Which of the following statements is NOT true about peer-to-peer (P2P) software? A. Some P2P programs have remote-control capabilities, allowing users to take control of a computer from another computer somewhere else in the world.

P2P software includes any data storage device that you can remove from a computer and take with you to a peer’s computer.

P2P software provides direct access to another computer. Some examples include file sharing, Internet meeting, or chat messaging software.

Peer-to-peer software can bypass firewall and antivirus systems by hiding activities of users, such as file transfers.

Vulnerability can be defined as: A. Physical features or operational attributes that render an entity open to exploitation or susceptible to a given hazard.

The potential for an unwanted outcome resulting from an incident, event, or occurrence.

A natural or manmade occurrence, individual, entity, or action that has or indicates the potential to harm life, information, operations, the environment, and/or property.

The impact or effect of an event, incident, or occurrence.

TRUE OR FALSE: When noticing a suspicious vehicle on the property, a responsible employee should approach the driver and ask if he/she needs assistance. A. True

False

Controlling doors and other entrances is an example of a measure taken to address: A. Criminal and terrorist threats.

Information and cyber threats.

Workplace violence threats.

Access and security control threats.

TRUE OR FALSE: The security goals of confidentiality, availability, and integrity of data can be adversely impacted by malicious code. A. True

False

6.TRUE OR FALSE: Bomb threat checklists are extremely valuable and should be made available at all workstations. A. True

False

Password procedures, information encryption software, and firewalls are examples of measures taken to address: A. Criminal and terrorist threats.

Access and security control threats.

Information and cyber threats.

Workplace violence threats.

Tricking someone to reveal personal information, passwords, and other information that can compromise a security system is known as: A. Social Engineering

Mass Marketing

Telephone Solicitation

Hacking

TRUE OR FALSE: If you notice indicators of potentially violent behavior in a coworker, you must wait until you see something violent actually happen before reporting your suspicions to security personnel or human resources. A. True

False

The potential for an unwanted outcome resulting from an incident, event, or occurrence is: A. Consequence

Risk

Threat

Vulnerability

When addressing a suspected intruder, it is best to: A. Attempt to shake hands with the individual, to see if the handshake is reciprocated.

Leave it up to coworkers who know more people in the building to decide what to do.

Use open-ended questions when asking the person the purpose of his/her visit.

Maintain civility and trust your intuition about whether to let him or her pass.

Indicators of potential workplace violence: A. Cannot usually be identified before an employee ‘snaps’ and commits a violent act.

Can often be managed and treated if recognized.

Are completely individualized and therefore impossible to protect against.

Can only be recognized by trained mental health experts.

An unlawful or unauthorized acquisition, by fraud or deceit, is known as a: A. Theft

Consequence

Container Breach

Diversion

Any software or program that comes in many forms and is designed to disrupt the normal operation of a computer by allowing an unauthorized process to occur or by granting unauthorized access is known as: A. Trojan Horse

Malicious Code

Hacking

Peer-to-peer Software

When employees collect or handle personally identifiable information (PII), they should: A. Share that information with other coworkers upon request.

Recognize that sharing PII is often permissible if done for what one believes is the greater good of the community.

Collect as much PII as they can at first contact with the individual to avoid having to get other data later.

Apply the ‘need to know’ principle before disclosing PII to other personnel.