<p>Review Questions </p><p>1. Each of the following is a reason why it is difficult to defend against today’s attackers except ______.</p><p>A. speed of attacks</p><p>B. greater sophistication of attacks</p><p>C. complexity of attack tools</p><p>D. delays in patching hardware and work software products</p><p>2. A(n) _____ attack takes advantage of vulnerabilities that have not been previously revealed.</p><p>A. zero day </p><p>B. quick vulnerability assessment (QVA)</p><p>C. glamour</p><p>D. signature-based attack 3. _____ ensures that only authorized parties can view the information.</p><p>A. Availability</p><p>B. Integrity</p><p>C. Confidentiality</p><p>D. ICA</p><p>4. Each of the following is a successive layer in which information security is achieved except ______.</p><p>A. products</p><p>B. people</p><p>C. procedures</p><p>D. Intrusion Wormhole Defense (IWD)</p><p>5. A(n) _____ is a person or thing that has the power to carry out a threat. A. vulnerability</p><p>B. threat agent</p><p>C. exploit</p><p>D. risk factor</p><p>6. Each of the following is a goal of information security except ______.</p><p>A. Prevent data theft</p><p>B. Decrease user productivity</p><p>C. Avoid legal consequences</p><p>D. Foil cyberterrorism</p><p>7. The _____ requires that enterprises must guard protected health information and implement policies and procedures to safeguard it.</p><p>A. Health Insurance Portability and Accountability Act (HIPAA)</p><p>B. Sarbanes-Oxley Act (Sarbox)</p><p>C. Gramm-Leach-Bliley Act (GLBA)</p><p>D. Hospital Protection and Insurance Association Agreement (HPIAA)</p><p>8. Utility companies, telecommunications, and financial services are considered prime targets of _____ because attackers can significantly disrupt business and personal activities by destroying a few targets.</p><p>A. cyberterrorists</p><p>B. kiddie scripters</p><p>C. computer spies</p><p>D. blue hat hackers (BHH)</p><p>9. After an attacker probed a computer or network for information she would next ______.</p><p>A. modify security settings</p><p>B. penetrate any defenses</p><p>C. paralyze networks and devices D. circulate to other systems</p><p>10. An organization that purchased security products from different vendors in case an attacker circumvented the Brand A device, yet would have more difficulty trying to break through a Brand B device because they are different, is an example of ______.</p><p>A. obscurity</p><p>B. layering</p><p>C. limiting</p><p>D. diversity</p><p>11. _____ is a superset of information security and includes security issues that do not involve computers. </p><p>A. Google reconnaissance</p><p>B. Risk security (RS)</p><p>C. Information assurance (IA)</p><p>D. Asset restriction (AR)</p><p>12. _____ attacks come from multiple sources instead of a single source.</p><p>A. Distributed</p><p>B. Isolated</p><p>C. Script resource malware (SRM)</p><p>D. Form resource </p><p>13. _____ are a loose-knit network of attackers, identity thieves, and financial fraudsters.</p><p>A. Cybercriminals</p><p>B. Hackers</p><p>C. Spies </p><p>D. Script kiddies </p><p>14. Each of the following is a characteristic of cybercriminals except ______. A. low motivation</p><p>B. less risk-averse</p><p>C. better funded</p><p>D. more tenacious 15. Each of the following is a characteristic of cybercrime except ______.</p><p>A. targeted attacks against financial networks</p><p>B. unauthorized access to information</p><p>C. theft of personal information</p><p>D. exclusive use of worms and viruses</p><p>16. An example of a(n) _____ is a software defect in an operating system that allows an unauthorized user to gain access to a computer without a password</p><p>A. vulnerability</p><p>B. threat</p><p>C. threat agent</p><p>D. asset exploit (AE)</p><p>17. _____ requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information and to protect all electronic and paper containing personally identifiable financial information.</p><p>A. California Savings and Loan Security Act (CS&LSA)</p><p>B. USA Patriot Act</p><p>C. Sarbanes-Oxley Act (Sarbox)</p><p>D. Gramm-Leach-Bliley Act (GLBA) 18. The term _____ is commonly used in a generic sense to identify anyone who illegally breaks into a computer system.</p><p>A. hacker</p><p>B. cyberterrorist</p><p>C. Internet Exploiter D. cyberrogue</p><p>19. An example of _____would be not revealing the type of computer, operating system, software, and network connection a computer uses.</p><p>A. diversity</p><p>B. limiting</p><p>C. obscurity</p><p>D. layering</p><p>20. The _____ is primarily responsible for assessment, management, and implementation of security.</p><p>A. Chief Information Security Officer (CISO)</p><p>B. security manager</p><p>C. security administrator</p><p>D. security technician</p>