BCIS 4720 Exam 2 Practice

________ is the ability to ensure that an e-commerce site continues to function as intended. *A. Availability* B. Integrity C. Nonrepudiation D. Authenticity

*A. Availability* (operational and can be accessed)

Which of the following was designed to cripple Iranian nuclear centrifuges? *A. Stuxnet* B. Shamoon C. Storm D. Snake

*A. Stuxnet* (worm used for malware attack)

Which of the following is not an example of a potentially unwanted program (PUP)? *A. drive-by download* B. spyware C. browser parasite D. adware

*A. drive-by download* (a malicious code) (PUP= parasites, adware, & spyware)

Which dimensions of security is spoofing a threat to? *A. integrity and authenticity* B. availability and authenticity C. integrity and confidentiality D. availability and integrity

*A. integrity and authenticity* (Spoofing=hides true identity)

Automatically redirecting a web link to a different address is an example of which of the following? *A. pharming* B. social engineering C. DDoS attack D. sniffing

*A. pharming* (redirecting a Url)

Which of the following is not an example of malicious code? *A. sniffer* B. scareware C. bot D. Trojan horse

*A. sniffer* (sniffers just eavesdrop and monitor) (MALICIOUS CODE • Exploits & exploit kits • Malvertising • Drive-by downloads • Viruses • Worms• Ransomware • Trojan horses • Backdoors• Bots, botnets)

Software that is used to obtain private user information such as a user's keystrokes or copies of e-mail is referred to as: *A. spyware.* B. adware. C. a browser parasite. D. a backdoor.

*A. spyware.* (spyware is a PUP)

What is the most frequent cause of stolen credit cards and card information today? *A. the hacking and looting of corporate servers storing credit card information* B. phishing attacks C. sniffing programs D. lost cards

*A. the hacking and looting of corporate servers storing credit card information* (hacking)

________ is the ability to ensure that messages and data are only available to those authorized to view them. A. Availability *B. Confidentiality* C. Privacy D. Integrity

*B. Confidentiality* (Confidential=data is ONLY accessible to those that are authorized)

The attack against Dyn servers is an example of a(n): A. SQL injection attack. *B. DDoS attack* C. browser parasite. D. MitM attack.

*B. DDoS attack* DDoS -Distributed Denial of Service attacks DYN servers which control domain names

Which is not a library we need to work with databases in C#? A. System.Data.SQL *B. System.UI* C. System.Data.SQLClient D. System.Data

*B. System.UI* (headers in VS build upon each other)

According to Ponemon Institute's 2019 survey, which of the following was not among the causes of the costliest cybercrimes? A. denial of service(DoS) *B. botnets* C. malicious insiders D. web-based attacks

*B. botnets* (CHEAPEST cybercrime = botnets)

Which of the following is not a key factor for establishing e-commerce security? A. organizational policies *B. data integrity* C. technology D. laws and industry standards

*B. data integrity* (need new tech policies & procedures, laws and standards)

Confidentiality is sometimes confused with: A. authenticity. *B. privacy* C. nonrepudiation. D. integrity.

*B. privacy* *confidential+privacy* (Confidential=data is ONLY accessible to those that are authorized) (Privacy=control the use of personal information)

Which of the following is an example of an integrity violation of e-commerce security? A. A website is not actually operated by the entity the customer believes it to be. B. A merchant uses customer information in a manner not intended by the customer. *C. An unauthorized person intercepts an online communication and changes its contents.* D. A customer denies that he is the person who placed the order.

*C. An unauthorized person intercepts an online communication and *changes* its contents.* (Integrity=not changed or altered)

________ is the ability to identify the person or entity with whom you are dealing on the Internet. A. Availability B. Nonrepudiation *C. Authenticity* D. Integrity

*C. Authenticity* (Authenticate/confirm true identity)

Which of the following technologies is aimed at reducing e-mail address spoofing and phishing? A. TLS B. WPA *C. DMARC* D. MFA

*C. DMARC* Domain Based Message Authentication Reporting (DMARC) is leverages DNS and verifies email senders -spoofing=hide true identity -phishing=obtain confidential information

________ typically attack governments, organizations, and sometimes individuals for political purposes. A. Bounty hunters B. Tiger teams *C. Hacktivists* D. Crackers

*C. Hacktivists* (think Mr. Robot)

Which of the following is a brute force attack which hackers launch via botnets and automated tools using known user name and password combinations? A. MitM attack B. phishing *C. credential stuffing* D. pharming (redirect URL)

*C. credential stuffing*

Malware that comes with a downloaded file requested by a user is called a: A. PUP. B. backdoor. *C. drive-by download* D. Trojan horse.

*C. drive-by download*

Which of the following types of attacks enabled hackers to take control of the Twitter accounts of dozens of America's most prominent political, entertainment and technology leaders? A. sniffing B. ransomware *C. social engineering* D. DDoS attack

*C. social engineering* (a phishing tactic to obtain confidential information) ex. those stupid DMs Taylor clicked on

Conficker is an example of a: A. Trojan horse. B. botnet. *C. worm* D. virus

*C. worm* (Conficker is a fast-spreading worm that targets a vulnerability)

Beebone is an example of which of the following? *A. botnet* B. worm C. hacktivism D. phishing

A (a beebone is a botnet)

When does a master page load?

Every time a form with a master page loads

If you are not reading from the database, you still seed a DataReader. True or False?

FALSE

Phishing attacks rely on browser parasites. True or False?

FALSE

Exploit kits can be purchased by users to protect their computers from malware. True or False?

FALSE (exploit kits are malicious code, they DO NOT protect)

what event executes every time a page is loaded

Page_Load

A Trojan horse appears to be benign, but then does something other than expected. True or False?

TRUE

Spoofing is the attempt to hide a hacker's true identity by using someone else's e-mail or IP address. True or False?

TRUE

The SQLDataSource will automatically build INSERT, UPDATE, AND DELETE commands. True or False?

TRUE

Typically the more security measures added to an e-commerce site, the slower and more difficult it becomes to use. True or False?

TRUE

WannaCry is an example of ransomware. True or False?

TRUE

FREAK is an example of a software vulnerability. True or False?

TRUE (attacks vulnerable software/exploits vulnerabilities)

A drive-by download is malware that comes with a downloaded file that a user intentionally or unintentionally requests. True or False?

TRUE (malicious code)

worm

type of malware that spreads copies of itself from computer to computer without human intervention

Which of the following statements about data breaches in 2019 is not true? A. According to the Identity Theft Resource Center, the breaches exposed almost 165 million sensitive records, such as the social security numbers and financial account data. B. According to the Identity Theft Resource Center, data breaches involving the business sector represented about 44% of all breaches. C. According to the Identity Theft Resource Center, the number of breaches in 2019 increased by 17% from 2018. *D. According to the Identity Theft Resource Center, employee error was the leading cause of data breaches.*

*D. According to the Identity Theft Resource Center, employee error was the leading cause of data breaches.* (LEADING CAUSES OF DATA BREACHES - Hacking - Unauthorized access - Employee error/negligence)

Which of the following did the Internet Advertising Bureau urge advertisers to abandon? A. HTML5 B. HTML C. Adobe Acrobat *D. Adobe Flash*

*D. Adobe Flash*

What piece of information is NOT needed by the SQLCommand? A. Parameters B. DataReader C. CommandText *D. ConnectionString*

*D. ConnectionString* (The SQLCommand needs -parameters -connection -commandtext)

What is NOT a piece of information stored in the SQLData Source? A. Update Command B. Select Command C. Connection String *D. DataReader Command*

*D. DataReader Command* (UPDATE, INSERT, DELETE, SELECT, CONNECTIONSTRING)

________ is the ability to ensure that e-commerce participants do not deny their online actions. A. Authenticity B. Integrity C. Availability *D. Nonrepudiation*

*D. Nonrepudiation* (you cannot deny your actions)

What are the three pieces of information needed by an SQLCommand? A. Connectionstring, Parameters, and Commandtext B. Datareader, connection, and commandtext C. Datareader, connectionstring, and commandtex *D. Parameters, Connection, and CommandText*

*D. Parameters, Connection, and CommandText*

Accessing data without authorization on Dropbox is an example of a: A. social network security issue. B. sniffing issue. C. mobile platform security issue. *D. cloud security issue.*

*D. cloud security issue* (dropbox is cloud based software)

Which of the following is the leading cause of data breaches? A. theft of a computer B. DDoS attacks C. accidental disclosures *D. hackers*

*D. hackers*

Which of the following is an example of an online privacy violation? A. your e-mail being altered by a hacker(integrity) B. your computer being used as a part of a botnet C. your e-mail being read by a hacker(sniffing) *D. your online purchasing history being sold to other merchants without your consent*

*D. your online purchasing history being sold to other merchants without your consent* (Privacy=control personal information being transmitted)

General Definitions(2)

*INTEGRITY* -data has not been changed or altered by unauthorized users *NOREPUDIATION* -cannot deny your actions *AUTHENTICITY* -verify identity -are you who you say you are? *CONFIDENTIALITY* -only accessed/viewed by authorized personnel *PRIVACY* -protect personal information *AVAILABILITY* -continuous access

General Definitions

*SPOOFING* -hiding your true identity *PHARMING* -redirect URLs *PHISHING* -attempt to obtain confidential information *SNIFFING* -eavesdropping & listening *MitM attack* -intercept communications between 2 parties *Wiretap* -records

Why is it difficult to accurately estimate the actual amount of cybercrime? (Ana)

1. companies are hesitant to report cybercrime due to a fear of losing the trust of their customers (worried about their repuation) 2. Hard to quantify the dollar amount of loss 3. Legal issues

What piece of information is NOT needed by the SQLCommand?

ConnectionString

Why is it difficult to accurately estimate the actual amount of cybercrime?

There is a *reputational factor* to companies and conglomerates not estimating and thus disclosing cybercrime to the general public. Also, quantitative conversions of cybercrime are difficult to create due to the fact that *quantified estimates are virtually impossible to create on the basis of loss*. *Legal obstructions* also create both a hard place relative to this dilemma.