, TESTBANK FOR CompTIA Security+ Guide to Network Security
Fundamentals 8th Edition Ciampa
Important Notes
The file includes the complete test bank, organized chapter by chapter.
A sample of selected pages has been provided for preview.
All available appendices and Excel files (if included in the original resources) are
provided.
We continuously update our files to ensure you receive the latest and most accurate
editions.
New editions are added regularly – stay connected for updates!
✅ Why Buy From Us?
📚 Complete & organized chapter-by-chapter – no missing content, no guessing.
⚡ Instant digital delivery – get your file the moment you pay, no waiting.
📅 Always up to date – we track new editions so you always get the latest version.
💬 Friendly support – real humans ready to help, anytime you need us.
🔒 Safe & secure – thousands of satisfied students trust us every semester.
🛡️Our Guarantees
💰 Money-Back Guarantee: Not satisfied? We offer a full refund – no questions asked.
🔄 Wrong File? No Problem: Contact us and we will replace it immediately with the
correct version, free of charge.
⏰ 24/7 Support: We are always here – reach out anytime and expect a fast response.
Contact Email:
,Name: Class: Date:
Mod 01 Introduction to Information Security
1. You have excellent technical acumen. Part of your responsibilities where you work include
overlooking daily operations as well as analyzing and designing security solutions in a specific
area. You encounter a situation that needs to be escalated. Which of the following are you most
likely to approach with the situation?
a. CIO
b. CISO
c. Security manager
d. Security administrator
ANSWER: c
RATIONALE: The question is implying you are the security administrator so you
will most likely approach the security manager with the issue. The
security manager reports to the CISO and supervises technicians,
administrators, and security staff. The security administrator has
both technical knowledge and managerial skills. A security
administrator manages daily operations of security technology and
may analyze and design security solutions within a specific entity
as well as identify users" needs.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Ciampa.Sec+8e.25.1.1 - Define information security and explain its
principles.
ACCREDITING STANDARDS: Ciampa.SY0-701.25.1.2 - Summarize fundamental security concepts.
TOPICS: None specified
KEYWORDS: Bloom's: Remember
DATE CREATED: 11/30/2023 7:40 PM
DATE MODIFIED: 11/30/2023 7:40 PM
2. When analyzing a security breach, Acer determines the attacker was able to change the price
of an item from $200 to $20. What security protection was compromised?
a. Confidentiality
b. Integrity
c. Authorization
d. Authentication
ANSWER: b
RATIONALE: Integrity ensures that the information is correct and no
unauthorized person or malicious software has altered the data. An
attacker changing data, such as the price of an item, violates the
integrity of the data.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Ciampa.Sec+8e.25.1.1 - Define information security and explain its
principles.
Copyright Cengage Learning. Powered by Cognero. Page 1
,Name: Class: Date:
Mod 01 Introduction to Information Security
ACCREDITING STANDARDS: Ciampa.SY0-701.25.1.2 - Summarize fundamental security concepts.
TOPICS: What Is Information Security?
KEYWORDS: Bloom's: Remember
DATE CREATED: 11/30/2023 7:40 PM
DATE MODIFIED: 11/30/2023 7:40 PM
3. A visitor is trying to access a military base. The visitor needs to supply their license and enter
other personal information via a kiosk. The visitor is eventually allowed to enter the base but is
limited to certain areas only. What security principles are being employed? Select two.
a. Authentication
b. Authorization
c. Confidentiality
d. Accounting
e. Availability
ANSWER: a, b
RATIONALE: Authentication is used to verify the visitor is who they claim to be.
Authorization is used to grant the visitor permission to enter the
base because their credentials are authentic.
POINTS: 1
QUESTION TYPE: Multiple Response
HAS VARIABLES: False
LEARNING OBJECTIVES: Ciampa.Sec+8e.25.1.1 - Define information security and explain its
principles.
ACCREDITING STANDARDS: Ciampa.SY0-701.25.1.2 - Summarize fundamental security concepts.
TOPICS: What Is Information Security?
KEYWORDS: Bloom's: Remember
DATE CREATED: 11/30/2023 7:40 PM
DATE MODIFIED: 11/30/2023 7:40 PM
4. Which of the following best describes what Della could do to prevent unauthorized parties
from viewing sensitive customer information at her retail store?
a. Use software to encrypt data in a secure database.
b. Verify the ID of the party requesting access to the data.
c. Limit access to certain areas once access is granted.
d. Ensure the data cannot be manipulated or changed.
ANSWER: a
RATIONALE: Confidentiality ensures that only authorized parties can view the
information. Providing confidentiality can involve several different
security tools such as using software to encrypt credit card
numbers stored on the web server or in a database, for example.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
Copyright Cengage Learning. Powered by Cognero. Page 2
,Name: Class: Date:
Mod 01 Introduction to Information Security
LEARNING OBJECTIVES: Ciampa.Sec+8e.25.1.1 - Define information security and explain its
principles.
ACCREDITING STANDARDS: Ciampa.SY0-701.25.1.2 - Summarize fundamental security concepts.
TOPICS: What Is Information Security?
KEYWORDS: Bloom's: Apply
DATE CREATED: 11/30/2023 7:40 PM
DATE MODIFIED: 11/30/2023 7:40 PM
5. Evin thinks one of the computer systems where he works may have been compromised. He
does not currently have a good way of determining if an unauthorized user logged in
successfully. Which of the following can Evin implement that will, going forward, help him
identify who logs in?
a. Authentication
b. Authorization
c. Availability
d. Accounting
ANSWER: d
RATIONALE: Accounting is a component of the security principle that involves
controlling access to information. Accounting creates a record that
is preserved of who accessed the enterprise network, what
resources they accessed, and when they disconnected from the
network.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Ciampa.Sec+8e.25.1.1 - Define information security and explain its
principles.
ACCREDITING STANDARDS: Ciampa.SY0-701.25.1.2 - Summarize fundamental security concepts.
TOPICS: What Is Information Security?
KEYWORDS: Bloom's: Apply
DATE CREATED: 11/30/2023 7:40 PM
DATE MODIFIED: 11/30/2023 7:40 PM
6. A friend gets a virus and asks if you can help them fix the problem. You boot the computer
with a bootable flash drive containing security-related tools and remove the virus. What type of
control did you employ?
a. Deterrent
b. Corrective
c. Directive
d. Compensating
ANSWER: b
RATIONALE: A corrective control lessens the damage from an attack. An
example is cleaning a virus from an infected system; the corrective
action occurs after the attack has taken place.
Copyright Cengage Learning. Powered by Cognero. Page 3
,Name: Class: Date:
Mod 01 Introduction to Information Security
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Ciampa.Sec+8e.25.1.1 - Define information security and explain its
principles.
ACCREDITING STANDARDS: Ciampa.SY0-701.25.1.1 - Compare and contrast various types of security
controls.
TOPICS: What Is Information Security?
KEYWORDS: Bloom's: Remember
DATE CREATED: 11/30/2023 7:40 PM
DATE MODIFIED: 11/30/2023 7:40 PM
7. As a consultant, you are asked by a company to help them work on a security-related project
that falls under the operational control scope. Which of the following will you help implement?
a. Define an acceptable use policy
b. Install a card reader to access the data center
c. Install hardware to block malicious content
d. Implement security awareness training
ANSWER: d
RATIONALE: Conducting security awareness training falls under the operational
control category. This is considered a broad category that is
implemented and executed by people.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Ciampa.Sec+8e.25.1.1 - Define information security and explain its
principles.
ACCREDITING STANDARDS: Ciampa.SY0-701.25.1.1 - Compare and contrast various types of security
controls.
TOPICS: What Is Information Security?
KEYWORDS: Bloom's: Apply
DATE CREATED: 11/30/2023 7:40 PM
DATE MODIFIED: 11/30/2023 7:40 PM
8. Which of the following best describes the differences or similarities between cybersecurity and
information security? Select three.
a. Cybersecurity primarily protects devices.
b. Information security falls under the cybersecurity umbrella.
c. Cybersecurity guarantees more safety than information security.
d. Information security protects using products, people, and procedures.
e. Cybersecurity induces a lot more inconvenience than information security.
ANSWER: a, b, d
RATIONALE: Cybersecurity usually involves a range of practices, processes, and
Copyright Cengage Learning. Powered by Cognero. Page 4
,Name: Class: Date:
Mod 01 Introduction to Information Security
technologies intended to protect devices, networks, and programs
that process and store data in an electronic form. Cybersecurity is
generally considered an overall umbrella term under which
information security is found. Information security achieves
protection through a process that is a combination of three entities:
products, people, and policies and procedures.
POINTS: 1
QUESTION TYPE: Multiple Response
HAS VARIABLES: False
LEARNING OBJECTIVES: Ciampa.Sec+8e.25.1.1 - Define information security and explain its
principles.
ACCREDITING STANDARDS: Ciampa.SY0-701.25.1.2 - Summarize fundamental security concepts.
TOPICS: What Is Information Security?
KEYWORDS: Bloom's: Analyze
DATE CREATED: 11/30/2023 7:40 PM
DATE MODIFIED: 11/30/2023 7:40 PM
9. What type of entity would a threat actor most likely attack to steal design documents for a
relatively recently announced government-issued contract to design and build a missile defense
system?
a. Individual
b. Government
c. Enterprise
d. For-profit organization
ANSWER: c
RATIONALE: Government contracts are typically awarded to companies
(enterprises) with the expertise to satisfy the requirements
stipulated in the contract. Thus, the design documents for the
missile defense system would be developed by an enterprise. It
would make more sense to attack the enterprise designing the
missile defense system to try to obtain the design documents.
Considering it was announced relatively recently, the design
documents are likely in the early stages of development and still
within the physical scope of the enterprise.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Ciampa.Sec+8e.25.1.2 - Identify threat actors and their motivations.
ACCREDITING STANDARDS: Ciampa.SY0-701.25.2.1 - Compare and contrast common threat actors
and motivations.
TOPICS: Threat Actors and Their Motivations
KEYWORDS: Bloom's: Analyze
DATE CREATED: 11/30/2023 7:40 PM
DATE MODIFIED: 11/30/2023 7:40 PM
10. An attacker hacks into a cell phone with the intent of stealing credit card information. The
Copyright Cengage Learning. Powered by Cognero. Page 5
,Name: Class: Date:
Mod 01 Introduction to Information Security
attacker also tries to extend the nefarious activity to contacts in the victim's phone, and their
contacts as well. What entity was the attacker targeting?
a. An enterprise
b. A competitor
c. An individual
d. A government agency
ANSWER: c
RATIONALE: A category of targets focuses on individuals as the victims. Threat actors stea
data, credit card numbers, online financial account information, or Social Sec
profit from their victims.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Ciampa.Sec+8e.25.1.2 - Identify threat actors and their motivations.
ACCREDITING STANDARDS: Ciampa.SY0-701.25.2.1 - Compare and contrast common threat actors and motivati
TOPICS: Threat Actors and Their Motivations
KEYWORDS: Bloom's: Remember
DATE CREATED: 11/30/2023 7:40 PM
DATE MODIFIED: 11/30/2023 7:40 PM
11. A malicious actor lacking technical knowledge uses an attack tool to perform a sophisticated
attack. If the attacker is successful penetrating the defenses of the targeted organization, what
type of activity are they most likely to perform? Select two.
a. Blackmail
b. Copy data
c. Corrupt data
d. Disrupt service
e. Manipulate data
ANSWER: b, d
RATIONALE: Unskilled attackers employ easy-to-use attack tools to carry out
their attacks. They can often be successful in penetrating defenses,
particularly if the defenses are weak. Their motivation is usually
data exfiltration (unauthorized copying of data) or service
disruption (obstructing normal business electronic processes).
POINTS: 1
QUESTION TYPE: Multiple Response
HAS VARIABLES: False
LEARNING OBJECTIVES: Ciampa.Sec+8e.25.1.2 - Identify threat actors and their motivations.
ACCREDITING STANDARDS: Ciampa.SY0-701.25.2.1 - Compare and contrast common threat actors
and motivations.
TOPICS: Threat Actors and Their Motivations
KEYWORDS: Bloom's: Remember
DATE CREATED: 11/30/2023 7:40 PM
Copyright Cengage Learning. Powered by Cognero. Page 6
,Name: Class: Date:
Mod 01 Introduction to Information Security
DATE MODIFIED: 11/30/2023 7:40 PM
12. To bypass institutional overhead, a well-intentioned networking instructor purchases a
wireless router and connects it to the network. The goal is to allow students to establish
connectivity with each other by connecting through the wireless router. In what activity did the
instructor participate?
a. APT
b. Shadow IT
c. Insider threat
d. Ethical hacking
ANSWER: b
RATIONALE: The process of bypassing corporate approval for technology
purchases, such as buying a wireless router, is known as shadow
IT. In the question, the instructor's motivation was ethical (of
sound moral principle) but, nevertheless, it weakened security.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Ciampa.Sec+8e.25.1.2 - Identify threat actors and their motivations.
ACCREDITING STANDARDS: Ciampa.SY0-701.25.2.1 - Compare and contrast common threat actors
and motivations.
TOPICS: Threat Actors and Their Motivations
KEYWORDS: Bloom's: Remember
DATE CREATED: 11/30/2023 7:40 PM
DATE MODIFIED: 11/30/2023 7:40 PM
13. What would motivate organized crime actors to add cyberattacks to their portfolio of
malicious activities?
a. Espionage
b. Create chaos
c. Philosophical beliefs
d. Increased financial gain
ANSWER: d
RATIONALE: Evidence indicates that organized crime has moved into
cyberattacks, which they consider to be more rewarding than
traditional crimes. The motivation by organized crime is generally
financial gain.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Ciampa.Sec+8e.25.1.2 - Identify threat actors and their motivations.
ACCREDITING STANDARDS: Ciampa.SY0-701.25.2.1 - Compare and contrast common threat actors
and motivations.
TOPICS: Threat Actors and Their Motivations
Copyright Cengage Learning. Powered by Cognero. Page 7
, Name: Class: Date:
Mod 01 Introduction to Information Security
KEYWORDS: Bloom's: Remember
DATE CREATED: 11/30/2023 7:40 PM
DATE MODIFIED: 11/30/2023 7:40 PM
14. A criminal organization has decided to leave their traditional ways and pursue cyberattacks as
their new mode of operation. Why would they do this?
a. Easier to hide their tracks
b. Generate disruption
c. Less competition
d. Political beliefs
ANSWER: a
RATIONALE: Evidence indicates that organized crime has moved into
cyberattacks, which they consider to be less risky. This makes it
easier for them hide their tracks.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Ciampa.Sec+8e.25.1.2 - Identify threat actors and their motivations.
ACCREDITING STANDARDS: Ciampa.SY0-701.25.2.1 - Compare and contrast common threat actors
and motivations.
TOPICS: Threat Actors and Their Motivations
KEYWORDS: Bloom's: Remember
DATE CREATED: 11/30/2023 7:40 PM
DATE MODIFIED: 11/30/2023 7:40 PM
15. A work-study student works at the registrar's office and is given limited access to a student
database. The student is very technologically savvy and figures out a way of gaining additional
privileges. The student is not pleased with one of their grades and changes it. Which of the
following best describes the type of scenario this activity characterizes?
a. Cyberterrorism
b. Insider threat
c. Shadow IT
d. Revenge
ANSWER: b
RATIONALE: A serious threat to an enterprise comes from its own employees,
contractors, and business partners, called insiders. They pose an
insider threat because the threat is coming from an entity who is in
a position of trust, so they will not be suspected.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Ciampa.Sec+8e.25.1.2 - Identify threat actors and their motivations.
ACCREDITING STANDARDS: Ciampa.SY0-701.25.2.1 - Compare and contrast common threat actors
and motivations.
Copyright Cengage Learning. Powered by Cognero. Page 8
Fundamentals 8th Edition Ciampa
Important Notes
The file includes the complete test bank, organized chapter by chapter.
A sample of selected pages has been provided for preview.
All available appendices and Excel files (if included in the original resources) are
provided.
We continuously update our files to ensure you receive the latest and most accurate
editions.
New editions are added regularly – stay connected for updates!
✅ Why Buy From Us?
📚 Complete & organized chapter-by-chapter – no missing content, no guessing.
⚡ Instant digital delivery – get your file the moment you pay, no waiting.
📅 Always up to date – we track new editions so you always get the latest version.
💬 Friendly support – real humans ready to help, anytime you need us.
🔒 Safe & secure – thousands of satisfied students trust us every semester.
🛡️Our Guarantees
💰 Money-Back Guarantee: Not satisfied? We offer a full refund – no questions asked.
🔄 Wrong File? No Problem: Contact us and we will replace it immediately with the
correct version, free of charge.
⏰ 24/7 Support: We are always here – reach out anytime and expect a fast response.
Contact Email:
,Name: Class: Date:
Mod 01 Introduction to Information Security
1. You have excellent technical acumen. Part of your responsibilities where you work include
overlooking daily operations as well as analyzing and designing security solutions in a specific
area. You encounter a situation that needs to be escalated. Which of the following are you most
likely to approach with the situation?
a. CIO
b. CISO
c. Security manager
d. Security administrator
ANSWER: c
RATIONALE: The question is implying you are the security administrator so you
will most likely approach the security manager with the issue. The
security manager reports to the CISO and supervises technicians,
administrators, and security staff. The security administrator has
both technical knowledge and managerial skills. A security
administrator manages daily operations of security technology and
may analyze and design security solutions within a specific entity
as well as identify users" needs.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Ciampa.Sec+8e.25.1.1 - Define information security and explain its
principles.
ACCREDITING STANDARDS: Ciampa.SY0-701.25.1.2 - Summarize fundamental security concepts.
TOPICS: None specified
KEYWORDS: Bloom's: Remember
DATE CREATED: 11/30/2023 7:40 PM
DATE MODIFIED: 11/30/2023 7:40 PM
2. When analyzing a security breach, Acer determines the attacker was able to change the price
of an item from $200 to $20. What security protection was compromised?
a. Confidentiality
b. Integrity
c. Authorization
d. Authentication
ANSWER: b
RATIONALE: Integrity ensures that the information is correct and no
unauthorized person or malicious software has altered the data. An
attacker changing data, such as the price of an item, violates the
integrity of the data.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Ciampa.Sec+8e.25.1.1 - Define information security and explain its
principles.
Copyright Cengage Learning. Powered by Cognero. Page 1
,Name: Class: Date:
Mod 01 Introduction to Information Security
ACCREDITING STANDARDS: Ciampa.SY0-701.25.1.2 - Summarize fundamental security concepts.
TOPICS: What Is Information Security?
KEYWORDS: Bloom's: Remember
DATE CREATED: 11/30/2023 7:40 PM
DATE MODIFIED: 11/30/2023 7:40 PM
3. A visitor is trying to access a military base. The visitor needs to supply their license and enter
other personal information via a kiosk. The visitor is eventually allowed to enter the base but is
limited to certain areas only. What security principles are being employed? Select two.
a. Authentication
b. Authorization
c. Confidentiality
d. Accounting
e. Availability
ANSWER: a, b
RATIONALE: Authentication is used to verify the visitor is who they claim to be.
Authorization is used to grant the visitor permission to enter the
base because their credentials are authentic.
POINTS: 1
QUESTION TYPE: Multiple Response
HAS VARIABLES: False
LEARNING OBJECTIVES: Ciampa.Sec+8e.25.1.1 - Define information security and explain its
principles.
ACCREDITING STANDARDS: Ciampa.SY0-701.25.1.2 - Summarize fundamental security concepts.
TOPICS: What Is Information Security?
KEYWORDS: Bloom's: Remember
DATE CREATED: 11/30/2023 7:40 PM
DATE MODIFIED: 11/30/2023 7:40 PM
4. Which of the following best describes what Della could do to prevent unauthorized parties
from viewing sensitive customer information at her retail store?
a. Use software to encrypt data in a secure database.
b. Verify the ID of the party requesting access to the data.
c. Limit access to certain areas once access is granted.
d. Ensure the data cannot be manipulated or changed.
ANSWER: a
RATIONALE: Confidentiality ensures that only authorized parties can view the
information. Providing confidentiality can involve several different
security tools such as using software to encrypt credit card
numbers stored on the web server or in a database, for example.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
Copyright Cengage Learning. Powered by Cognero. Page 2
,Name: Class: Date:
Mod 01 Introduction to Information Security
LEARNING OBJECTIVES: Ciampa.Sec+8e.25.1.1 - Define information security and explain its
principles.
ACCREDITING STANDARDS: Ciampa.SY0-701.25.1.2 - Summarize fundamental security concepts.
TOPICS: What Is Information Security?
KEYWORDS: Bloom's: Apply
DATE CREATED: 11/30/2023 7:40 PM
DATE MODIFIED: 11/30/2023 7:40 PM
5. Evin thinks one of the computer systems where he works may have been compromised. He
does not currently have a good way of determining if an unauthorized user logged in
successfully. Which of the following can Evin implement that will, going forward, help him
identify who logs in?
a. Authentication
b. Authorization
c. Availability
d. Accounting
ANSWER: d
RATIONALE: Accounting is a component of the security principle that involves
controlling access to information. Accounting creates a record that
is preserved of who accessed the enterprise network, what
resources they accessed, and when they disconnected from the
network.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Ciampa.Sec+8e.25.1.1 - Define information security and explain its
principles.
ACCREDITING STANDARDS: Ciampa.SY0-701.25.1.2 - Summarize fundamental security concepts.
TOPICS: What Is Information Security?
KEYWORDS: Bloom's: Apply
DATE CREATED: 11/30/2023 7:40 PM
DATE MODIFIED: 11/30/2023 7:40 PM
6. A friend gets a virus and asks if you can help them fix the problem. You boot the computer
with a bootable flash drive containing security-related tools and remove the virus. What type of
control did you employ?
a. Deterrent
b. Corrective
c. Directive
d. Compensating
ANSWER: b
RATIONALE: A corrective control lessens the damage from an attack. An
example is cleaning a virus from an infected system; the corrective
action occurs after the attack has taken place.
Copyright Cengage Learning. Powered by Cognero. Page 3
,Name: Class: Date:
Mod 01 Introduction to Information Security
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Ciampa.Sec+8e.25.1.1 - Define information security and explain its
principles.
ACCREDITING STANDARDS: Ciampa.SY0-701.25.1.1 - Compare and contrast various types of security
controls.
TOPICS: What Is Information Security?
KEYWORDS: Bloom's: Remember
DATE CREATED: 11/30/2023 7:40 PM
DATE MODIFIED: 11/30/2023 7:40 PM
7. As a consultant, you are asked by a company to help them work on a security-related project
that falls under the operational control scope. Which of the following will you help implement?
a. Define an acceptable use policy
b. Install a card reader to access the data center
c. Install hardware to block malicious content
d. Implement security awareness training
ANSWER: d
RATIONALE: Conducting security awareness training falls under the operational
control category. This is considered a broad category that is
implemented and executed by people.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Ciampa.Sec+8e.25.1.1 - Define information security and explain its
principles.
ACCREDITING STANDARDS: Ciampa.SY0-701.25.1.1 - Compare and contrast various types of security
controls.
TOPICS: What Is Information Security?
KEYWORDS: Bloom's: Apply
DATE CREATED: 11/30/2023 7:40 PM
DATE MODIFIED: 11/30/2023 7:40 PM
8. Which of the following best describes the differences or similarities between cybersecurity and
information security? Select three.
a. Cybersecurity primarily protects devices.
b. Information security falls under the cybersecurity umbrella.
c. Cybersecurity guarantees more safety than information security.
d. Information security protects using products, people, and procedures.
e. Cybersecurity induces a lot more inconvenience than information security.
ANSWER: a, b, d
RATIONALE: Cybersecurity usually involves a range of practices, processes, and
Copyright Cengage Learning. Powered by Cognero. Page 4
,Name: Class: Date:
Mod 01 Introduction to Information Security
technologies intended to protect devices, networks, and programs
that process and store data in an electronic form. Cybersecurity is
generally considered an overall umbrella term under which
information security is found. Information security achieves
protection through a process that is a combination of three entities:
products, people, and policies and procedures.
POINTS: 1
QUESTION TYPE: Multiple Response
HAS VARIABLES: False
LEARNING OBJECTIVES: Ciampa.Sec+8e.25.1.1 - Define information security and explain its
principles.
ACCREDITING STANDARDS: Ciampa.SY0-701.25.1.2 - Summarize fundamental security concepts.
TOPICS: What Is Information Security?
KEYWORDS: Bloom's: Analyze
DATE CREATED: 11/30/2023 7:40 PM
DATE MODIFIED: 11/30/2023 7:40 PM
9. What type of entity would a threat actor most likely attack to steal design documents for a
relatively recently announced government-issued contract to design and build a missile defense
system?
a. Individual
b. Government
c. Enterprise
d. For-profit organization
ANSWER: c
RATIONALE: Government contracts are typically awarded to companies
(enterprises) with the expertise to satisfy the requirements
stipulated in the contract. Thus, the design documents for the
missile defense system would be developed by an enterprise. It
would make more sense to attack the enterprise designing the
missile defense system to try to obtain the design documents.
Considering it was announced relatively recently, the design
documents are likely in the early stages of development and still
within the physical scope of the enterprise.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Ciampa.Sec+8e.25.1.2 - Identify threat actors and their motivations.
ACCREDITING STANDARDS: Ciampa.SY0-701.25.2.1 - Compare and contrast common threat actors
and motivations.
TOPICS: Threat Actors and Their Motivations
KEYWORDS: Bloom's: Analyze
DATE CREATED: 11/30/2023 7:40 PM
DATE MODIFIED: 11/30/2023 7:40 PM
10. An attacker hacks into a cell phone with the intent of stealing credit card information. The
Copyright Cengage Learning. Powered by Cognero. Page 5
,Name: Class: Date:
Mod 01 Introduction to Information Security
attacker also tries to extend the nefarious activity to contacts in the victim's phone, and their
contacts as well. What entity was the attacker targeting?
a. An enterprise
b. A competitor
c. An individual
d. A government agency
ANSWER: c
RATIONALE: A category of targets focuses on individuals as the victims. Threat actors stea
data, credit card numbers, online financial account information, or Social Sec
profit from their victims.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Ciampa.Sec+8e.25.1.2 - Identify threat actors and their motivations.
ACCREDITING STANDARDS: Ciampa.SY0-701.25.2.1 - Compare and contrast common threat actors and motivati
TOPICS: Threat Actors and Their Motivations
KEYWORDS: Bloom's: Remember
DATE CREATED: 11/30/2023 7:40 PM
DATE MODIFIED: 11/30/2023 7:40 PM
11. A malicious actor lacking technical knowledge uses an attack tool to perform a sophisticated
attack. If the attacker is successful penetrating the defenses of the targeted organization, what
type of activity are they most likely to perform? Select two.
a. Blackmail
b. Copy data
c. Corrupt data
d. Disrupt service
e. Manipulate data
ANSWER: b, d
RATIONALE: Unskilled attackers employ easy-to-use attack tools to carry out
their attacks. They can often be successful in penetrating defenses,
particularly if the defenses are weak. Their motivation is usually
data exfiltration (unauthorized copying of data) or service
disruption (obstructing normal business electronic processes).
POINTS: 1
QUESTION TYPE: Multiple Response
HAS VARIABLES: False
LEARNING OBJECTIVES: Ciampa.Sec+8e.25.1.2 - Identify threat actors and their motivations.
ACCREDITING STANDARDS: Ciampa.SY0-701.25.2.1 - Compare and contrast common threat actors
and motivations.
TOPICS: Threat Actors and Their Motivations
KEYWORDS: Bloom's: Remember
DATE CREATED: 11/30/2023 7:40 PM
Copyright Cengage Learning. Powered by Cognero. Page 6
,Name: Class: Date:
Mod 01 Introduction to Information Security
DATE MODIFIED: 11/30/2023 7:40 PM
12. To bypass institutional overhead, a well-intentioned networking instructor purchases a
wireless router and connects it to the network. The goal is to allow students to establish
connectivity with each other by connecting through the wireless router. In what activity did the
instructor participate?
a. APT
b. Shadow IT
c. Insider threat
d. Ethical hacking
ANSWER: b
RATIONALE: The process of bypassing corporate approval for technology
purchases, such as buying a wireless router, is known as shadow
IT. In the question, the instructor's motivation was ethical (of
sound moral principle) but, nevertheless, it weakened security.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Ciampa.Sec+8e.25.1.2 - Identify threat actors and their motivations.
ACCREDITING STANDARDS: Ciampa.SY0-701.25.2.1 - Compare and contrast common threat actors
and motivations.
TOPICS: Threat Actors and Their Motivations
KEYWORDS: Bloom's: Remember
DATE CREATED: 11/30/2023 7:40 PM
DATE MODIFIED: 11/30/2023 7:40 PM
13. What would motivate organized crime actors to add cyberattacks to their portfolio of
malicious activities?
a. Espionage
b. Create chaos
c. Philosophical beliefs
d. Increased financial gain
ANSWER: d
RATIONALE: Evidence indicates that organized crime has moved into
cyberattacks, which they consider to be more rewarding than
traditional crimes. The motivation by organized crime is generally
financial gain.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Ciampa.Sec+8e.25.1.2 - Identify threat actors and their motivations.
ACCREDITING STANDARDS: Ciampa.SY0-701.25.2.1 - Compare and contrast common threat actors
and motivations.
TOPICS: Threat Actors and Their Motivations
Copyright Cengage Learning. Powered by Cognero. Page 7
, Name: Class: Date:
Mod 01 Introduction to Information Security
KEYWORDS: Bloom's: Remember
DATE CREATED: 11/30/2023 7:40 PM
DATE MODIFIED: 11/30/2023 7:40 PM
14. A criminal organization has decided to leave their traditional ways and pursue cyberattacks as
their new mode of operation. Why would they do this?
a. Easier to hide their tracks
b. Generate disruption
c. Less competition
d. Political beliefs
ANSWER: a
RATIONALE: Evidence indicates that organized crime has moved into
cyberattacks, which they consider to be less risky. This makes it
easier for them hide their tracks.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Ciampa.Sec+8e.25.1.2 - Identify threat actors and their motivations.
ACCREDITING STANDARDS: Ciampa.SY0-701.25.2.1 - Compare and contrast common threat actors
and motivations.
TOPICS: Threat Actors and Their Motivations
KEYWORDS: Bloom's: Remember
DATE CREATED: 11/30/2023 7:40 PM
DATE MODIFIED: 11/30/2023 7:40 PM
15. A work-study student works at the registrar's office and is given limited access to a student
database. The student is very technologically savvy and figures out a way of gaining additional
privileges. The student is not pleased with one of their grades and changes it. Which of the
following best describes the type of scenario this activity characterizes?
a. Cyberterrorism
b. Insider threat
c. Shadow IT
d. Revenge
ANSWER: b
RATIONALE: A serious threat to an enterprise comes from its own employees,
contractors, and business partners, called insiders. They pose an
insider threat because the threat is coming from an entity who is in
a position of trust, so they will not be suspected.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Ciampa.Sec+8e.25.1.2 - Identify threat actors and their motivations.
ACCREDITING STANDARDS: Ciampa.SY0-701.25.2.1 - Compare and contrast common threat actors
and motivations.
Copyright Cengage Learning. Powered by Cognero. Page 8
