1.US-CERT is a part of the NCCIC. True or False?
2.MITRE sponsors the CVE list. True or False?
3.A key step in managing risk is to first understand and manage the source. True or False?
4.What is a security policy?
a principle of least privilegean
access controla
high-level overview of security goals
a principle of need to know
5. A security policy provides a high-level overview of the goals of security and the details of how to implement security techniques. True or False?
6.You are a disgruntled employee with a master’s degree in computer sciences who was recently laid off from a major technology company, and you want to launch an attack on the company. Where might you go to learn about vulnerabilities that you can exploit for your plan?
1. the website of a competitor’s company
2. a coffee shop near your old office
3. the company’s website
4. a blog
7. Exploit Wednesday refers to the day that Operation Aurora was discovered. True or False?
8. In a DMZ, the firewall connected to the internal network allows access to the public-facing servers. True or False?
9. _________ are acts that are hostile to an organization.
- All threats
2. Intentional threats
3. Human threats
4.Unintentional threats
10. What is one source of risk reduction?
- eliminating the threat
- reducing the impact of the loss
- increasing the rate of the occurrence
- eliminating the threat/vulnerability pair
11. __________ damage for the sake of doing damage, and they often choose targets of opportunity.
1.Vandals
2. Saboteurs
3. Disgruntled employees
4. Hackers
12. MITRE maintains the CVE list. True or False?
13. Most companies should install antivirus software after connecting the server to the network. True or False?
14. When risk is reduced to an acceptable level, the remaining risk is referred to as _________.
- acceptable risk
- remaining risk
- residual risk
- low-impact risk
15.Because US-CERT is run within DHS, US-CERT information is classified and unavailable to the public. True or False?
16. Unfortunately, most hackers are bored teenagers launching threats from the safety of their bedrooms, and this makes them difficult to find. True or False?
17. Hardening the server refers to ____________.
- a mitigation technique that is a step towards protecting a vulnerable system
- a type of attack that removes the authorization to access a company’s systems from high-level employees in a corporation
- the combination of all the steps that it takes to protect a vulnerable system and make it more secure than the default installation
- a type of attack that deletes vital data from a server
18. In a DMZ, the firewall connected to the Internet allows access to the public-facing servers. True or False?
