Lesson 1 Bad Actors

01- Attacking systems by exploiting otherwise unknown and unpatched vulnerabilities is also
known as:
Select one:
Secret sauce
Zero-day exploits
First-day exploits
Phishing

02- What are the primary motivations of the “Hacktivist”?

Select one:
The cost of commercial software and support
Food, wine, and gambling
The appreciation of their country’s leaders
Political, social, or moral disagreements

03- What central component is necessary to form a botnet?

Select one:
DNS server
Transformer
Command & Control (C&C) Server
Ethernet switch

04- What is it called when a fraudulent email masquerades as a legitimate communication

in an attempt to get a user to reveal sensitive information?
Select one:
Phishing
Harpooning
Trolling
Baselining

05- What is the goal of the “Cyber Terrorist”?

Select one:
Intimidation through disruption and damage
Peace through understanding
Stable world markets
Adoption of Bitcoin as a primary national currency

06- What is the motivation of the bad actor known as the “Explorer”?
Select one:
Notoriety
Money
Ideology
Food
07- What is the motivation of the “Cyber Terrorist”?
Select one:
Ideology
Compassion
Fortune
Fame

08- What is the motive of the “Cyber Criminal”?

Select one:
Ideology
Intimidation
Money
Fame

09- What is the name of the malware that takes over a computer system and holds hostage the
disk drives or other data?
Select one:
Scareware
Phishingware
Kidnapware
Ransomware
Previous page

10- What is the primary motivation of the “Cyber Warrior”?

Select one:
Money
The adoption of Bitcoin as a national currency
Fame
The political interest of their country’s government

Lesson 2 CIO Perspective

01- How does implementing multiple security point products from multiple vendors affect
managing an environment?
Select one:
Saves money on rackspace and cooling costs.
More complicated and more expensive.
Simpler and less expensive.
Requires fewer staff members.
02- Internally to the CIO’s company, what is the overall impact when a cyber attack causes
extended downtime,
and employees’ time is diverted to post-attack activities?
Select one:
Overtime pay is approved.
Morale is increased.
Productivity is reduced.
Productivity is increased.

03- On average, how can a CIO’s tenure be characterized?

Select one:
CIOs have the longest tenures among C-level executives.
The tenure of a CIO is a step on the path to CFO.
CIOs have the shortest tenures among C-level executives.
The tenure of a CIO is generally stress-free and relaxing.

04- Regulatory fines related to serious breaches can be characterized in which way?
Select one:
They can be enormous and seriously impact the bottom line.
The proceeds help stimulate the economy.
They are insignificant in all respects.
Fines are never imposed due to any form of cyber attacks.

05- What is becoming a regular topic between CIOs, the other C-level executives, and the board
of directors?
Select one:
Executive compensation
The allocation of window and corner offices.
The relative value of various SaaS offerings.
Implementing cyber security

06- What is the primary responsibility of a CIO?

Select one:
Choosing which laptop models to purchase for a company.
Controlling the Information Technology (IT) resources of a company.
Creating all the information in a company.
Determining where each information resource will be routed in a company.

07- What will a CIO do once they understand the company’s business goals and priorities?
Select one:
Create alternative business plans.
Attend many industry conferences.
Analyze and design the IT infrastructure so that it aligns with those business goals.
Analyze and design new products.
08- When investments are made in IT infrastructure, what should a CIO do next?
Select one:
Show how these investments deliver measurable results.
Compare budgets with other C-level executives.
Fill out the warranty cards right away.
Negotiate for quantity discounts.

09- When the general public learns of a serious breach, what is their likely reaction?
Select one:
An erosion of trust leading to a decline in business with the breached company.
Empathy and compassion.
Apathy leading to an increase in business with the breached company.
Disbelief followed shortly by acceptance.

10- Why must a CIO work closely with the other C-level executives?
Select one:
To help choose which laptops to purchase for the company.
The other C-level execs always need help with their computers.
To make sure they use strong passwords.
To understand the company’s business goals and priorities.

Lesson 3 CISO Perspective

01- How long has the role of CISO been present?

Select one:
The role of CISO has existed for 129 years.
The role of CISO does not exist yet.
The role of CISO is relatively new.
The role of CISO is the oldest C-level position.

02- In many of the breaches, tens of millions of credit cards become compromised, and
personally
identifiable information for millions of individuals are stolen. What is one result?
Select one:
Class-action lawsuits
Clearance sales
Market capitalization increase
Increase in share price

03- In what ways are CISOs often expected to represent the company?
Select one:
Thought leadership, partnership development, and customer engagement.
Public relations, advertising, and marketing.
Career day at a local school.
Presenting new products at a trade show booth.

04- Originally, the role of CISO was mostly concerned with which topic?
Select one:
Compliance
Budgeting
Operations
Finance

05- What can be said for a company’s data that resides outside their buildings?
Select one:
It is impossible to even find.
It is already secured and protected by the very nature of the cloud.
It must be secured and protected just the same.
It is impossible to secure or protect.

06- What do the other C-level executives want from a CISO?

Select one:
A concrete assessment of vendor performance.
A concrete assessment of database performance.
A concrete assessment of information risk and value.
A concrete assessment of website costs.

07- What is the result of these breaches becoming the targets of government regulators?
Select one:
Unexpected tax audits
Increased health department inspections
Huge fines
Lower insurance rates

08- What is the term for when departments or individuals go outside the corporate policies and
spin up
their own applications, utilize unapproved or uncoordinated SaaS services, or otherwise
allow what may be key information assets to be stored out of our control?
Select one:
Dodgy IT
Shadow IT
Ninja IT
Vapor IT

09- What results from the loss of control of customers’ personally identifiable information?
Select one:
An increase in customer sympathy and a strengthening of brand reputation.
The loss of customer trust and lasting damage to brand reputation.
A rise in customer-created crowdfunding initiatives.
The loss of customer trust and a strengthening of brand reputation.

10- Where are the information assets in a typical company today?

Select one:
Scattered all over the place.
Stored in carefully controlled servers.
Inside the main building.
Consolidated in a central mainframe.

Lesson 4 CFO Perspectives

01- A CFO’s responsibility is to manage financial risk, and that covers which other element?
Select one:
Costs associated with the building’s janitorial contractor.
All the information and data in the company.
The catered lunch in the boardroom.
The after-hours card games.

02- Being trustworthy with customer data is now a part of which outcome?
Select one:
Building brand loyalty.
Decreasing revenues.
Regulatory fines.
Crafting a better user experience.

03- How does a CFO treat intangible assets such as intellectual property, trade secrets,
manufacturing methods, and the information about customers?
Select one:
Just as responsible for the financial risks to those information assets as any others.
More responsible for the financial risks to those information assets than any others.
Not responsible at all.
Paper assets

04- Looking into the past, a CFO will create which kind of reports?
Select one:
Timecard reports for individual employees.
Reporting on the prior financial performance of the company.
TPS reports
Billable hours
Previous page
05- Since it uses information from every corner of the business, what does a company’s
Enterprise Resource Planning (ERP)
system require to help the CFO understand what’s happening now, and plan for the future?
Select one:
Accurate and trustworthy information.
Last quarter’s TPS reports.
A gaggle of consultants.
Several reams of paper.

06- What are the consequences if a CFO’s reports are not accurate?
Select one:
There are no consequences since nobody actually reads those reports.
Other CFOs in the area will catch the error and help fix it.
The next report must have an offsetting error to compensate.
From having to re-state the data, to being found in violation of financial regulations.

07- What does a CFO rely on to create forecasts of what will happen to the company in the
future?
Select one:
Advice of Wall Street analysts.
Access to good information.
Accurate inventory data.
An endless supply of coffee.

08- What is the primary responsibility of a CFO?

Select one:
To manage the finances and the financial risks of the company.
To oversee the factory floor.
To manage the company’s payroll.
To develop new products and services.
Previous page

09- What poses one of the greatest risks to the financial value of a company’s information
assets?
Select one:
Spelling errors
Cyber threats
Earthquakes
Floods

10- What role does a CFO play in new business initiatives, product launches and/or new service
offerings?
Select one:
Provides advice on engineering.
Provides advice on marketing.
Conducts focus group research.
Analyzes the financial impact.

Lesson 5 Personal Security Awareness

01- When you receive an unsolicited email, what should you do if it has an attachment?
Select one:
Open the attachment to learn how to make money online.
Forward the email to all your friends.
Immediately reboot your computer.
Don’t open the attachment.

02- What tool can you use to help “remember” all your passwords?
Select one:
Yellow sticky notes.
Vitamin E
A password manager.
A rubber band.

03- If a vendor or website offers two-factor authentication, what is the recommended action?
Select one:
Wait for everyone else to do it.
Politely decline.
Enable and use two-factor authentication.
Immediately reboot your computer.
Previous page

04- Why is it a security problem if you use the same password for all the systems and websites
you use?
Select one:
There will be uneven wear on your keyboard.
It increases the difficulty of brute force password attacks.
If the bad guys break into one of them, they have your password for all of them.
The bad guys will give up too easily.
05- To prevent spammers from learning that you’ve seen one of their emails, what should you
do?
Select one:
Immediately reboot your computer.
Delete the email message.
Set your email client to not automatically download the images in email messages.
Reply to the sender of the email message.

06- Why is it risky to keep using an operating system that is no longer supported or updated?
Select one:
The hard drive may fail.
The latest social media tools may not work on the old operating system.
The computer may reboot.
Many cyber attacks exploit unpatched vulnerabilities in old, unsupported operating systems.

07- How often should you change your passwords?

Select one:
On a regular basis.
Each time there is a total solar eclipse.
Once in a blue moon.
Never
Previous page

08- What do you call an unsolicited email message that masquerades as coming from a
legitimate sender, and attempts to get you to disclose sensitive information or click on a link?
Select one:
Malware
Trojan
Phishing
Virus
Previous page

09- What percentage of malware is distributed by email?

Select one:
5%
99%
Over 50%
10%

10- What is the recommendation for passwords on all the systems and websites that you use?
Select one:
Use “123456” as your password on all systems and websites.
Never change your passwords.
Use different passwords for each system or website.
Use the same password for each system or website.