, TESTBANK FOR Management of Cybersecurity 7th Edition Whitman
Important Notes
The file includes the complete test bank, organized chapter by chapter.
A sample of selected pages has been provided for preview.
All available appendices and Excel files (if included in the original resources) are
provided.
We continuously update our files to ensure you receive the latest and most accurate
editions.
New editions are added regularly – stay connected for updates!
✅ Why Buy From Us?
📚 Complete & organized chapter-by-chapter – no missing content, no guessing.
⚡ Instant digital delivery – get your file the moment you pay, no waiting.
📅 Always up to date – we track new editions so you always get the latest version.
💬 Friendly support – real humans ready to help, anytime you need us.
🔒 Safe & secure – thousands of satisfied students trust us every semester.
🛡️Our Guarantees
💰 Money-Back Guarantee: Not satisfied? We offer a full refund – no questions asked.
🔄 Wrong File? No Problem: Contact us and we will replace it immediately with the
correct version, free of charge.
⏰ 24/7 Support: We are always here – reach out anytime and expect a fast response.
Contact Email:
,Name: Class: Date:
Chapter 01 - Introduction
1. Which statement best supports who has cybersecurity responsibility in the company? (Choose all that apply.)
a. Cybersecurity is the responsibility of a small dedicated group of professionals in the company.
b. Cybersecurity is the responsibility of employees.
c. Cybersecurity is the responsibility of an employee's family.
d. Cybersecurity is the responsibility of the managers in the company.
ANSWER: a, b, d
2. Which of the following statements is correct?
a. The primary focus of cybersecurity is protecting information assets.
b. The primary focus of cybersecurity is protecting physical assets.
c. The primary focus of cybersecurity is monitoring network traffic.
d. The primary focus of cybersecurity is securing computing devices.
ANSWER: a
3. What characteristic of the CIA triad is concerned with preventing unauthorized access to data?
a. confidentiality
b. integrity
c. availability
d. authenticity
ANSWER: a
4. What characteristic of the CIA triad is concerned with ensuring the data is accurate and valid?
a. confidentiality
b. integrity
c. availability
d. authenticity
ANSWER: b
Copyright Cengage Learning. Powered by Cognero. Page 1
,Name: Class: Date:
Chapter 01 - Introduction
5. Which characteristic of the CIA triad should you prioritize when implementing a backup system to recover data in
the event of a disaster?
a. confidentiality
b. integrity
c. availability
d. authentication
ANSWER: c
6. Tom is tasked with ensuring that the company's database remains available to users even during a hardware failure.
Which of the following actions should Tom take to achieve this, focusing on the appropriate CIA triad attribute of
availability?
a. Encrypt the database to prevent unauthorized access.
b. Implement RAID (Redundant Array of Independent Disks) to protect against data loss.
c. Apply checksums and hashing algorithms to verify data integrity.
d. Set up multi-factor authentication for accessing the database.
ANSWER: b
7. Mary is configuring user access controls in Microsoft Active Directory to ensure that only authorized personnel can
access sensitive data. Which specific action should Mary take to address the appropriate CIA triad attribute of
confidentiality?
a. Set up user permissions to limit access to confidential files.
b. Schedule regular backups to ensure data recovery.
c. Implement checksums to verify data accuracy.
d. Enable logging to track user activities.
ANSWER: a
8. An organization wants to ensure that their data remains accessible even if a disk fails. Which action should they
take to address the appropriate CIA triad attribute of availability?
a. Encrypt all sensitive data stored on the disks.
b. Implement a RAID (Redundant Array of Independent Disks) system.
c. Use digital signatures to verify data authenticity.
d. Set up detailed logging and monitoring.
ANSWER: b
Copyright Cengage Learning. Powered by Cognero. Page 2
,Name: Class: Date:
Chapter 01 - Introduction
9. Which of the following scenarios best demonstrates the principle of defense in depth in access control?
a. A company uses firewalls, intrusion detection systems, and anti-virus software to protect its network.
b. A system administrator sets permissions so that users can only access files necessary for their job functions.
c. An organization encrypts its data to protect it during transmission over the Internet.
d. A user is required to enter a password and a one-time code sent to their phone to access the company's
VPN.
ANSWER: a
10. The company has recently implemented a security policy that requires all data to be incrementally backed up daily
with full backups weekly. Analyze the policy and determine which characteristic of the CIA triad it best exemplifies,
explaining your reasoning.
a. confidentiality, because it protects data from unauthorized access
b. integrity, because it ensures data remains accurate and unaltered
c. availability, because it ensures data can be restored and accessed even after a disaster
d. non-repudiation, because it ensures that actions can be tracked and verified
ANSWER: c
11. Which of the following represents a potential risk to an information asset?
a. hacker
b. vulnerability
c. attack
d. threat
ANSWER: d
12. What does an attack, sometimes called a threat event, represent?
a. a potential risk to an information asset and is defined as any event or circumstance that has the potential to
adversely affect operations and assets
b. an ongoing act against the asset that could result in a loss and is defined as any event or circumstance that
has the potential to adversely affect operations and assets
c. a potential vulnerability in an information asset and is defined as an exploit
d. potential attempts to damage or steal an organization's information or physical assets
ANSWER: b
Copyright Cengage Learning. Powered by Cognero. Page 3
,Name: Class: Date:
Chapter 01 - Introduction
13. Which is not a category of threats that represent a clear and present danger to an organization's people,
information, and systems?
a. theft
b. technological obsolescence
c. cryptography
d. software attacks
ANSWER: c
14. What category of threat would fit the examples of malware, website spoofing, or denial of service?
a. theft
b. technological obsolescence
c. cryptography
d. software attacks
ANSWER: d
15. Ahmad is considered a novice hacker that uses scripts through automated exploits to attack a system. What type of
novice hacker is Ahmad considered?
a. packet monkey
b. neophyte
c. white hat
d. script kiddie
ANSWER: d
16. Margaret received an important email from the CEO about a change in financial regulations and asked her to fill out
an attachment and send it back to the CEO immediately. What actions should Margaret take with this request?
(Choose all that apply.)
a. Download the attachment, fill it out, and send it immediately back.
b. Verify the authenticity of the email before doing anything.
c. Check the email for authenticity through looking at the email header and any links in the email.
d. She should ignore the email.
ANSWER: b, c
Copyright Cengage Learning. Powered by Cognero. Page 4
,Name: Class: Date:
Chapter 01 - Introduction
17. General Hospital's systems in Hollywood, California, are malfunctioning as a result of a ransomware attack. Not
only is the data encrypted, systems are impacted so severely that the staff had to go back to paper forms and data
collection. Which action should General Hospital not take based on the recommendations from Druva?
a. turn off all devices and disconnect from the network
b. find the source of the infection
c. alert all users
d. pay the ransom
ANSWER: d
18. Since he was pressed for time, Joe used the file transfer protocol (ftp) to upload documents to a server for
everyone to access. A week or so later Joe was notified that he has logged in from a location that he knows nothing
about. What should Joe do at a minimum?
a. He should contact the IT department and ask them to ignore the alert.
b. He should delete his account and start over.
c. He should change his password.
d. He should do nothing because he was notified in error.
ANSWER: c
19. Which of the following scenarios best illustrates the impact of a denial-of-service (DoS) attack on an organization's
operations?
a. An organization's network has overwhelmed a computer target's ability to handle incoming communications,
prohibiting legitimate users from accessing their systems.
b. An attacker encrypts an organization's sensitive data, thereby demanding ransom with a decryption key to
restore access to it.
c. An employee unknowingly clicks on a link in an email that installs malware on a company's computer to steal
login credentials.
d. An attacker gains unauthorized access to the organization's network by exploiting a vulnerability in the
operating system.
ANSWER: a
Copyright Cengage Learning. Powered by Cognero. Page 5
,Name: Class: Date:
Chapter 01 - Introduction
20. What is most likely the cause of an SQL injection of a web application?
a. The web application has a defect that exploits how the web server renders web pages.
b. The web page executes a malicious script within a client's web browser.
c. Developers failed to validate user input on a web form before passing it to a database.
d. The web page will hide sensitive information using a hidden form field in plaintext, which could be used in
attacks.
ANSWER: c
21. What are the roles that managers play within organizations? (Choose all that apply.)
a. Managers play an influential role.
b. Managers play a lead by example role.
c. Managers play an informational role.
d. Managers play a decisional role.
ANSWER: c, d
22. What are the roles that leaders play within organizations? (Choose all that apply.)
a. Leaders play an influential role.
b. Leaders play a lead by example role.
c. Leaders play an informational role.
d. Leaders play a decisional role.
ANSWER: a, b
23. Which of the following are the behavioral types of leaders? (Choose all that apply.)
a. influencer
b. democratic
c. laissez-faire
d. autocratic
ANSWER: b, c, d
Copyright Cengage Learning. Powered by Cognero. Page 6
,Name: Class: Date:
Chapter 01 - Introduction
24. What is the management theory that uses core principles of planning, organizing, staffing, and controlling?
a. traditional management theory
b. popular management theory
c. modern management theory
d. ancient management theory
ANSWER: a
25. What is the management theory that uses core principles of planning, organizing, leading, and controlling?
a. traditional management theory
b. popular management theory
c. modern management theory
d. new age management theory
ANSWER: b
26. Sixco is a cybersecurity government contractor located in Northern Virginia. Sandy, a Sixco leader, calls a meeting
after a major breach occurred in the agency that Sixco supports. She brings all the managers together, tells them
exactly what each of them are going to do, and when she expects a report from all of them. What type of leader
would Sandy be considered?
a. influencer
b. democratic
c. laissez-faire
d. autocratic
ANSWER: d
27. Jack's Pizza is a chain restaurant located in 13 states. They have hired a CISO called Max to handle the
cybersecurity operations of all the pizza chains. Max brings all his staff together to discuss the overall organization's
strategy for cybersecurity. He solicits all their input and creates a strategy from the dialogue he had with his team.
What type of leader would Max be considered?
a. influencer
b. democratic
c. laissez-faire
d. autocratic
ANSWER: b
Copyright Cengage Learning. Powered by Cognero. Page 7
, Name: Class: Date:
Chapter 01 - Introduction
28. Susie is a manager at Lisco, a pharmaceutical company in charge of cybersecurity for the organization. She has
been tasked by Julie, her boss, to create a strategy for the next five year period based on what she accomplished
the previous few years. Which of the following phases is Suzie using?
a. planning
b. organizing
c. leading
d. controlling
ANSWER: a
29. John, a help desk manager of an organization, received a confusing problem to solve for a customer. The problem
is related to a customer's computer being so slow and it was not before. John asks Molly to go research, present
several solutions for him to consider, and what she would recommend they do. Which phases of the problem-
solving process does Molly need to go through before meeting with her boss? (Choose all that apply.)
a. Recognize and Define the Problem
b. Gather Facts and Make Assumptions
c. Develop Possible Solutions
d. Analyze and Compare Possible Solutions
e. Select, Implement, and Evaluate
ANSWER: a, b, c, d
30. In what way does leadership differ from management?
a. Leaders administer the resources they are assigned by an organization while managers need to influence
others to gain their willing cooperation and achieve an objective by providing purpose, direction, and
motivation.
b. Leaders need to influence others to gain their willing cooperation and achieve an objective by providing
purpose, direction, and motivation while managers administer the resources they are assigned by an
organization.
c. Leaders do not need to influence others to gain their willing cooperation and achieve an objective by
providing purpose, direction, and motivation while managers administer the resources they are assigned by
an organization.
d. Leaders need to influence others to gain their willing cooperation and achieve an objective by providing
purpose, direction, and motivation while managers do not need to administer the resources they are assigned
by an organization.
ANSWER: b
Copyright Cengage Learning. Powered by Cognero. Page 8
Important Notes
The file includes the complete test bank, organized chapter by chapter.
A sample of selected pages has been provided for preview.
All available appendices and Excel files (if included in the original resources) are
provided.
We continuously update our files to ensure you receive the latest and most accurate
editions.
New editions are added regularly – stay connected for updates!
✅ Why Buy From Us?
📚 Complete & organized chapter-by-chapter – no missing content, no guessing.
⚡ Instant digital delivery – get your file the moment you pay, no waiting.
📅 Always up to date – we track new editions so you always get the latest version.
💬 Friendly support – real humans ready to help, anytime you need us.
🔒 Safe & secure – thousands of satisfied students trust us every semester.
🛡️Our Guarantees
💰 Money-Back Guarantee: Not satisfied? We offer a full refund – no questions asked.
🔄 Wrong File? No Problem: Contact us and we will replace it immediately with the
correct version, free of charge.
⏰ 24/7 Support: We are always here – reach out anytime and expect a fast response.
Contact Email:
,Name: Class: Date:
Chapter 01 - Introduction
1. Which statement best supports who has cybersecurity responsibility in the company? (Choose all that apply.)
a. Cybersecurity is the responsibility of a small dedicated group of professionals in the company.
b. Cybersecurity is the responsibility of employees.
c. Cybersecurity is the responsibility of an employee's family.
d. Cybersecurity is the responsibility of the managers in the company.
ANSWER: a, b, d
2. Which of the following statements is correct?
a. The primary focus of cybersecurity is protecting information assets.
b. The primary focus of cybersecurity is protecting physical assets.
c. The primary focus of cybersecurity is monitoring network traffic.
d. The primary focus of cybersecurity is securing computing devices.
ANSWER: a
3. What characteristic of the CIA triad is concerned with preventing unauthorized access to data?
a. confidentiality
b. integrity
c. availability
d. authenticity
ANSWER: a
4. What characteristic of the CIA triad is concerned with ensuring the data is accurate and valid?
a. confidentiality
b. integrity
c. availability
d. authenticity
ANSWER: b
Copyright Cengage Learning. Powered by Cognero. Page 1
,Name: Class: Date:
Chapter 01 - Introduction
5. Which characteristic of the CIA triad should you prioritize when implementing a backup system to recover data in
the event of a disaster?
a. confidentiality
b. integrity
c. availability
d. authentication
ANSWER: c
6. Tom is tasked with ensuring that the company's database remains available to users even during a hardware failure.
Which of the following actions should Tom take to achieve this, focusing on the appropriate CIA triad attribute of
availability?
a. Encrypt the database to prevent unauthorized access.
b. Implement RAID (Redundant Array of Independent Disks) to protect against data loss.
c. Apply checksums and hashing algorithms to verify data integrity.
d. Set up multi-factor authentication for accessing the database.
ANSWER: b
7. Mary is configuring user access controls in Microsoft Active Directory to ensure that only authorized personnel can
access sensitive data. Which specific action should Mary take to address the appropriate CIA triad attribute of
confidentiality?
a. Set up user permissions to limit access to confidential files.
b. Schedule regular backups to ensure data recovery.
c. Implement checksums to verify data accuracy.
d. Enable logging to track user activities.
ANSWER: a
8. An organization wants to ensure that their data remains accessible even if a disk fails. Which action should they
take to address the appropriate CIA triad attribute of availability?
a. Encrypt all sensitive data stored on the disks.
b. Implement a RAID (Redundant Array of Independent Disks) system.
c. Use digital signatures to verify data authenticity.
d. Set up detailed logging and monitoring.
ANSWER: b
Copyright Cengage Learning. Powered by Cognero. Page 2
,Name: Class: Date:
Chapter 01 - Introduction
9. Which of the following scenarios best demonstrates the principle of defense in depth in access control?
a. A company uses firewalls, intrusion detection systems, and anti-virus software to protect its network.
b. A system administrator sets permissions so that users can only access files necessary for their job functions.
c. An organization encrypts its data to protect it during transmission over the Internet.
d. A user is required to enter a password and a one-time code sent to their phone to access the company's
VPN.
ANSWER: a
10. The company has recently implemented a security policy that requires all data to be incrementally backed up daily
with full backups weekly. Analyze the policy and determine which characteristic of the CIA triad it best exemplifies,
explaining your reasoning.
a. confidentiality, because it protects data from unauthorized access
b. integrity, because it ensures data remains accurate and unaltered
c. availability, because it ensures data can be restored and accessed even after a disaster
d. non-repudiation, because it ensures that actions can be tracked and verified
ANSWER: c
11. Which of the following represents a potential risk to an information asset?
a. hacker
b. vulnerability
c. attack
d. threat
ANSWER: d
12. What does an attack, sometimes called a threat event, represent?
a. a potential risk to an information asset and is defined as any event or circumstance that has the potential to
adversely affect operations and assets
b. an ongoing act against the asset that could result in a loss and is defined as any event or circumstance that
has the potential to adversely affect operations and assets
c. a potential vulnerability in an information asset and is defined as an exploit
d. potential attempts to damage or steal an organization's information or physical assets
ANSWER: b
Copyright Cengage Learning. Powered by Cognero. Page 3
,Name: Class: Date:
Chapter 01 - Introduction
13. Which is not a category of threats that represent a clear and present danger to an organization's people,
information, and systems?
a. theft
b. technological obsolescence
c. cryptography
d. software attacks
ANSWER: c
14. What category of threat would fit the examples of malware, website spoofing, or denial of service?
a. theft
b. technological obsolescence
c. cryptography
d. software attacks
ANSWER: d
15. Ahmad is considered a novice hacker that uses scripts through automated exploits to attack a system. What type of
novice hacker is Ahmad considered?
a. packet monkey
b. neophyte
c. white hat
d. script kiddie
ANSWER: d
16. Margaret received an important email from the CEO about a change in financial regulations and asked her to fill out
an attachment and send it back to the CEO immediately. What actions should Margaret take with this request?
(Choose all that apply.)
a. Download the attachment, fill it out, and send it immediately back.
b. Verify the authenticity of the email before doing anything.
c. Check the email for authenticity through looking at the email header and any links in the email.
d. She should ignore the email.
ANSWER: b, c
Copyright Cengage Learning. Powered by Cognero. Page 4
,Name: Class: Date:
Chapter 01 - Introduction
17. General Hospital's systems in Hollywood, California, are malfunctioning as a result of a ransomware attack. Not
only is the data encrypted, systems are impacted so severely that the staff had to go back to paper forms and data
collection. Which action should General Hospital not take based on the recommendations from Druva?
a. turn off all devices and disconnect from the network
b. find the source of the infection
c. alert all users
d. pay the ransom
ANSWER: d
18. Since he was pressed for time, Joe used the file transfer protocol (ftp) to upload documents to a server for
everyone to access. A week or so later Joe was notified that he has logged in from a location that he knows nothing
about. What should Joe do at a minimum?
a. He should contact the IT department and ask them to ignore the alert.
b. He should delete his account and start over.
c. He should change his password.
d. He should do nothing because he was notified in error.
ANSWER: c
19. Which of the following scenarios best illustrates the impact of a denial-of-service (DoS) attack on an organization's
operations?
a. An organization's network has overwhelmed a computer target's ability to handle incoming communications,
prohibiting legitimate users from accessing their systems.
b. An attacker encrypts an organization's sensitive data, thereby demanding ransom with a decryption key to
restore access to it.
c. An employee unknowingly clicks on a link in an email that installs malware on a company's computer to steal
login credentials.
d. An attacker gains unauthorized access to the organization's network by exploiting a vulnerability in the
operating system.
ANSWER: a
Copyright Cengage Learning. Powered by Cognero. Page 5
,Name: Class: Date:
Chapter 01 - Introduction
20. What is most likely the cause of an SQL injection of a web application?
a. The web application has a defect that exploits how the web server renders web pages.
b. The web page executes a malicious script within a client's web browser.
c. Developers failed to validate user input on a web form before passing it to a database.
d. The web page will hide sensitive information using a hidden form field in plaintext, which could be used in
attacks.
ANSWER: c
21. What are the roles that managers play within organizations? (Choose all that apply.)
a. Managers play an influential role.
b. Managers play a lead by example role.
c. Managers play an informational role.
d. Managers play a decisional role.
ANSWER: c, d
22. What are the roles that leaders play within organizations? (Choose all that apply.)
a. Leaders play an influential role.
b. Leaders play a lead by example role.
c. Leaders play an informational role.
d. Leaders play a decisional role.
ANSWER: a, b
23. Which of the following are the behavioral types of leaders? (Choose all that apply.)
a. influencer
b. democratic
c. laissez-faire
d. autocratic
ANSWER: b, c, d
Copyright Cengage Learning. Powered by Cognero. Page 6
,Name: Class: Date:
Chapter 01 - Introduction
24. What is the management theory that uses core principles of planning, organizing, staffing, and controlling?
a. traditional management theory
b. popular management theory
c. modern management theory
d. ancient management theory
ANSWER: a
25. What is the management theory that uses core principles of planning, organizing, leading, and controlling?
a. traditional management theory
b. popular management theory
c. modern management theory
d. new age management theory
ANSWER: b
26. Sixco is a cybersecurity government contractor located in Northern Virginia. Sandy, a Sixco leader, calls a meeting
after a major breach occurred in the agency that Sixco supports. She brings all the managers together, tells them
exactly what each of them are going to do, and when she expects a report from all of them. What type of leader
would Sandy be considered?
a. influencer
b. democratic
c. laissez-faire
d. autocratic
ANSWER: d
27. Jack's Pizza is a chain restaurant located in 13 states. They have hired a CISO called Max to handle the
cybersecurity operations of all the pizza chains. Max brings all his staff together to discuss the overall organization's
strategy for cybersecurity. He solicits all their input and creates a strategy from the dialogue he had with his team.
What type of leader would Max be considered?
a. influencer
b. democratic
c. laissez-faire
d. autocratic
ANSWER: b
Copyright Cengage Learning. Powered by Cognero. Page 7
, Name: Class: Date:
Chapter 01 - Introduction
28. Susie is a manager at Lisco, a pharmaceutical company in charge of cybersecurity for the organization. She has
been tasked by Julie, her boss, to create a strategy for the next five year period based on what she accomplished
the previous few years. Which of the following phases is Suzie using?
a. planning
b. organizing
c. leading
d. controlling
ANSWER: a
29. John, a help desk manager of an organization, received a confusing problem to solve for a customer. The problem
is related to a customer's computer being so slow and it was not before. John asks Molly to go research, present
several solutions for him to consider, and what she would recommend they do. Which phases of the problem-
solving process does Molly need to go through before meeting with her boss? (Choose all that apply.)
a. Recognize and Define the Problem
b. Gather Facts and Make Assumptions
c. Develop Possible Solutions
d. Analyze and Compare Possible Solutions
e. Select, Implement, and Evaluate
ANSWER: a, b, c, d
30. In what way does leadership differ from management?
a. Leaders administer the resources they are assigned by an organization while managers need to influence
others to gain their willing cooperation and achieve an objective by providing purpose, direction, and
motivation.
b. Leaders need to influence others to gain their willing cooperation and achieve an objective by providing
purpose, direction, and motivation while managers administer the resources they are assigned by an
organization.
c. Leaders do not need to influence others to gain their willing cooperation and achieve an objective by
providing purpose, direction, and motivation while managers administer the resources they are assigned by
an organization.
d. Leaders need to influence others to gain their willing cooperation and achieve an objective by providing
purpose, direction, and motivation while managers do not need to administer the resources they are assigned
by an organization.
ANSWER: b
Copyright Cengage Learning. Powered by Cognero. Page 8
