Cybersecurity and Its Ten Domains Quiz Answer. In this post you will get Quiz & Assignment Answer Of Cybersecurity and Its Ten Domains
Cybersecurity and Its Ten Domains Quiz
Offered By ”University System of Georgia”
Week- 1
Test Your Existing Knowledge
1.
Question 1
1.
A computer network is ____________.
1 point
- an interconnected computers or devices.
- a superhuman
- a TV show
- all of the above
2.
Question 2
A reason why cyber vulnerabilities will probably
never go away is:
1 point
- they are a result of the freedom and ease of communicating online.
- they are protected by Martians
- no one likes to fix problems
- all of the above
3.
Question 3
Which of the following exploit cyber
vulnerabilities?
1 point
- Governments
- Criminals
- Hacktivists
- All of the above
4.
Question 4
Hacking can be defined as creative
problem solving taking advantage of the properties of things in unexpected
ways. Based on this definition, which of the following is not a hack.
1 point
- Stealing an unlocked bicycle
- Using a bicycle to power a computer
- Building a working bicycle out of discarded umbrellas
- None of the above
5.
Question 5
Which of the following is a method of ensuring
that your information is kept confidential?
1 point
- Give away your password to everyone
- Encryption
- Watch more TV shows
- None of the above
6.
Question 6
How can you tell if a website encrypts its
traffic?
1 point
- Look for the lock symbol in a URL
- Google it
- All websites encrypt their traffic
- None of the above
7.
Question 7
What can you trust to be secure 100 percent of
the time?
1 point
- Text/SMS messages
- Emails
- Mobile apps
- None of the above
8.
Question 8
If you receive an email in which the person is
asking for your username and password, what should you do?
1 point
- Report it as a phishing/scam
- Reply to it and provide your username and password
- Ask for money
- None of the above
9.
Question 9
Which of the following is true about
cybersecurity?
1 point
- It is a problem faced by everyone due to the highly connected world we are in.
- It is a problem only for the rich
- It is not a problem at all.
- None of the above
10.
Question 10
This course covers ______ domains of
cybersecurity.
1 point
- 9
- 7
- 8
- 10
Week- 2
Peer-graded Assignment: Discussion — Role of Cyber Security
Introduction to Security, Access Control, and Software Development Security Quiz
1.
Question 1
Information security can best be defined as:
1 point
Stopping hackers from getting data
Restricting access to authorized users only
Encrypting data so that it can only authorized users can read it
Collection of technologies, standards polices and management practices that are applied to information to keep it secure
2.
Question 2
Without information, businesses could still function.
1 point
True
False
3.
Question 3
Valuing and protecting information are crucial tasks for organizations.
1 point
True
False
4.
Question 4
The implementation of Information security management is the same for all organizations.
1 point
True
False
5.
Question 5
Access control is the process of trying to determine a user’s identity.
1 point
True
False
6.
Question 6
Access controls can be defined as:
1 point
Having the ability to do something with a computer resource.
Proving a user’s identity.
Having the permission to use a resource.
7.
Question 7
Authorization can be defined as:
1 point
Having the ability to do something with a resource.
Having permission to use a resource.
Proving a user’s identity.
8.
Question 8
Authentication can be defined as:
1 point
Having permission to use a resource.
Having the ability to do something with a resource.
Proving a user’s identity.
9.
Question 9
Accountability can be defined as:
1 point
Having permission to use a resource.
Firing a user who does the wrong thing.
Tracking a user’s actions while in a system.
10.
Question 10
Confidentiality can be defined as:
1 point
Ensuring that information is not disclosed to unauthorized users.
Ensuring that information is accessible.
Ensuring that information has not been improperly modified or destroyed.
11.
Question 11
Integrity can be defined as:
1 point
Ensuring that information is accessible.
Ensuring that information is not disclosed to unauthorized users.
Ensuring that information has not been improperly modified or destroyed.
12.
Question 12
Availability can be defined as:
1 point
Ensuring that information has not been improperly modified or destroyed.
Ensuring that information is not disclosed to unauthorized users.
Ensuring that information is accessible.
13.
Question 13
Access, authentication, and authorization all mean the same thing.
1 point
True
False
14.
Question 14
Software security principles should be applied throughout the software development lifecycle.
1 point
True
False
Week- 3
Business Continuity and Disaster Recovery Planning and Cryptography Quiz
1.
Question 1
Organizations should have plans in place to deal with disruptive events.
1 point
True
False
2.
Question 2
Business continuity plans and disaster recovery plans are the same thing.
1 point
True
False
3.
Question 3
Used to identify operational and financial impacts resulting from a disruption of business operations.
1 point
BP
BIA
SOP
CFP
4.
Question 4
According to FEMA, the four phases of emergency management are:
1 point
Mitigation, response, intervention, and planning.
Mitigation, preparedness, quick action, and response.
Mitigation, preparedness, response and recovery.
Mitigation, reaction, recovery, and response .
5.
Question 5
The act of setting up a plan to ensure the survival of an organization:
1 point
Business continuity planning
Incident response management
Onsite backup and storage recovery
Disaster recovery implementation
6.
Question 6
A hot site can be described as:
1 point
A building for housing processors that can be easily adapted for use.
A building already equipped with processing capability and other services.
An agreement for two organizations to back each other up.
7.
Question 7
A cold site can be described as:
1 point
A building for housing processors that can be easily adapted for use.
A building already equipped with processing capability and other services.
An agreement for two organizations to back each other up.
8.
Question 8
A reciprocal agreement can be described as:
1 point
A building for housing processors that can be easily adapted for use.
A building already equipped with processing capability and other services.
An agreement for two organizations to back each other up.
9.
Question 9
Contingency plans should never be tested, since they most likely won’t ever be used.
1 point
False
True
10.
Question 10
Contingency plans should be written and periodically updated.
1 point
False
True
11.
Question 11
Encryption is used to stop unauthorized people from reading information.
1 point
True
False
12.
Question 12
Cryptography relies on the use of an algorithm and access controls.
1 point
False
True
13.
Question 13
Cryptographic system in which both sender and receiver share a common key.
1 point
Asymmetric
Symmetric
14.
Question 14
Cryptographic system in which a pair of keys is used, one made public and one kept private.
1 point
Symmetric
Asymmetric
15.
Question 15
Which cryptographic system is faster, in relative terms?
1 point
Symmetric
Asymmetric
16.
Question 16
Type of cryptographic system that combines symmetric and asymmetric features:
1 point
DES
Hybrid
Desperate
DSS
17.
Question 17
Used to determine if a message has been changed:
1 point
Asymmetric cryptography
Hybrid cryptographic system
Message digest
Symmetric cryptography
18.
Question 18
Prevents an individual from claiming he/she did not send a message:
1 point
Symmetric cryptography
Asymmetric crytography
Message digest
Electronic signature
Week- 4
Information Security Governance and Risk Management & Legal, Regulations, Investigations, and Compliance Quiz
1.
Question 1
Process by which the value of an organization’s information assets are assessed and protected:
1 point
Information security management
Vulnerability assessment
Business impact analysis
Cryptography
2.
Question 2
Building an information security management system is done by:
1 point
Systematic assessment of systems, technology and media used.
Appraisal of the costs of security breaches.
Development and deployment of countermeasures to threats.
None of the above
All of the above
3.
Question 3
A “one size fits all” approach to information security management is the best course of action for all businesses.
1 point
False
True
4.
Question 4
The role of information security governance is to ensure that all technical controls are put into place, regardless of cost.
1 point
False
True
5.
Question 5
Information security is viewed as a business support function.
1 point
True
False
6.
Question 6
Comparing tangible vs. intangible costs in projects is easy to do.
1 point
True
False
7.
Question 7
Organizations should have written security policies for employees.
1 point
True
False
8.
Question 8
Security policies should not be reviewed by corporate counsel before implementation.
1 point
False
True
9.
Question 9
Security policy distribution is a simple process.
1 point
False
True
10.
Question 10
For a security policy to be valid, employees must:
1 point
Ignore it if it interferes with job duties.
Be told where to find a copy of it.
Receive, read, understand, and agree to follow it.
Follow it only if they agree with it.
11.
Question 11
NIST and ISO have published standards for use by information security professionals.
1 point
False
True
12.
Question 12
ITIL is a standard that is not in wide use today.
1 point
True
False
13.
Question 13
Type of law where the victim is viewed as society itself:
1 point
Administrative
Criminal
Civil
14.
Question 14
Type of law where the victim is viewed as an individual, group, or organization:
1 point
Criminal
Civil
Administrative
15.
Question 15
Type of law enacted by government agencies:
1 point
Criminal
Civil
Administrative
16.
Question 16
Protects records and information maintained by U.S. government agencies:
1 point
Federal Privacy Act of 1974
HIPAA
PCI-DSS
GLBA
17.
Question 17
Guards protected health information from unauthorized use or disclosure:
1 point
Federal Privacy Act of 1974
PCI-DSS
HIPAA
GLBA
18.
Question 18
Ensures better protection of credit card holder data.
1 point
HIPAA
Federal Privacy Act of 1974
GLBA
PCI-DSS
19.
Question 19
Requires financial institutions to protect the confidentiality and integrity of consumer financial information:
1 point
HIPAA
Federal Privacy Act of 1974
PCI-DSS
GLBA
Week- 5
Operations Security & Physical and Environmental Security Quiz
1.
Question 1
The operations security team handles system maintenance tasks.
1 point
True
False
2.
Question 2
The operations security team is responsible for developing security policies and implementing them.
1 point
False
True
3.
Question 3
The operations security team should have a continuity of operations plan.
1 point
False
True
4.
Question 4
The act of assigning tasks to different personnel.
1 point
Need to know
Clean desk policy
Information sharing
Separation of duties
5.
Question 5
Separation of duties prevents one person from having total control of security measures.
1 point
True
False
6.
Question 6
Audit and monitoring functions allow for the identification of security events.
1 point
False
True
7.
Question 7
Examples of threats to the physical environment include:
1 point
Sabotage
Emergencies
Service interruptions
All of the above
8.
Question 8
Consideration of things like locks and security guards fall outside the physical environment domain.
1 point
True
False
9.
Question 9
Process used to protect unclassified information that can be used by an adversary.
1 point
Network security
Data security
Physical security
Operations security
10.
Question 10
Information that can be obtained freely, without breaking the law.
1 point
Open source
Private source
Back channel
Closed source
11.
Question 11
Anyone who can harm people, resources or a mission.
1 point
Ally
Evil
Teammate
Adversary
12.
Question 12
Which is not a step in the operations security process?
1 point
Analyze enemy intentions
Analyze threats
Identify critical information
Analyze vulnerabilities
13.
Question 13
Measures taken to protect systems, buildings, and infrastructure from threats in their physical environment.
1 point
Operations security
Client security
Physical and environmental security
Network security
14.
Question 14
Physical access controls do not need to address locations of system wiring.
1 point
False
True
15.
Question 15
Physical access controls restrict the entry and exit of personnel from an area.
1 point
True
False
16.
Question 16
What are the three routes possible for data interception, according to NIST?
1 point
Direct observation; reception interception; electromagnetic interception
Direct observation, rejected interception; psychometric interception
Direct observation; transmission interception; electromagnetic interception
Direct observation; transmission interception; psychometric interception
Week- 6
Security Architecture and Design & Telecommunications and Network Security Quiz
1.
Question 1
The OSI model has how many layers?
1 point
5
7
4
8
2.
Question 2
Which is not a layer in the OSI model?
1 point
Abstract
Application
Physical
Session
3.
Question 3
A component that leaves a system open to compromise
1 point
Vulnerability
Attack
Threat
None of the above
4.
Question 4
The potential for a violation of security
1 point
Threat
Vulnerability
Attack
None of the above
5.
Question 5
An attempted violation of a computing system or network
1 point
Attack
Threat
Vulnerability
None of the above
6.
Question 6
Organizations should carry out risk assessments to help find an acceptable balance between security and cost
1 point
True
False
7.
Question 7
The concept which holds that modification of data is allowed only by authorized users
1 point
Integrity
Confidentiality
Availability
None of the above
8.
Question 8
The concept which holds that data should only be accessed by those who have a legitimate right to do so
1 point
Confidentiality
Integrity
Availability
None of the above
9.
Question 9
The concept which holds that data should be useable by legitimate users, when they need to do so
1 point
Availability
Integrity
Confidentiality
None of the above
10.
Question 10
Type of attack described as the interception of messages without modification
1 point
Active
Passive
Sniffing
Shoulder surfing
11.
Question 11
Type of attack described as one in which an unauthorized change is attempted
1 point
Passive
Active
Shoulder surfing
Sniffing
12.
Question 12
Type of attack which involves the re-use of captured data at a later time
1 point
Masquerade
Denial of service
Message modification
Message replay
13.
Question 13
Type of attack which involves changing either packet header or payload contents
1 point
Message replay
Masquerade
Message modification
Denial of service
14.
Question 14
Type of attack which involves flooding a network or system with trafficQuestion text
1 point
Message modification
Masquerade
Denial of service
Message replay
15.
Question 15
Program that has hidden instructions to carry out malicious activity
1 point
Trojan
Virus
Worm
None of the above
16.
Question 16
Type of program that can replicate itself and create a high demand for services
1 point
Worm
Trojan
Virus
None of the above
17.
Question 17
Type of program that attaches itself to other programs in order to spread
1 point
Virus
Worm
Trojan
None of the above
18.
Question 18
Network routers have tables which may be vulnerable to attack
1 point
True
False
Course Certificate Final Exam
1.
Question 1
Information security can best be defined as:
1 point
Restricting
access to authorized users only
Stopping
hackers from getting data
Encrypting
data so that it can only authorized users can read it
Collection of technologies, standards polices and management practices that are applied to information to keep it secure
2.
Question 2
Without
information, businesses could still function.
1 point
True
False
3.
Question 3
Valuing
and protecting information are crucial tasks for organizations.
1 point
True
False
4.
Question 4
The
implementation of Information security management is the same for all
organizations.
1 point
True
False
5.
Question 5
Access
control is the process of trying to determine a user’s identity.
1 point
True
False
6.
Question 6
Access controls
can be defined as:
1 point
Proving a user’s identity
Having the ability to do something with a computer resource
Having the permission to use a resource
7.
Question 7
Authorization
can be defined as
1 point
Having the ability to do something with a resource
Having permission to use a resource
Proving a user’s identity
8.
Question 8
Authentication
can be defined as
1 point
Having the ability to do something with a resource
Having permission to use a resource
Proving a user’s identity
9.
Question 9
Accountability can be defined as
1 point
Tracking a user’s actions while in a system
Having permission to use a resource
Firing a user who does the wrong thing
10.
Question 10
Confidentiality
can be defined as
1 point
Ensuring that information is accessible
Ensuring that information is not disclosed to unauthorized users
Ensuring that information has not been improperly modified or destroyed
11.
Question 11
Integrity
can be defined as
1 point
Ensuring
that information is not disclosed to unauthorized users
Ensuring
that information has not been improperly modified or destroyed
Ensuring
that information is accessible
12.
Question 12
Availability
can be defined as
1 point
Ensuring
that information is accessible
Ensuring
that information has not been improperly modified or destroyed
Ensuring
that information is not disclosed to unauthorized users
13.
Question 13
Access,
authentication, and authorization all mean the same thing
1 point
True
False
14.
Question 14
Software
security principles should be applied throughout the software development
lifecycle
1 point
True
False
15.
Question 15
Organizations
should have plans in place to deal with disruptive events
1 point
True
False
16.
Question 16
Business
continuity plans and disaster recovery plans are the same thing
1 point
True
False
17.
Question 17
Used to
identify operational and financial impacts resulting from a disruption of
business operations
1 point
BP
BIA
SOP
CFP
18.
Question 18
According
to FEMA, the four phases of emergency management are
1 point
Mitigation,
reaction, recovery, and response
Mitigation, preparedness, response and recovery
Mitigation, response, intervention, and planning
Mitigation,
preparedness, quick action, and response
19.
Question 19
The act
of setting up a plan to ensure the survival of an organization
1 point
Onsite
backup and storage recovery
Incident
response management
Disaster
recovery implementation
Business
continuity planning
20.
Question 20
A hot
site can be described as
1 point
An
agreement for two organizations to back each other up
A
building for housing processors that can be easily adapted for use
A
building already equipped with processing capability and other services
21.
Question 21
A cold
site can be described as
1 point
An
agreement for two organizations to back each other up
A
building already equipped with processing capability and other services
A
building for housing processors that can be easily adapted for use
22.
Question 22
A
reciprocal agreement can be described as
1 point
An
agreement for two organizations to back each other up
A
building already equipped with processing capability and other services
A
building for housing processors that can be easily adapted for use
23.
Question 23
Contingency
plans should never be tested, since they most likely won’t ever be used
1 point
True
False
24.
Question 24
Contingency
plans should be written and periodically updated
1 point
True
False
25.
Question 25
Encryption
is used to stop unauthorized people from reading information
1 point
True
False
26.
Question 26
Cryptographic
system in which both sender and receiver share a common key
1 point
Asymmetric
Symmetric
27.
Question 27
Which
cryptographic system is faster, in relative terms
1 point
Symmetric
Asymmetric
28.
Question 28
Confidentiality can be achieved through?
1 point
Encryption
Hashing
Plaintext communication
Firewalls
29.
Question 29
Type of
cryptographic system that combines symmetric and asymmetric features
1 point
DSS
Desperate
DES
Hybrid
30.
Question 30
Prevents
an individual from claiming he/she did not send a message
1 point
Symmetric cryptography
Asymmetric
cryptography
Message
digest
Electronic signature
31.
Question 31
Process
by which the value of an organization’s information assets are assessed and
protected
1 point
Information security management
Vulnerability
assessment
Business
impact analysis
Cryptography
32.
Question 32
Building
an information security management system is done by
1 point
Systematic
assessment of systems, technology and media used
Appraisal
of the costs of security breaches
Development
and deployment of countermeasures to threats
All of the above
33.
Question 33
A “one
size fits all” approach to information security management is the best course
of action for all businesses
1 point
True
False
34.
Question 34
The
role of information security governance is to ensure that all technical
controls are put into place, regardless of cost
1 point
True
False
35.
Question 35
Information
security is viewed as a business support function
1 point
True
False
36.
Question 36
Comparing
tangible vs. intangible costs in projects is easy to do
1 point
True
False
37.
Question 37
Security
policies should not be reviewed by corporate counsel before implementation
1 point
True
False
38.
Question 38
NIST
and ISO have published standards for use by information security professionals
1 point
True
False
39.
Question 39
Protects
records and information maintained by U.S. government agencies
1 point
GLBA
HIPAA
PCI-DSS
Federal Privacy Act of 1974
40.
Question 40
Guards
protected health information from unauthorized use or disclosure
1 point
HIPAA
Federal Privacy Act of 1974
GLBA
PCI-DSS
41.
Question 41
Ensures
better protection of credit card holder data
1 point
Federal
Privacy Act of 1974
GLBA
HIPAA
PCI-DSS
42.
Question 42
Separation
of duties prevents one person from having total control of security measures
1 point
True
False
43.
Question 43
Audit
and monitoring functions allow for the identification of security events
1 point
True
False
44.
Question 44
Examples
of threats to the physical environment include:
1 point
Emergencies
Service
interruptions
Sabotage
All of the above
45.
Question 45
Consideration
of things like locks and security guards fall outside the physical environment
domain
1 point
True
False
46.
Question 46
The concept which holds that modification of
data is allowed only by authorized users
1 point
Integrity
Confidentiality
Availability
None of the above
47.
Question 47
The concept which holds that data should only be
accessed by those who have a legitimate right to do so
1 point
Integrity
Confidentiality
Availability
None of the above
48.
Question 48
The concept which holds that data should be
useable by legitimate users, when they need to do so
1 point
Availability
Confidentiality
Integrity
None of the above
49.
Question 49
Type of attack described as the interception of
messages without modification
1 point
Active
Passive
50.
Question 50
Type of attack described as one in which an
unauthorized change is attempted
1 point
Active
Passive
Sniffing
Shoulder surfing
