Chapter 8 DHS

Despite the intense efforts of cybercriminals to exploit the internet for their own gain, less than 1 million people have been personally affected by cybercrime in the United States.

false

Hackers from China have attempted to access US NOAA weather satellites but as of yet have not been successful.

false

The only difference between cyberwarfare and cyberterrorism is the target.

false

Under the Cybersecurity Framework, there are four "tiers" that enable stakeholders in the public and private sectors to assess how they are managing their cyber risk and to better understand how those actions measure up to what is considered effective.

false

Which of the following is defined as the "creation, access, modification, and destruction of information"?

processing

Ransomware is a method by which psychological or other non-technical means are used to trick victims into voluntarily or unwittingly handing over their personal information, including login information and passwords.

False

The attack on which of the following companies marked a change in the nature of cyberthreats against individuals and private sector organizations?

Sony

Which of the following involves making one's email appear like one that would be trusted by the target of a phishing scheme?

Spoofing

Infrastructure is considered a source of risk.

True

Malware is a catchall name for any program that seeks to compromise, disrupt, or steal from a device or system.

True

The DHS Directorate for National Protection and Programs leads the nation's efforts to manage cyberterrorism threats.

True

The failure or loss of just one CI system can rapidly cascade across multiple infrastructure sectors.

True

Which of the following is a series of national-level exercise focused on cybersecurity?

all of the above

Which of the following is defined as "the use or destruction of computing or information technology resources aimed at harming, coercing, or intimidating others in order to achieve a greater political or ideological goal."

all of the above

Which of the following is considered a source of critical infrastructure risk?

all the above

As of the end of 2014, no known act of cyberterrorism had ever occurred.

true

Cyberterrorism can result in injuries and/or deaths.

true

DHS infrastructure programs and policies are directed by the Office of Infrastructure Protection.

true

There are beneficial uses of cookies

true

A person who controls bots is called which of the following?

Bot herder

The Edward Snowden leaks exposed US programs to conduct which of the following?

Cyberespionage

Which of the following terms is defined by US-CERT to be, "The activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation"?

Cybersecurity

Which of the following is defined as "the global network of information technology infrastructure, inclusive of the internet, the telecom network, systems of servers and computers, electronic control mechanisms, and the embedded processes in microchips and other semiconductors"?

Cyberspace

The Stuxnet Worm is most likely an example of which of the following?

Cyberwarfare

Government is considered a component of critical infrastructure.

True

Approximately how many US companies experienced a cyber-breach as reported in 2014?

43%

How many critical infrastructure 'sectors' does the National Infrastructure Protection Plan recognize?

16

Which of the following is not one of the five cybersecurity functions identified under the Cybersecurity Framework?

Destroy

Which of the following is not one of the three "clusters" of cyberterrorism?

Exploitive cyberterrorism

A hospital is an example of a component in network-oriented infrastructure.

False

The National Cyber Incident Response Plan is an annex to the National Response Framework.

False

The Stuxnet Worm was developed to disrupt Iran's chemical weapons production capabilities.

False

Unlike other forms of infrastructure, critical infrastructure must be owned and operated by the government.

False

Unlike viruses, worms require human action to replicate themselves.

False

Which of the following is considered one of the most destructive and difficult cyberthreats to prevent?

Rogue Insider

Which of the following hacking methods specifically targets databases?

SQL Injection

Which of the following is a "self-organized, self-run, and self-governed private sector council consisting of owners and operators and their representatives, which interact on a wide range of sector-specific strategies, policies, activities, and issues"?

Sector-Coordinating Council

The Second Quadrennial Homeland Security Review identified three factors that explained why cyberspace is particularly difficult to secure. Which of the following is not one of those factors?

The low cost of cyberterrorism

Which of the following is a malicious program disguised to look like a useful program, which the user knowingly installs on their device, and that manipulates the manner in which a device's operating system functions?

Trojan Horse

Cybercrime is distinct from other forms of cyber-attacks in that the perpetrators seek personal gain or notoriety.

True