Chapter 13
Which of the following is the correct description of a firewall? Group of answer choices It is a software and hardware combination that limits the incoming and outgoing Internet traffic. It is a software that deletes viruses from attachments. It is hardware that prevents unauthorized data to enter the private network. It is a concept used in developing security policies.
It is a software and hardware combination that limits the incoming and outgoing Internet traffic.
You have been hired as the new Information Security consultant at XYZ Inc. Which of these employee behaviors would be a top security concern? Group of answer choices Banging on the keyboard, when the computer is running slow Drinking water or coffee while working on computers Using office computers for personal e-mails Leaving laptop computers unattended in public spaces
Leaving laptop computers unattended in public spaces
This harmful malware is triggered by a specific event, such as Friday the 13th. Group of answer choices Worm Logic bomb Trojan bomb Virus
Logic bomb
Assume your organization is experiencing an intruder attack. You have an intrusion detection system (IDS) set up. Which of the following events occurs first? Group of answer choices Network security team decides to block traffic from that IP address The network router sends traffic to the firewall as well as to the IDS Messages from the IDS are routed to the network security team The IDS warns the firewall of suspicious traffic
The network router sends traffic to the firewall as well as to the IDS
A company's risk assessment process can include numerous threats to the computers and networks. Which of the following can be considered an adverse event? Group of answer choices Email attachment with harmful worm All of the above Distributed denial-of-service attack Harmful virus
All of the above
You work for a company that is growing. Originally, all the users in all departments had access to all the data in the database. It is considered a security risk. What is an appropriate action to reduce the risk? Group of answer choices Install and provide stronger anti-virus software on the users' computers Install a two-step login procedure, where the user has to key in additional information for logging in Assign roles and privileges to users so that only job-relevant data is accessible to the user. Tweak the firewall parameters so that outgoing traffic can be better controlled
Assign roles and privileges to users so that only job-relevant data is accessible to the user.
Your business has a web server that has suddenly become unresponsive. When you study the server's logs there are a huge number of requests from what appear to be legitimate computers. The problem is likely because of _____. Group of answer choices a logic bomb too many Spam emails a CAPTCHA issue a denial-of-service attack
a denial-of-service attack
There has been a data breach at your business and the business has lost some customer data. It has led to angry customers who have filed charges. What is a recommended course of action to prepare for future events? Group of answer choices activate the forensics analysis team and prepare documentation none of these answers meet with your lawyers to prepare to counter-sue the customers settle with the customers, however much it may cost
activate the forensics analysis team and prepare documentation
A hacktivist is someone who _______. Group of answer choices attempts to destroy the infrastructure components of governments hacks computers or Web sites in an attempt to promote a political ideology attempts to gain financially and/or disrupt a company's information systems and business operations violates computer or Internet security maliciously or for illegal personal gain
hacks computers or Web sites in an attempt to promote a political ideology
You had used an online service to apply for a credit card. As part of the process, you submitted your personal information such as SSN, date of birth, employer information, etc. Soon after you started receiving bills for items you did not purchase. You have become a victim of ________. Group of answer choices cyberterrorism cyber espionage ransomware identity theft
identity theft
The second phase of an Advanced Persistent Threat attack is _____. Group of answer choices discovery incursion reconnaissance capture
incursion
In a denial-of-service (DDoS) attack, the perpetrator ____. Group of answer choices changes the configuration information of the infected computers instructs the zombie computers to send simple access requests to target computers refuses to accept any email from any sender sends out a huge number of spam emails to all of those in your contacts list
instructs the zombie computers to send simple access requests to target computers
These days, the biggest threats to IT security are from ________. Group of answer choices "geeks" working on their own and motivated by the desire to gain some degree of notoriety international drug cartels terrorist organizations organized groups that have ample resources, including money and sophisticated tools, to support their efforts
organized groups that have ample resources, including money and sophisticated tools, to support their efforts
The purpose of Advanced Persistent Threat (APT) usually is to ____. Group of answer choices steal data steal money interrupt service annoy the users
steal data
Which of the following shortcoming may be revealed during an IT security audit? Group of answer choices whether only a limited number of people have access to critical data or not whether the IT budget is adequate or not whether the users are satisfied with IT services or not whether the firewall is tall enough
whether only a limited number of people have access to critical data or not
Which of the following subject areas does the USA Patriot Act cover? Group of answer choices Identity theft Transmitting virus programs Cyberterrorism Credit card fraud
Cyberterrorism
Which of the following laws covers false claims regarding unauthorized use of credit cards? Group of answer choices Computer Fraud and Abuse Act Fraud and Related Activity in Connection with Access Devices Statute Stored Wire and Electronic Communications and Transactional Records Access Statutes Identity Theft and Assumption Deterrence Act
Fraud and Related Activity in Connection with Access Devices Statute
Which of the following is NOT a popular vendor of firewall software? Group of answer choices Red Hat Total Defense Kaspersky Check Point
Red Hat
Which of these organizations offers guidelines on developing security policies? Group of answer choices IBM DHS SANS CISCO
SANS
The US-CERT incident reporting system is used to ____. Group of answer choices alert the Department of Homeland Security about information security incidents alert the Border Patrol about undocumented workers alert the government about missing computers alert the bank about stolen credit cards
alert the Department of Homeland Security about information security incidents
Someone who violates computer or Internet security maliciously or for illegal personal gain is known as a(n) _______. Group of answer choices industrial spy hacktivist cyberterrorist black hat hacker
black hat hacker
Once a _____ is installed, the attacker can gain full access to the computer. Group of answer choices botnet worm rootkit zombie
botnet
A botnet is a ____. Group of answer choices network of computers that send out access requests to servers repeatedly network of robots that control an assembly line at a factory network of devices that are used for managing security network of servers that exchange traffic data
network of computers that send out access requests to servers repeatedly
On the back of a credit card the three-digit number above the signature panel is used to _____. Group of answer choices track your transactions for rewards program purposes verify the card is legitimate and not a stolen card number verify the identity of the credit card holder enter your account into a raffle
verify the card is legitimate and not a stolen card number
You wish to use your personal laptop computer at work. However, the IT department folks are unwilling to allow you. The likely reason is ______. Group of answer choices you will use your laptop for non-work related activity your productivity could not be measured correctly your non-work related use of the laptop could increase vulnerability your activities could not be monitored
your non-work related use of the laptop could increase vulnerability
