CIS 401 Quiz 2

What term describes the risk that exists after an organization has performed all planned countermeasures and controls?

Residual risk

Which of the following is NOT an example of social engineering?

Setting up a computer that allows the user to use a next door neighbor's unsecured wireless network

Forensics and Incident Response are examples of __________ controls.

corrective

Which of the following is NOT a human trait social engineers take advantage of to entice people to reveal information they should keep confidential?

Authority

The Fraud Triangle

Opportunity, Rationalization, and Pressure

Which term describes an action that can damage or compromise an asset?

Threat

Purchasing an insurance policy is an example of A ____________ risk response strategy.

Transfer / Share

Adam is evaluating the security of a web server before it goes live. He believes that an issue in the code allows a cross-site scripting attack against the server. What term describes the issue that Adam discovered?

Vulnerability

What type of attack against a web application uses a newly discovered vulnerability that is not patchable?

Zero-day attack

A Gray Hat Hacker

a computer hacker or computer security expert who may sometimes violate laws or typical ethical standards,

A Black Hat Hacker

a hacker who violates computer security for their own personal profit or out of malice

A White Hat Hacker

an individual who uses hacking skills to identify security vulnerabilities in hardware, software or networks.