TEST BANK For Principles of Information Security 7th
Edition by Whitman and Mattord
In information security, what can constitute a loss? - ANSWER: theft of information
a delay in transmitting information that results in a financial penalty
the loss of good will or a reputation
In information security, which of the following is an example of a threat actor? -
ANSWER: a force of nature such as a tornado that could destroy computer
equipment
a virus that attacks a computer network
a person attempting to break into a secure computer network
In what kind of attack can attackers make use of millions of computers under their
control in an attack against a single server or network? - ANSWER: distributed
Select the information protection item that ensures that information is correct and
that no unauthorized person or malicious software has altered that data. - ANSWER:
integrity
To date, the single most expensive malicious attack occurred in 2000, which cost an
estimated $8.7 billion. What was the name of this attack? - ANSWER: Love Bug
Under which laws are health care enterprises required to guard protected health
information and implement policies and procedures whether it be in paper or
electronic format? - ANSWER: HIPAA
What class of attacks use innovative attack tools and once a system is infected it
silently extracts data over an extended period? - ANSWER: Advanced Persistent
Threat
What level of security access should a computer user have to do their job? -
ANSWER: least amount
What process describes using technology as a basis for controlling the access and
usage of sensitive data? - ANSWER: technical controls
, What term best describes any premeditated, politically motivated attack against
information, computer systems, computer programs, and data which results in
violence against noncombatant targets by subnational groups or clandestine agents?
- ANSWER: cyberterrorism
What term describes a layered security approach that provides the comprehensive
protection? - ANSWER: defense-in-depth
What term is used to describe a group that is strongly motivated by ideology, but is
usually not considered to be well-defined and well-organized? - ANSWER: hactivists
What term is used to describe state-sponsored attackers that are used for launching
computer attacks against their foes? - ANSWER: nation state actors
What term refers to an action that provides an immediate solution to a problem by
cutting through the complexity that surrounds it? - ANSWER: silver bullet
What type of theft involves stealing another person's personal information, such as a
Social Security number, and then using the information to impersonate the victim,
generally for financial gain? - ANSWER: identity theft
Which law requires banks and financial institutions to alert customers of their
policies and practices in disclosing customer information? - ANSWER: Gramm-Leach-
Bliley
Which of the following are considered threat actors? (Choose all that apply.) -
ANSWER: brokers
competitors
Which of the following describes various supporting structures for implementing
security that provides a resource of how to create a secure IT environment? (Choose
all that apply.) - ANSWER: reference architectures
industry-standard frameworks
Which of the following ensures that data is accessible to authorized users? -
ANSWER: availability
Which of the following is a common security framework? (Choose all that apply.) -
ANSWER: ISO
COBIT
Edition by Whitman and Mattord
In information security, what can constitute a loss? - ANSWER: theft of information
a delay in transmitting information that results in a financial penalty
the loss of good will or a reputation
In information security, which of the following is an example of a threat actor? -
ANSWER: a force of nature such as a tornado that could destroy computer
equipment
a virus that attacks a computer network
a person attempting to break into a secure computer network
In what kind of attack can attackers make use of millions of computers under their
control in an attack against a single server or network? - ANSWER: distributed
Select the information protection item that ensures that information is correct and
that no unauthorized person or malicious software has altered that data. - ANSWER:
integrity
To date, the single most expensive malicious attack occurred in 2000, which cost an
estimated $8.7 billion. What was the name of this attack? - ANSWER: Love Bug
Under which laws are health care enterprises required to guard protected health
information and implement policies and procedures whether it be in paper or
electronic format? - ANSWER: HIPAA
What class of attacks use innovative attack tools and once a system is infected it
silently extracts data over an extended period? - ANSWER: Advanced Persistent
Threat
What level of security access should a computer user have to do their job? -
ANSWER: least amount
What process describes using technology as a basis for controlling the access and
usage of sensitive data? - ANSWER: technical controls
, What term best describes any premeditated, politically motivated attack against
information, computer systems, computer programs, and data which results in
violence against noncombatant targets by subnational groups or clandestine agents?
- ANSWER: cyberterrorism
What term describes a layered security approach that provides the comprehensive
protection? - ANSWER: defense-in-depth
What term is used to describe a group that is strongly motivated by ideology, but is
usually not considered to be well-defined and well-organized? - ANSWER: hactivists
What term is used to describe state-sponsored attackers that are used for launching
computer attacks against their foes? - ANSWER: nation state actors
What term refers to an action that provides an immediate solution to a problem by
cutting through the complexity that surrounds it? - ANSWER: silver bullet
What type of theft involves stealing another person's personal information, such as a
Social Security number, and then using the information to impersonate the victim,
generally for financial gain? - ANSWER: identity theft
Which law requires banks and financial institutions to alert customers of their
policies and practices in disclosing customer information? - ANSWER: Gramm-Leach-
Bliley
Which of the following are considered threat actors? (Choose all that apply.) -
ANSWER: brokers
competitors
Which of the following describes various supporting structures for implementing
security that provides a resource of how to create a secure IT environment? (Choose
all that apply.) - ANSWER: reference architectures
industry-standard frameworks
Which of the following ensures that data is accessible to authorized users? -
ANSWER: availability
Which of the following is a common security framework? (Choose all that apply.) -
ANSWER: ISO
COBIT
