Security+ Chapter 1 Review Questions

7 September 2022
4.7 (114 reviews)
20 test answers

Unlock all answers in this set

Unlock answers (16)
question
1. Which of the following is NOT a characteristic of Advanced Persistent Threat (APT)?
answer
a. can span several years b. targets sensitive proprietary information c. uses advanced tools and techniques *d. is only used by hactivists against foreign enemies*
question
2. Which of the following was used to describe attackers who would break into a computer system without the owner's permission, and publicly disclose the vulnerability?
answer
a. white hat hackers b. black hat hackers c. blue hat hackers *d. gray hat hackers*
question
Which of the following is NOT a reason why it is difficult to defend against today's attackers?
answer
a. increased speed of attacks b. simplicity of attack tools *c. greater sophistication of defense tools.* d. delays in security updating.
question
Why can brokers command such a high price for what they sell?
answer
a. Brokers are licensed professionals. b. The attack targets are always wealthy corporations. *c. The vulnerabililty was previously unknown, and is unlikely to be patched quickly.* d. Brokers work in teams, and all the members must be compensated.
question
Which phrase describes the term "security" in a general sense?
answer
a. protection from only direct actions b. using reverse attack vectors (RAV) for protection c. only available on hardened computers and systems *d. the necessary steps to protect a person or property from harm*
question
__________ ensures that only authorized parties can view the information.
answer
*a. Confidentiality* b. Availability c. Authorization d. Integrity
question
Each of the following is a successive layer in which information security is achieved EXCEPT __________.
answer
a. products *b. purposes* c. procedures d. people
question
What is a person or element that has the power to carry out a threat?
answer
*a. threat agent* b. exploiter c. risk agent d. vulnerability
question
__________ ensures that individuals are who they claim to be.
answer
a. Demonstration b. Accounting *c. Authentication* d. Certification
question
What is the difference between a hactivist and a cyberterrorist?
answer
a. A hactivist is motivated by ideology while a cyberterrorist is not. b. Cyberterrorists always work in groups while hacktivists work alone. *c. The aim of a hactivist is not to incite panic like cyber terrorists.* d. Cyberterrorists are better funded than hacktivists.
question
Each of the following is a goal of information security EXCEPT __________.
answer
a. avoid legal consequences b. foil cyberterrorism c. prevent data theft *d. limit access control*
question
Which act requires enterprises to guard protected health information and implement policies and procedures to safeguard it?
answer
a. Hospital Protection and Insurance Association Agreement (HPIAA) b. Sarbanes-Oxley Act (Sarbox) c. Gramm-Leach-Bliley Act (GLBA) d. Health Insurance Portability and Accountability Act (HIPAA)
question
Why do cyberterrorists target power plants, air traffic control centers, and water systems?
answer
a. These targets have notoriously weak security, and are easy to penetrate. *b. They can cause significant disruption by destroying only a few targets.* c. These targets are government-regulated, and any successful attack would be considered a major victory. d. These targets are privately owned, and cannot afford high levels of security.
question
What is the first step in the Cyber Kill Chain?
answer
a. weaponization b. exploitation c. actions on objectives *d. reconnaissance*
question
An organization that purchased security products from different vendors is demonstrating which security principle?
answer
a. obscurity *b. diversity* c. limiting d. layering
question
Each of the following can be classified as an "insider" EXCEPT _______.
answer
a. business partners b. contractors *c. stockholders* d. employees
question
What are attackers called who belong to a network of identity thieves and financial fraudsters?
answer
*a. cybercriminals* b. script kiddies c. hackers d. brokers
question
What is an objective of state-sponsored attackers?
answer
a. to right a perceived wrong *b. to spy on citizens* c. to sell vulnerabilities to the highest bidder d. fortune instead of fame
question
An example of __________ is not revealing the type of computer, operating system, software, and network connection a computer uses.
answer
a. layering b. diversity *c. obscurity* d. limiting
question
The __________ is primarily responsible for assessing, managing, and implementing security.
answer
a. security administrator b. security manager c. security technician *d. chief information security officer (CISO)*