CH 4

Ace your homework & exams now with Quizwiz!

___ percent of organizational breaches exploit weak or stolen user credentials.

76

_______________ controls restrict unauthorized individuals from using information resources.

Access

Which of the following is NOT one of the most dangerous employees to information security?

Accountants

________________ is software that causes pop-up advertisements to appear on your screen.

Adware

Which of the following is NOT an example of alien software?

Blockware

Which country is currently in a dispute with the US over bilateral hacking?

China

_________________ manages the internet connections for North Korea and could stop hacking attempts on the US.

China

Which of the following is NOT a lesson learned from the Sony Picture Entertainment hack on November 24, 2014?

China is the leading hacking group that encourages similar behavior from other countries

If you have an empty building you can move into if your primary location is destroyed, you've implemented a _________ site.

Cold

Security must be balanced with _________ for people to use systems.

Convenience

__________________ is the loss of business from increased customer turnover

Customer churn

_________ is an identity theft technique

Dumpster diving

OpenSSL is __________ software.

Encryption

A copyright lasts 20 years.

False

A patent lasts for the life of the creator plus 70 years.

False

Competitive intelligence is industrial espionage.

False

Janitors are no threat to information security since they have no access to company systems.

False

Tracking down cybercriminals is the most difficult and only real challenge authorities face.

False

__________ is a computer security firm that sells malware detection tools to companies like Target.

FireEye

Which hacker group successfully attacked Sony Picture Entertainment on November 24, 2014?

Guardians of Peace

A smart ID card is something the user _______.

Has

SCADA attacks typically occur on ___________.

Industrial control systems

Google created a code fix for the Heartbleed bug. Which of the following is a TRUE statement?

Industrial control systems are highly vulnerable since they are updated infrequently.

___________ is threatening to steal or actually stealing information from a company and then demanding payment to not use or release that information.

Information extortion

________________________ refers to all the processes and policies designed to protect an organization's information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.

Information security

Biometrics is something the user _______.

Is

Which of the following is FALSE?

Mainframes make it easy to communicate freely and seamlessly with everyone.

_________________ was originally accused of the Sony Picture Entertainment hack on November 24, 2014; their involvement ____________ been proved.

North Korea; has not

The Heartbleed bug is an encryption security flaw in the ___________ software package that was an _____________ mistake by the software developer.

OpenSSL; unintended

____________ is the probability that a threat will impact an information resource.

Risk

_______________ is a process whereby the organization takes concrete actions against risks, such as implementing controls and developing a disaster recovery plan.

Risk mitigation

Shodan is used for _________.

SCADA attacks

You start browsing your favorite home improvement company's website and notice someone has changed all the logos to their main competitor's logos. This is an example of ___________.

Sabotage

_____________________ is an attack in which the perpetrator uses social skills to trick or manipulate legitimate employees into providing confidential company information such as passwords

Social engineering

_____________________________ is an attack in which the perpetrator uses social skills to trick or manipulate legitimate employees into providing confidential company information such as passwords.

Social engineering

Phishing is an example of __________.

Software attack

According to the "Catching a Hacker" case, ____________ is one of the most sophisticated and destructive malicious software programs ever developed.

SpyEye

_________ is any danger to which a system may be exposed.

Threat

Auditing __________ the computer means inputs, outputs, and processing are checked.

Through

Coca-Cola's formula is an example of a ___________.

Trade secret

Biometrics is an authentication tool.

True

Blacklisting is when everything can run except what is on the list.

True

The goal of risk management is to reduce risk to acceptable levels.

True

Whitelisting is when nothing can run unless it is on the list.

True

Wireless is an untrusted network.

True

Which of the following is NOT an unintentional threat to information systems?

Viruses

_________ is the possibility that the system will be harmed by a threat.

Vulnerability

Shodan's primary purpose is ___________.

a service that searches the internet for devices connected to the internet

Risk _______________ means absorbing any damages that occur.

acceptance

You decide to use the password "1234" on your computer because you figure nobody cares enough about your information to steal it. This is a risk __________ strategy.

acceptance

A ___________ is an attack by a programmer developing a system.

back door

The purpose of SpyEye is to _____________.

collect personal and financial information

A firewall is a _______ control.

communication

A ___________ is a remote attack needing no user action.

denial-of-service attack

Weak passwords are a(n) ___________ threat.

employee

The goal of CAPTCHA is to ___________.

ensure you aren't alien software

The airport's self check-in computers are a(n) __________ threat

hardware

_________ is one common example of SSL.

https

The main problem with multifactor authentication is _____________.

it will invade our privacy

If you hire a cybersecurity company like FireEye to identify security weaknesses in your information systems, you are using a risk _________ strategy.

limitation

By hiring FireEye to improve their security, Target adopted a risk _________ strategy; this strategy was ___________.

limitation; a failure

A ___________ is an attack by a programmer developing a system.

logic bomb

A ___________ is a remote attack requiring user action

phishing attack

The Target data breach started with a ____________

phishing attack

The main purpose for the attack on Sony Picture Entertainment on November 24, 2014 was to __________.

stop the release of the move The Interview

Cybercriminals _________

target known software security weaknesses.

The Shodan case illustrates ___________.

that hackers and security researchers use the same sites to identify vulnerabilities

You have a small business that has had problems with malware on your employees' computers. You decide to hire a third-party company such as GFI Software to implement security controls and then monitor your company's systems. You are adopting a risk ________ strategy.

transference

Social engineering is a(n) ___________ threat on the part of the employee and a(n) _________ threat on the part of the social engineer.

unintentional; deliberate

Wireless is a(n) inherently _________ network.

untrusted


Related study sets

CHEM 1331 - Exam 3 - Only Concepts Problems

View Set

Methods of Teaching English Midterm

View Set

Cellular Respiration & Fermentation (Chapter 9)

View Set

NUR 221 - Ch 41 WB - patients with musculoskeletal disorders

View Set

Chapter 21: Limited Partnerships and Limited Liability Partnerships

View Set

MAN 4701: Chapter(s): 18, Business 100: Final

View Set

ATI OB Book Ch 27 Newborn Complications

View Set