Assignment 1

Ch1. Introduction to Information Security

True/False

1. The bottom-up approach in information security implementation means when projects are
initiated at the highest levels of an organization and then pushed to all levels. [ ] False

2. Threats are always malicious. [ ] False

3. Threats are always targeted. [ ] False

Modified True/False

4. Confidentiality ensures that only those with the rights and privileges to modify information are
able to do so. _________________________
False [T/F, if F, then Integrity
]

Multiple Choice

5. Which terms describe actions that can damage or compromise an asset? (Choose two)

a. Risk
b. Vulnerability
c. Countermeasure
d. Threat
e. Attack

6. Bob can’t connect to Albany.edu. what term among the CIA Triade describes this situation?

a. Availability
b. Confidentiality
c. Integrity
d. Information

1
7. Dylan receives new login information in the mail by his company with his login credentials. His
company sent him his login information through the mail, so no unauthorized users see his
information. What term in the CIA Triade describes this situation?

a. Availability
b. Confidentiality
c. Integrity
d. Information

Completion

8. ____________________
Availability ensures authorized users — persons or computer systems — can
access (or use) information without interference or obstruction, and in the required format.

Essay

9. Please distinguish between vulnerability, threat, and control.

A vulnerability is a weakness in security that could be

targeted by malicious actors. A threat isis an object,
person, or entity that represents a danger to an asset.
Controls are measures taken to reduce security risks
such as data theft or system breaches.

10. List and describe the three ways of control.

There are procedural controls which are policies
procedures or guidelines, or regulations. Technical
al controls which are passwords, encryption,
firewalls etc. And there are education controls like
SETA to prevent human errors.

2
11. What does the SETA stand for? Please describe the SETA?

SETA is security education and training. The main goal of

SETA is to teach people about basic security issues and
helping to prevent breaches.

Chapter 2 – Malware, Password Attacks, & Social Engineering

True/False

1. Unlike worms, viruses do NOT require a host program in order to survive and replicate. [ ] True

2. The best password is the one that easy to remember; short and guessable. [ ] False

Modified True/Fal

Multiple Choice

3. Jenny, a sales manager at your company, has been complaining about her computer performing
slowly. When you investigate the issue, you noticed some spyware on her computer, but she
insists the only thing she has downloaded lately was a freeware stock trading application. What
best explains this situation?

a. Vishing
b. Trojan horse
c. Phishing
d. Dictionary attack

3
4. Of the following malware types, which one is MOST likely to monitor a user’s computer?

a. Trojan horse
b. Spyware
c. Ransomware
d. Adware

5. What type of malicious software pretenses as legitimate software to entice the user to run it?

a. Virus
b. Worm
c. Trojan horse
d. Backdoor

Completion

6. Virus scanner recognizes a known ____________________,

virus it can then block the virus, inform
the user, and remove the virus.

Multiple Choice

7. Shane, a manager for network operations at your company, met an accountant in the hall who
thanks him for keeping the antivirus software up to date. When asked what he means, the
accountant mentions one of the IT staff members named Michael called him yesterday and
remotely connected to his PC to update the antivirus…but there’s no employee named Michael.
What happened?

a. Brute force attacks

b. Dictionary attacks
c. Spyware
d. Social Engineering

4
8. At the workplace, you are reviewing security controls and their usefulness. You notice that
account lockout policies are in place. Which of the following attacks will these policies thwart?
(Choose two)

a. DOS attack
b. Brute force
c. Dictionary
d. Phishing

9. Josh noticed that an attacker is trying to get network passwords by using software that attempts
a number of passwords from a list of common passwords. What type of attack is this called?

a. Dictionary
b. Phishing
c. Brute Force
d. Session hijacking

10. Users in your organization have reported receiving a similar email from the same sender. The
email included a link mentioning that every employee in your company needs to click the link to
participate in the required survey. However, after recent training on emerging threats, all the
users chose not to click the link. Security investigators determined the link was malicious and
was designed to download ransomware. Which of the following BEST describes the email?

a. Phishing
b. Spam
c. Spear phishing
d. Vishing

11. The CEO of Kelly's company recently fell victim to an attack. The attackers sent the CEO an
email informing him that his company was being sued and he needed to view a subpoena at a
court website. When visiting the website, malicious code was downloaded onto the CEO's
computer. What type of attack took place?

5
 a. Spear phishing
b. Pharming
c. Adware
d. Command injection

12. When an attacker talks to an organization’s help desk and persuades them to reset a password
for them due to the help desk employee’s trust and willingness to help, what type of attack
succeeded?

a. Trojan
b. Social engineering
c. Phishing
d. Man-in-the-middle

Completion
Social engineering is the process of using
13. Within the context of information security, ____________________
interpersonal skills to convince people to reveal access credentials or other valuable information
to the attacker.