Review Questions Part1 Revised
Review Questions Part1 Revised
1. The earliest form of cyber security, especially over the ARPANET, is physical
security.
a. True
b. False
3. The Rand Report R-609 is a paper that started the study of computer security and
identified the role of management and policy issues in it
a. True
b. False
Answer: b, a, a, a
9. When projects are initiated at the highest levels of an organization and then
pushed to all levels, they are said to follow a(n) ____ approach.
a. executive led
b. trickle down
c. top-down
d. bottom-up
11. A computer worm consists of segments of code that perform malicious actions.
a. True
b. False
12. ____ are hackers of limited skill who use expertly written software to attack a
system
a. System programmers
b. Script kiddies
c. Terrorists
d. End users
Answer: c, a, b, b
13. A computer virus _________________________
a. is created by a flaw in the CPU (Central Processing Unit).
b. is executed when its host program is stored in the hard disk.
c. runs when the file it is attached to is opened.
d. is not a computer program.
14. Which one of the following about a computer worm is not true?
a. It crawls to another system only when a user accidently runs it.
b. The worm creator seeks out system vulnerabilities to get the worm started.
c. The Internet may have to shut down due to a worm infestation.
d. None of the above.
Answer: c, a, b
16. ____ occurs when an attacker or trusted insider steals information from a computer
system and demands compensation for its return or for an agreement not to disclose it.
a. Information extortion
b. Technological extortion
c. Insider trading
d. Information hording
17. ____ hack systems to conduct terrorist activities via network or Internet pathways.
a. Cyberhackers
b. Electronic terrorists
c. Cyberterrorists
d. Electronic hackers
18. Warnings of attacks that are not valid are usually called hoaxes.
a. True
b. False
19. Using a known or previously installed access mechanism is called using a _____.
a. hidden bomb
b. vector
c. spoof
d. back door
Answer: a, c, a, d
20. When a program tries using all commonly used passwords, this is known as a
______.
a. Dictionary attack
b. Brute Force attack
22. ____ is “the redirection of legitimate Web traffic to an illegitimate site for the
purpose of obtaining private information.”
a. Sniffer
b. Phishing
c. Pharming
d. Social Engineering
Answer: a, a, c
23. Some of the most dangerous threats come from the forces of nature
a. True
b. False
24. A centralized network computer on which programs and data can be stored is
called a__________.
a. server
b. client
c. Web proxy
d. Network device authentication (NDA)
Answer: a, a
25. Which of the following is true about social engineering attack?
a. It is based on trickery, greed and trust
b. It is used to fool someone into revealing access codes, passwords, or other
confidential information and break into a system.
c. It works best if people don’t know one another very well and/or there is a
high staff turn over
d. All of the above
26. What is a type of law that addresses violations harmful to society and that is
enforced by prosecution by the state?
a. Human Right Law
b. Criminal Law
c. Private Law
d. Open Law
27. _____ is a type of law that regulates the relationship between an individual and an
organization.
a. Civil law
b. Criminal Law
c. Private Law
d. Public Law
Answer: d, b, c
28. Policies are _________ .
a. civil directives between individual and organization
b. managerial directives that specify acceptable and unacceptable employee
behaviour in the workplace
c. criminal Law
d. public Law
Answer: b, b, d
31. What legal actions an inventor can take against a company, who is responsible to
fabricate his new design, of a security breach in his design?
a. Failure in care of duty.
b. Privacy invasion.
c. Disclosure of confidence information.
d. All of the above.
32. _____ is created by combining pieces of non private data—often collected during
software updates, and via cookies—that when combined may violate privacy.
a. Contextual information
b. Aggregate information
c. Profile data
d. Privacy data
33. The generally recognized term for the government protection afforded to
intellectual property (written and electronic) is copyright law.
a. True
b. False
Answer: c, b, a
34. What direct how issues should be addressed and technologies used?
a. Laws
b. Policies
c. Standards
d. Management
35. _____ are detailed statements of what must be done to comply with policy.
a. Laws
b. Policies
c. Standards
d. Management
Answer: b, c, b
37. Which of the following is true about DMZ?
a. between inside (local area network or LAN) and outside networks (the
Internet)
b. neither as secure as the internal network, nor as insecure as the public
Internet
c. contains web servers, email servers, routers
d. all of the above
38. Laws and policies only deter if these conditions are present:
a. Fear of penalty
b. Probability of being apprehended
c. Probability of penalty being applied
d. b and c
e. a, b and c
Answer: d, e, a
40. One of the foundations of security architectures is the requirement to implement
security in layers. This layered approach is referred to as _____.
a. Defense in depth
b. Perimeter defense
c. Top down defense
d. Bottom up defense
41. A(n) _____ defines the edge between the outer limit of an organization’s security
and the beginning of the outside world.
a. Gateway
b. Router
c. Firewall
d. Security perimeter
42. _____ is conducted by the organization to prepare for, react to, and recover from
events that threaten the security of information and information assets in the
organization, and the subsequent restoration to normal modes of business
operations.
a. Business continuity planning (BCP)
b. Incident response planning (IRP)
c. Contingency planning (CP)
d. Crisis planning and management
Answer: a, d, c
43. _____ is planning for the identification, classification and response to an incident.
a. Business continuity planning (BCP)
b. Incident response planning (IRP)
c. Contingency planning (CP)
d. Crisis management
44. _____ consists of the actions taken to prepare for and recovery from the impact
of an incident on information assets.
a. Disaster recovery planning
b. Incident response
c. Contingency step
d. Crisis management action
45. _____ ensures that critical business functions continue if a catastrophic incident
or disaster occurs.
a. Business continuity planning (BCP)
b. Incident response planning (IRP)
c. Contingency planning (CP)
d. Crisis management
Answer: b, a, a