1.

A weakness in a system that may possibly be exploited is called a(n):

A) risk.
B) exposure.
Feedback: Page 28
C) vulnerability.
D) threat.
Feedback: Page 28Points Earned: 0.0/8.0
Correct Answer(s): C

2. The two types of security requirements are:

A) logical and physical.
B) logical and assurance.
C) functional and logical.
D) functional and physical.
E) functional and assurance.
Feedback: Page 26
Feedback: Page 26Points Earned: 8.0/8.0
Correct Answer(s): E

3. The CIA triad is usually represented as a:

A) ellipse
B) circle
C) diagonal
D) triangle.
Feedback: Page 22
Feedback: Page 22Points Earned: 8.0/8.0
Correct Answer(s): D

4. The three goals of network/information security are:

A) safety, access control, and secrecy
B) confidentiality, integrity, and availability
Feedback: Page 21
C) resilience, privacy, and safety
D) confidentiality, secrecy, and privacy
Feedback: Page 21Points Earned: 8.0/8.0
Correct Answer(s): B

5. The three types of security controls that are necessary to secure a networ
k or system are:
A) people, functions, and technology.
Feedback: Page 29
B) people, process, and technology.
C) technology,roles, and separation of duties.
D) separation of duties, processes, and people.
Feedback: Page 29Points Earned: 0.0/8.0
Correct Answer(s): B
 6. A cookbook on how to take advantage of a vulnerability is called a(n):
A) risk.
B) program.
C) exploit.
Feedback: Page 29
D) threat.
Feedback: Page 29Points Earned: 8.0/8.0
Correct Answer(s): C

7. Related to network/info security, confidentiality is the opposite of which

of the following?
A) disclosure
Feedback: Page 21
B) disposal
C) closure
D) diaster
Feedback: Page 21Points Earned: 8.0/8.0
Correct Answer(s): A

8. Making sure that data hasn't been changed unintentionally due to accident
or malice is:
A) availability
B) auditability
Feedback: Page 22
C) integrity
D) confidentially
Feedback: Page 22Points Earned: 0.0/8.0
Correct Answer(s): C

9. The probability that a threat to a information system/network will materia

lize is called:
A) hole
B) vulnerability
Feedback: Pages 27 and 28
C) threat
D) risk
Feedback: Pages 27 and 28Points Earned: 0.0/8.0
Correct Answer(s): D

10. Defense in Depth is needed to assure that which three mandatory activitie
s are present in a security system?
A) prevention, response, and management
B) prevention, detection, and response
Feedback: Page 23
C) response, collection of evidence, and prosecution
D) prevention, response, and prosecution
Feedback: Page 23Points Earned: 8.0/8.0
Correct Answer(s): B

11. Functional requirements describe:

A) quality assurance description and testing approach.
B) what a security system should do by design
Feedback: Page 26
C) how to implement the system.
D) what controls a security system must implement.
Feedback: Page 26Points Earned: 8.0/8.0
Correct Answer(s): B

12. The weakest link in any security system is the:

A) process element.
B) technology element.
C) Answers B and C
Feedback: Page 23
D) human element.
Feedback: Page 23Points Earned: 0.0/8.0
Correct Answer(s): D