BCIS - 4350
What is the difference between a DDoS attack and a DoS attack?
A DoS is carried out with one source device and a DDoS attack is carried out with many source devices.
List characteristics of computer viruses. More than one answer may be correct.
A computer virus is software that infects computers and is created using computer code.A computer virus is software that infects computers and is created using computer code. Correct Viruses can destroy programs or alter the operations of a computer or network. Mac computers are less susceptible to computer viruses.
Why is a denial-of-service attack (DoS attack) a threat to data availability?
By flooding a system with incoming messages, a DoS attack forces the system to shut down, rendering it inaccessible to the users who legitimately have access to it.
Who is protected by California's SB-327 for IoT Security and who is accountable for ensuring the guidelines are met?
California's SB-327 for IoT Security helps to protect consumers; the responsibility lies with makers of devices that connect with the Internet.
In a DDoS attack, network computers that have been infected by a virus from more than one source computer act as zombies and work together to send out illegitimate messages creating huge volumes of network traffic. The acronym DDoS stands for
Distributed Denial of Service.
Describe how ransomware attacks work. More than one answer may be correct.
Ransomware is malware that makes a computer's data inaccessible until a ransom is paid.Ransomware is malware that makes a computer's data inaccessible until a ransom is paid. Correct Ransomware attacks invade computers via trojan horse programs and worms.Ransomware attacks invade computers via trojan horse programs and worms. Correct One of the most popular methods used in ransomware attacks is phishing.
What is the goal of the planning phase of the plan-protect-respond cycle?
Understand common threats that an organization may face and determine how vulnerable they are to such threats.
Which of the following would be prohibited under the Electronic Communications Protection Act?
an employee leaking confidential emails they were not authorized to receive
A ________ deliberately modifies the normal operations of a computer or network through the use of malicious code.
cyberattack
One surveillance technology that relies on how the user enters data is a
keylogger.
How does the cybersecurity goal of preserving data integrity relate to the goal of authenticating users?
Data integrity is more easily preserved if users must be authorized to access data and make changes.
According to Norton, which of the following steps should be taken to defend against rootkits? More than one answer may be correct.
Don't ignore software updates.Don't ignore software updates. Correct Be aware of phishing emails.Be aware of phishing emails. Correct Watch out for drive-by downloads.
A program that appears to be legitimate but executes an unwanted activity when activated is called a
trojan
Describe computer viruses. More than one answer may be correct.
A computer virus is software.A computer virus is software. Correct A computer virus can take over an operating system.A computer virus can take over an operating system. Correct A computer virus can destroy a computer's programs.
Which of the following are tips to avoid falling victim to a social engineering attack?
Make sure to research the facts contained in an email message.Make sure to research the facts contained in an email message. Correct Slow down and think about the scenario.Slow down and think about the scenario. Correct Be mindful of web searches to make sure you are landing on legitimate sites.
Mohammed is experiencing issues with his work computer. He speaks to the IT department and they identify various symptoms of a computer virus. What are symptoms of a computer virus? More than one answer may be correct.
The operating system may not launch properly.The operating system may not launch properly. Correct Critical files may be automatically deleted.Critical files may be automatically deleted. Correct The user may receive unexpected error messages.
As reported by Andrei Ene, one of the worst malware attacks in the last 10 years is the TBT, or
Tiny Banker Trojan.
Who is responsible for calculating probable maximum loss?
a company's cybersecurity analysts
Software-based keyloggers often infect a system throug
a malicious email or link opened by an unsuspecting user.
"Cybersecurity threat mitigation" includes all of the policies, procedures, and tools that help organizations
anticipate and counter threats from security vulnerabilities or incidents and reduce their impact.
Malicious bots are cybersecurity risks because they
can reproduce and link to an outside server.
Which of the following is a goal of confidentiality as defined by the CIA triad?
making sure the right people have access to secure information
What type of firewall would filter messages coming from a specific, predefined IP address to a spam filter?
packet filter
Social engineering hacks are designed to get a victim to divulge which of the following types of information?
passwordspasswords Correct account information
One version of this type of malware encrypts a victim's data until a payment is made. Another version threatens to make public a 'victim's personal data unless a payment is made. This type of malware is called
ransomware.
What does the General Data Protection Regulation (GDPR) strive to achieve?
to ensure EU companies protect the privacy and personal data of EU citizens
Which of the following statements best illustrates why a rootkit is described as creating a back door
Like an intruder coming through a back door, a rootkit allows an unknown user into an operating system.
From the following list, select all the steps that the Federal Emergency Management Agency (FEMA) recommends businesses take to help protect their systems, data, and information from natural disasters.
Create a business continuity plan.Create a business continuity plan. Correct Utilize offsite cloud storage. Only store data in areas free from natural disasters.
What is the goal of the NIST Cybersecurity Framework Protect (PR) function?
to help protect an organization's IT infrastructure from security breaches by offering guidelines on IT infrastructure protection
