Question 1

Internal auditors can be a threat agent by

Accepted Answer

A)  Excessive adherence to compliance 
B)  Lack of attention to detail 
C)  Lack of training 
D)  Causing outages 
A)  Excessive adherence to compliance 
B)  Lack of attention to detail 
C)  Lack of training 
D)  Causing outages A

Question 2

Threat agents are typically classified as

Accepted Answer

A)  External agents, internal agents and partners 
B)  Essentiality, and deferability 
C)  Internal auditors and help desk 
D)  Consultants, cloud service providers and suppliers 
A)  External agents, internal agents and partners 
B)  Essentiality, and deferability 
C)  Internal auditors and help desk 
D)  Consultants, cloud service providers and suppliers A

Question 3

As a threat action, social engineering is

Accepted Answer

A)  An activity performed by agents to compromise assets 
B)  Convincing users to do something they would not ordinarily do 
C)  Software that performs simple tasks automatically and repetitively, usually at the direction of another software 
D)  Malicious content entered by an end user on a web-based system 
A)  An activity performed by agents to compromise assets 
B)  Convincing users to do something they would not ordinarily do 
C)  Software that performs simple tasks automatically and repetitively, usually at the direction of another software 
D)  Malicious content entered by an end user on a web-based system B

Question 4

In the information security context, Black Tuesday refers to

Accepted Answer

A)  The day Google's stock fell by 50% immediately after its IPO 
B)  The day a company finally turns profitable for the year 
C)  The day the firm lost a bulk of its email 
D)  The typical day on which Microsoft releases patches 
A)  The day Google's stock fell by 50% immediately after its IPO 
B)  The day a company finally turns profitable for the year 
C)  The day the firm lost a bulk of its email 
D)  The typical day on which Microsoft releases patches

Question 5

In the context of internal security, partners are

Accepted Answer

A)  People external to the organization 
B)  People directly associated with the organization, often as employees 
C)  Third parties sharing a business relationship with the organization 
D)  All of the above 
A)  People external to the organization 
B)  People directly associated with the organization, often as employees 
C)  Third parties sharing a business relationship with the organization 
D)  All of the above

Question 6

Threats are

Accepted Answer

A)  Capabilities, intentions and attack methods of adversaries 
B)  Interactions between relevant agents, actions 
C)  Individuals, organizations or groups that originate a particular threat action 
D)  Activist groups 
A)  Capabilities, intentions and attack methods of adversaries 
B)  Interactions between relevant agents, actions 
C)  Individuals, organizations or groups that originate a particular threat action 
D)  Activist groups

Question 7

Threat actions are

Accepted Answer

A)  Activities performed by agents to compromise assets 
B)  Capabilities, intentions and attack methods of adversaries 
C)  Interactions between relevant agents, actions and assets 
D)  Individuals, organizations or groups that originate a particular threat action 
A)  Activities performed by agents to compromise assets 
B)  Capabilities, intentions and attack methods of adversaries 
C)  Interactions between relevant agents, actions and assets 
D)  Individuals, organizations or groups that originate a particular threat action

Question 8

OWASP is

Accepted Answer

A)  An organization that is attempting to make web applications more secure 
B)  A species of Wasp that is abundant in the United States 
C)  The wasp species that Grace Hooper discovered in the Harvard Mark II computer as the source of errors in the computer 
D)  The little faults and difficulties in inventions, as labeled by Thomas Edison 
A)  An organization that is attempting to make web applications more secure 
B)  A species of Wasp that is abundant in the United States 
C)  The wasp species that Grace Hooper discovered in the Harvard Mark II computer as the source of errors in the computer 
D)  The little faults and difficulties in inventions, as labeled by Thomas Edison

Question 9

External threat agents include

Accepted Answer

A)  Partners and suppliers 
B)  Activist groups and competitors 
C)  Help desk and janitorial services 
D)  Auditors and hurricanes 
A)  Partners and suppliers 
B)  Activist groups and competitors 
C)  Help desk and janitorial services 
D)  Auditors and hurricanes

Question 10

Natural causes include all of the following except

Accepted Answer

A)  Arson 
B)  Earthquake 
C)  Tornadoes 
D)  Hurricanes 
A)  Arson 
B)  Earthquake 
C)  Tornadoes 
D)  Hurricanes

Question 11

Unapproved software can be a threat action because

Accepted Answer

A)  The software may be exploited by hackers 
B)  Organizations do not like employees or users to pay for software 
C)  The software may take up hard disk space 
D)  The software may have been developed by a competitor 
A)  The software may be exploited by hackers 
B)  Organizations do not like employees or users to pay for software 
C)  The software may take up hard disk space 
D)  The software may have been developed by a competitor

Question 12

Threat models are

Accepted Answer

A)  Capabilities, intentions and attack methods of adversaries 
B)  Interactions between relevant agents, actions 
C)  Individuals, organizations or groups that originate a particular threat action 
D)  Activist groups 
A)  Capabilities, intentions and attack methods of adversaries 
B)  Interactions between relevant agents, actions 
C)  Individuals, organizations or groups that originate a particular threat action 
D)  Activist groups

Question 13

Partner threat agents include

Accepted Answer

A)  Activist groups and competitors 
B)  Consultants, cloud service providers and suppliers 
C)  Internal auditors and help desk 
D)  Competitors, organized groups and former employees 
A)  Activist groups and competitors 
B)  Consultants, cloud service providers and suppliers 
C)  Internal auditors and help desk 
D)  Competitors, organized groups and former employees

Question 14

The 419 Nigerian scam is an example of an)

Accepted Answer

A)  Partner 
B)  Activist group 
C)  Natural cause 
D)  Cybercrime 
A)  Partner 
B)  Activist group 
C)  Natural cause 
D)  Cybercrime

Question 15

In the context of information security, worms are

Accepted Answer

A)  Activities performed by agents to compromise assets 
B)  Malicious software that uses operating system or application vulnerabilities for propagation 
C)  Software that performs simple tasks automatically and repetitively, usually at the direction of another software 
D)  Malicious content entered by an end user on a web-based system 
A)  Activities performed by agents to compromise assets 
B)  Malicious software that uses operating system or application vulnerabilities for propagation 
C)  Software that performs simple tasks automatically and repetitively, usually at the direction of another software 
D)  Malicious content entered by an end user on a web-based system

Question 16

Phishing is

Accepted Answer

A)  An activity performed by agents to compromise assets 
B)  Convincing users to do something they would not ordinarily do 
C)  Using email to try and get a user to divulge confidential information 
D)  Malicious content entered by an end user on a web-based system 
A)  An activity performed by agents to compromise assets 
B)  Convincing users to do something they would not ordinarily do 
C)  Using email to try and get a user to divulge confidential information 
D)  Malicious content entered by an end user on a web-based system

Question 17

The goal of agents running a 419 Nigerian scam is to

Accepted Answer

A)  Damage the reputations of end users 
B)  Damage end user computers 
C)  Steal money 
D)  Steal intellectual property 
A)  Damage the reputations of end users 
B)  Damage end user computers 
C)  Steal money 
D)  Steal intellectual property

Question 18

Top management can be a threat agent by

Accepted Answer

A)  Abusing privileges 
B)  Lack of understanding of security issues 
C)  Pulling rank 
D)  All of the above 
A)  Abusing privileges 
B)  Lack of understanding of security issues 
C)  Pulling rank 
D)  All of the above

Question 19

Threat agents are

Accepted Answer

A)  Capabilities, intentions and attack methods of adversaries 
B)  Interactions between relevant agents, actions 
C)  Activist groups 
D)  Individuals, organizations or groups that originate a particular threat action 
A)  Capabilities, intentions and attack methods of adversaries 
B)  Interactions between relevant agents, actions 
C)  Activist groups 
D)  Individuals, organizations or groups that originate a particular threat action

Question 20

Most attacks on organizations originate from

Accepted Answer

A)  Internal agents 
B)  External agents 
C)  Partners 
D)  Competitors, organized groups and former employees 
A)  Internal agents 
B)  External agents 
C)  Partners 
D)  Competitors, organized groups and former employees

Internal auditors can be a threat agent by

Threat agents are typically classified as

As a threat action, social engineering is

In the information security context, Black Tuesday refers to

In the context of internal security, partners are

Threats are

Threat actions are

OWASP is

External threat agents include

Natural causes include all of the following except

Unapproved software can be a threat action because

Threat models are

Partner threat agents include

The 419 Nigerian scam is an example of an)

In the context of information security, worms are

Phishing is

The goal of agents running a 419 Nigerian scam is to

Top management can be a threat agent by

Threat agents are

Most attacks on organizations originate from

Introduction

System Administration

System Administration 2

Basic Information Security Model

Asset Identification and Characterization

Encryption Controls

Identity and Access Management

Hardware and Software Controls

Shell Scripting

Incident Handling

Incident Analysis

Policies, Standards and Guidelines

It Risk Analysis and Risk Management

Filters

Exam 6: Threats and Vulnerabilities

Internal auditors can be a threat agent by

Threat agents are typically classified as

As a threat action, social engineering is

In the information security context, Black Tuesday refers to

In the context of internal security, partners are

Threats are

Threat actions are

OWASP is

External threat agents include

Natural causes include all of the following except

Unapproved software can be a threat action because

Threat models are

Partner threat agents include

The 419 Nigerian scam is an example of an)

In the context of information security, worms are

Phishing is

The goal of agents running a 419 Nigerian scam is to

Top management can be a threat agent by

Threat agents are

Most attacks on organizations originate from

Introduction

System Administration

System Administration 2

Basic Information Security Model

Asset Identification and Characterization

Encryption Controls

Identity and Access Management

Hardware and Software Controls

Shell Scripting

Incident Handling

Incident Analysis

Policies, Standards and Guidelines

It Risk Analysis and Risk Management

Filters