Chapter 1
Indirect costs due to data breaches are estimated to be: $10,000 per incident $190,000 per year $3.9 million per incident $150 million per year
$3.9 million per incident
The chances of an organization having a data breach over the next two years is approximately ________. 28 percent 42 percent 10 percent 20 percent
28 percent
More than ________ records were stolen in 2018. 2.2 billion 1 million 100,000 5 billion
5 billion
When a threat succeeds in causing harm to a business, this is called a ________. All of these incident breach compromise
All of these
________ is a sophisticated computer hack usually perpetrated by a large, well-funded organization. Carding An APT A black-market websites A bug bounty
An APT
Which of the following is considered more serious than credit card number theft? Carding Bank account theft Spoofing Click fraud
Bank account theft
________ are the most common external attacker who attack to make money illegally. Hackers Script kiddies IT or security employer Career criminal
Career criminal
ICMP Echo messages are often used in ________. DDoS attacks port scanning IP address scanning spoofing
IP address scanning
Sending packets with false IP source addresses is called ________. IP address spoofing None of these. a port scanning attack a IP address scanning attack
IP address spoofing
________ are considered the most dangerous of all employees. Data entry clerks Financial professionals CEOs IT security employees
IT security employees
________ take advantage of flawed human judgment by convincing a victim to take actions that are counter to security policies. Phishing attacks Hoaxes Social engineering attacks Spear phishing attacks
Social engineering attacks
Which of the following is NOT a type of countermeasure? Preventative Detective Corrective Sustainable
Sustainable
Which of the following is typically considered the first step in protecting your company from data breaches? Locking up your data to prevent data breaches Hiring a qualified data security team Purchasing software to prevent data breaches Understanding how data breaches happen
Understanding how data breaches happen
A program that gives an attacker remote access control of your computer is known as ________. a cookie a RAT spyware a Trojan horse
a RAT
Which of the following is NOT a direct cost of a major data breach? Loss of reputation Legal fees Detection Notification costs
Loss of reputation
Credit card theft is also known as ________.
carding
Another name for safeguard is ________.
countermeasure
Stolen information is commonly used for ________. data mismanagement identity theft false claims credit card fraud
credit card fraud
A ________ happens when an unauthorized person is able to view, alter, or steal secured data.
data breach
A ________ is a small program that, after installed, downloads a larger attack program. rootkit Trojan horse downloader keystroke logger
downloader
Availability means that attackers cannot change or destroy information. false true
false
Detective countermeasures is considered one of the security goals of computer staff. false true
false
True or False: Corrective countermeasures identify when a threat is attacking.
false
True or False: The cost of computer crime is well known.
false
In a DoS attack, the botmaster is also known as a ________. handler rootkit hoax hacker
handler
If an attacker breaks into a corporate database and deletes critical files, this is an attack against the ________ security goal.
integrity
One of the long-lasting effects of the data breach to Target was ________. loss of money loss of merchandise loss of customer confidence employee dissatisfaction
loss of customer confidence
Cyberwar consists of computer-based attacks made by ________. private citizens national governments state, regional, and local governments multinational corporations
national governments
When a data breach occurs, hackers are primarily looking for ________.
personally identifiable information
You receive an e-mail that seems to come from your bank. Clicking on a link in the message takes you to a website that seems to be your bank's website. However, the website is fake. This is called ________. social engineering spear fishing a hoax phishing
phishing
Following someone through a secure door for access without using an authorized ID card or pass code is called ________. shoulder surfing piggybacking a chain of attack social engineering
piggybacking
Skilled hackers have dubbed a new type of hacker that is less sophisticated as ________. script kiddies Bug bounties DoS attackers black marketers
script kiddies
Watching someone type their password in order to learn the password is called ________. piggybacking a chain of attack shoulder surfing social engineering
shoulder surfing
Most traditional external attackers were primarily motivated by ________. stealing personal identity data the thrill of breaking in capturing thousands and thousands of credit card numbers making money through crime
the thrill of breaking in
True or False: Costs for all threats is increasing annually.
true
True or False: Preventative countermeasures keep attacks from succeeding.
true
________ are programs that attach themselves to legitimate programs. Viruses Worms Both Viruses and Worms Neither Viruses nor Worms
viruses
A(n) ________ attack attempts to make a server or network unavailable to serve legitimate users by flooding it with attack packets.
DoS
The Target data breach helped impact a shift from swipe cards to ________. EMV-compliant smart cards keystroke logger POS systems rootkits
EMV-compliant smart cards
________ is a generic term for "evil software." Spyware Malware Payloads Ransomware
Malware
Which of the following is NOT an indirect cost of a major data breach? Increased customer acquisition activities Abnormal customer turnover Notification costs Loss of reputation
Notification costs
Which of the following is FALSE about rootkits? Rootkits are typically less of a threat than are Trojan horses. Rootkits are seldom caught by ordinary antivirus programs. Rootkits use a root account's privileges to hide themselves. Rootkits take over the root account of a computer.
Rootkits are typically less of a threat than are Trojan horses.
________ is the destruction of hardware, software, or data. Sabotage Denial of service Hacking Extortion
Sabotage
