AIS EXAM 2 CHAPTER QUESTION (CH6, CH8, CH9, CH11)
6-1.4 The word zombie is related to which type of computer attack? a)Data diddling b)Salami technique c)War dialing d)Masquerading e)Botnet
)Botnet
Danny Ferrar, the owner of BuysUSA.com, was sentenced to six years in prison for selling $4.1 million of copyrighted software for much less than the suggested retail price. Ferrar was guilty of a)Software piracy b)Internet auction fraud c)Software diddling d)Phreaking e)Click fraud
)Software piracy
Individuals who control an army of malware-infected zombie computers are called a)zombie commanders. b)botnet owners. c)guarantors. d)malware writers.
b)botnet owners.
A firewall is an example of a _________ control. a)corrective b)preventive c)detective d)None of these answers are correct
b)preventive
6.5 The techniques or psychological tricks used to get people to comply with the perpetrator's wishes in order to gain physical or logical access to a building, computer, server, or network. It is usually to get the information needed to obtain confidential data is called a)masquerading or impersonation. b)social engineering. c)web cramming. d)Internet misinformation.
b)social engineering.
Which step should happen first as part of the incident response process? a)Containment of the problem by the incident response team b)Recovery from backups c) Recognition of an attack d)Analysis of the root cause of the incident
c) Recognition of an attack
The Trust Services Reliability Principle that states, "access to the system and its data is controlled and restricted to legitimate users," is known as: a)Privacy. b)Confidentiality. c) Security. d)Processing integrity.
c) Security.
Which of the following is NOT example of multi-factor authentication? a)A password and a cellphone b)A fingerprint and a USB device c)A passphrase and a security question d)A 6-digit PIN and a smart card
c)A passphrase and a security question
6-3.2 The day after you downloaded a new game on your laptop from a free software site, pop-up ads begin to appear on your computer, even though your browser says that pop-up ads are being blocked. You also occasionally find your web browser jumping to Web sites you did not ask it to display. You have most likely become a victim of what type of malware? a)Superzapping b)Trap door c)Adware d)Bluebugging e)Packet sniffer
c)Adware
Which of the following statements about virtualization and cloud computing are true? a)The time-based model of security applies b)Strong user access controls are important c)All of these are correct d)Perimeter protection techniques (e.g., firewalls, IDS, and IPS) are important
c)All of these are correct
Which of the following is an example of multi-factor authentication: a)Voice recognition plus answer to security question b) USB device plus retina scan c)All of these are examples of multi-factor authentication d)Password plus smart card
c)All of these are examples of multi-factor authentication
Spoofing is making an electronic communication look like it came from someone other than the actual sender. Which of the following is NOT one of the 7 different types of spoofing mentioned in the text? a)ARP spoofing b)IP address spoofing c)Identity theft spoofing d)Web page spoofing e)Caller ID spoofing f)SMS spoofing g)Email spoofing
c)Identity theft spoofing
6.3 A hijacker placing himself between a client and a host to intercept network traffic is called _______________. a)SQL injection b)Phreaking c)Man-in-the-middle d)Torpedo software
c)Man-in-the-middle
Which of the following is an example of multi-modal authentication: a)PIN plus ATM card b)Smart card plus fingerprint scan c)Passphrase plus answer to a security question d)All of these are examples of multi-modal authentication
c)Passphrase plus answer to a security question
The Trust Services Principle "Confidentiality" focuses on a)Ensuring the accuracy of data b)Ensuring that personal information from customers, suppliers, and employees is collected, used, disclosed, and maintained in a manner that is consistent with organization policies. c)Protection of sensitive corporate data from unauthorized disclosure d)That the system and data can be accessed when needed
c)Protection of sensitive corporate data from unauthorized disclosure
6-3.3 On March 20, at 2 p.m. local time, the hard drives and master boot records of computers at three banks and two media companies in South Korea were wiped clean. The computers were then restarted, and the message "Boot device not found. Please install an operating system and then reboot the system" appeared on those computer screens. These companies were victims of what kind of computer fraud and abuse technique? a)Trap door b)Keylogger c)Time bomb d)Superzapping e)Scareware
c)Time bomb
Which term refers to software that an attacker can use to compromise a system? a)patch b)vulnerability c)exploit d)virtualization
c)exploit
The steps that criminals take to identify potential points of remote entry is called a)research. b)attempt social engineering. c)scan and map the target. d)conduct reconnaissance.
c)scan and map the target.
Combining a password with which of the following is an example of multi-modal authentication: a)Correctly identifying a picture you had selected when you set up the account b)Your email address c) Name of your first grade teacher d)All of these are examples of multi-modal authentication
d)All of these are examples of multi-modal authentication
Which of the following is the final phase of the incident response process? a)Containment of the problem by the incident response team b)Recognition of an attack c)Recovery from backups d)Analysis of the root cause of the incident
d)Analysis of the root cause of the incident
6-1.2 Most computer attacks are designed to steal information or money. Which of the following attacks is designed to slow down or stop a Web site, often to prevent legitimate users from accessing the Web site? a)Man-in-the-middle attack b)Cross-site scripting attack c)Dictionary attack d)DoS attack e)Spoofing attack
d)DoS attack
6-2.3 On your dream vacation to Hawaii you decide to log into the hotel's Wi-Fi network and notice that there are two networks with very similar names. You select one and are immediately connected to the network without having to enter the access code given you at check in. Weeks later you find that your identity has been stolen. You were a victim of which computer fraud and abuse technique? a)Chipping b)Typosquatting c)Carding d)Evil twin e)Tab napping
d)Evil twin
The time-based model of security posits that security is effective when the following equation is satisfied: a)P < D + R b)P = D + R c)None of these are correct. d)P > D +R
d)P > D +R
Which of the following is the correct sequence of steps in the incident response process? a)Stop the attack, repair the damage, recognize that a problem exists, learn from the attack b)Recognize that a problem exists, repair the damage, stop the attack, learn from the attack c)Stop the attack, recognize that a problem exists, repair the damage, learn from the attack d)Recognize that a problem exists, stop the attack, repair the damage, learn from the attack
d)Recognize that a problem exists, stop the attack, repair the damage, learn from the attack
The Trust Services Framework identifies 5 principles for systems reliability. Which one of those 5 principles is a necessary prerequisite to the other four? a)Confidentiality b)Availability c)Processing integrity d)Security e)Privacy
d)Security
6.4 Sending an unsolicited message to many people at the same time is called: a)Posing b)Tabnapping c)Podslurping d)Spamming
d)Spamming
6-3.1 After visiting a large number of Web sites to complete your research for a lengthy research paper, your computer begins to act up. Your CPU is running much slower, your software frequently crashes, and you have difficulty connecting to the Internet. You have most likely become a victim of what type of malware? a)Scareware b)Ransomware c)Steganography d)Spyware e)Logic bomb
d)Spyware
.6 Jake Malone is running an online business that specialized in buying and reselling stolen credit card information. Jake is engaging in a)pharming. b)typosquatting. c)phishing. d)carding.
d)carding.
6.1 Unauthorized access, modification, or use of an electronic device or some element of a computer system is called a)spamming. b)denial-of-service attack. c)hijacking. d)hacking.
d)hacking.
If the time an attacker takes to break through the organization's preventive controls is shorter than the sum of the time required for the organization to detect the attack and the time required to respond to the attack, then organization's security is considered a)effective. b)efficient. c)inefficient. d)ineffective.
d)ineffective.
Fraud perpetrators threaten to harm a company if it does not pay a specified amount of money. What is this fraud technique called? Cyber-terrorism Blackmailing Cyber-extortion Scareware
Cyber-Extortion
Someone redirects a Web site's traffic to a bogus Web site, usually to gain access to personal and confidential information. What is this computer fraud technique called? Vishing Phishing Pharming Phreaking
Pharming
A perpetrator attacks phone systems to obtain free phone line access or uses telephone lines to transmit viruses and to access, steal, and destroy data. What is this computer fraud technique called? Phishing Phreaking Pharming Vishing
Phreaking
What type of software conceals processes, files, network connections, memory addresses, systems utility programs, and system data from the operating system and other programs? Rootkit Spyware Malware Adware
Rootkit
Interest calculations are truncated at two decimal places, and the excess decimals are put into an account the perpetrator controls. What is this fraud called? Typosquatting Press enter after select an option to check the answer URL hijacking Press enter after select an option to check the answer Chipping Press enter after select an option to check the answer Round-down fraud
Round-down Fraud
6.2 An attack between the time a new software vulnerability is discovered and the time a software developer releases a patch that fixes the problem is called a)zero-day attack. b)hijacking. c)SQL injection attack. d)buffer overflow attack.
a)zero-day attack.
The control procedure designed to restrict the portions of an information system an employee can access and the actions he or she can perform is called ________. authentication authorization intrusion prevention intrusion detection
authorization
Running multiple systems (e.g., Windows, Unix, and Mac) on a single physical machine is referred to as: a)None of these are correct b)Virtualization c)Internet of Things d)Cloud Computing
b)Virtualization
Which of the following is a preventive control? TrainingPress enter after select an option to check the answer Log analysisPress enter after select an option to check the answer CIRTPress enter after select an option to check the answer Virtualization
Taining
A weakness that an attacker can take advantage of to either disable or take control of a system is called a(n) _________. exploit patch vulnerability attack
A vulnerability is any weakness that can be used to disable or take control of a system.
Which of the following combinations of credentials is an example of multifactor authentication? Voice recognition and a fingerprint reader A PIN and an ATM card Password and a user ID All of the above
A PIN and an ATM card-The PIN is something a person knows; the ATM card is something the person has.
Which of the following statements is true? "Emergency" changes need to be documented once the problem is resolved. Changes should be tested in a system separate from the one used to process transactions. Change controls are necessary to maintain adequate segregation of duties. All of the above are true.
All of the above are true.
Which of the following techniques is the most effective way for a firewall to protect the perimeter? Deep packet inspection Packet filtering Access control lists All of the above are equally effective
Deep packet inspection-examines the contents of the data in the body of the IP packet, not just the information in the packet header. This is the best way to catch malicious code.
Modifying default configurations to turn off unnecessary programs and features to improve security is called _______. .User account management Defense-in-depth Vulnerability scanning Hardening
Hardening
Which of the following statements is true? The concept of defense-in-depth reflects the fact that security involves the use of a few sophisticated technical controls. Press enter after select an option to check the answer Information security is necessary for protecting confidentiality, privacy, integrity of processing, and availability of information resources. Press enter after select an option to check the answer The time-based model of security can be expressed in the following formula: P < D + C Press enter after select an option to check the answer Information security is primarily an IT issue, not a managerial concern.
Information security is necessary for protecting
Which of the following is a corrective control designed to fix vulnerabilities? Virtualization Patch management Penetration testing Authorization
Patch management-involves replacing flawed code that represents a vulnerability with corrected code, called a patch.
Which of the following is a detective control? Endpoint hardening Physical access control Penetration testing Patch management
Penetration testing-is a detective control designed to identify how long it takes to exploit a vulnerability.
echniques used to obtain confidential information, often by tricking people, are referred to as what? Pretexting Posing Social engineering Identity theft
Social engineering
What type of software secretly collects personal information about users and sends it to someone else without the user's permission? Rootkit Torpedo software Spyware Malware
Spyware
1. A set of instructions to increase a programmer's pay rate by 10 percent is hidden inside an authorized program. It changes and updates the payroll file. What is this computer fraud technique called? Virus Worm Trap door Trojan horse
Trojan horse
Which computer fraud technique involves a set of instructions hidden inside a calendar utility that copies itself each time the utility is enabled until memory is filled and the system crashes? Logic bomb Trap door Virus Trojan horse
Virus
Which type of computer attack takes place between the time a software vulnerability is discovered and the time software developers release a software patch that fixes the problem? Posing Zero-day attack Evil twin Software piracy
Zero-day attack
Which steps in a targeted attack do organizations have little or no ability to prevent? (Check all that apply.) a) Conduct reconnaissance b)Execute the attack c)Attempt social engineering d)Scan and map the target e)Research f)Cover tracks
a) Conduct reconnaissance c)Attempt social engineering e)Research
Which of the following statements are true? a)All of these are correct b)Cloud computing can either increase or decrease security, depending upon how it is implemented c)The Internet of Things can either increase or decrease security, depending upon how it is implemented d)Virtualization can either increase or decrease security, depending upon how it is implemented
a)All of these are correct
Which of the following is the second step in the incident response process? a)Containment of the problem by the incident response team b)Recovery from backups c)Analysis of the root cause of the incident d)Recognition of an attack
a)Containment of the problem by the incident response team
Unauthorized copying of company data is called: a)Data Leakage b)Dictionary attacking c)Hijacking d)Cross-site scripting
a)Data Leakage
6-3.5 Hackers created malicious and self-replicating code to exploit a weakness in the Windows Server service. Two weeks after it was released, it had infected almost 9 million computers worldwide. In addition to looking for other computers to infect, the code downloaded additional malware on the hijacked computers. The code, named Downadup, is an example of what kind of computer fraud and abuse technique? a)Rootkit b)Worm c)Bluesnarfing d)Keylogger e)Packet sniffer
b)Worm
The Trust Services Principle "Privacy" focuses on a)Ensuring that personal information from customers, suppliers, and employees is collected, used, disclosed, and maintained in a manner that is consistent with organization policies. b)Protection of sensitive corporate data from unauthorized disclosure c)Ensuring the accuracy of data d)That the system and data can be accessed when needed
a)Ensuring that personal information from customers, suppliers, and employees is collected, used, disclosed, and maintained in a manner that is consistent with organization policies.
The Trust Services Principle "Processing Integrity" focuses on a)Ensuring the accuracy of data b)That the system and data can be accessed when needed c)Ensuring that personal information from customers, suppliers, and employees is collected, used, disclosed, and maintained in a manner that is consistent with organization policies. d)Protection of sensitive corporate data from unauthorized disclosure
a)Ensuring the accuracy of data
Which device not only detects that a sequence of packets represents an attack but also automatically takes steps to block that attack? a)Intrusion Prevention System (IPS) b)Firewall c)None of these are correct d)Intrusion Detection System (IDS)
a)Intrusion Prevention System (IPS)
Which device inspects a pattern of packets and automatically blocks that traffic if the device thinks the sequence represents part of an attack? a)Intrusion prevention system (IPS) b)Firewalls c)Intrusion detection systems (IDS)
a)Intrusion prevention system (IPS)
Using spyware to record a person's keystrokes is called: a)Keylogging b)Splogging c)Salami technique d)Spamming
a)Keylogging
6-2.5 In a hurry to catch a train, a man in Grand Central Station made a quick ATM stop to withdraw $40. Before he went to bed, he checked his bank account and found his $40 withdrawal, as well as five additional withdrawals, for a total of $700, all made within a minute of his. This man was a victim of a)Shoulder surfing b)Carding c)Scavenging d)Chipping e)Eavesdropping
a)Shoulder surfing
Which of the following are examples of social engineering? (Check all that apply.) a)Spear phishing b)Using software tools to scan and map the target network c)Distributing free USB flash drives to attendees at a trade show d)Researching the existence of vulnerabilities e)Phone calls to staff, impersonating an executive and asking staff to provide emergency access
a)Spear phishing c)Distributing free USB flash drives to attendees at a trade show e)Phone calls to staff, impersonating an executive and asking staff to provide emergency access
6-3.4 The FBI arrested Russian spies and accused them of encoding messages into pictures that were posted on publically accessible Web sites. To retrieve the messages, the recipients used special software to decode the messages hidden in the pixels of the pictures. The Russian spies were using which computer fraud and abuse technique? a)Steganography b)Adware c)Masquerading d)Web cramming e)Man-in-the-middle
a)Steganography
What is the objective of a penetration test? a)To identify where additional protections are most needed to increase the time and effort required to compromise the system. b)To correct identified weaknesses by applying updates that eliminate known vulnerabilities. c)To prevent employees from doing actions that are incompatible with their job functions. d)To determine whether or not a system can be broken into.
a)To identify where additional protections are most needed to increase the time and effort required to compromise the system.
6-2.4 In your haste to watch a video that you heard about, you type in yuube.com and are taken to a site with the familiar YouTube logo but find that the site sells a video ad blocker that allows you to watch YouTube without having to watch the ads. This is an example of a)Typosquatting b)Scavenging c)Chipping d)Vishing e)Skimming
a)Typosquatting
Virtualization refers to the ability to a)run multiple systems simultaneously on one physical computer. b)use the Internet to perform all needed system functions. c)eliminate the need for a physical computer. d)use web-based security to protect an organization.
a)run multiple systems simultaneously on one physical computer.
Which device blocks or admits individual packets by examining information in the TCP and IP headers? a)DMZ b)Firewalls c)Intrusion prevention systems
b)Firewalls
6-1.1 A 17-year-old broke into the Bell Laboratories network, destroyed files, copied 52 proprietary software programs, and published confidential information on underground bulletin boards. Which computer fraud and abuse technique is this? a)Dictionary attack b)Hacking attack c)Botnet attack d)Denial of service attack e)Spamming attack
b)Hacking attack
According to the time-based model of security, one way to increase the effectiveness is to a)Increase D b)Increase P c)All of these are correct d)Increase R
b)Increase P
Which of the following is not a true statement about malware? a)Malware is a constant and growing concern. b)Malware is restricted to computers. c)Malware is any software that is used to do harm. d)Most malware is the result of installation or injection by a remote attacker.
b)Malware is restricted to computers.
6-2.1 Cisco reported that fraudsters take advantage of which of the following human traits to entice a person to reveal information or take a specific action? (Check all that apply.) a)Fear b)Vanity c)Trust d)Pride e)Compassion f)Urgency
b)Vanity c)Trust e)Compassion f)Urgency
6-2.2 In the movie "Identity Thief," Melissa McCarthy used an invented scenario to get the name and other identifying information of Jason Bateman, enabling her to steal his identity. Which computer fraud and abuse technique did she use? a)Piggybacking b)Posing c)Pharming d)Phishing e)Pretexting
e)Pretexting