CH1-questions.pdf

Full Transcript

CH1 True/False Questions:

1. Cybersecurity only focuses on protecting computer systems. F

2. Malware is software designed with malicious intent to cause harm to systems or individuals. T

3. Information security is only concerned with protecting digital information. F

4. A virus and a worm are the same type of malware. F

5. Intruders who access systems without authorization are generally called hackers. T

6. Insiders are generally considered less dangerous than external intruders. F

7. Nation-states can engage in information warfare, which targets an adversary’s data and systems. T

8. Cybersecurity is mostly concerned with physical threats to hardware, like theft. F

9. Correctness, isolation, and obfuscation are three major approaches to securing a system. T

10. Opportunistic targets are attacked because of their specific hardware or software. F

11. Criminal organizations typically plan their attacks for a longer period and with greater resources. T

12. One of the ethical concerns in cybersecurity is protecting users' privacy. T

13. In a cybersecurity kill chain, attacks follow a random series of events to reach their goal. F

14. Threat intelligence involves using information about malicious actors to defend a system. T

15. An internal threat actor is someone outside the organization. F

16. Obfuscation aims to make it harder for an attacker to determine if their attack was successful. T

17. Nation-states engaging in information warfare fall into the highly structured threat category. T

18. Hacking is the unauthorized use of computer systems, often for malicious purposes. T

19. Information security doesn’t include the protection of verbal or visual communication. F

20. Viruses require human action to spread, while worms can propagate themselves across networks. T

Shaima's Notes
Multiple Choice Questions (MCQs):

1. What does cybersecurity primarily focus on?

a) Protection of physical assets

b) Protection of digital assets

c) Protection of paper documents

d) Protection of intellectual property

2. Which of the following is NOT a common threat to security?

a) Viruses

b) Insiders

c) Firewalls

d) Criminal organizations

3. Malware is best described as:

a) Software used to protect systems

b) Software with a nefarious purpose

c) Hardware-based protection

d) An encryption tool

4. What is the term for deliberate access to computer systems without authorization?

a) Phishing

b) Hacking

c) Encryption

d) Monitoring

Shaima's Notes
5. Which of the following is considered an internal threat?

a) Terrorists

b) Insiders

c) External hackers

d) Criminal organizations

6. What distinguishes criminal organizations from other threat actors?

a) Lack of financial backing

b) High level of planning and resources

c) Randomness of attacks

d) Limited technological expertise

7. Which threat category do nation-states typically fall under?

a) Opportunistic

b) Unstructured

c) Highly structured

d) Internal

8. What does the 'isolation' approach in cybersecurity involve?

a) Encrypting data

b) Physically separating systems

c) Making systems harder to access

d) Ensuring correct system updates

Shaima's Notes
9. In an opportunistic target attack, the attacker:

a) Is targeting specific vulnerabilities

b) Has chosen the organization for a political reason

c) Is focused on nation-state information warfare

d) Is targeting a well-known organization

10. A key method of defense in cybersecurity is:

a) Backing up data

b) Correctness

c) Obfuscation

d) Hiding servers

11. Which type of malware replicates itself across networks without human intervention?

a) Virus

b) Trojan

c) Worm

d) Spyware

12. Which of the following is an ethical concern in cybersecurity?

a) Data breach reporting

b) Hacktivism

c) Protecting hardware

d) Installing software updates

Shaima's Notes
13. What is the primary goal of threat intelligence?

a) Detecting vulnerabilities

b) Collecting data about attackers

c) Allocating resources to defend against threats

d) Identifying system weaknesses

14. Which type of attack follows a predefined step-by-step process to target systems?

a) Social engineering

b) Phishing

c) Kill chain

d) Drive-by attack

15. A specific target attack is usually driven by:

a) An opportunistic discovery

b) An organizational or political motive

c) The presence of outdated software

d) Insider information

16. Correctness in cybersecurity refers to:

a) Ensuring the system is properly patched

b) Making systems harder to understand

c) Limiting access to specific networks

d) Encrypting sensitive information

Shaima's Notes
17. The primary focus of computer security is to:

a) Protect verbal communications

b) Protect intellectual property

c) Ensure a computer behaves as intended

d) Prevent phishing attacks

18. A characteristic of highly structured threats is:

a) Lack of planning

b) Strong financial backing

c) Random, unplanned attacks

d) Minimal resources

19. A common method of isolating systems from unauthorized use is:

a) Encryption

b) Access control

c) Social engineering

d) Kill chain analysis

20. Which of the following best describes information warfare?

a) Attacks aimed at disrupting hardware

b) Warfare conducted using encrypted messages

c) Targeting information and information processing equipment

d) Social engineering tactics against individuals

Shaima's Notes