Question 1

Which of the following critical infrastructures was NOT a focus of the Network and Information Security Directive?

Accepted Answer

The Network and Information Security Directive focused on critical infrastructures including energy, health, and finance. However, education was not included in its focus.

Question 2

______ has become one of the most feared threats to cybersecurity.

Accepted Answer

Ransomware is a type of malware that encrypts user's files and demands payment in exchange for the decryption key. It has become one of the most feared threats to cybersecurity as it can cause significant financial losses for individuals and organizations, and can also damage their reputation.

Question 3

The ______ creates a cybersecurity information sharing system for public and private entities.

Accepted Answer

The Cybersecurity Information Sharing Act (CISA) of 2015 aims to develop a cybersecurity information sharing system between public and private entities in the United States, and establish procedures for sharing cybersecurity threat information.

Question 4

Assessing critical assets that need to be protected, such as trade secrets to determine what receives the highest priority, is a component of ______.

Accepted Answer

Assessing critical assets that need to be protected is a part of identifying sensitive information.

Question 5

The ______ proved to be symbolic legislation that assures the public that the international community is taking steps to combat cybercrime and the threat of a cyberwar.

Accepted Answer

The Budapest Convention on Cybersecurity is a binding international treaty that aims to enhance global cooperation in combating cybercrime by establishing common rules and procedures for countries to follow. Its adoption and implementation by a growing number of countries demonstrate a shared commitment to addressing cybersecurity threats on a global scale.

Question 6

The ______ provided the basis for a comprehensive cyber security strategy.

Accepted Answer

The Comprehensive National Cybersecurity Initiative (CNCI), launched in 2008, provided the basis for a comprehensive cyber security strategy, emphasizing the importance of protecting critical infrastructure and improving information sharing between government agencies and private sector organizations. The other options listed are specific pieces of legislation related to cyber security, but only the CNCI provided the basis for a comprehensive strategy.

Question 7

A holistic approach to cybersecurity involves cooperation between all of the following except ______.

Accepted Answer

A holistic approach to cybersecurity inherently involves cooperation among various stakeholders, including industries, lawmakers, cybersecurity specialists, and citizens. However, the question asks for the group that is not typically included in a holistic approach, which is a trick question because all mentioned groups are essential. The correct answer is based on the fact that all options except A (industries, lawmakers, and cybersecurity specialists) implicitly include citizens, who are also a crucial part of cybersecurity efforts. However, since the question's phrasing might suggest looking for a group that is excluded, none of the options should technically be excluded in a truly holistic approach. The answer provided is based on the interpretation of the question's intent rather than the factual inaccuracy of involving all groups mentioned.

Question 8

The ______ requires the secretary of homeland security to assess the work of the cybersecurity workforce of the Department of Homeland Security and develop a comprehensive strategy to improve the readiness and quality of the cybersecurity workforce.

Accepted Answer

The answer of The ______ requires the secretary of homeland...

Question 9

In 2016, the European Union passed the ______ establishing the first actual cybersecurity rules.

Accepted Answer

This directive established cybersecurity rules for operators of essential services and digital service providers in the EU, including requirements for incident reporting and security measures. The Budapest Convention is a treaty focused on international cooperation against cybercrime, but does not establish specific cybersecurity rules. The UN Convention on the Law of the Sea and the EU Freedom Act are not related to cybersecurity.

Question 10

The ______ gives government the authority to collect content records related to telephonic activities.

Accepted Answer

The USA PATRIOT Act gives government the authority to collect content records related to telephonic activities.

Question 11

Examples of proprietary information include all of the following except ______.

Accepted Answer

Proprietary information refers to confidential information that is owned by a company and has value to their business. Public records are available to the general public and are not owned by a specific company. Therefore, public records are not an example of proprietary information.

Question 12

The ______ has the responsibility to coordinate federal, state, and local governments, laboratories, critical infrastructure owners and operators, and other entities to accomplish goals pertinent to the National Cybersecurity and Critical Infrastructure Protection Act of 2014.

Accepted Answer

The answer of The ______ has the responsibility to coordinate...

Question 13

Jeopardizing the security, integrity, confidentiality, or availability of an information system or network or any information stored on, processed on, or transiting such a system is also referred to as a ______.

Accepted Answer

The definition given in the question is related to a cyber incident, which is the unauthorized access, use, disclosure, disruption, modification, or destruction of information or information systems. "Cybercall" and "cybercheck" are not commonly used terms in the cybersecurity field, and "cyberwarfare" specifically refers to acts of war conducted in cyberspace.

Question 14

A health tracker is an example of a device that can be used in the ______ technique.

Accepted Answer

A health tracker is an example of an Internet of Things (IoT) device. The "Man-in-the-IoT" technique refers to attacks specifically targeting IoT devices, such as health trackers, to exploit their connectivity and data.

Question 15

In 2016 a massive denial-of-service attack brought down much of the Internet in Europe and the United States. The attack used a ______.

Accepted Answer

A denial-of-service attack involves overwhelming a website or network with traffic or requests, making it unavailable to users. This can be done through a botnet, which is a network of infected computers that can be controlled remotely to carry out an attack. A phishing email, worm, or Trojan horse may be used to gain access to a network or computer, but they would not be the primary technique used in a denial-of-service attack.

Question 16

Telephonic activities were defined much broader than most people would have expected by the ______.

Accepted Answer

The National Security Agency is well-known for its surveillance operations, particularly in the area of telephonic communication. In fact, the agency's activities in this area have been defined so broadly that some have expressed concern about potential violations of individual privacy rights. The other options (FBI, CIA, and DIA) may also conduct surveillance, but their focus and methods differ from those of the NSA.

Question 17

The ______ enables the secretary of homeland security to conduct cybersecurity activities that will defend, mitigate, respond to, or recover from cyberincidents to critical infrastructures.

Accepted Answer

The National Cybersecurity and Critical Infrastructure Protection Act of 2014 enables the secretary of homeland security to conduct cybersecurity activities that will defend, mitigate, respond to, or recover from cyberincidents to critical infrastructures. The Cybersecurity Workforce Act 2014 focuses on developing and retaining a qualified cybersecurity workforce. The Comprehensive National Cybersecurity Initiative was a government-wide initiative launched in 2008 to secure the U.S. government's digital infrastructure. The Cybersecurity Information Sharing Act of 2015 encourages the sharing of cybersecurity threat information between private entities and the federal government.

Question 18

A holistic approach integrates all of the following factors except ______.

Accepted Answer

The answer of A holistic approach integrates all of the...

Question 19

The Cybersecurity Information Sharing Act of 2015 calls for the cooperation of all of the following except the ______.

Accepted Answer

The Cybersecurity Information Sharing Act of 2015 calls for the cooperation of the director of national intelligence, secretary of homeland security, and attorney general. However, it does not specifically mention the president.

Question 20

The ______ prohibited the bulk collection of digital information.

Accepted Answer

The US Freedom Act, passed in 2015, prohibited the bulk collection of digital information by the National Security Agency (NSA). The other options either do not address this issue or actually encourage sharing of information for cybersecurity purposes.

Quiz 10: Cyber Security Policies and Legal Issues