BTE210 Chapter 4
15. __________ is an identity theft technique. A. Dumpster diving B. Espionage C. Sabotage D. Vandalism
a
19. A ___________ is an attack by a programmer developing a system. A. back door B. denial-of-service attack C. phishing attack D. virus
a
22. The goal of CAPTCHA is to ___________. A. ensure you aren't alien software B. hack into secure networks C. protect networks against hackers D. remove alien software from your computer
a
29. Risk _______________ means absorbing any damages that occur. A. acceptance B. analysis C. limitation D. transference
a
31. You decide to use the password "1234" on your computer because you figure nobody cares enough about your information to steal it. This is a risk __________ strategy. A. acceptance B. analysis C. limitation D. transference
a
36. If you have an empty building you can move into if your primary location is destroyed, you've implemented a _________ site. A. Cold B. Hot C. Neutral D. Warm
a
40. By hiring FireEye to improve their security, Target adopted a risk _________ strategy; this strategy was ___________. A. limitation; a failure B. limitation; successful C. transference; a failure D. transference; successful
a
6. Which of the following is NOT one of the most dangerous employees to information security? A. Accountants B. HR employees C. Janitors D. MIS employees
a
18. A ___________ is a remote attack needing no user action. A. back door B. denial-of-service attack C. logic bomb D. phishing attack
b
20. A ___________ is an attack by a programmer developing a system. A. denial-of-service attack B. logic bomb C. phishing attack D. worm
b
21. Which of the following is NOT an example of alien software? A. Adware B. Blockware C. Spamware D. Spyware
b
23. SCADA attacks typically occur on ___________. A. Hacker networks B. Industrial control systems C. Personal computers D. Government networks
b
24. Shodan's primary purpose is ___________. A. a hacker website B. a service that searches the internet for devices connected to the internet C. a website that shows which devices are vulnerable to hackers D. to help users search for other people who use similar devices
b
25. Shodan is used for _________. A. creating a backdoor B. SCADA attacks C. spreading viruses D. phishing
b
32. A firewall is a _______ control. A. access B. communication C. physical D. virtual
b
34. A smart ID card is something the user _______. A. Does B. Has C. Is D. Knows
b
35. _________ is one common example of SSL. A. http B. https C. www D. wwws
b
38. __________ is a computer security firm that sells malware detection tools to companies like Target. A. Heartbleed B. FireEye C. Shodan D. SpyEye
b
4. Which of the following is FALSE? A. It is easier to be a hacker nowadays. B. Mainframes make it easy to communicate freely and seamlessly with everyone. C. Management doesn't always support security efforts. D. Thumb drives make it easy to steal huge amounts of sensitive information.
b
8. Weak passwords are a(n) ___________ threat. A. outside B. employee C. hardware D. software
b
1. _________ is any danger to which a system may be exposed. A. Exposure B. Information security C. Threat D. Security
c
10. _____________________ is an attack in which the perpetrator uses social skills to trick or manipulate legitimate employees into providing confidential company information such as passwords. A. Dumpster diving B. Shoulder surfing C. Social engineering D. Tailgating
c
11. Social engineering is a(n) ___________ threat on the part of the employee and a(n) _________ threat on the part of the social engineer. A. deliberate; unintentional B. deliberate; deliberate C. unintentional; deliberate D. unintentional; unintentional
c
12. ___________ is threatening to steal or actually stealing information from a company and then demanding payment to not use or release that information. A. Competitive intelligence B. Espionage C. Information extortion D. Intellectual property
c
16. Coca-Cola's formula is an example of a ___________. A. Copyright B. Patent C. Trade secret D. All of the above
c
26. The Shodan case illustrates ___________. A. how vulnerable all devices are, even if they aren't connected to the internet B. strong passwords aren't necessary on home devices since most hackers don't care about such a small target C. that hackers and security researchers use the same sites to identify vulnerabilities D. the government is doing nothing to protect our privacy
c
3. Wireless is a(n) inherently _________ network. A. trusted B. neutral C. untrusted D. useful
c
30. If you hire a cybersecurity company like FireEye to identify security weaknesses in your information systems, you are using a risk _________ strategy. A. acceptance B. analysis C. limitation D. transference
c
33. Biometrics is something the user _______. A. Does B. Has C. Is D. Knows
c
37. Auditing __________ the computer means inputs, outputs, and processing are checked. A. Around B. Into C. Through D. With
c
7. The airport's self check-in computers are a(n) __________ threat. A. outside B. employee C. hardware D. software
c
13. Phishing is an example of __________. A. Copyright infringement B. Espionage C. Sabotage D. Software attack
d
14. You start browsing your favorite home improvement company's website and notice someone has changed all the logos to their main competitor's logos. This is an example of ___________. A. Espionage B. Identity theft C. Information extortion D. Sabotage
d
17. A ___________ is a remote attack requiring user action. A. back door B. denial-of-service attack C. logic bomb D. phishing attack
d
2. _________ is the possibility that the system will be harmed by a threat. A. Exposure B. Threat C. Security D. Vulnerability
d
27. _______________ is a process whereby the organization takes concrete actions against risks, such as implementing controls and developing a disaster recovery plan. A. Risk B. Risk analysis C. Risk management D. Risk mitigation
d
28. You have a small business that has had problems with malware on your employees' computers. You decide to hire a third-party company such as GFI Software to implement security controls and then monitor your company's systems. You are adopting a risk ________ strategy. A. acceptance B. analysis C. limitation D. transference
d
39. The Target data breach started with a ____________. A. back door B. denial-of-service attack C. logic bomb D. phishing attack
d
5. Cybercriminals _________ A. are violent criminals. B. can be easily arrested, once they are found. C. don't make that much money; they do it for fun. D. target known software security weaknesses.
d
9. Which of the following is NOT an unintentional threat to information systems? A. Careless monitoring of environmental hazards B. Choosing a weak password C. Having an unlocked desk or filing cabinet after going home D. Viruses
d
2. Janitors are no threat to information security since they have no access to company systems.
false
3. A patent lasts for the life of the creator plus 70 years.
false
4. A copyright lasts 20 years.
false
5. Competitive intelligence is industrial espionage.
false
1. Wireless is an untrusted network.
true
6. The goal of risk management is to reduce risk to acceptable levels.
true
7. Biometrics is an authentication tool.
true
8. Blacklisting is when everything can run except what is on the list.
true
9. Whitelisting is when nothing can run unless it is on the list.
true