MIS Midterm - Cybersecurity
A man-in-the-mobile and a man-in-the-middle attack have what similar qualities? More than one answer may be correct.
1. Harvesting personal information is the goal of each cyber intrusion. 2. The user may not know the malware has infected the device.
A digital music streaming company is promoting its service in a new country with a special discount for residents. How can the company use authentication to help prevent people from exploiting or abusing the deal? More than one answer may be correct.
1. It can verify that the customer lives in the correct country. 2. It can verify that the customer is new to the company or service. 3. It can grant the customer access only to the music included in the deal.
From the following list, select all situations that lead you to suspect the presence of adware.
1. When looking up information on the Dallas Cowboys, you notice an ad for a Dallas Cowboys jersey. 2. You have been looking for a car bike rack, and four out of five ads popping up on your browser show types of racks and other sporting gear. 3. After you buy and download a drawing program, you begin seeing ads for interactive drawing games and other creative technology.
In addition to planning, analysis, and mitigation, select the remaining two categories of the respond (RS) function of the NIST Cybersecurity Framework from the list below.
1. communication 2. improvements to cybersecurity response plans
The purpose of adware is to ________. More than one answer may be correct.
1. display ads to users based on their browsing behaviors 2. redirect your search requests to advertising websites 3. collect marketing-type data about you
Describe the goals of the National Institute of Standards Technology (NIST) Cybersecurity Framework. More than one answer may be correct.
1. give guidance to organizations who wish to understand potential security breaches 2. help organizations develop appropriate policies and procedures to mitigate data breaches 3. create an atmosphere where organizations can effectively discuss cybersecurity risks internally and with those outside of the organization
Describe the purpose of a cybersecurity risk analysis. More than one answer may be correct.
1. identify a company's assets 2. calculate potential loss due to security threats 3. determine how to respond to a potential loss
What are causes of the costs estimated included during a risk analysis? More than one answer may be correct.
1. malware attacks 2. system downtime 3. security breaches
Which of the following is the clearest definition of a computer virus?
Code-created malware that, when executed, damages programs and performance.
An email is an example of data that is always at rest. True or False
False
California's SB-327 for IoT requires companies to anonymize collected data to protect consumer privacy.True or False
False
Computer viruses can be either chip technology or code. True or False
False
A corporation that was recently the victim of hacking that was caused by a high-level employee falling for a phishing scheme institutes a required, annual, self-paced training module that alerts employees to the most common recent phishing attacks. The institution of this new training requirement represents which phase of the plan-protect-respond cycle?
Respond
How does spyware potentially harm the individual user?
This malware steals confidential information from the user.
According to the National Institute of Standards Technology (NIST), the RS function of the framework includes communications with internal and external stakeholders. True or False
True
The Stored Communications Act prohibits which activity?
accessing the communications of an organization without authorization
"Cybersecurity threat mitigation" includes all of the policies, procedures, and tools that help organizations
anticipate and counter threats from security vulnerabilities or incidents and reduce their impact.
Spyware's basic function is to
capture the user's account data, passwords, keystrokes, and more.
In cybersecurity risk analysis, PML (probable maximum loss) is used to
help determine spending needed to adequately secure an organization's IT infrastructure.
To properly authenticate, or verify, the identity of authorized users and protect assets from unauthorized users, it is essential to
keep user logins and passwords confidential.
Which of the following is a goal of confidentiality as defined by the CIA triad?
making sure the right people have access to secure information
Which of the following acts is an example of social engineering?
manipulating people in order to obtain and misuse their personal information
For which type of cybersecurity vulnerability do organizations maintain and share databases of known problems?
security weaknesses in operating systems or application software
What is the meaning of the term "social engineering" in the area of cybersecurity?
the act of manipulating or tricking people into sharing confidential, personal information
The NIST Cybersecurity Framework is a
voluntary guide for organizations.
