Page | 1
ITN 260 Midterm Questions and Verified
Answers
Question: The Security Administrator reports directly to the CIO.
Ans: False
Question: The CompTIA Security+ certification is a vendor-neutral credential.
Ans: True
Question: Successful attacks are usually not from software that is poorly designed and has
architecture/design weaknesses.
Ans: False
Question: Smart phones give the owner of the device the ability to download security
updates.
Ans: False
Question: As security is increased, convenience is often increased.
Ans: False
Question: A vulnerability is a flaw or weakness that allows a threat to bypass security.
Ans: True
Question: To mitigate risk is the attempt to address risk by making the riskless serious.
Ans: True
Question: The Sarbanes-Oxley Act restricts electronic and paper data containing personally
identifiable financial information.
Ans: False
Question: One of the challenges in combating cyberterrorism is that many of the prime
targets are not owned and managed by the federal government.
, Page | 2
Ans: True
Question: Brokers steal new product research or a list of current customers to gain a
competitive advantage.
Ans: False
Question: What information security position reports to the CISO and supervises
technicians, administrators, and security staff?
Ans: Security Manager
Question: According to the U.S. Bureau of Labor Statistics, what percentage of growth for
information security analysts is the available job outlook supposed to reach through 2024?
Ans: 18
Question: Which position below is considered an entry-level position for a person who has
the necessary technical skills?
Ans: Security Technician
Question: What term refers to an action that provides an immediate solution to a problem
by cutting through the complexity that surrounds it?
Ans: Silver Bullet
Question: In what kind of attack can attackers make use of millions of computers under
their control in an attack against a single server or network?
Ans: Distributed
Question: Which term below is frequently used to describe the tasks of securing that is in a
digital format?
Ans: Information Security
Question: Which of the three protections ensures that only authorized parties can view
information?
Ans: Confidentiality
, Page | 3
Question: Select the information protection item that ensures that information is correct
and that no unauthorized person or malicious software has altered that data
Ans: Integrity
Question: Which of the following ensures that data is accessible to authorized users?
Ans: Availability
Question: In information security, what can constitute a loss?
Ans: All of the above
Question: In information security, which of the following is an example of a threat actor?
Ans: All of the above
Question: What type of theft involves stealing another person's personal information, such
as a Social Security number, and then using the information to impersonate the victim,
generally for financial gain?
Ans: Identity Theft
Question: Under which laws are healthcare enterprises required to guard protected health
information and implement policies and procedures whether it be in paper or electronic
format?
Ans: HIPAA
Question: Those who wrongfully disclose individually identifiable health information can
be fined up to what amount per calendar year?
Ans: 1,500,000
Question: Which law requires banks and financial institutions to alert customers of their
policies and practices in disclosing customer information?
Ans: Gramm-Leach-Bliley
Question: To date, the single most expensive malicious attack occurred in 2000, which cost
an estimated $8.7 billion. What was the name of this attack?
Ans: Love Bug
, Page | 4
Question: What term is used to describe a group that is strongly motivated by ideology, but
is usually not considered to be well-defined and well-organized?
Ans: Hactivists
Question: Which term is used to describe individuals who want to attack computers yet
lack the knowledge of computers and networks needed to do so?
Ans: script kiddies
Question: Select the term that best describes automated attack software?
Ans: open-source intelligence
Question: What class of attacks use innovative attack tools and once a system is infected it
silently extracts data over an extended period?
Ans: Advanced Persistent Threat
Question: What term is used to describe state-sponsored attackers that are used for
launching computer attacks against their foes?
Ans: nation state actors
Question: What term describes a layered security approach that provides the
comprehensive protection?
Ans: Defense-in-depth
Question: What process describes using technology as a basis for controlling the access and
usage of sensitive data?
Ans: technical controls
Question: What type of diversity is being implemented if a company is using multiple
security products from different manufacturers?
Ans: Vendor Diversity
Question: What level of security access should a computer user have to do their job?
Ans: Least amount
ITN 260 Midterm Questions and Verified
Answers
Question: The Security Administrator reports directly to the CIO.
Ans: False
Question: The CompTIA Security+ certification is a vendor-neutral credential.
Ans: True
Question: Successful attacks are usually not from software that is poorly designed and has
architecture/design weaknesses.
Ans: False
Question: Smart phones give the owner of the device the ability to download security
updates.
Ans: False
Question: As security is increased, convenience is often increased.
Ans: False
Question: A vulnerability is a flaw or weakness that allows a threat to bypass security.
Ans: True
Question: To mitigate risk is the attempt to address risk by making the riskless serious.
Ans: True
Question: The Sarbanes-Oxley Act restricts electronic and paper data containing personally
identifiable financial information.
Ans: False
Question: One of the challenges in combating cyberterrorism is that many of the prime
targets are not owned and managed by the federal government.
, Page | 2
Ans: True
Question: Brokers steal new product research or a list of current customers to gain a
competitive advantage.
Ans: False
Question: What information security position reports to the CISO and supervises
technicians, administrators, and security staff?
Ans: Security Manager
Question: According to the U.S. Bureau of Labor Statistics, what percentage of growth for
information security analysts is the available job outlook supposed to reach through 2024?
Ans: 18
Question: Which position below is considered an entry-level position for a person who has
the necessary technical skills?
Ans: Security Technician
Question: What term refers to an action that provides an immediate solution to a problem
by cutting through the complexity that surrounds it?
Ans: Silver Bullet
Question: In what kind of attack can attackers make use of millions of computers under
their control in an attack against a single server or network?
Ans: Distributed
Question: Which term below is frequently used to describe the tasks of securing that is in a
digital format?
Ans: Information Security
Question: Which of the three protections ensures that only authorized parties can view
information?
Ans: Confidentiality
, Page | 3
Question: Select the information protection item that ensures that information is correct
and that no unauthorized person or malicious software has altered that data
Ans: Integrity
Question: Which of the following ensures that data is accessible to authorized users?
Ans: Availability
Question: In information security, what can constitute a loss?
Ans: All of the above
Question: In information security, which of the following is an example of a threat actor?
Ans: All of the above
Question: What type of theft involves stealing another person's personal information, such
as a Social Security number, and then using the information to impersonate the victim,
generally for financial gain?
Ans: Identity Theft
Question: Under which laws are healthcare enterprises required to guard protected health
information and implement policies and procedures whether it be in paper or electronic
format?
Ans: HIPAA
Question: Those who wrongfully disclose individually identifiable health information can
be fined up to what amount per calendar year?
Ans: 1,500,000
Question: Which law requires banks and financial institutions to alert customers of their
policies and practices in disclosing customer information?
Ans: Gramm-Leach-Bliley
Question: To date, the single most expensive malicious attack occurred in 2000, which cost
an estimated $8.7 billion. What was the name of this attack?
Ans: Love Bug
, Page | 4
Question: What term is used to describe a group that is strongly motivated by ideology, but
is usually not considered to be well-defined and well-organized?
Ans: Hactivists
Question: Which term is used to describe individuals who want to attack computers yet
lack the knowledge of computers and networks needed to do so?
Ans: script kiddies
Question: Select the term that best describes automated attack software?
Ans: open-source intelligence
Question: What class of attacks use innovative attack tools and once a system is infected it
silently extracts data over an extended period?
Ans: Advanced Persistent Threat
Question: What term is used to describe state-sponsored attackers that are used for
launching computer attacks against their foes?
Ans: nation state actors
Question: What term describes a layered security approach that provides the
comprehensive protection?
Ans: Defense-in-depth
Question: What process describes using technology as a basis for controlling the access and
usage of sensitive data?
Ans: technical controls
Question: What type of diversity is being implemented if a company is using multiple
security products from different manufacturers?
Ans: Vendor Diversity
Question: What level of security access should a computer user have to do their job?
Ans: Least amount
