1. Which of the following is generally viewed as the first Internet worm to have caused significant damage and to have "brought the Internet down"?
A. Melissa
B. The "Love Bug"
C. The Morris worm
D. Code Red
2. Which of the following individuals was convicted of various computer crimes and was known for his ability to conduct successful social engineering attacks?
A. Kevin Mitnick
B. Vladimir Levin
C. Timothy Lloyd
D. David Smith
3. Which virus/worm was credited with reaching global proportions in less than ten minutes?
A. Code Red
B. The Morris worm
C. Melissa
D. Slammer
4. An attacker who feels that using animals to make fur coats is unethical and thus defaces the web site of a company that
sells fur coats is an example of:
A. Information warfare
B. Hacktivisim
C. Cyber crusading
D. Elite hacking
5. What is the most common form of authentication used?
A. Smart card
B. Tokens
C. Username/password
D. Retinal scan
6. The Components of CIA triangle are
A. Corporate secrecy, Integrity, and Availability
B. Confidentiality, Integrity, and Access
C. Confidentiality, Integrity, and Availability
D. Confidentiality, Information Security, and Availability
7. Which of the following concepts requires users and system processes to use the minimal amount of permission necessary to
function?
A. Layer defense
B. Diversified defense
C. Simple Security Rule
D. Least privilege
8. The Bell-LaPadula security model is an example of a security model that is based on:
A. The integrity of the data
B. The availability of the data
C. The confidentiality of the data
D. The authenticity of the data
9. The term used to describe the requirement that different portions of a critical process must be performed by different people
is:
A. Least privilege
B. Defense in depth
C. Separation of duties
D. Job rotation
10. Hiding information to prevent disclosure is an example of:
A. Security through obscurity
B. Certificate-based security
C. Discretionary data security
D. Defense in depth
11. The concept of blocking an action unless it is specifically authorized is:
A. Implicit deny
B. Least privilege
C. Simple Security Rule
D. D. Hierarchical defense model
12. Which of the following correctly defines qualitative risk management?
A. The process of objectively determining the impact of an event that affects a project,program, or business.
B. The process of subjectively determining the impact of an event that affects a project,program, or business.
C. The loss that results when a vulnerability is exploited by a threat.
D. To reduce the likelihood of a threat occurring.
13. Which of the following correctly defines risk?
A. The risks still remaining after an iteration of risk management.
B. The loss that results when a vulnerability is exploited by a threat.
C. Any circumstance or event with the potential to cause harm to an asset.
D. The possibility of suffering harm or loss.
14. Single loss expectancy (SLE) can best be defined by which of the following equations?
A. SLE = annualized loss expectancy * annualized rate of occurrence
B. SLE = asset value * exposure factor
C. SLE = asset value * annualized rate of occurrence
D. SLE = annualized loss expectancy * exposure factor
15. Which of the following correctly defines a Gantt chart?
A. A method of identifying items that are related and then identifying the principle that ties them together into a group
B. A management tool for diagramming schedules, events, and activity duration
C. A single-page form used to document new risks as they occur
D. A diagram depicting interdependencies between project activities, showing the sequence and duration of each activity
16. Which of the following correctly defines residual risk?
A. The risks still remaining after an iteration of risk management
B. The possibility of suffering a loss
C. The result of a vulnerability being exploited by a threat that results in a loss
D. D. Characteristics of an asset that can be exploited by a threat to cause harm
17. Which of the following statements about risk is true?
A. A manager can accept the risk, which will reduce the risk.
B. The risk itself doesn't really change. However, actions can be taken to reduce the impact of the risk.
C. A manager can transfer the risk, which will reduce the risk.
D. A manager can take steps to increase the risk.