1. Sean and Rob are discussing the psychological approaches security attacks. Sean says that one technique used is to ask for small amounts of information from the victim to maintain credibility. Rob says one technique is to use flattery or flirtation to gain support. Who is correct?
A. Both are correct.
B. Only Rob is correct.
C. Only Sean is correct.
D. Neither is correct.

2. Which psychological approach to social engineering relies on peer pressure to achieve results?
A. Conformity
B. Friendliness
C. Ingratiation
D. Impersonation

3. What advanced feature of password management tools requires a user to have a unique file on a separate storage device to open a password database?
A. In-memory protection
B. Random password grouping
C. Key file
D. Lock to user account

4. Security is generally comprised of what two action categories?
A. Aggressive measures and rapid response
B. Preventive measures and rapid response
C. Aggressive measures and compensatory response
D. Preventive measures and compensatory response

5. By 2017, the IRS estimates identity theft based on fraudulent tax returns could increase from current levels by how much?
A. $21 billion
B. $9 billion
C. $12 billion
D. $27 billion

6. Two technicians are discussing the principles and practices of information security. Technician A says that security practices should focus only on people and products, as the policies and procedures will naturally take of themselves. Technician B says that information security should properly focus on policies and procedures and people, as products are handled by the vendors' own specifications. Which technician is correct?
A. Both technicians are correct.
B. Technician A is correct.
C. Neither technician is correct.
D. Technician B is correct.

7. When building a comprehensive security strategy, what practical principle does setting up a data backup schedule fall under?
A. Send secure informationC. Block attacks
B. Minimize lossesD. Update defenses

8. Using the terminology of information security, which term would be used to describe a hurricane that's heading toward a data center in Miami?
A. Threat
B. Vulnerability
C. Risk
D. Threat agent

9. Which of the following qualities is a core aspect of information security?
A. Currency
B. Convenience
C. Confidentiality
D. Cardinality

10. In information security terminology, a malicious mobile code snippet that takes advantage of a flaw in a Web server's security to infect a company network would be considered a what?
A. Threat
B. Exploit
C. Vulnerability
D. Risk

11. The security manager for your network has instituted new authentication processes for the company's privileged information. Although it seems like a sound policy, you quickly find that salespeople are able to access budget projections that they do not have the authority to view. What characteristic of information is the new policy failing to protect?
A. Integrity
B. Availability
C. Reliability
D. Confidentiality

12. What was the most expensive single malicious attack to date, and how much did it cost those it infected?
A. Mydoom, $3.9 billion
B. Conficker, $9.2 billion
C. Stuxnet, $4.3 billion
D. Love Bug, $8.7 billion

13. The number one Internet fraud is the Nigerian 419 scam, which as of 2014, is growing at a 5% annual rate and has claimed an estimated __________ in losses.
A. $41 billion
B. $1.3 million
C. $9.3 billion
D. $42.3 million

14. What group often uses the term white hats to delineate between criminal and
noncriminal activity?
A. PoliticiansC. Hackers
B. Law enforcement officialsD. Security professionals

15. Security researchers warn that what class of device might be the next group targeted on a large scale by attackers?
A. Tablets
B. Automotive electronics
C. Smartphones
D. Personal medical devices

16. The relationship between security and convenience is
A. inversely proportional.
B. nonexistent.
C. directly proportional.
D. defined by the provider.

17. Suppose Robert gets a recorded phone call stating that his bank account has been infiltrated. He is instructed to call a specific phone number and enter his information to activate additional security measures. What type of social engineering technique is being used?
A. Hoax
B. Vishing
C. Impersonation
D. Whaling

18. Fraudulent use of stolen credit card information causes losses of how much annually?
A. More than $50 million
B. More than $5 billion
C. More than $500 million
D. More than $50 billion

19. Two technicians are discussing the rise in Internet attacks on businesses and individuals. Technician A argues that the rise of universally connected mobile devices has made it easier to launch attacks at anytime from anywhere, while Technician B argues the greater availability of automated, user-friendly attack tools is the reason behind the rise in attacks. Which technician is correct?
A. Both technicians are correct.
B. Only Technician A is correct.
C. Neither technician is correct.
D. Only Technician B is correct.

20. Which federal legislation mandates protection of patients' health information in paper or electronic form?
A. GLBA
B. Sarbox
C. COPPA
D. HIPAA