1. Which of the following methods is used
to check the integrity of data?
a) Backup
b) Hashes or checksums
c) Encryption
d) Authentication
Solution: b) Hashes or checksums
Explanation: Integrity ensures that system
information or processes are protected from
intentional or accidental modification. One way
to ensure integrity is to use a hash function or
checksum.
2. Which of the following statements
describes cyberwarfare?
a) Cyberwarfare is an attack carried out by a
group of script kiddies
b) Cyberwarfare is simulation software for Air
Force pilots that allows them to practice under
a simulated war scenario
c) Cyberwarfare is a series of personal
protective equipment developed for soldiers
involved in nuclear war
d) Cyberwarfare is an Internet-based conflict
that involves the penetration of information
systems of other nations
Solution: d) Cyberwarfare is an
Internet-based conflict that involves the
penetration of information systems of other
nations
Explanation: Cyberwarfare, as its name suggests,
is the use of technology to penetrate and attack
another nation’s computer systems and networks
in an effort to cause damage or disrupt
services, such as shutting down a power grid.
3. Which of the following methods can be
used to ensure confidentiality of
information? (Choose three correct
answers)
a) Backup
b) Version control
c) Data encryption
d) File permission settings
e) Two-factor authentication
f) Username ID and password
Solution: c) Data encryption, d) File
permission settings, e) Two-factor
authentication
Explanation: Methods to ensure confidentiality
include data encryption, identity proofing, and
two-factor authentication.
4. Which of the following pieces of
information would be classified as personal
data? (Select three correct answers)
a) Social security number
b) Driver license number
c) Date and place of birth
d) Job title
e) IP address
Solution: a) Social security number, b)
Driver license number, c) Date and place of
birth
Explanation: Personal data describes any
information about you, including your name,
social security number, driver license number,
date and place of birth, your mother’s maiden
name, and even pictures or messages that you
exchange with family and friends.
5. Why might internal security threats
cause greater damage to an organization than
external security threats?
a) Internal users have better hacking skills
b) Internal users have direct access to the
infrastructure devices
c) Internal users can access the organizational
data without authentication
d) Internal users can access the infrastructure
devices through the Internet
Solution: b) Internal users have direct
access to the infrastructure devices
Explanation: Internal threats have the potential
to cause greater damage than external threats
because internal users have direct access to the
building and its infrastructure devices.
Internal users may not have better hacking
skills than external attackers. Both internal
users and external users can access the network
devices through the Internet. A well-designed
security implementation should require
authentication before corporate data is
accessed, regardless of whether the access
request is from within the corporate campus or
from the outside network.
6. Which of the following is a key
motivation of a white hat attacker?
a) Taking advantage of any vulnerability for
illegal personal gain
b) Fine-tuning network devices to improve their
performance and efficiency
c) Studying operating systems of various
platforms to develop a new system
d) Discovering weaknesses of networks and
systems to improve the security level of these
systems
Solution: d) Discovering weaknesses of
networks and systems to improve the security
level of these systems
7. An individual user profile on a social
network site is an example of an ______
identity.
a) Online
b) Offline
Solution: a) Online
8. Cybersecurity is the ongoing effort to
protect individuals, organizations and
governments from digital attacks by
protecting networked systems and data from
unauthorized use or harm. What level of
cyber protection does each of the following
factors require?
Your online identity – Personal
A customer database – Organizational
Economic stability – Government
Solution: Your online identity – Personal,
A customer database – Organizational,
Economic stability – Government
9. Your neighbor tells you that they don’t
have an online identity. They have no social
media accounts and only use the Internet to
browse. Is your neighbor right?
a) Yes
b) No
Solution: b) No
10. What are the foundational principles
for protecting information systems as
outlined in the McCumber Cube? (Choose three
correct answers)
a) Access
b) Integrity
c) Scalability
d) Availability
e) Confidentiality
f) Intervention
Solution: b) Integrity, d) Availability, e)
Confidentiality
11. Can you identify why each of the
following organizations might be interested
in your online identity?
Internet service providers:
– They may be legally required to share your
online information with government surveillance
agencies or authorities
Advertisers:
– To monitor your online activities and send
targeted ads your way
Social media platforms:
– To gather information based on your online
activity, which is then shared with or sold to
advertisers for a profit
Websites:
– To track your activities using cookies in
order to provide a more personalized experience
12. Can you identify the cyber attacker
type from the following descriptions?
Make political statements in order to raise
awareness about issues that are important to
them –
Hacktivists
Gather intelligence or commit sabotage on
specific goals on behalf of their government
–
State-sponsored attackers
Use existing tools on the Internet to
launch a cyber attack –
Script kiddies
13. Stuxnet malware was designed for which
primary purpose?
a) To hijack and take control of targeted
computers
b) To cause physical damage to equipment
controlled by computers
c) To cause serious harm to workers in a nuclear
enrichment plant
Solution: b) To cause physical damage to
equipment controlled by computers
Explanation: Stuxnet malware was designed not
just to hijack targeted computers but to
actually cause physical damage to equipment
controlled by computers.