1. 2. 3. 4. 5. 6. 7. The idea that all information should be free a. is a principle guaranteed by the Constitution. b. is a belief shared by many in the hacking community. c. is as good for business as it is for sound government. d. is, ironically, foundational to the creation of a sound security program. If proprietary information is discovered by hackers it will be a. will be sold on the virtual black market to a cast of villains set on world domination. b. quietly tucked away and only revealed after indentifying information has been scrubbed. c. used to blackmail employees responsible for security. d. widely exposed. Which of the following is NOT a true statement about a trusted computing base (TCB). a. A TCB is the totality of hardware, software, processes, and individuals who are considered essential to overall security b. A TCB had better include both essential and a careful selection of non-essential processes. c. A TCB is more easily protected when it is small and not overly complex. d. None of the above Security through obscurity can be effective as a. a long-term security solution for flawed protection system. b. a short-term method for hiding vulnerabilities. c. a way to hide sloppy design work. d. all of the above Sensitive information can be disclosed in different ways, EXCEPT a. bringing a laptop home to get some work done at night. b. stray comments in a coffee shop. c. documents inadvertently left on the subway. d. deliberate leaks. Governments often call on industry to share information, reasons for this would include a. the government needs information to provide assistance to industry. b. the government needs information to maintain adequate situational awareness. c. politicians often call on industry to provide information to be used for political ends. d. All of the above The stages of adversarial reconnaissance and planning are a. physical scouting of target, identifying access points, and then direct access to the target. b. directly accessing a target, comparing data with other hackers, and then accessing the target again. c. wide-reaching collection, targeted collection, and then direct access to the target. d. background checks on a target’s personnel, developing profiles to identify potential weak links, and then using this information to obtain direct access to the target. 8. Which of the following should always be obscured? a. specific attributes of seemingly non-security related features (software, networking, etc.) b. any information about the security protection of a national asset c. any information about the vulnerabilities of national infrastructure d. all of the above. 9. Policies that could be put in place to strengthen obscurity measures would include a. a rule that no one with infrastructure responsibility should make public statements without explicit PR planning and preparation. b. a rule that individuals with responsibility for infrastructure deceive their loved ones about the job they have. c. a rule that prohibits employees from meeting socially outside of work anywhere “shop talk” may be overheard by others. d. None of the above 10. Government clearance levels and information classification are techniques a. that have little to offer the cyber security community. b. were created during WWII by the historic need of the Army to keep certain information from the Marines. c. that would be beneficial to private enterprise. d. That are not very effective, as the spate of documents released by Wikileaks proves.
Purchase answer to see full attachment