36

What level of security access should a computer user have to do their job?&#10;A)password protected&#10;B)least amount&#10;C)limiting amount&#10;D)authorized access

Accepted Answer

The answer of What level of security access should a...

Question 37

What term describes a layered security approach that provides the comprehensive protection?&#10;A)comprehensive-security&#10;B)diverse-defense&#10;C)limiting-defense&#10;D)defense-in-depth

Accepted Answer

The answer of What term describes a layered security approach...

Question 38

Which law requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information?&#10;A)Gramm-Leach-Bliley&#10;B)Sarbanes-Oxley&#10;C)California Database Security Breach&#10;D)USA Patriot

Accepted Answer

The answer of Which law requires banks and financial institutions...

Question 39

Which of the following describes various supporting structures for implementing security that provides a resource of how to create a secure IT environment? (Choose all that apply. )&#10;A)regulatory frameworks&#10;B)reference architectures&#10;C)industry-standard frameworks&#10;D)reference frameworks

Accepted Answer

The answer of Which of the following describes various supporting...

Question 40

What type of diversity is being implemented if a company is using multiple security products from different manufacturers?&#10;A)multiple-product security&#10;B)manufacturer diversity&#10;C)vendor diversity&#10;D)vendor-control security

Accepted Answer

The answer of What type of diversity is being implemented...

Question 41

Why are there delays in updating products such as anti-virus software to resist attacks?

Accepted Answer

The answer of Why are there delays in updating products...

Question 42

What threat actors are generally believed to be the most dangerous threat actors? Explain your answer.

Accepted Answer

The answer of What threat actors are generally believed to...

Question 43

List and describe three of the characteristics of information that must be protected by information security?

Accepted Answer

The answer of List and describe three of the characteristics...

Question 44

Why is the speed of malicious attacks making the challenge of keeping computers secure more difficult?

Accepted Answer

The answer of Why is the speed of malicious attacks...

Question 45

What is the Payment Card Industry Data Security Standard (PCI DSS)?

Accepted Answer

The answer of What is the Payment Card Industry Data...

Question 46

What are script kiddies?

Accepted Answer

The answer of What are script kiddies?...

Question 47

What are the four different risk response techniques?

Accepted Answer

The answer of What are the four different risk response...

Question 48

What is occurring when an attacker manipulates commonplace actions that are routinely performed in a business?

Accepted Answer

The answer of What is occurring when an attacker manipulates...

Question 49

Information security is achieved through a combination of what three entities? Provide at least one example of each entity.

Accepted Answer

The answer of Information security is achieved through a combination...

Question 50

Describe the security principle of simplicity.

Accepted Answer

The answer of Describe the security principle of simplicity....

Deck 1: Introduction to Security