Computer and Internet Fraud
"Which of the following types of malware can be used to generate illicit income in the form of cryptocurrency, while slowing down an infected computer and causing victims to incur costs related to power usage or cloud storage? A. Spyware B. Coin miners C. Overwrite viruses D. Keyloggers
" Coin miners
"Which of the following lists the information security goals that an e-commerce system should achieve for its users and asset holders? A. Exactness, invulnerability, accuracy, materiality, and data/systems response B. Confidentiality, integrity, availability, authentication, and non-repudiation C. Penetrability, accuracy, exactness, materiality, and systems reliability D. Penetrability, accuracy, availability, authentication, and systems reliability
" Confidentiality, integrity, availability, authentication, and non-repudiation
"______________ is a term used to classify malicious software that is intended to facilitate criminal behavior. A. Adware B. Freeware C. Crimeware D. Botnet
" Crimeware
"A virus that loads itself onto the target system's memory, infects other files, and then unloads itself is called a: A. Direct-action virus B. Network virus C. Boot sector virus D. None of the above
" Direct-action virus
"Which of the following is NOT a common carrier of malware? A. Dual in-line memory modules B. Files downloaded from the Internet C. Freeware and shareware files D. Email attachments
" Dual in-line memory modules
"All of the following are options for authenticating users in information systems EXCEPT: A. Profiling software B. Encryption C. Card-based systems D. Biometrics
" Encryption
"___________ is the deliberate scrambling of a message so that it is unreadable except to those who hold the key for unscrambling the message. A. Alteration of input B. Firewall security C. Encryption D. Customer validation
" Encryption
"After paying the ransom demanded by the fraudster, a ransomware victim is always granted access to all locked files on the compromised computer. A. True B. False
" FALSE
"Implementing privilege escalation and using buffer overflow exploits are examples of administrative controls used for securing computer systems and communication networks. A. True B. False
" FALSE
"Password cracking is a method that attackers use to gain unauthorized access to a computer system by bypassing password security through the use of undocumented system functions. A. True B. False
" FALSE
"Physical access controls refer to the process by which users are allowed access to computer programs, systems, and networks. A. True B. False
" FALSE
"Rock phishing is a type of phishing scheme that uses text messages or other short message systems to dupe an individual or business into providing sensitive data by falsely claiming to be from an actual business, bank, ISP, or other entity. A. True B. False
" FALSE
"The primary purpose of physical access controls is to prevent unauthorized access to computer software. A. True B. False
" FALSE
"To ensure separation of duties within the information technology department and between information systems and business unit personnel, computer operators should be responsible for performing computer programming. A. True B. False
" The Internet of Things
"Which of the following best describes phishing? A. A method for acquiring sensitive information needed to facilitate a specific scheme by searching through large quantities of available data B. A method for acquiring sensitive information by falsely claiming through electronic communication to be from an entity with which the target does business C. A method for acquiring sensitive information by bypassing a computer system's security through the use of an undocumented operating system and network functions D. A method for acquiring sensitive information in which an attacker hides near the target to gain unauthorized access to a computer system
" A method for acquiring sensitive information by falsely claiming through electronic communication to be from an entity with which the target does business
"Which of the following best describes social engineering? A. A method for gaining unauthorized access to a computer system in which an attacker deceives victims into disclosing personal information or convinces them to commit acts that facilitate the attacker's intended scheme B. A method for gaining unauthorized access to a computer system in which an attacker searches through large quantities of available data to find sensitive information that he can use to facilitate his intended scheme C. A method for gaining unauthorized access to a computer system in which an attacker bypasses a system's security through the use of an undocumented operating system and network functions D. A method for gaining unauthorized access to a computer system in which an attacker hides near the target to obtain sensitive information that he can use to facilitate his intended scheme
" A method for gaining unauthorized access to a computer system in which an attacker deceives victims into disclosing personal information or convinces them to commit acts that facilitate the attacker's intended scheme
"Which of the following is the most accurate definition of a Trojan horse? A. A type of software that collects and reports information about a computer user without the user's knowledge or consent B. A program or command procedure that gives the appearance that it is useful but in fact contains hidden malicious code that causes damage C. A software program that contains various instructions that are carried out every time a computer is turned on D. A virus that changes its structure to avoid detection
" A program or command procedure that gives the appearance that it is useful but in fact contains hidden malicious code that causes damage
"Which of the following is the most accurate definition of a computer worm? A. A self-replicating computer program that penetrates operating systems to spread malicious code to other systems B. A program or command procedure that gives the appearance that it is useful but in fact contains hidden malicious code that causes damage C. A type of software that, while not definitely malicious, has a suspicious or potentially unwanted aspect to it D. Any software application in which advertising banners are displayed while a program is running
" A self-replicating computer program that penetrates operating systems to spread malicious code to other systems
"Which of the following is the most accurate definition of a firewall? A. A system that blocks unauthorized or unverified access to network assets by surveying incoming and outgoing transmissions B. A device that takes information and scrambles it so that it is unreadable by anyone who does not have a specific code C. A system that authenticates users by monitoring their statistical characteristics, such as typing speed and keystroke touch D. None of the above
" A system that blocks unauthorized or unverified access to network assets by surveying incoming and outgoing transmissions
"Which of the following is the most accurate definition of a software keylogger? A. A type of software that, while not definitely malicious, has a suspicious or potentially unwanted aspect to it B. A self-replicating computer program that penetrates operating systems to spread malicious code to other systems C. A program or command procedure that gives the appearance that it is useful but in fact contains hidden malicious code that causes damage INCORRECT D. A type of program that monitors and logs the keys pressed on a system's keyboard
" A type of program that monitors and logs the keys pressed on a system's keyboard
"Which of the following is the most accurate definition of spyware? A. A type of software that collects and reports information about a computer user without the user's knowledge or consent B. A program or command procedure that gives the appearance that it is useful but in fact contains hidden malicious code that causes damage C. A self-replicating computer program that penetrates operating systems to spread malicious code to other systems D. Any software application in which advertising banners are displayed while a program is running
" A type of software that collects and reports information about a computer user without the user's knowledge or consent
"Which of the following is a method that can be used to destroy or manipulate data? A. Using malware to infect computers B. Transmitting data to an outside destination without authorization C. Wire tapping into a computer's communication links D. All of the above
" All of the above
"Which of the following is a technical or administrative control for securing computer systems and communication networks? A. Installing operating system security B. Installing network security defenses C. Encrypting sensitive data files D. All of the above
" All of the above
"Which of the following is an example of the piggybacking method used to gain access to restricted areas? A. Pretending to be a member of a large crowd of people authorized to enter a restricted area B. Taking advantage of a legitimate computer user's active session when the user attends to other business while still logged on C. Following behind an individual who has been cleared for access into a restricted area D. All of the above
" All of the above
"Which of the following statements is TRUE regarding e-commerce? A. Digital signatures function to authenticate e-commerce transactions B. In e-commerce transactions, non-repudiation is obtained through confirmation services and timestamps C. E-commerce entities must make sure that they can determine with whom they (or their computers) are communicating D. All of the above
" All of the above
"A fraudster uses the email account of a company's president to impersonate the president and ask an employee to make a wire transfer. This can best be described as which of the following types of fraud schemes? A. Rock phishing B. Business email compromise C. Pharming D. Reverse social engineering
" Business email compromise
"Which of the following is NOT an example of a business email compromise scheme? A. Fraudsters posing as a company's foreign supplier send an email to the company and request that funds be transferred to an alternate account controlled by the fraudsters. B. Fraudsters use botnets to send massive amounts of emails for the purpose of enticing users to click on a fraudulent URL. C. Fraudsters use the compromised email account of a high-level executive to pose as the executive and ask an employee to transfer funds to the fraudsters' account. D. Fraudsters use the compromised email account of a high-level executive to request employees' tax information or other personally identifiable information from the person responsible for maintaining such information.
" Fraudsters use botnets to send massive amounts of emails for the purpose of enticing users to click on a fraudulent URL.
"Which of the following are considered red flags of insider computer fraud? I. Access privileges limited to those required to perform assigned tasks. II. Access logs are not reviewed. III. Production programs are run during normal business hours. IV. Exception reports are not reviewed and resolved. A. II and IV only B. III and IV only C. I and III only D. I, II, III, and IV
" II and IV only
"Which of the following are information security goals that an e-commerce system should endeavor to meet for its users and asset holders? I. Penetrability of data II. Materiality of data III. Integrity of data IV. Availability of data A. II and III only B. III and IV only C. I, II, and III only D. I, II, III, and IV
" III and IV only
"Which of the following is a technical or administrative control for securing computer systems and communication networks? A. Implementing logical access controls B. Using an intrusion admission system C. Installing a network address prevention system D. Implementing privilege escalation
" Implementing logical access controls
"All of the following can help prevent a computer from being infected by malicious software EXCEPT: A. Installing shareware into a system's root directory B. Updating the operating system regularly C. Updating with the latest security patches D. Using anti-malware software
" Installing shareware into a system's root directory
"Which of the following refers to the type of network security systems that are designed to supplement firewalls and other forms of network security by detecting malicious activity coming across the network or on a host? A. Intrusion admission systems B. Network access controls C. Intrusion detection systems D. Network address prevention systems
" Intrusion detection systems
"Which of the following is an information security goal that an e-commerce system should endeavor to meet for its users and asset holders? A. Systems reliability B. Exactness C. Access authority D. Non-repudiation
" Non-repudiation
"Which of the following is an accurate definition of SMiShing? A. Obtaining sensitive data by impersonating a government official B. Stealing data from payroll accounts through the use of computers C. Obtaining sensitive data through the use of short message services D. Stealing private financial data through the use of voice mail
" Obtaining sensitive data through the use of short message services
"All of the following are best practices for ensuring separation of duties within the information technology department and between information systems and business unit personnel EXCEPT: A. IT departments should not overlap with information user departments. B. Program developers should not be responsible for testing programs. C. Only programmers should be server administrators. D. End users should not have access to production data outside the scope of their normal job duties.
" Only programmers should be server administrators.
"Which of the following is the term used to describe the method of gaining unauthorized access to a computer system in which attackers use an automated process to guess a system user's passwords? A. Password sniffing B. Password cracking C. Password logging D. Password engineering
" Password cracking
"_________ is an attack in which a user is fooled into entering sensitive data into a malicious website that imitates a legitimate website. A. SMiShing B. Spear phishing C. Phishing D. Pharming
" Pharming
"Which of the following is NOT a type of physical access control device that can be used to control access to physical objects? A. Biometric systems B. Locks and keys C. Profiling software D. Electronic access cards
" Profiling software
"Which of the following statements about ransomware is TRUE? A. Ransomware is a form of malware that locks a user's operating system and restricts access to data files until a payment is made. B. Ransomware is a program or command procedure that gives the appearance of being useful but in fact contains hidden malicious code that causes damage. C. Ransomware is a classification of malware designed to simplify or automate online criminal activities. D. Ransomware is a type of software that collects and reports information about a computer user without the user's knowledge or consent.
" Ransomware is a form of malware that locks a user's operating system and restricts access to data files until a payment is made.
"Which of the following is a measure that management can take to prevent an organization's computers from being infected by malicious software? A. Regularly update the organization's operating systems. B. Only allow systems to boot with removable storage devices. C. Prevent employees from opening any emails with attachments. D. Require that users reuse passwords for important accounts.
" Regularly update the organization's operating systems.
"Which of the following is NOT a symptom that might indicate a malware infection? A. Unexplained changes to the system's memory occur. B. Several system programs launch automatically at startup. C. A system's files are erased with no warning. D. Excessive pop-up windows appear without cause.
" Several system programs launch automatically at startup.
"Non-repudiation refers to a method used to guarantee that parties involved in an e-commerce transaction cannot deny their participation in it. A. True B. False
" TRUE
"The emerging environment of everyday objects that use embedded sensors to collect and transmit data through the Internet is best known as: A. The Emerging Technology Domain B. The Smart Technology Network C. The Deep Web D. The Internet of Things
" The Internet of Things
"Pharming differs from phishing in that in a pharming scheme: A. The attacker has to rely on having the user click on a link in an email or other message to direct him to the malicious website that is imitating a legitimate website. B. The attacker does not have to rely on having the user click on a link in an email or other message to direct him to the malicious website that is imitating a legitimate website. C. The attacker delivers the solicitation message via telephones using Voice over Internet Protocol (VoIP) instead of email. D. The attacker delivers the solicitation message via SMS (the protocol used to transmit text messages via mobile devices) instead of email. Submit Answer
" The attacker does not have to rely on having the user click on a link in an email or other message to direct him to the malicious website that is imitating a legitimate website.
"Which of the following is the most accurate description of logical access? A. The process by which computer systems' contents are encrypted B. The process by which users are allowed to access and use physical objects C. The process by which users are allowed to use computer systems and networks D. The process by which users can bypass application security over the software and libraries
" The process by which users are allowed to use computer systems and networks
"Matthew receives a voice mail message telling him that his credit card might have been used fraudulently. He is asked to call a phone number. When he calls the number, he hears a menu and a list of choices that closely resembles those used by his credit card company. The phone number even appears to be similar to that of his card issuer. Of which of the following types of schemes has Matthew become the target? A. Spear phishing B. Vishing C. SMiShing or tishing D. Pharming
" Vishing
