Test Bank For
Security Awareness Applying Practical Cybersecurity in Your World 6th Edition by Mark Ciampa
Chapters 1-6 Answer are at the End of Each Chapter
Module 1
1. Attack tools can initiate new attacks without any human participation, thus increasing the speed at which systems are
attacked.
a. True
b. False
2. Today, many attack tools are freely available and do not require any technical knowledge to use.
a. True
b. False
3. Browsers such as Chrome, Safari, and Firefox are the most popular attack vectors, that is, they are the favored way to
deliver malware.
a. True
b. False
4. In a well-run information security program, attacks will never get through security perimeters and local defenses.
a. True
b. False
5. Script kiddies typically have advanced knowledge of computers and networks.
a. True
b. False
6. Automated attack software downloaded from websites is primarily used by script kiddies.
a. True
b. False
7. There is a straightforward and easy solution to securing computers.
a. True
b. False
8. Spying on computer input over an extended period of time is usually accomplished by the work of state actors.
a. True
b. False
9. A doorbell camera is an example of a universally connected device and can be hacked.
a. True
b. False
Indicate the answer choice that best completes the statement or answers the question.
10. Which term is best described as individuals who want to attack computers yet who lack the knowledge of computers
and networks needed to do so?
, a. hackers
b. elites
c. crackers
d. script kiddies
11. What term is frequently used to describe the tasks of securing technology?
a. network security
b. information assurance
c. cybersecurity
d. information warfare
12. What does the FBI define as any “premeditated, politically motivated attack against information, computer systems,
computer programs, and data which results in violence against non-combatant targets by sub-national groups or
clandestine agents?”
a. information warfare
b. cyberware
c. cyberterrorism
d. eTerrorism
13. How do attackers today make it difficult to distinguish an attack from legitimate traffic?
a. by using a common language
b. by using diverse interfaces
c. by using universally connected devices
d. by using simple scripting
14. What do you call a flaw or weakness in a computer system that allows access by threat actors?
a. risk
b. vulnerability
c. asset
d. threat
15. Terrorists who turn their attacks to the network and computer infrastructure to cause panic among citizens are known
as which of the following?
a. cyberterrorists
b. spies
c. hackers
d. hactivists
16. Which law requires banks and financial institutions to alert customers of their policies and practices in disclosing
customer information?
a. Sarbox
b. COPPA
c. GLBA
d. HIPAA
17. Which of the following ensures that information is correct and no unauthorized person or malicious software has
altered it?
a. protection
b. availability
, c. confidentiality
d. integrity
18. The AV-TEST Institute states that it expects the total number of malware attacks for this year to exceed:
a. 450,000.
b. 250,000.
c. 1.2 million.
d. 1.34 billion.
19. Which attacker category might have the objective of retaliation against an employer?
a. cybercriminal
b. insider
c. hactivist
d. state-sponsored attacker
20. Which of the following is NOT a term associated with cybersecurity?
a. risk
b. information assurance
c. malware
d. goal
21. Which of the following involves stealing another person‟s personal information, such as a Social Security number, and
then using the information to impersonate the victim, generally for financial gain?
a. white hat hacking
b. identity theft
c. cyberterrorism
d. Digital fraud
22. Under which law must healthcare enterprises guard protected health information and implement policies and
procedures to safeguard it, whether it be in paper or electronic format?
a. Sarbox
b. COPPA
c. GLBA
d. HIPAA
23. Security is ____________________ convenience.
a. more important than
b. inversely proportional to
c. proportional to
d. less important than
24. Which of the following ensures that data is accessible when needed to authorized users?
a. confidentiality
b. non-repudiation
c. integrity
d. availability
25. Which of the following is NOT a protection that must be extended over information?
a. policies and procedures
, b. integrity
c. availability
d. confidentiality
26. In the past, which term was commonly used to refer to a person who uses advanced computer skills to attack
computers?
a. slacker
b. hacker
c. white-hat
d. black-hat
27. Which of the following threat actors would be responsible for making a political statement or a retaliatory attack?
a. cyberterrorist
b. hactivist
c. broker
d. script kiddie
28. Which of the following is the term for a hacker who probes a system for weaknesses and provides that information
back to the organization?
a. gray hat hacker
b. white hat hacker
c. black hat hacker
d. red hat hacker
29. Information contained on devices is protected by three layers: Two of the layers are products and policies and
procedures. What is the third layer?
a. people
b. systems
c. applications
d. tools
30. Which term is best described as a person or element that has the power to carry out a threat?
a. threat agent
b. vulnerability
c. risk
d. attack agent
31. Which phrase best describes security?
a. the procedures used to protect data
b. the goal to be free from danger as well as the process that achieves that freedom
c. the protection of data from harm
d. the process of hiding sensitive data with the goal of maintaining privacy
32. Which of the following is NOT a factor that contributes to difficulties faced in defending against attacks?
a. universally connected devices
b. greater sophistication of attacks
c. enhanced encryption algorithms
d. faster detection of vulnerabilities
Security Awareness Applying Practical Cybersecurity in Your World 6th Edition by Mark Ciampa
Chapters 1-6 Answer are at the End of Each Chapter
Module 1
1. Attack tools can initiate new attacks without any human participation, thus increasing the speed at which systems are
attacked.
a. True
b. False
2. Today, many attack tools are freely available and do not require any technical knowledge to use.
a. True
b. False
3. Browsers such as Chrome, Safari, and Firefox are the most popular attack vectors, that is, they are the favored way to
deliver malware.
a. True
b. False
4. In a well-run information security program, attacks will never get through security perimeters and local defenses.
a. True
b. False
5. Script kiddies typically have advanced knowledge of computers and networks.
a. True
b. False
6. Automated attack software downloaded from websites is primarily used by script kiddies.
a. True
b. False
7. There is a straightforward and easy solution to securing computers.
a. True
b. False
8. Spying on computer input over an extended period of time is usually accomplished by the work of state actors.
a. True
b. False
9. A doorbell camera is an example of a universally connected device and can be hacked.
a. True
b. False
Indicate the answer choice that best completes the statement or answers the question.
10. Which term is best described as individuals who want to attack computers yet who lack the knowledge of computers
and networks needed to do so?
, a. hackers
b. elites
c. crackers
d. script kiddies
11. What term is frequently used to describe the tasks of securing technology?
a. network security
b. information assurance
c. cybersecurity
d. information warfare
12. What does the FBI define as any “premeditated, politically motivated attack against information, computer systems,
computer programs, and data which results in violence against non-combatant targets by sub-national groups or
clandestine agents?”
a. information warfare
b. cyberware
c. cyberterrorism
d. eTerrorism
13. How do attackers today make it difficult to distinguish an attack from legitimate traffic?
a. by using a common language
b. by using diverse interfaces
c. by using universally connected devices
d. by using simple scripting
14. What do you call a flaw or weakness in a computer system that allows access by threat actors?
a. risk
b. vulnerability
c. asset
d. threat
15. Terrorists who turn their attacks to the network and computer infrastructure to cause panic among citizens are known
as which of the following?
a. cyberterrorists
b. spies
c. hackers
d. hactivists
16. Which law requires banks and financial institutions to alert customers of their policies and practices in disclosing
customer information?
a. Sarbox
b. COPPA
c. GLBA
d. HIPAA
17. Which of the following ensures that information is correct and no unauthorized person or malicious software has
altered it?
a. protection
b. availability
, c. confidentiality
d. integrity
18. The AV-TEST Institute states that it expects the total number of malware attacks for this year to exceed:
a. 450,000.
b. 250,000.
c. 1.2 million.
d. 1.34 billion.
19. Which attacker category might have the objective of retaliation against an employer?
a. cybercriminal
b. insider
c. hactivist
d. state-sponsored attacker
20. Which of the following is NOT a term associated with cybersecurity?
a. risk
b. information assurance
c. malware
d. goal
21. Which of the following involves stealing another person‟s personal information, such as a Social Security number, and
then using the information to impersonate the victim, generally for financial gain?
a. white hat hacking
b. identity theft
c. cyberterrorism
d. Digital fraud
22. Under which law must healthcare enterprises guard protected health information and implement policies and
procedures to safeguard it, whether it be in paper or electronic format?
a. Sarbox
b. COPPA
c. GLBA
d. HIPAA
23. Security is ____________________ convenience.
a. more important than
b. inversely proportional to
c. proportional to
d. less important than
24. Which of the following ensures that data is accessible when needed to authorized users?
a. confidentiality
b. non-repudiation
c. integrity
d. availability
25. Which of the following is NOT a protection that must be extended over information?
a. policies and procedures
, b. integrity
c. availability
d. confidentiality
26. In the past, which term was commonly used to refer to a person who uses advanced computer skills to attack
computers?
a. slacker
b. hacker
c. white-hat
d. black-hat
27. Which of the following threat actors would be responsible for making a political statement or a retaliatory attack?
a. cyberterrorist
b. hactivist
c. broker
d. script kiddie
28. Which of the following is the term for a hacker who probes a system for weaknesses and provides that information
back to the organization?
a. gray hat hacker
b. white hat hacker
c. black hat hacker
d. red hat hacker
29. Information contained on devices is protected by three layers: Two of the layers are products and policies and
procedures. What is the third layer?
a. people
b. systems
c. applications
d. tools
30. Which term is best described as a person or element that has the power to carry out a threat?
a. threat agent
b. vulnerability
c. risk
d. attack agent
31. Which phrase best describes security?
a. the procedures used to protect data
b. the goal to be free from danger as well as the process that achieves that freedom
c. the protection of data from harm
d. the process of hiding sensitive data with the goal of maintaining privacy
32. Which of the following is NOT a factor that contributes to difficulties faced in defending against attacks?
a. universally connected devices
b. greater sophistication of attacks
c. enhanced encryption algorithms
d. faster detection of vulnerabilities
