WGU C724 : Unit 7 - Module 11 (Quiz
Review)
What is the primary goal of information security? Correct answer- Reduce losses related
to losses in confidentiality, availability and integrity.
There are many different kinds of malware, which could be a spyware, worm, virus, or
Trojan horse. In general, any _______________________________________ that is
downloaded and stored on a computer hard drive can cause undesirable damage to the
computer or network system. Correct answer- Virus
There are several low-tech attacks that criminals can use to steal sensitive information
from individuals in public places. One of the most common methods is
____________________________, in which individuals are offered a gift for completing
an application for a credit card. Correct answer- Quid Pro Quo
The U.S. government enacted legislation and regulations to protect privacy and do what
else? Correct answer- Enact and enforce security, and manage and retain
documentation - Such laws and regulations include the Health Insurance Portability and
Accountability Act (HIPAA) of 1996, the Financial Services Modernization Act (aka
Gramm-Leach-Bliley Act) of 1999, and the Public Company Accounting Reform and
Investor Act (aka Sarbanes-Oxley Act) of 2002.
What can be used to counter the risks, vulnerabilities, and threats experienced by
managers in organizations? Correct answer- Security Measures
Which of the following is NOT a component of an organization's framework for security
and control? Correct answer- Cost-Benefit Analysis
[True/False] To gain entry to secured location at airports or the building of some
government agencies, a photo identification (which is classified as a knowledge
authentication method) is all you need to have. Correct answer- False - Photo
identification is an identity method, not knowledge method.
Computer-based actions are actions that involved the use of a computer. Which of the
following is NOT a computer-based action? Correct answer- Randomizing your online
behavior - a behavioral action that can help to deter cyber attack.
The disaster recovery plan (DRP) addresses several issues when an emergency
occurs. What item below would NOT be addressed in a DRP? Correct answer-
Businesses perform regular backups for operational databases.
, Which of the following networks is the easiest for someone to gain access to? Correct
answer- Wireless Networks - not all wireless routers are secure and protected, so
access is open.
(Select all that apply). People access the Internet all the time. What is considered
acceptable online conduct? Correct answer- Be careful with the sites you visit.
Check content before you download it.
Identity theft can be very devastating to innocent victims. What is the first step that
people can take to help lessen the severity of risk and to help mitigate or eliminate other
risks if their identities are stolen in the future? Correct answer- Understand which assets
are irreplaceable and how they are vulnerable.
The purpose of information security is to protect the information from illegal use and
unauthorized access. Which of the following is NOT part of the triad encompassing the
three categories of threats to information assets? Correct answer- Security - the three
goals of information security are Confidentiality, Integrity, and Availability.
All cyber threats or attacks are associated with computers; therefore, all computer risks
are limited to ________________________. Correct answer- Both high-tech and low-
tech attacks.
Criminals use low-tech attacks to steal sensitive information from individuals in public
places. One method is called
_____________________________________, which is leaving a jump drive
unattended in a parking lot and waiting for someone else to pick it up and connect it to
their home computer. Correct answer- Baiting
Businesses encounter losses as a direct result of exposure to security threats or risks.
Which choice would NOT be a direct loss? Correct answer- Employee Turnover
[True/False] Environmental risks alone can be easily addressed. However, the human
factor increases the challenge of mitigating environmental risks. Correct answer- True
What kind of controls manages the restrictions that employees may have to the
corporate data resources? Correct answer- Application - Application controls is a type of
configured restrictions within a specific software application, such as restrictions on the
employees who might request supplier payments, authorize payment for goods, or send
checks to suppliers.
There are two primary concepts within information security. The ____________
concept, otherwise known informally as need-to-know, indicates that access should only
be provided to those who need it to complete tasks in their job. Correct answer-
Principle of Least Privilege
Review)
What is the primary goal of information security? Correct answer- Reduce losses related
to losses in confidentiality, availability and integrity.
There are many different kinds of malware, which could be a spyware, worm, virus, or
Trojan horse. In general, any _______________________________________ that is
downloaded and stored on a computer hard drive can cause undesirable damage to the
computer or network system. Correct answer- Virus
There are several low-tech attacks that criminals can use to steal sensitive information
from individuals in public places. One of the most common methods is
____________________________, in which individuals are offered a gift for completing
an application for a credit card. Correct answer- Quid Pro Quo
The U.S. government enacted legislation and regulations to protect privacy and do what
else? Correct answer- Enact and enforce security, and manage and retain
documentation - Such laws and regulations include the Health Insurance Portability and
Accountability Act (HIPAA) of 1996, the Financial Services Modernization Act (aka
Gramm-Leach-Bliley Act) of 1999, and the Public Company Accounting Reform and
Investor Act (aka Sarbanes-Oxley Act) of 2002.
What can be used to counter the risks, vulnerabilities, and threats experienced by
managers in organizations? Correct answer- Security Measures
Which of the following is NOT a component of an organization's framework for security
and control? Correct answer- Cost-Benefit Analysis
[True/False] To gain entry to secured location at airports or the building of some
government agencies, a photo identification (which is classified as a knowledge
authentication method) is all you need to have. Correct answer- False - Photo
identification is an identity method, not knowledge method.
Computer-based actions are actions that involved the use of a computer. Which of the
following is NOT a computer-based action? Correct answer- Randomizing your online
behavior - a behavioral action that can help to deter cyber attack.
The disaster recovery plan (DRP) addresses several issues when an emergency
occurs. What item below would NOT be addressed in a DRP? Correct answer-
Businesses perform regular backups for operational databases.
, Which of the following networks is the easiest for someone to gain access to? Correct
answer- Wireless Networks - not all wireless routers are secure and protected, so
access is open.
(Select all that apply). People access the Internet all the time. What is considered
acceptable online conduct? Correct answer- Be careful with the sites you visit.
Check content before you download it.
Identity theft can be very devastating to innocent victims. What is the first step that
people can take to help lessen the severity of risk and to help mitigate or eliminate other
risks if their identities are stolen in the future? Correct answer- Understand which assets
are irreplaceable and how they are vulnerable.
The purpose of information security is to protect the information from illegal use and
unauthorized access. Which of the following is NOT part of the triad encompassing the
three categories of threats to information assets? Correct answer- Security - the three
goals of information security are Confidentiality, Integrity, and Availability.
All cyber threats or attacks are associated with computers; therefore, all computer risks
are limited to ________________________. Correct answer- Both high-tech and low-
tech attacks.
Criminals use low-tech attacks to steal sensitive information from individuals in public
places. One method is called
_____________________________________, which is leaving a jump drive
unattended in a parking lot and waiting for someone else to pick it up and connect it to
their home computer. Correct answer- Baiting
Businesses encounter losses as a direct result of exposure to security threats or risks.
Which choice would NOT be a direct loss? Correct answer- Employee Turnover
[True/False] Environmental risks alone can be easily addressed. However, the human
factor increases the challenge of mitigating environmental risks. Correct answer- True
What kind of controls manages the restrictions that employees may have to the
corporate data resources? Correct answer- Application - Application controls is a type of
configured restrictions within a specific software application, such as restrictions on the
employees who might request supplier payments, authorize payment for goods, or send
checks to suppliers.
There are two primary concepts within information security. The ____________
concept, otherwise known informally as need-to-know, indicates that access should only
be provided to those who need it to complete tasks in their job. Correct answer-
Principle of Least Privilege
