ITN 267 MIDTERM EXAM 170 QUESTIONS &
CORRECT ANSWERS LATEST 2026
Alice is a security professional. While scanning systems, she encounters malicious
code that was set to carry out its functions when a specific event occurred in the
future. What did Alice detect?
a. Keystroke logger
b. Backdoor
c. Logic bomb
d. Phishing email - ANSWER-c. Logic bomb
In which of the following types of communication is phishing least likely to occur?
a. phone calls
b. email
c. instant messages
d. chat rooms - ANSWER-a. phone calls
_________________________ involves tricking other people into breaking
security procedures and sharing sensitive information.
a. Shoulder surfing
b. E-mail spam
c. Social engineering
d. Integrity - ANSWER-c. Social engineering
,What is the window of vulnerability?
a. the period of time when antivirus software must be updated
b. the period of time when an attacker may launch a DoS attack
c. the time between a malware attack and discovery by security personnel
d. the time between exploit discovery and an installed security patch - ANSWER-
d. the time between exploit discovery and an installed security patch
The separation of duties principle requires which of the following practices?
a. That two or more employees must split critical task functions so that no
employee knows all of the steps of the critical task
b. That only one employee exclusively holds the knowledge about a critical
function in an organization
c. That no two systems in an organization may provide similar services
d. That vendors provide hardware and software patches in a timely manner -
ANSWER-a. That two or more employees must split critical task functions so that
no employee knows all of the steps of the critical task
__________________ refers to applying safeguards designed to lower risks to a
level deemed acceptable but without eliminating such risks.
a. Residual risk
b. Risk avoidance
c. Risk mitigation
d. Risk transfer - ANSWER-c. Risk mitigation
A single point of failure is a piece of hardware or application that is key to
________________________.
a. specifying how long systems may be offline before an organization starts to lose
money
, b. the success of safeguards
c. ensuring that individuals with proper permission can use systems and retrieve
data in a dependable manner
d. the functioning of the entire system - ANSWER-d. the functioning of the entire
system
True or False? Social engineering is any technology that secretly gathers
information about a person or organization.
a. True
b. False - ANSWER-b. False
______________ means that only people with the right permission can access and
use information.
a. Availability
b. Confidentiality
c. Integrity
d. Encryption - ANSWER-b. Confidentiality
What situation would be an example of an exploit?
a. A major league baseball pitcher takes his daughter to a carnival and plays a
game wherein he can earn prizes if he can use a beanbag to knock over all of the
cans stacked in a pyramid formation in the game's booth. In each of the 10 rounds
of the carnival game that the pitcher plays, he knocks down all the cans, and he
wins his daughter the largest stuffed animal prize in the booth.
b. An art thief sneaks into a museum and steals a famous painting and then sneaks
out of the museum without being caught by security because the thief identified
and traveled through the museum via blind spots of the museum's security cameras.
After the incident, the museum increases the number of security guards and
cameras guarding the museum at all times.
CORRECT ANSWERS LATEST 2026
Alice is a security professional. While scanning systems, she encounters malicious
code that was set to carry out its functions when a specific event occurred in the
future. What did Alice detect?
a. Keystroke logger
b. Backdoor
c. Logic bomb
d. Phishing email - ANSWER-c. Logic bomb
In which of the following types of communication is phishing least likely to occur?
a. phone calls
b. email
c. instant messages
d. chat rooms - ANSWER-a. phone calls
_________________________ involves tricking other people into breaking
security procedures and sharing sensitive information.
a. Shoulder surfing
b. E-mail spam
c. Social engineering
d. Integrity - ANSWER-c. Social engineering
,What is the window of vulnerability?
a. the period of time when antivirus software must be updated
b. the period of time when an attacker may launch a DoS attack
c. the time between a malware attack and discovery by security personnel
d. the time between exploit discovery and an installed security patch - ANSWER-
d. the time between exploit discovery and an installed security patch
The separation of duties principle requires which of the following practices?
a. That two or more employees must split critical task functions so that no
employee knows all of the steps of the critical task
b. That only one employee exclusively holds the knowledge about a critical
function in an organization
c. That no two systems in an organization may provide similar services
d. That vendors provide hardware and software patches in a timely manner -
ANSWER-a. That two or more employees must split critical task functions so that
no employee knows all of the steps of the critical task
__________________ refers to applying safeguards designed to lower risks to a
level deemed acceptable but without eliminating such risks.
a. Residual risk
b. Risk avoidance
c. Risk mitigation
d. Risk transfer - ANSWER-c. Risk mitigation
A single point of failure is a piece of hardware or application that is key to
________________________.
a. specifying how long systems may be offline before an organization starts to lose
money
, b. the success of safeguards
c. ensuring that individuals with proper permission can use systems and retrieve
data in a dependable manner
d. the functioning of the entire system - ANSWER-d. the functioning of the entire
system
True or False? Social engineering is any technology that secretly gathers
information about a person or organization.
a. True
b. False - ANSWER-b. False
______________ means that only people with the right permission can access and
use information.
a. Availability
b. Confidentiality
c. Integrity
d. Encryption - ANSWER-b. Confidentiality
What situation would be an example of an exploit?
a. A major league baseball pitcher takes his daughter to a carnival and plays a
game wherein he can earn prizes if he can use a beanbag to knock over all of the
cans stacked in a pyramid formation in the game's booth. In each of the 10 rounds
of the carnival game that the pitcher plays, he knocks down all the cans, and he
wins his daughter the largest stuffed animal prize in the booth.
b. An art thief sneaks into a museum and steals a famous painting and then sneaks
out of the museum without being caught by security because the thief identified
and traveled through the museum via blind spots of the museum's security cameras.
After the incident, the museum increases the number of security guards and
cameras guarding the museum at all times.
