ITN266 midterm

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

In a DoS attack, the botmaster is also known as a ________. a. handler b. rootkit c. hoax d. hacker

? but not rootkit

You receive an e-mail that seems to come from your back. Clicking on a link in the message takes you to a website that seems to be your bank's website. However, the website is fake. This is called ________. a. a hoax b. social engineering c. phishing d. spear phishing

? not spear phishing or a hoax

The book recommends that passwords be at least ________ characters long. a. 8 b. 20 c. 100 d. 6

a. 8

________ is a password-cracking method wherein the attacker compares passwords to lists of common words. a. A dictionary attack b. A hybrid dictionary attack c. A combinational attack d. Brute-force guessing

a. A dictionary attack

Which of the following is not a standard Windows privilege? a. All b. Modify c. List folder contents d. Read & execute

a. All

________ is a sophisticated computer hack usually perpetrated by a large, well-funded organization. a. An APT b. A black-market websites c. A bug bounty d. Carding

a. An APT

Which of the following is a danger created by notebook computer loss or theft? a. Both Loss of capital investment and Loss of sensitive data b. Loss of sensitive data c. Neither Loss of capital investment nor Loss of sensitive data d. Loss of capital investment

a. Both Loss of capital investment and Loss of sensitive data

Assigning security measures to groups is better than assigning security measures to individuals within groups because ________. a. Both applying security measures to groups takes less time than applying them individually and applying measures in groups reduces errors in assigning security settings b. applying security measures in groups reduces errors in assigning security settings c. applying security measures to groups takes less time than applying them individually d. Neither applying security measures to groups takes less time than applying them individually nor applying security measures in groups reduces errors in assigning security settings

a. Both applying security measures to groups takes less time than applying them individually and applying security measures in groups reduces errors in assigning security settings

________ take advantage of vulnerabilities in software. a. Bots b. Trojan horses c. Blended threats d. Direct-propagation worms

a. Bots

Which of the following is a series of standards specifically addressing IT security? a. COBIT b. ISO/IEC 27002 c. ISO/IEC 27000 d. COSO

a. COBIT

One of the first data breach notification laws in the U.S. was created in ________. a. California b. Texas c. Illinois d. New York

a. California

________ can simply be describes as a person's system of values. a. Ethics b. Best practices c. Baselines d. Procedures

a. Ethics

Who has the power to prosecute companies that fail to take reasonable precautions to protect private information? a. FTC b. GLBA c. GDPR d. HIPAA

a. FTC

ICMP Echo messages are often used in ________. a. IP address scanning b. spoofing c. port scanning d. DDoS attacks

a. IP address scanning

The ISO/IEC 27001 standard specifies how to certify organizations as being compliant with ________. a. ISO/TEC 27000 b. COSO c. COBIT d. ISO/IEC 27043

a. ISO/IEC 27000

________ is the centralized policy based management of all information required for access to corporate systems by people, machines, programs, or other resources. a. Identity management b. Directory service c. Meta-directory service d. Meta-identity management

a. Identity management

Which of the following COSO framework components encompasses the tone of the organization? a. Internal environment b. Event identification c. Objective setting d. Control activities

a. Internal environment

Which of the following is a type of spyware? a. Keystroke loggers b. Spam c. Downloaders d. Rootkits

a. Keystroke loggers

What is Trojan.POSRAM in regard to Target's data breach? a. Malware b. A virus c. Employee sabotage d. A worm

a. Malware

Which of the following is considered a trade secret? a. Product formulations b. Trade names c. Patents d. Trademarks

a. Product formulations

Which of the following compares probable losses with the costs of security protections? a. Risk analysis b. Reasonable risk c. Internal audits d. Weakest-link failure

a. Risk analysis

Microsoft's server operating system is called ________. a. Windows Server b. Both UNIX and Windows Server c. Neither UNIX nor Windows Server d. UNIX

a. Windows Server

In the classic risk analysis calculation, the countermeasure impact assesses the ________. a. benefits of a countermeasure b. number of incidents of all possible countermeasures c. costs of a countermeasure d. drawbacks of a countermeasure

a. benefits of a countermeasure

Credit card theft is also known as ________. a. carding b. click fraud c. extortion d. bug bounty

a. carding

The goal of ________ is to emphasize a firm's commitment to strong security. a. corporate security policies b. centralized security management c. acceptable use policies d. technical security architecture

a. corporate security policies

Stolen information is commonly used for ________. a. credit card fraud b. identity theft c. false claims d. data mismanagement

a. credit card fraud

A ________ happens when an unauthorized person is able to view, alter, or steal secured data. a. data breach b. countermeasure c. safeguard d. compromise

a. data breach

Availability means that attackers cannot change or destroy information. a. false b. true

a. false

Detective countermeasures is considered one of the security goals of computer staff. a. false b. true

a. false

The cost of computer crime is well known. a. false b. true

a. false

In ________, a perpetrator tries to obtain money or other goods by threatening to take actions that would be against the victim's interest. a. hacking b. abuse c. extortion d. fraud

a. hacking

The most common example of risk transference is ________. a. insurance b. IT security measures c. no countermeasures d. installing firewalls

a. insurance

In the military, departments do not have the ability to alter access control rules set by higher authorities in ________. a. mandatory access control b. discretionary access control c. policy-based access control d. multilevel access control

a. mandatory access control

Cyberwar consists of computer-based attacks made by ________. a. national governments b. multinational corporations c. state, regional, and local governments d. private citizens

a. national governments

Authorizations are also called ________. a. permissions b. Neither permissions nor verifications c. verifications d. Both permissions and verifications

a. permissions

UNIX command line interfaces are called ________. a. shells b. Both shells and GUIs c. Neither shells nor GUIs d. GUIs

a. shells

________ consists of activities that violate a company's IT use and/or ethics policies. a. Extortion b. Abuse c. Hacking d. Fraud

b. Abuse

UNIX allows permissions to be assigned to ________. a. everyone else b. All of these c. a group associated with the directory d. the account that owns the file or directory

b. All of these

Which of the following is considered more serious than credit card number theft? a. Spoofing b. Bank account theft c. Carding d. Click fraud

b. Bank account theft

A security assertion may contain ________. a. authenticity information b. Both authenticity information and attributes, such as spending limits for purchasers c. Neither authenticity information nor attributes, such as spending limits for purchasers d. attributes, such as spending limits for purchasers

b. Both authenticity information and attributes, such as spending limits for purchasers

A ________ card stores authentication data. a. Neither magnetic stripe nor smart b. Both magnetic stripe and smart c. smart d. magnetic stripe

b. Both magnetic stripe and smart

Which of the following focuses broadly on corporate internal and financial control? a. ISO/IEC 27000 b. COSO c. COBIT d. ISO/IEC 27002

b. COSO

The Target data breach helped impact a shift from swipe cards to ________. a. keystroke logger b. EMV-compliant smart cards c. rootkits d. POS systems

b. EMV-compliant smart cards

Computer recover software reports its ________ to recovery company that works with local police to recover the notebook. a. logical location b. IP address c. None of these d. physical location

b. IP address

When a hacker sends a first round of probe packets to find hosts that are active, the attacker is sending ________ probes. a. a chain of attack b. IP address spoofing c. piggybacking d. IP address scanning

b. IP address spoofing

Which of the following statements is not an accurate description of MMCs? a. MMCs use GUIs. b. MMCs are located under the Start / Management menu choice. c. MMCs are relatively easy to learn and use. d. MMCs are produced by Microsoft

b. MMCs are located under the Start / Management menu choice

In cyberterror, attackers are typically ________. a. national governments b. Russian and/or Chinese citizens c. terrorists or groups of terrorists d. large multinational corporations

b. Russian and/or Chinese citizens

________ includes all of a firm's technical countermeasures and how they are organized into a complete system of protection. a. Risk avoidance b. Technical security architecture c. Corporate security policy d. Implementation guidance

b. Technical security architecture

Which of the following is an EU privacy law? a. The Gramm-Leach-Bliley Act b. The General Data Protection Regulation c. The Health Insurance Portability and Accountability Act d. The Sarbanes-Oxley Act

b. The General Data Protection Regulation

Which of the following is typically considered the first step in protecting your company from data breaches? a. Hiring a qualified data security team b. Understanding how data breaches happen c. Purchasing software to prevent data breaches d. Locking up your data to prevent data breaches

b. Understanding how data breaches happen

________ are programs that attach themselves to legitimate programs. a. Direct-propagation worms b. Viruses c. Worms d. Payloads

b. Viruses

Methods that security professionals use to try and stop threats include all of the following EXCEPT ________. a. countermeasures b. breaches c. protections d. safeguards

b. breaches

The three common core goals of security are ________. a. confidentiality, integrity, and authentication b. confidentiality, integrity, and availability c. confidentiality, information, and availability d. confidentiality, information, and authorization

b. confidentiality, integrity, and availability

The most common type of IT security outsourcing is done for ________. a. all hardware b. e-mail c. all software d. laptops

b. e-mail

Corrective countermeasures identify when a threat is attacking. a. true b. false

b. false

UNIX offers ________ directory and file permissions than (as) Windows. a. None of these b. fewer c. about the same number of d. more

b. fewer

Any device with an IP address is a ________. a. client b. host c. None of these d. server

b. host

The verifier itself determines the identity of the supplicant in ________. a. Neither verification nor identification b. identification c. Both verification and identification d. verification

b. identification

Most countermeasure controls are preventative controls. a. false b. true

b. true

Which of the following is not a type of fix for vulnerabilities? a. Version upgrades b. Patches c. All of these are types of fixes for vulnerabilities d. Work-arounds

c. All of these are types of fixes for vulnerabilities

Inheritance can be modified from the ________ box in the security tab. a. Neither allow permissions nor deny permissions b. deny permissions c. Both allow permissions and deny permissions d. allow permissions

c. Both allow permissions and deny permissions

________ programs reward researchers for finding vulnerabilities. a. Black-market website b. Transshipper c. Bug bounty d. APT

c. Bug bounty

Which of the following is an outsourcing alternative? a. MSSP b. PCI-DSS c. FISMA d. ISO 27000

c. FISMA

Which is not one of these three UNIX permissions? a. Execute b. Write c. List folder contents d. Read

c. List folder contents

Which of the following is NOT an indirect cost of a major data breach? a. Abnormal customer turnover b. Loss of reputation c. Notification costs d. Increased customer acquisition activities

c. Notification costs

________ is the destruction of hardware, software, or data. a. Hacking b. Denial of service c. Sabotage d. Extortion

c. Sabotage

Iris recognition technology is ________ and ________. a. inexpensive, has low FARs b. expensive, has high FARs c. expensive, has low FARs d. inexpensive, has high FARs

c. expensive, has low FARs

One of the long-lasting effects of the data breach to Target was ________. a. loss of merchandise b. loss of money c. loss of customer confidence d. employee dissatisfaction

c. loss of customer confidence

If an attacker takes over a router, he or she will be able to ________. a. map the entire internal network b. Both map the entire internal network and reroute traffic to cause a local Dos c. reroute traffic to cause a local DoS d. Neither map the entire internal network nor reroute traffic to cause a local DoS

c. reroute traffic to cause a local DoS

The ________ gives the verifier a symmetric session key. a. Neither ticket-granting ticket nor service ticket b. Both ticket-granting ticket and service ticket c. service ticket d. ticket-granting ticket

c. service ticket

You receive an e-mail that appears to come from a frequent customer. It contains specific information about your relationship with the customer. Clicking on a link in the message takes you to a website that seems to be your customer's website. However, the website is fake. This is an example of ________. a. a hoax b. phishing c. spear phishing d. social engineering

c. spear phishing

Attackers in the Target data breach used malware and then used ______ or ______ to infect a Target third party vendor. a. spear phishing; sabotage b. viruses; worms c. spear phishing; a targeted phishing attack d. hacking; sabotage

c. spear phishing; a targeted phishing attack

The super user account has _________ control over the computer. a. no b. little c. total or nearly total d. substantial but not nearly total

c. total or nearly total

A(n) ________ is defined as an attack that comes before fixes are released. a. exploit b. anomaly attack c. zero-day attack d. worm

c. zero-day attack

More than ________ records were stolen in 2018. a. 2.2 billion b. 100,000 c. 1 million d. 5 billion

d. 5 billion

________ was the last state to implement a data breach notification law in ________. a. California; 2018 b. Georgia; 2000 c. North Dakota; 2016 d. Alabama; 2018

d. Alabama; 2018

If an attacker takes over a firewall, he or she will be able to ________. a. allow connection-opening requests that violate policy b. reroute internal data to alternate paths c. provide the false sense that the firewall is still working correctly d. All of these

d. All of these

________ are descriptions of what the best firms in the industry are doing about security. a. Baselines b. Procedures c. Standards d. Best practices

d. Best practices

Which of the following are elements of host hardening? a. Read operating system log files b. Neither Encrypting data on the host nor Read operating system log files c. Encrypting data on the host d. Both Encrypting data on the host and Read operating system log files

d. Both Encrypting data on the host and Read operating system log files

Which of the following security protections are provided by recent version of Windows Server? a. Server software firewalls b. Neither Server software firewalls not The ability to encrypt data c. The ability to encrypt data d. Both Server software firewalls and The ability to encrypt data

d. Both Server software firewalls and The ability to encrypt data

________ is being able to manage security technologies from a single security management console or at least from a relatively few consoles. a. Technical security architecture b. A single point of vulnerability c. Defense in depth d. Centralized security management

d. Centralized security management

Which of the following is NOT a type of countermeasure? a. Detective b. Preventative c. Corrective d. Cyberwar

d. Cyberwar

Sending packets with false IP source addresses is known as ________. a. spear phishing b. hacking c. sabotage d. IP address spoofing

d. IP address spoofing

What does a central logging server of an MSSP on a network do? a. It uploads the number of times that employees have logged into - or attempted to log into - questionable sites b. It calculates the amount of processing ability needed for a system c. It automatically creates a firewall when questionable activity is detected d. It uploads a firm's event log data

d. It uploads a firm's event log data

________ is a version of ________ for PCs. a. Neither LINUX, UNIX nor UNIX, LINUX b. Both LINUX, UNIX and UNIX, LINUX c. UNIX, LINUX d. LINUX, UNIX

d. LINUX, UNIX

MMCs are administrative used to manage ________ servers. a. All of these b. Apple c. UNIX d. Microsoft

d. Microsoft

________ refers to the intention to minimize lost productivity and attempt not slow innovation. a. Technical security architecture b. A single point of vulnerability c. Defining the weakest link d. Minimizing security burdens

d. Minimizing security burdens

Which of the following is NOT a general guideline to handling exceptions? a. Each exception must be carefully documented in terms of specifically what was done and who did each action. b. The person who requests an exception must never be the same person who authorizes the exception c. Only some people should be allowed to requests exceptions d. More people should be allowed to authorize exceptions than can requests exceptions

d. More people should be allowed to authorize exceptions than can request exceptions

What is the name for a small program that fixes a particular vulnerability? a. Service pack b. Version upgrade c. Work-around d. Patch

d. Patch

________ take advantage of flawed human judgement by convincing a victim to take actions that are counter to security policies. a. Phishing attacks b. Spear phishing attacks c. Hoaxes d. Social engineering attacks

d. Social engineering attacks

Which of the following is NOT a COSO framework component? a. Risk assessment b. Event identification c. Internal environment d. Training practices

d. Training practices

Which of the following companies experienced the largest data breach in history in 2016? a. Facebook b. Amazon c. First American Corp. d. Yahoo! Inc.

d. Yahoo! Inc.

A program that gives an attacker remote access control of your computer is known as ________. a. spyware b. a Trojan horse c. a cookie d. a RAT

d. a RAT

It is common for companies to require users to read and sign a(n) ________. a. e-mail policy b. personally identifiable information policy c. corporate security policy d. acceptable use policy

d. acceptable use policy

A(n) ________ is a statement from Firm A that Firm B should accept as true if Firm B trusts Firm A. a. attribute b. certification c. certificate d. assertion

d. assertion

When a threat succeeds in causing harm to a business, this is known as a(n) ________. a. CIA b. unintended access c. PII d. breach

d. breach

A ________ is a small program that, after installed, downloads a larger attack program. a. rootkit b. keystroke logger c. Trojan horse d. downloader

d. downloader

The ________ of the classic risk analysis calculation is the percentage of an asset's value that would be lost in a breach. a. countermeasure impact b. single loss expectancy c. annualized loss expactancy d. exposure factor

d. exposure factor

An advantage to using MSSP is ________. a. cost b. constant internal control c. control of employees d. independence

d. independence

Inheritance ________ labor costs in assigning permissions. a. increases b. None of these c. inheritance does not significantly change the labor costs in assigning permissions d. reduces

d. reduces


Kaugnay na mga set ng pag-aaral

Pre-Ch 4: Activity based costing

View Set

Identify the layers of the heart wall

View Set

Medical Surgical Chapter 66 Critical Care

View Set

Ch.11 Correlated-Groups and Single-Subject Designs

View Set

BUSI - Ch. 14 (Using Financial Information and Accounting

View Set

Chapter 18 Intermediate Accounting: Questions

View Set

Chapter 50: Assessment and Management of Patients With Biliary Disorders

View Set

Ch. 20-25 Music History Questions

View Set