BTE 210 Chapter 4 Questions
Unlock all answers in this set
Unlock answersquestion
_________ is any danger to which a system may be exposed. A. Exposure B. Information security C. Threat D. Security
answer
Threat
question
_________ is the possibility that the system will be harmed by a threat. A. Exposure B. Threat C. Security D. Vulnerability
answer
Vulnerability
question
Wireless is a(n) inherently _________ network. A. trusted B. neutral C. untrusted D. useful
answer
Untrusted
question
*Which of the following is FALSE? A. It is easier to be a hacker nowadays. B. Mainframes make it easy to communicate freely and seamlessly with everyone. C. Management doesn't always support security efforts. D. Thumb drives make it easy to steal huge amounts of sensitive information.
answer
Mainframes make it easy to communicate freely and seamlessly with everyone.
question
Cybercriminals _________ A. are violent criminals. B. can be easily arrested, once they are found. C. don't make that much money; they do it for fun. D. target known software security weaknesses.
answer
Target known software security weaknesses.
question
Which of the following is NOT one of the most dangerous employees to information security? A. Accountants B. HR employees C. Janitors D. MIS employees
answer
Accountants
question
The airport's self check-in computers are a(n) __________ threat. A. outside B. employee C. hardware D. software
answer
Hardware
question
*Weak passwords are a(n) ___________ threat. A. outside B. employee C. hardware D. software
answer
Employee
question
*Which of the following is NOT an unintentional threat to information systems? A. Careless monitoring of environmental hazards B. Choosing a weak password C. Having an unlocked desk or filing cabinet after going home D. Viruses
answer
Viruses
question
_____________________ is an attack in which the perpetrator uses social skills to trick or manipulate legitimate employees into providing confidential company information such as passwords. A. Dumpster diving B. Shoulder surfing C. Social engineering D. Tailgating
answer
Social engineering
question
*Social engineering is a(n) ___________ threat on the part of the employee and a(n) _________ threat on the part of the social engineer. A. deliberate; unintentional B. deliberate; deliberate C. unintentional; deliberate D. unintentional; unintentional
answer
Unintentional; deliberate
question
OpenSSL is __________ software. A. Banking B. Encryption C. Hacking D. Free
answer
Encryption
question
The Heartbleed bug is an encryption security flaw in the ___________ software package that was an _____________ mistake by the software developer. A. Microsoft; intended B. Microsoft; unintended C. OpenSSL; intended D. OpenSSL; unintended
answer
OpenSSL; unintended
question
Google created a code fix for the Heartbleed bug. Which of the following is a TRUE statement? A. Home internet routers should be largely safe from this bug since they don't exchange enough sensitive data to be a target. B. Industrial control systems are highly vulnerable since they are updated infrequently. C. Organizations simply have to install the fix. D. Organizations need to install the fix and just create new private key-public key pairs.
answer
Industrial control systems are highly vulnerable since they are updated infrequently.
question
___________ is threatening to steal or actually stealing information from a company and then demanding payment to not use or release that information. A. Competitive intelligence B. Espionage C. Information extortion D. Intellectual property
answer
Information extortion
question
*Phishing is an example of __________. A. Copyright infringement B. Espionage C. Sabotage D. Software attack
answer
Software attack
question
You start browsing your favorite home improvement company's website and notice someone has changed all the logos to their main competitor's logos. This is an example of ___________. A. Espionage B. Identity theft C. Information extortion D. Sabotage
answer
Sabotage
question
__________ is an identity theft technique. A. Dumpster diving B. Espionage C. Sabotage D. Vandalism
answer
Dumpster diving
question
Coca-Cola's formula is an example of a ___________. A. Copyright B. Patent C. Trade secret D. All of the above
answer
Trade secret
question
A ___________ is a remote attack requiring user action. A. back door B. denial-of-service attack C. logic bomb D. phishing attack
answer
phishing attack
question
*A ___________ is a remote attack needing no user action. A. back door B. denial-of-service attack C. logic bomb D. phishing attack
answer
denial-of-service attack
question
A ___________ is an attack by a programmer developing a system. A. back door B. denial-of-service attack C. phishing attack D. virus
answer
back door
question
A ___________ is an attack by a programmer developing a system. A. denial-of-service attack B. logic bomb C. phishing attack D. worm
answer
logic bomb
question
*Which of the following is NOT an example of alien software? A. Adware B. Blockware C. Spamware D. Spyware
answer
Blockware
question
The goal of CAPTCHA is to ___________. A. ensure you aren't alien software B. hack into secure networks C. protect networks against hackers D. remove alien software from your computer
answer
ensure you aren't alien software
question
*SCADA attacks typically occur on ___________. A. Hacker networks B. Industrial control systems C. Personal computers D. Government networks
answer
Industrial control systems
question
Shodan's primary purpose is ___________. A. a hacker website B. a service that searches the internet for devices connected to the internet C. a website that shows which devices are vulnerable to hackers D. to help users search for other people who use similar devices
answer
a service that searches the internet for devices connected to the internet
question
Shodan is used for _________. A. creating a backdoor B. SCADA attacks C. spreading viruses D. phishing
answer
SCADA attacks
question
The Shodan case illustrates ___________. A. how vulnerable all devices are, even if they aren't connected to the internet B. strong passwords aren't necessary on home devices since most hackers don't care about such a small target C. that hackers and security researchers use the same sites to identify vulnerabilities D. the government is doing nothing to protect our privacy
answer
that hackers and security researchers use the same sites to identify vulnerabilities
question
_______________ is a process whereby the organization takes concrete actions against risks, such as implementing controls and developing a disaster recovery plan. A. Risk B. Risk analysis C. Risk management D. Risk mitigation
answer
Risk mitigation
question
You have a small business that has had problems with malware on your employees' computers. You decide to hire a third-party company such as GFI Software to implement security controls and then monitor your company's systems. You are adopting a risk ________ strategy. A. acceptance B. analysis C. limitation D. transference
answer
transference
question
Risk _______________ means absorbing any damages that occur. A. acceptance B. analysis C. limitation D. transference
answer
acceptance
question
If you hire a cybersecurity company like FireEye to identify security weaknesses in your information systems, you are using a risk _________ strategy. A. acceptance B. analysis C. limitation D. transference
answer
limitation
question
You decide to use the password "1234" on your computer because you figure nobody cares enough about your information to steal it. This is a risk __________ strategy. A. acceptance B. analysis C. limitation D. transference
answer
acceptance
question
According to the "Catching a Hacker" case, ____________ is one of the most sophisticated and destructive malicious software programs ever developed. A. the Heartbleed bug B. FireEye C. Shodan D. SpyEye
answer
SpyEye
question
The purpose of SpyEye is to _____________. A. catch hackers in the act of hacking B. collect personal and financial information C. facilitate SCADA attacks by seeing which systems are vulnerable D. watch what you do on your computer
answer
collect personal and financial information
question
*A firewall is a _______ control. A. access B. communication C. physical D. virtual
answer
communication
question
Biometrics is something the user _______. A. Does B. Has C. Is D. Knows
answer
Is
question
A smart ID card is something the user _______. A. Does B. Has C. Is D. Knows
answer
Has
question
_________ is one common example of SSL. A. http B. https C. www D. wwws
answer
https
question
If you have an empty building you can move into if your primary location is destroyed, you've implemented a _________ site. A. Cold B. Hot C. Neutral D. Warm
answer
Cold
question
Auditing __________ the computer means inputs, outputs, and processing are checked. A. Around B. Into C. Through D. With
answer
Through
question
___ percent of organizational breaches exploit weak or stolen user credentials. A. 26 B. 51 C. 76 D. 99
answer
76
question
Security must be balanced with _________ for people to use systems. A. Convenience B. Cost C. Time D. Trust
answer
Convenience
question
The main problem with multifactor authentication is _____________. A. it's a single point of failure B. it's too hard to do C. it will invade our privacy D. there are no problems with multifactor authentication
answer
it will invade our privacy
question
Wireless is an untrusted network.
answer
True
question
Janitors are no threat to information security since they have no access to company systems.
answer
False
question
A patent lasts for the life of the creator plus 70 years.
answer
False
question
A copyright lasts 20 years.
answer
False
question
Competitive intelligence is industrial espionage.
answer
False
question
The goal of risk management is to reduce risk to acceptable levels.
answer
True
question
Tracking down cybercriminals is the most difficult and only real challenge authorities face.
answer
False
question
Biometrics is an authentication tool.
answer
True
question
Blacklisting is when everything can run except what is on the list.
answer
True
question
Whitelisting is when nothing can run unless it is on the list.
answer
True
question
The emergence of the Internet has decreased the threats to information security.
answer
False
question
If you have copied a software package (computer program) from a friend without paying for it, you are guilty of software piracy.
answer
True
question
Backup and recovery procedures are recommended only to safeguard against hardware/software failures.
answer
False
question
An information system's ____ is the likelihood that the system or resource will be compromised by a ____ that will result in its ____ to further attacks. a) vulnerability; threat; exposure b) vulnerability; security; threat c) threat; vulnerability; liability d) threat; vulnerability; exposure
answer
vulnerability; threat; exposure
question
Low level employees pose the greatest threat to information security.
answer
False
question
Which of the following is not a social engineering technique? a) Tailgating b) Shoulder surfing c) Careless internet surfing d) All of the choices are social engineering techniques. e) None of the choices are social engineering techniques
answer
Careless internet surfing
question
You should regularly delete any spyware that might be residing on your computer, because it may be dangerous.
answer
True
question
Which type of alien software uses your computer to send emails that look like they came from you to all the people in your address book? a) adware b) spyware c) spamware d) cookies
answer
spamware
question
Which of the following would be an example of a SCADA attack? a) Bank accounts are hacked into after Internet purchases b) Social Security numbers are deleted from a company's database. c) Computer viruses are introduced into the electrical company's systems resulting in a shutdown of the power plant. d) Email accounts are hacked and kinky messages are sent to all of the user's contacts
answer
Computer viruses are introduced into the electrical company's systems resulting in a shutdown of the power plant.
question
Whereas phishing attacks are ____, denial of service attacks are ____. a) remote attacks requiring user action; remote attacks requiring no user action b) remote attacks requiring no user action; attacks by a programmer developing a system c) remote attacks requiring no user action; remote attacks requiring user action d) distributed remote attacks requiring user action; attacks by a programmer developing a system
answer
remote attacks requiring user action; remote attacks requiring no user action
question
Risk management identifies, controls, and minimizes the impact of threats to the organization's information security.
answer
True
question
Which if the following is not a common risk mitigation strategy? a) Risk analysis. b) Risk limitation. c) Risk acceptance. d) Risk transference.
answer
Risk analysis.
question
Which of the following statements is true? a) Multifactor authentication systems are more reliable and less expensive than single-factor. b) Multifactor authentication systems are more reliable and more expensive than single-factor. c) Multifactor authentication systems are less reliable and less expensive than single-factor d) Multifactor and single-factor authentications have the same degree of reliability.
answer
Multifactor authentication systems are more reliable and more expensive than single-factor.
question
____________ is an encryption standard used for secure transactions such as credit card processing and online banking. a) VPN b) TLS c) DMZ d) Whitelisting
answer
TLS
question
_____ can be used to create strong passwords that are easy to remember. a) Mnemonics b) Passphrases c) Birthdates d) Numbers
answer
Passphrases
