Question 1

In the context of information security, bots are&#10;A) Activities performed by agents to compromise assets&#10;B) Malicious software that uses operating system or application vulnerabilities for propagation&#10;C) Software that performs simple tasks automatically and repetitively, usually at the direction of another software&#10;D) Malicious content entered by an end user on a web-based system

Accepted Answer

Bots in the context of information security are typically software programs that are designed to perform simple and repetitive tasks automatically. They are often used by hackers and other malicious actors as part of a larger attack strategy, such as to carry out distributed denial of service (DDoS) attacks or to collect sensitive information from compromised systems. Bots are not typically characterized as activities performed by agents (A), malicious software that propagates through vulnerabilities (B), or malicious content entered by users (D).

Question 2

The goal of agents running a 419 Nigerian scam is to&#10;A) Damage the reputations of end users&#10;B) Damage end user computers&#10;C) Steal money&#10;D) Steal intellectual property

Accepted Answer

The main goal of agents running a 419 Nigerian scam is to deceive end users into sending them money. They typically pose as wealthy individuals or representatives of government entities in order to persuade victims to wire funds or provide personal banking information.

Question 3

Internal auditors can be a threat agent by&#10;A) Excessive adherence to compliance&#10;B) Lack of attention to detail&#10;C) Lack of training&#10;D) Causing outages

Accepted Answer

Internal auditors who excessively adhere to compliance can be a threat agent as they may prioritize compliance over practicality and effectiveness, leading to potential issues or inefficiencies within the organization.

Question 4

External threat agents include&#10;A) Partners and suppliers&#10;B) Activist groups and competitors&#10;C) Help desk and janitorial services&#10;D) Auditors and hurricanes

Accepted Answer

Activist groups and competitors are both external threat agents as they are outside of the organization and have the potential to cause harm or damage to the organization's information assets. Choice A (Partners and suppliers), C (Help desk and janitorial services), and D (Auditors and hurricanes) may also pose a threat, but they are not specifically external threat agents as they may have some level of affiliation or connection with the organization.

Question 5

In the context of information security, worms are&#10;A) Activities performed by agents to compromise assets&#10;B) Malicious software that uses operating system or application vulnerabilities for propagation&#10;C) Software that performs simple tasks automatically and repetitively, usually at the direction of another software&#10;D) Malicious content entered by an end user on a web-based system

Accepted Answer

Worms are a type of malicious software that self-replicates and spreads to other computers by exploiting vulnerabilities in operating systems or applications. They do not require any user interaction to propagate, making them particularly dangerous.

Question 6

Partner threat agents include&#10;A) Activist groups and competitors&#10;B) Consultants, cloud service providers and suppliers&#10;C) Internal auditors and help desk&#10;D) Competitors, organized groups and former employees

Accepted Answer

Partner threat agents include entities that have a business relationship with the organization, such as consultants, cloud service providers, and suppliers, who may have access to sensitive information or systems.

Question 7

In the context of information security, cross-site scripting attacks are&#10;A) Activities performed by agents to compromise assets&#10;B) Malicious software that uses operating system or application vulnerabilities for propagation&#10;C) Software that performs simple tasks automatically and repetitively, usually at the direction of another software&#10;D) Malicious content entered by an end user on a web-based system

Accepted Answer

Cross-site scripting attacks involve the injection of malicious code, typically in the form of scripts, into a web-based application or website. This code is often entered by an end user, making choice D the correct answer. A is incorrect because it refers to the general concept of activities performed by agents to compromise assets, which does not specifically relate to cross-site scripting attacks. B refers to malware attacks, which are different from cross-site scripting attacks. C refers to automation software, which is also unrelated to cross-site scripting attacks.

Question 8

Threats are&#10;A) Capabilities, intentions and attack methods of adversaries&#10;B) Interactions between relevant agents, actions&#10;C) Individuals, organizations or groups that originate a particular threat action&#10;D) Activist groups

Accepted Answer

Threats are the capabilities, intentions and attack methods of adversaries. The other options are related to components or sources of threats, but not the threats themselves.

Question 9

Natural causes include all of the following except&#10;A) Arson&#10;B) Earthquake&#10;C) Tornadoes&#10;D) Hurricanes

Accepted Answer

Arson is not a natural cause, as it involves deliberate human activity to set a fire. The other options listed are all natural causes, as they arise from natural events like seismic activity or weather patterns.

Question 10

Top management can be a threat agent by&#10;A) Abusing privileges&#10;B) Lack of understanding of security issues&#10;C) Pulling rank&#10;D) All of the above

Accepted Answer

Top management can be a threat agent in various ways such as abusing their privileges to access confidential information, not having a proper understanding of security issues which may lead to making hasty and insecure decisions, and exerting their authority above security policies by pulling rank. Therefore, all of the above choices are correct.

Question 11

Threat agents are&#10;A) Capabilities, intentions and attack methods of adversaries&#10;B) Interactions between relevant agents, actions&#10;C) Activist groups&#10;D) Individuals, organizations or groups that originate a particular threat action

Accepted Answer

The answer of Threat agents are&#10;A) Capabilities, intentions and attack...

Question 12

In the context of internal security, partners are&#10;A) People external to the organization&#10;B) People directly associated with the organization, often as employees&#10;C) Third parties sharing a business relationship with the organization&#10;D) All of the above

Accepted Answer

The answer of In the context of internal security, partners...

Question 13

The threat model includes&#10;A) Actors, agents and assistants&#10;B) Actions, assets and ambitions&#10;C) Agents, actions and assets&#10;D) Agents, actors and assets

Accepted Answer

The answer of The threat model includes&#10;A) Actors, agents and...

Question 14

Threat actions are&#10;A) Activities performed by agents to compromise assets&#10;B) Capabilities, intentions and attack methods of adversaries&#10;C) Interactions between relevant agents, actions and assets&#10;D) Individuals, organizations or groups that originate a particular threat action

Accepted Answer

The answer of Threat actions are&#10;A) Activities performed by agents...

Question 15

Threat models are&#10;A) Capabilities, intentions and attack methods of adversaries&#10;B) Interactions between relevant agents, actions&#10;C) Individuals, organizations or groups that originate a particular threat action&#10;D) Activist groups

Accepted Answer

The answer of Threat models are&#10;A) Capabilities, intentions and attack...

Question 16

Help desk staff can be a threat due to&#10;A) Abuse of privileges&#10;B) Human errors&#10;C) Lack of training&#10;D) All of the above

Accepted Answer

The answer of Help desk staff can be a threat...

Question 17

Internal threat agents include&#10;A) Partners and suppliers&#10;B) Activist groups and competitors&#10;C) Help desk and janitorial services&#10;D) Auditors and hurricanes

Accepted Answer

The answer of Internal threat agents include&#10;A) Partners and suppliers&#10;B)...

Question 18

Most attacks on organizations originate from&#10;A) Internal agents&#10;B) External agents&#10;C) Partners&#10;D) Competitors, organized groups and former employees

Accepted Answer

The answer of Most attacks on organizations originate from&#10;A) Internal...

Question 19

Threat agents are typically classified as&#10;A) External agents, internal agents and partners&#10;B) Essentiality, and deferability&#10;C) Internal auditors and help desk&#10;D) Consultants, cloud service providers and suppliers

Accepted Answer

The answer of Threat agents are typically classified as&#10;A) External...

Question 20

The 419 Nigerian scam is an example of an)&#10;A) Partner&#10;B) Activist group&#10;C) Natural cause&#10;D) Cybercrime

Accepted Answer

The answer of The 419 Nigerian scam is an example...

Question 21

Unapproved software can be a threat action because&#10;A) The software may be exploited by hackers&#10;B) Organizations do not like employees or users to pay for software&#10;C) The software may take up hard disk space&#10;D) The software may have been developed by a competitor

Accepted Answer

The answer of Unapproved software can be a threat action...

Question 22

Phishing is&#10;A) An activity performed by agents to compromise assets&#10;B) Convincing users to do something they would not ordinarily do&#10;C) Using email to try and get a user to divulge confidential information&#10;D) Malicious content entered by an end user on a web-based system

Accepted Answer

The answer of Phishing is&#10;A) An activity performed by agents...

Question 23

OWASP is&#10;A) An organization that is attempting to make web applications more secure&#10;B) A species of Wasp that is abundant in the United States&#10;C) The wasp species that Grace Hooper discovered in the Harvard Mark II computer as the source of errors in the computer&#10;D) The little faults and difficulties in inventions, as labeled by Thomas Edison

Accepted Answer

The answer of OWASP is&#10;A) An organization that is attempting...

Question 24

As a threat action, social engineering is&#10;A) An activity performed by agents to compromise assets&#10;B) Convincing users to do something they would not ordinarily do&#10;C) Software that performs simple tasks automatically and repetitively, usually at the direction of another software&#10;D) Malicious content entered by an end user on a web-based system

Accepted Answer

The answer of As a threat action, social engineering is&#10;A)...

Question 25

In the information security context, Black Tuesday refers to&#10;A) The day Google's stock fell by 50% immediately after its IPO&#10;B) The day a company finally turns profitable for the year&#10;C) The day the firm lost a bulk of its email&#10;D) The typical day on which Microsoft releases patches

Accepted Answer

The answer of In the information security context, Black Tuesday...

Deck 6: Threats and Vulnerabilities