5. T/F. Enterprises and individual users who applied vendor issued security protection patches would have been immune to the May 2017 WannaCry ransomware attack.

6. T/F. In most organizations, the Chief Information Security Officer (CISO) is the position responsible for all cyber security at a company.

7. T/F. Under discretionary access control, a third-party security administrator determines what users have access to certain network and system resources.

8. T/F. When establishing firewall rules, the most prudent configuration is to implicitly deny by blocking all traffic by default then rely on business need and justification to create new rules as exceptions.