Cybersecurity Essentials 1.1 Chapter 8 Quiz Answers Full Questions
Chapter 8: Becoming a Cybersecurity Specialist
1. If a person knowingly accesses a government computer without permission, what federal act laws would the person be subject to?
- SOX
- ECPA
- CFAA
- GLBA
2. Unauthorized visitors have entered a company office and are walking around the building. What two measures can be implemented to prevent unauthorized visitor access to the building? (Choose two.)
- Lock cabinets.
- Conduct security awareness training regularly.
- Prohibit exiting the building during working hours.
- Establish policies and procedures for guests visiting the building.
3. An auditor is asked to assess the LAN of a company for potential threats. What are three potential threats the auditor may point out? (Choose three.)
- unlocked access to network equipment
- a misconfigured firewall
- the acceptable use policy
- unauthorized port scanning and network probing
- complex passwords
- locked systems
4. A company has had several incidents involving users downloading unauthorized software, using unauthorized websites, and using personal USB devices. The CIO wants to put in place a scheme to manage the user threats. What three things might be put in place to manage the threats? (Choose three.)
- Provide security awareness training.
- Disable CD and USB access.
- Implement disciplinary action.
- Monitor all activity by the users.
- Change to thin clients.
- Use content filtering.
5. As part of HR policy in a company, an individual may opt-out of having information shared with any third party other than the employer. Which law protects the privacy of personal shared information?
- PCI
- FIRPA
- SOX
- GLBA
6. What can be used to rate threats by an impact score to emphasize important vulnerabilities?
- ACSC
- ISC
- NVD
- CERT
7. A breach occurs in a company that processes credit card information. Which industry specific law governs credit card data protection?
- SOX
- ECPA
- GLBA
- PCI DSS
8. Why is Kali Linux a popular choice in testing the network security of an organization?
- It can be used to test weaknesses by using only malicious software.
- It can be used to intercept and log network traffic.
- It is an open source Linux security distribution and contains over 300 tools.
- It is a network scanning tool that prioritizes security risks.
9. A company is attempting to lower the cost in deploying commercial software and is considering a cloud based service. Which cloud based service would be best to host the software?
- PaaS
- RaaS
- SaaS
- IaaS
10. A security professional is asked to perform an analysis of the current state of a company network. What tool would the security professional use to scan the network only for security risks?
- malware
- pentest
- packet analyzer
- vulnerability scanner
11. A consultant is hired to make recommendations on managing device threats in a company. What are three general recommendations that can be made? (Choose three.)
- Enable automated antivirus scans.
- Remove content filtering.
- Enforce strict HR policies.
- Disable administrative rights for users.
- Enable media devices.
- Enable screen lockout.
12. What three services does CERT provide? (Choose three.)
- develop tools, products, and methods to conduct forensic examinations
- enforce software standards
- develop tools, products, and methods to analyze vulnerabilities
- resolve software vulnerabilities
- develop attack tools
- create malware tools
13. What are two items that can be found on the Internet Storm Center website? (Choose two.)
- current laws
- InfoSec reports
- InfoSec job postings
- historical information
14. An organization has implemented a private cloud infrastructure. The security administrator is asked to secure the infrastructure from potential threats. What three tactics can be implemented to protect the private cloud? (Choose three.)
- Disable firewalls.
- Hire a consultant.
- Disable ping, probing, and port scanning.
- Grant administrative rights.
- Test inbound and outbound traffic.
- Update devices with security fixes and patches.
15. A school administrator is concerned with the disclosure of student information due to a breach. Under which act is student information protected?
- HIPPA
- CIPA
- FERPA
- COPPA
16. What are the three broad categories for information security positions? (Choose three.)
- seekers
- doers
- builders
- creators
- monitors
- definers
17. What are three disclosure exemptions that pertain to the FOIA? (Choose three.)
- information specifically non-exempt by statue
- confidential business information
- public information from financial institutions
- law enforcement records that implicate one of a set of enumerated concerns
- non-geological information regarding wells
- national security and foreign policy information
18. As a security professional, there is a possibility to have access to sensitive data and assets. What is one item a security professional should understand in order to make informed ethical decisions?
- cloud providers
- potential gain
- partnerships
- laws governing the data
- potential bonus
19. What are two potential threats to applications? (Choose two.)
- unauthorized access
- data loss
- power interruptions
- social engineering