Information warfare is best described as ____.

one nation targeting another’s information systems as both target and weapon

criminals monetizing stolen data

insiders misusing legitimate access

vandalism by script kiddies only

A passive attack involves ____.

gathering information without altering resources

injecting malware to destroy data

Which statement defines a security policy?

A set of guidelines/practices that dictate how to secure sensitive resources

A deliberate act to bypass security

A tool to scan networks for vulnerabilities

A risk formula for decision-making

Risk management primarily involves _____.

identifying, assessing, and mitigating threats/uncertainties

stopping all business risks completely

purchasing cyber insurance only

Which is the correct general order of the risk management process?

Identify → Analyze → Prioritize (Evaluate) → Treat → Monitor/Review

Analyze → Identify → Prioritize → Treat → Monitor

Treat → Identify → Monitor → Analyze → Prioritize

Monitor → Treat → Identify → Analyze → Prioritize

Which is NOT typically cited as a reason risk management is important?

Increases unmonitored risk-taking

In risk assessment, which pairing is correct?

Qualitative → uses descriptive judgments; Quantitative → uses numerical models

Qualitative → requires precise math; Quantitative → relies only on intuition

Semi-quantitative → unrelated to either method

Quantitative → avoids any numbers

When should a risk assessment be conducted?

Before new processes/changes, when hazards are identified, or when new info emerges

Only after a breach is confirmed

Only for safety hazards, not information systems

Which option lists key steps of workplace risk assessment correctly?

Identify hazards → Assess risks → Control risks → Record findings → Review controls

Identify hazards → Control risks → Assess risks → Review controls → Record findings

Assess risks → Identify hazards → Record findings → Control risks → Review controls

Record findings → Control risks → Identify hazards → Assess risks → Review controls

Which are core components of a Risk Assessment Framework (RAF)?

Shared vocabulary, consistent assessment methods, reporting system

Security policy, antivirus, firewall

Penetration testing, red teaming, bug bounty

Backups, DR site, incident tickets

Which statement best defines threat assessment?

A process to structure identification, evaluation, and prioritization of potential threats

A tool to calculate dollar loss only

A physical security audit of facilities only

Which is a correct match for vulnerability assessment?

Systematic review of weaknesses; may include host, network/wireless, DB, and application scans

Legal compliance checklist only

In access control terminology, a subject is ____ and a resource is ____.

an active entity requesting access; an entity that contains information

a data file; the user requesting access

an authentication token; a password

a firewall rule; a network packet

What is the correct order in the three-step access process?

Identification → Authentication → Authorization

Authorization → Authentication → Identification

Identification → Authorization → Authentication

Authentication → Identification → Authorization

In biometrics, a Type I error occurs when ____.

an authorized user is falsely rejected

an impostor is falsely accepted

The Crossover Error Rate (CER) is ____.

the point where false rejection and false acceptance rates are equal

the error from replay attacks on passwords

the error rate of token time drift

Which is an example of an electronic monitoring (sniffing) password attack?

Intercepting credentials in transit and reusing them (replay)

Guessing passphrases based on personal info only

Looking over someone’s shoulder

Replacing the login page with a fake one locally only

A one-time/dynamic password system is primarily used to ____.

generate a new code per use/session for higher security

provide a single password for life

avoid multi-factor authentication

A time-based synchronous token uses ____ to compute codes.

a shared secret and the current time

a challenge value entered by the user (nonce)

Network security aims to protect the ____ of networks and the data they carry.

integrity, confidentiality, and availability

Which layers of network security were highlighted in the lesson?

Physical, Technical, Administrative

Transport, Session, Presentation

Network Access Control (NAC) focuses on ____.

identifying users/devices and enforcing policies to allow, restrict, or block access

assigning public IPs to servers

executing files/code in an isolated environment to observe behavior safely

installing apps in production directly

using containers for web servers only

Which list contains firewall types mentioned in the lesson?

Packet-filtering, stateful inspection, proxy, NGFW, cloud, WAF

Stateless, elastic, monolithic, quantum

A VPN primarily ____.

creates an encrypted tunnel and masks the user's IP address

blocks all malware at the gateway

replaces the need for passwords

Which statement accurately contrasts IDS vs IPS?

IDS detects and alerts; IPS detects and actively blocks/mitigates in real time

IDS runs on endpoints only; IPS runs on routers only

IDS is hardware-only; IPS is software-only

IDS is for wired; IPS is for wireless

A Web Application Firewall (WAF) is designed to ____.

shield web apps from attacks like SQL injection and XSS

replace anti-malware on endpoints

Industrial network security emphasizes ____.

segmenting OT networks and integrating OT insights into IT security tools

removing all segmentation for simplicity

Before rolling out a new cloud HR system, the IT team evaluates hazards, who may be harmed, and necessary controls. Which step is this?

Risk assessment (identify, assess, control, record, review)

A company deploys a time-based token plus password for VPN login and places a WAF in front of their portal. This combo MOST improves what?

Defense in depth across authentication and application layers

GEE 27 | Long Quiz - MIDTERMS

Authored by WILLIAM MALABANAN

Information Technology (IT)

University

Used 2+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

45 questions

Show all answers

MULTIPLE CHOICE QUESTION

45 sec • 1 pt

Which set lists the three key objectives of computer security known as the CIA triad?

Confidentiality, Integrity, Availability

Confidentiality, Control, Access

Communication, Integrity, Access

Control, Integrity, Availability

MULTIPLE CHOICE QUESTION

45 sec • 1 pt

A breach in confidentiality occurs when ____.

information is disclosed without authorization

information is improperly modified or destroyed

a system operates with unauthorized interference

access to a system is interrupted

MULTIPLE CHOICE QUESTION

45 sec • 1 pt

Which term refers to any weakness in a system’s design or operation that can be exploited?

Threat

Vulnerability

Risk

Countermeasure

MULTIPLE CHOICE QUESTION

45 sec • 1 pt

Which BEST describes an active attack?

Gathering information without affecting resources

A natural disaster disrupting operations

An attempt to modify resources or disrupt operations

Documenting security policies

MULTIPLE CHOICE QUESTION

45 sec • 1 pt

Which is considered a system resource (asset)?

Security policy

Hardware and software

Attack

Countermeasure

MULTIPLE CHOICE QUESTION

45 sec • 1 pt

The primary goal of a countermeasure is to ____.

increase the chance of an attack

reduce threats or vulnerabilities by preventing or minimizing attacks

create new vulnerabilities for testing

only detect attacks after they succeed

MULTIPLE CHOICE QUESTION

45 sec • 1 pt

Which term denotes the likelihood of loss due to a threat exploiting a vulnerability?

Risk

Threat

Vulnerability

Attack

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

50 questions

тест3

Quiz

•

University

50 questions

Кәсіби ағылшын 51 - 100

Quiz

•

University

45 questions

LATIHAN SAS INFORMATIKA KELAS 9

Quiz

•

9th Grade - University

50 questions

Pengantar Teknologi Informasi

Quiz

•

University

45 questions

TechJar Round 1

Quiz

•

University

40 questions

Quiz Informatika Kelas VII

Quiz

•

7th Grade - University

40 questions

AI U1 and U2

Quiz

•

University

40 questions

Latihan Soal Sistem Komputer - Kelas 7

Quiz

•

7th Grade - University

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

14 questions

Boundaries & Healthy Relationships

Lesson

•

6th - 8th Grade

13 questions

SMS Cafeteria Expectations Quiz

Quiz

•

6th - 8th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

12 questions

SMS Restroom Expectations Quiz

Quiz

•

6th - 8th Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

10 questions

Pi Day Trivia!

Quiz

•

6th - 9th Grade

Discover more resources for Information Technology (IT)

20 questions

Disney Trivia

Quiz

•

University

19 questions

8.I_Review_TEACHER

Quiz

•

University

7 questions

Fragments, Run-ons, and Complete Sentences

Interactive video

•

4th Grade - University

39 questions

Unit 7 Key Terms

Quiz

•

11th Grade - University

14 questions

The Cold War

Quiz

•

KG - University

7 questions

Comparing Fractions

Interactive video

•

1st Grade - University

38 questions

Unit 6 Key Terms

Quiz

•

11th Grade - University

40 questions

Famous Logos

Quiz

•

7th Grade - University