Chapter 12 - ALA - Methods of Securing Information
What percentage of cyberattacks are aimed at small business? What percentage of cyberattacks are launched with a phishing email? What percentage of daily email attachments are harmful for their intended recipient? What percentage of malicious attachments are masked as Microsoft Office files?
43% 91% 85% 38%
Security risk can be calculated using the following calculation: Risk = Threat x Vulnerability x
Asset
Which of the following are true of backup data?
Copies of backup data should be stored at a location other than the office. It can be used to restore lost or destroyed data. Backups are performed on a regular schedule as determined by the practice.
According to Norton, which of the following steps should be taken to defend against rootkits?
Don't ignore software updates Be aware of phishing emails Watch out for drive-by downloads.
You are speaking with a friend about how to protect yourself from phishing scams. Your friend (who works in cybersecurity) gives you some advice about what to do if you receive a phishing message. Which of the following statements would be considered good advice?
If you receive a suspicious message, contact the institution that the message was allegedly sent from. Contains US-CERT Banks and credit card companies will never ask you to provide personal information via email messages.
Select the true statements about state-sponsored cyberwarefare.
Originate and are executed by foreign governments. Attacks can be directly launched by a foreign government or by a group or individual who has been paid by to execute the attack Can be used to send warnings or to create conflict between countries.
Malware is designed to do which of the following?
Steal information. Destroy data. Incapacitate a computer or network
One method organizations are using to deal with the increase in cybersecurity threats and the decrease in the effectiveness of traditional security means is through the use of behavior science in their data and network security policies. One of these methods is called UEBA. Select the true statements about UEBA.
UEBA stands for user and entity behavior analytics It is a type of cybersecurity that observes and records the conduct of computer and network users UEBA uses a variety of different tactics to create a map of pattern behavior including machine learning, statistical analysis, and artificial intelligence (AI)
Which of the following statements about computer viruses are true?
Viruses can destroy programs or alter the operations of a computer or network. A computer virus is software that infects computers and is created using computer code.
According to the National Institute of Standards Technology (NIST), cybersecurity personnel can take steps to ensure data and systems are protected. The first thing an organization should conduct is a cybersecurity risk assessment. The cybersecurity risk assessment is concerned with answering which of the following questions?
What are our organization's most important information technology assets? What are the internal and external vulnerabilities? What are the relevant threats and the threat sources to our organization?
Before data security strategies are created, which questions must be answered?
What is the risk I am reducing? Is this the highest priority security risk? Am I reducing the risk in the most cost-effective way?
Cyberattacks that originate and are executed by foreign governments is called state-sponsored _______. These attacks can be directly launched by a foreign government or by a group or individual who has been paid by to execute the attack.
cyberwarfare
Specialized hardware or software that capture packets transmitted over a network are called packet _____.
sniffers
A hacker uses software to infect computers, including laptops, desktops, tablets, and IoT devices, turning each computer into a _________.
zombie, aka bot
One version of this type of malware encrypts a victims data until a payment is made. Another version threatens to make public a victim's personal data unless a payment is made. This type of malware is called ___>
Ransomware
Select what's true about spear phishing attacks.
Spear phishing attacks are designed to steal data and some attacks may also be designed to install malicious software on a device. Spear phishing is a type of email scam that is directed toward a specific person or organization.
Rootkits are typically used to allow hackers to do which of the following?
Remotely control the operations of a computer. Create a backdoor into a computer
A group of computers under the control of a hacker is referred to as a _____
botnet