20 terms

Security+ Chapter 1

Each of the following is a reason why it is difficult to defend against today's attackers except _____.

a. speed of attacks
b. greater sophistication of attacks
c. complexity of attack tools
d. delays in patching hardware and software products
C. Complexity of attack tools.
In a general sense, "security" is _______.
the necessary steps to protect a person or property from harm
_____ ensures that only authorized parties can view the information.

a. Availability
b. Integrity
c. Confidentiality
d. ICA
C. Confidentiality
Each of the following is a successive layer in which information security is achieved except _______.

a. products
b. purposes
c. procedures
d. people
b. Purposes
By definition, a(n) _______ is a person or thing that has the power to carry out a threat.
threat agent
_______ensures that the individual is who they claim to be.
Each of the following is a goal of information security except _____.

a. prevent data
b. decrease user productivity
c. avoid legal consequences
d. foil cyberterrorism
B. Decrease user productivity
The ______ requires that enterprises must guard protected health information and implement policies and procedures to safeguard it.
Health Insurance Portability and Accountability Act (HIPAA)
Utility, telecommunications, and finanical services companies are considered prime targets of _____ because attackers can significantly disrupt business and personal activites by destroying a few targets.

a. cyberterrorists
b. kiddie scripters
c. computer spies
d. blue hat hackers (BHH)
a. cyberterrorists
After an attacker probed a computer or network for information she would next _____.

a. modify security settings
b. penetrate any defenses
c. paralyze networks and devices
d. circulate to other systems
b. penetrate any defenses
An organization that purchased security products from different vendors in case an attacker circumvented the Brand A device, yet would have more difficulty trying to break through a Brand B device because they are different, is an example of _____.

a. obscurity
b. layering
c. limiting
d. diversity
D. Diversity
Each of the following can be classified as an "insider" except ___________.
________ are a network of attackers, identity thieves, and financial fraudsters.
Each of the following is a characteristic of cybercriminals except _____.

a. low motivation
b. less risk-averse
c. better funded
d. more tenacious
a. low motivation
Each of the following is a characteristic of cybercrime except _____.

a. targeted attacks against financial networks.
b. unauthorized access to information
c. theft of personal information
d. exclusive use of worms and viruses
D. Exclusive use of worms & viruses
An example of a(n) _____ is a software defect in an operating system that allows an unauthorized user to gain access to a computer without a password.

a. vulnerability
b. threat
c. threat agent
d. asset exploit (AE)
A. vulnerability
_____ requires banks and financial institutions to alert customers of their policies & practices in disclosing customer information & to protect all electronic & paper containing personally identifiable financial information

a. California Savings & Loan Security Act (CS&LSA)
b. USA Patriot Act
c. Sabanes-Oxley Act (Sarbox)
d. Gramm-Leach-Bliley Act (GLBA)
d. Gramm-Leach-Bliley Act (GLBA)
The term ____ is commonly used in a generic sense to identify anyone who illegally breaks into a computer system.

a. hacker
b. cyberterrorist
c. Internet Exploiter
d. cyberrogue
a. hacker
An example of _____ would be not revealing the type of computer, operating system, software, & network connection a computer uses.

a. diversity
b. Iimiting
c. obscurity
d. layering
c. obscurity
The _____ is primarily responsible for assessment, management, and implementation of security.

a. Chief Information Security Officer (CISO)
b. security manager
c. security administrator
d. security technician
A. Chief Information Security Officer (CISO)