OIM CH 10
In this video, Agent Macey explains how a _____ pretends to be a legitimate company and sends email requesting users to update their confidential information such as passwords or account numbers.
spoofer
If you are going to really take information security seriously, which of the following is NOT a good way to do it?
Create a single, strong password for all your accounts.
The organizational function that pertains to developing and enforcing data policies and standards is called ________.
Data administration
According to a Ponemon Institute survey, the costliest type of computer crime for most organizations is ________.
Denial of service
Which of the following is NOT a conclusion from the Ponemon Institute survey?
Denial of service is the principal cost of computer crime.
In this video, Special Agent Macey says the single largest threat to the Internet is _____.
Denial-of-service attacks
All of these threats are attempts to gain unauthorized access to sensitive information such as credit card or Social Security numbers EXCEPT ________.
DoS attacks
When an organization uses a cloud-hosting service for storing its data in the cloud, the data safeguards should be ________.
part of the cloud service contract
The three interdependent factors involved in security enforcement are ________.
responsibility, accountability, and compliance
Which of the following is a type of virus that propagates itself via the Internet or another computer network?
worm
Activity logs, such as those produced by firewalls, are used to assist with ________.
security measures
Phishing is a ________ that leads to ________.
computer crime; unauthorized data disclosure
A program such as CCLeaner helps keep your computer secure by ________.
removing cookies from your computer's hard drive
Based on the information provided in this video, which of the following usually happens in a denial-of-service attack?
A hacker floods a Web server with so many requests that it becomes unavailable to its intended users.
Safeguards protect ________ from ________.
Assets and threats
John Pozadzides, a security researcher, estimates that a brute force attack would take about ________ to crack a ten-character password with a combination of upper- and lowercase letters, numbers, and special characters.
2 million
What is the key feature that distinguishes asymmetric from symmetric encryption algorithms?
Asymmetric algorithms require two separate keys (usually public and private), but symmetric algorithms require only one.
Which of the following types of system procedures should a company develop for users versus operations personnel?
Both users and operations personnel should have procedures for normal operations, backup, and recovery.
Which of the following would NOT be considered a data safeguard?
Installation of antivirus software
According to a Ponemon Institute survey, the largest single source of the increase in computer crime costs from 2010 to 2013 is ________.
Malicious insiders
According to the DHS agent portrayed in this video, the Secret Service has responded to network intrusions at businesses throughout the United States that have been impacted by _____ through their point-of-sale systems.
Malware
Which of the following technologies is used for user identification and authentication?
PIN
The term "key escrow" refers to ________.
a control procedure whereby a trusted party is given a copy of a key used to encrypt database data
Which of the following technologies is used for protecting a company's internal computer system by selecting which packets to accept from external Internet sources?
firewalls
The term "least possible privilege" refers to ________.
giving a user's account only as much access as necessary to do that person's job
A(n) ________ is a computer program that senses when another computer is attempting to scan or access a computer or network.
intrusion detection system
According to a Verizon 2014 Data Breach Investigations Report, hackers stole 98 million user accounts from which company?
target
A ________ is an opportunity for threats to gain access to individual or organizational assets.
vulnerability