OBA 340 Quiz 6 (Chapter 17)
Phishing
A bank customer receives a message, ostensibly from the bank's Web site, asking her to provide her login information. Assuming the message is intended to defraud the customer, what type of infiltration technique is being used here?
maps an Internet address to an IP address.
A domain name service is a collection of software that:
Corporate espionage
A research scientist with a major pharmaceutical firm in New Jersey is caught passing on sensitive information, worth millions of dollars, regarding the composition and test results of his firm's latest drug to a rival company. What crime is he being held responsible for?
understanding emerging threats and reviewing, selecting, and implementing updated security techniques.
A security group's R&D function would be involved in:
intrusion detection system.
A system that monitors network use for potential hacking attempts and takes preventative action to block, isolate, or identify attempted infiltration, and raise further alarms to warn security personnel is known as a(n):
white hat hacker
A(n) _____ is someone who uncovers computer weaknesses without exploiting them.
technology providers and contract firms.
An organization's partner firms that should be regularly audited to ensure that they are compliant with security frameworks include:
zero-day exploits
Attacks that are so new that they have not been clearly identified, and so have not made it into security screening systems are called _____.
brute-force
Attacks that exhaust all possible password combinations in order to break into an account are called _____ attacks.
trojans.
Computer systems are often infected with malware by means of exploits that sneak in masquerading as something they are not. These exploits are called:
data harvesters
Cyber criminals who infiltrate systems and collect data for illegal resale are called _____.
inventory-style auditing and risk assessment of threats.
Implementation of information security in an organization should essentially start with:
information security must be a top organizational priority.
It should be evident from the TJX example that:
the fear that the new technology contains a change that will cause problems down the road.
One of the reasons organizations delay patches to plug holes in their security applications is:
blacklists.
Programs that deny the entry or exit of specific IP addresses, products, Internet domains, and other communication restrictions are known as:
dumpster diving.
Sifting through trash in an effort to uncover valuable data or insights that can be stolen or used to launch a security attack is known as:
The password should be at least eight characters long and include at least one number and other nonalphabet character.
Some of the most common guidelines issued by Web sites when designing a secure password include:
monitors user actions or scans for files surreptitiously.
Spyware is defined as a type of software that:
biometrics
Technologies that measure and analyze human body characteristics for identification or authentication are known as _____.
shoulder surfing.
The e-mail password of a senior employee in an organization was compromised by someone looking over as the employee accessed his account. This is most likely a case of:
hacker
The term _____ originally referred to a particularly skilled programmer.
patches.
Updates that plug existing holes in a software are called:
an executable program to spread.
Viruses are programs that infect other software or files and require:
Sending spam mail from thousands of difficult-to-shut-down accounts
What security risk could be posed by a botnet large enough to hold a few million zombie computers?
Access control tools
What type of tool enforces access privileges and helps verify that systems are not being accessed by the unauthorized, or in suspicious ways?
E) Baiting someone to add, deny, or clarify information that can help an attacker
Which of the following best represents a method a social engineer might use to infiltrate a system? A) Posting rumors about an individual on a popular social networking site B) Making prank calls to individuals C) Stealing an individual's credit card information D) Flooding an individual's mailbox with junkmail E) Baiting someone to add, deny, or clarify information that can help an attacker
A) Regularly reimage the hard-drives of end user PCs
Which of the following could be one of the ways firms lockdown personnel hardware? A) Regularly reimage the hard-drives of end user PCs B) Dispose of used hardware after annual audits C) Implement frequent overhaul of hardware D) Mandate the use of industry-standard software alone on company hardware E) Regularly initiate software auditing
C) Meticulously check for integrity of Web sites and dig out weaknesses
Which of the following measures can a firm undertake to counter the threat of an SQL injection? A) Install SQL screening software and update it regularly B) Invalidate user input and train developers to rewrite the entire code C) Meticulously check for integrity of Web sites and dig out weaknesses D) Outsource the development of its Web site to an outside agency E) Deploy a commercial software patch or other piece of security software that can protect the firm
A) It refers to scrambling data using a code or formula, known as a cipher, such that it is hidden from those who do not have the unlocking key.
Which of the following statements holds true for the term encryption? A) It refers to scrambling data using a code or formula, known as a cipher, such that it is hidden from those who do not have the unlocking key. B) It refers to highly restrictive programs that permit communication only with approved entities and/or in an approved manner. C) It refers to a con executed using technology, typically targeted at acquiring sensitive information or tricking someone into installing malicious software. D) It refers to e-mail transmissions and packets that have been altered to seem as if they came from another source. E It refers to a seemingly tempting, but bogus target meant to draw hacking attempts.
B) It refers to e-mail transmissions and packets that have been altered to seem as if they came from another source.
Which of the following statements holds true for the term spoof? A) It refers to highly restrictive programs that permit communication only with approved entities and/or in an approved manner. B) It refers to e-mail transmissions and packets that have been altered to seem as if they came from another source. C) It refers to a con executed using technology, typically targeted at acquiring sensitive information or tricking someone into installing malicious software. D) It refers to scrambling data using a code or formula, known as a cipher, such that it is hidden from those who do not have the unlocking key. E) It refers to a seemingly tempting, but bogus target meant to draw hacking attempts.
E) Law-enforcement agencies employ technically inept employees who are incapable of keeping pace with today's cyber-criminals.
Which of the following statements is consistent with ground realities regarding information security? A) Cyber-crime is not yet considered a serious enough threat to warrant the attention of law-enforcement agencies. B) Cyber-crime is not rewarding in terms of financial gain. C) Law-enforcement agencies are well-resourced to fight cyber-crimes effectively. D) Governments usually outmatch private industry in terms of retaining top talent with incentives and generous pay. E) Law-enforcement agencies employ technically inept employees who are incapable of keeping pace with today's cyber-criminals.
C) Social engineering
Which of the following types of infiltration techniques does one open up to by posting sensitive personal information and details about one's workplace on social networking sites? A) Physical threats B) Password theft C) Social engineering D) Phishing E) Virus infections
E) Non-existent extradition agreements between two countries
Which of the followings aspects of international law would enable a cyber-criminal operating across borders to evade prosecution? A) Lack of technology to identify the origin of a security attack B) Technological incompatibility between the two countries C) Unwillingness of developed countries to share technical know-how with lesser-developed countries D) Non-recognition of commission of a security-related crime E) Non-existent extradition agreements between two countries
E) Sloppy programming practices where software developers do not validate user input
Which weakness of Web sites to launch attacks does an SQL injection technique exploit? A) Irregular auditing of Web site content B) Lack of in-built anti-virus features C) Non-employment of encryption techniques D) Ease of infiltrating the Web site E) Sloppy programming practices where software developers do not validate user input
Do not click on any links, or download any enclosures
You have received an e-mail that looks suspiciously close to a phishing mail. What is the best course of action to be followed?
Keyloggers
_____ can be either software-based or hardware, such as a recording "dongle" that is plugged in between a keyboard and a PC.