Quiz____?
1. What is the final step of a quantitative risk analysis?
A. Determine asset value.
B. Assess the annualized rate of occurrence.
C. Derive the annualized loss expectancy.
D. Conduct a cost.benefit analysis. -
Answer✓✓
D.
The final step of a quantitative risk analysis is conducting a cost/benefit analysis to
determine whether the organisation should implement proposed countermeasure(s).
Quiz____?
2. An evil twin attack that broadcasts a legitimate SSID for an unauthorised network is
an example of what category of threat?
Page 1 of 601
,A. Spoofing
B. Information disclosure
C. Repudiation
D. Tampering -
Answer✓✓
A.
Spoofing attacks use falsified identities. Spoofing attacks may use false IP addresses,
email addresses, names, or, in the case of an evil twin attack, SSIDs.
Quiz____?
3. Under the Digital Millennium Copyright Act (DMCA), what type of offenses do not
require prompt action by an Internet service provider after it receives a notification
of
infringement claim from a copyright holder?
A. Storage of information by a customer on a provider's server
B. Caching of information by the provider
C. Transmission of information over the provider's network by a customer
D. Caching of information in a provider search engine -
Answer✓✓
C.
The DMCA states that providers are not responsible for the transitory activities of
Page 2 of 601
,their users. Transmission of information over a network would qualify for this
exemption. The other activities listed are all nontransitory actions that require
remediation by the provider.
Quiz____?
4. FlyAway Travel has offices in both the European Union and the United States and
transfers personal information between those offices regularly. Which of the seven
requirements for processing personal information states that organizations must
inform individuals about how the information they collect is used?
A. Notice
B. Choice
C. Onward Transfer
D. Enforcement -
Answer✓✓
A.
The Notice principle says that organizations must inform individuals of the
information the organization collects about individuals and how the organization will
use it. These principles are based upon the Safe Harbor Privacy Principles issued by
the US Department of Commerce in 2000 to help US companies comply with EU and
Swiss privacy laws when collecting, storing, processing or transmitting data on EU or
Swiss citizens.
Page 3 of 601
, Quiz____?
5. Which one of the following is not one of the three common threat modeling
techniques?
A. Focused on assets
B. Focused on attackers
C. Focused on software
D. Focused on social engineering -
Answer✓✓
D.
The three common threat modeling techniques are focused on attackers, software,
and assets. Social engineering is a subset of attackers.
Quiz____?
6. Which one of the following elements of information is not considered personally
identifiable information that would trigger most US state data breach laws?
A. Student identification number
B. Social Security number
C. Driver's license number
Page 4 of 601
1. What is the final step of a quantitative risk analysis?
A. Determine asset value.
B. Assess the annualized rate of occurrence.
C. Derive the annualized loss expectancy.
D. Conduct a cost.benefit analysis. -
Answer✓✓
D.
The final step of a quantitative risk analysis is conducting a cost/benefit analysis to
determine whether the organisation should implement proposed countermeasure(s).
Quiz____?
2. An evil twin attack that broadcasts a legitimate SSID for an unauthorised network is
an example of what category of threat?
Page 1 of 601
,A. Spoofing
B. Information disclosure
C. Repudiation
D. Tampering -
Answer✓✓
A.
Spoofing attacks use falsified identities. Spoofing attacks may use false IP addresses,
email addresses, names, or, in the case of an evil twin attack, SSIDs.
Quiz____?
3. Under the Digital Millennium Copyright Act (DMCA), what type of offenses do not
require prompt action by an Internet service provider after it receives a notification
of
infringement claim from a copyright holder?
A. Storage of information by a customer on a provider's server
B. Caching of information by the provider
C. Transmission of information over the provider's network by a customer
D. Caching of information in a provider search engine -
Answer✓✓
C.
The DMCA states that providers are not responsible for the transitory activities of
Page 2 of 601
,their users. Transmission of information over a network would qualify for this
exemption. The other activities listed are all nontransitory actions that require
remediation by the provider.
Quiz____?
4. FlyAway Travel has offices in both the European Union and the United States and
transfers personal information between those offices regularly. Which of the seven
requirements for processing personal information states that organizations must
inform individuals about how the information they collect is used?
A. Notice
B. Choice
C. Onward Transfer
D. Enforcement -
Answer✓✓
A.
The Notice principle says that organizations must inform individuals of the
information the organization collects about individuals and how the organization will
use it. These principles are based upon the Safe Harbor Privacy Principles issued by
the US Department of Commerce in 2000 to help US companies comply with EU and
Swiss privacy laws when collecting, storing, processing or transmitting data on EU or
Swiss citizens.
Page 3 of 601
, Quiz____?
5. Which one of the following is not one of the three common threat modeling
techniques?
A. Focused on assets
B. Focused on attackers
C. Focused on software
D. Focused on social engineering -
Answer✓✓
D.
The three common threat modeling techniques are focused on attackers, software,
and assets. Social engineering is a subset of attackers.
Quiz____?
6. Which one of the following elements of information is not considered personally
identifiable information that would trigger most US state data breach laws?
A. Student identification number
B. Social Security number
C. Driver's license number
Page 4 of 601
