In Security Circles The Phrase Compliance Refers To
Question: A vast majority of security breaches are not preventable and happen despite the best security practices.
Answer: FALSE
Question: Almost all security breaches can be traced back to technology lapses; personnel or procedural factors rarely factor in.
Answer: FALSE
Question: Which of the following is a valid statement on information security?
Answer: Information security is everybody's responsibility.
Question: Several surprising findings were revealed in the wake of the Target breach, providing a cautionary tale for all executives and security professionals. Which of the following was NOT thought to have occurred during the Target security breach?
Answer: Target had security software, but the notification alerts from the software were ignored.
Question: Organized crime networks now have their own R&D labs and are engaged in sophisticated development efforts to piece together methods to thwart current security measures.
Answer: TRUE
Question: A black hat hacker looks for weaknesses in security mechanisms, with a view to help plug the holes that might be exploited by cyber-criminals
Answer: FALSE
Question: Hackers might infiltrate computer systems to enlist hardware for subsequent illegal acts.
Answer: TRUE
Question: Cyber criminals who infiltrate systems and collect data for illegal resale are called _____.
Answer: data harvesters
Question: Which of the followings aspects of international law would enable a cyber-criminal operating across borders to evade prosecution?
Answer: Non-existent extradition agreements between two countries
Question: Hordes of surreptitiously infiltrated computers, linked and controlled remotely, are known as zombie networks or:
Answer: botnets
Question: A research scientist with a major pharmaceutical firm in New Jersey is caught passing onsensitive information, worth millions of dollars, regarding the composition and test resultsof his firm's latest drug to a rival company. What crime is he being held responsible for?
Answer: Corporate espionage
Question: An attack on the US power grid by terrorists or a foreign power is indicative of:
Answer: cyberwarfare.
Question: The term _____ originally referred to a particularly skilled programmer.
Answer: hacker
Question: A(n) _____ is someone who uncovers computer weaknesses and reveals them to manufacturers or system owners, without exploiting these vulnerabilities.
Answer: white hat hacker
Question: A protester seeking to make a political point by leveraging technology tools, oftenthrough system infiltration, defacement, or damage is called a(n) _____
Answer: hacktivist
Question: Which of these would be an example of a DDoS attack?
Answer: Overloading a popular social networking site with inbound messages in order to shut down access to the site.
Question: Which of the following statements is consistent with ground realities regarding information security?
Answer: Law-enforcement agencies struggle to hire, train, and retain staff capable of keeping pace with today's cyber-criminals.
Question: Many U.S. technology firms believe that U.S. government surveillance techniques put them at a disadvantage relative to foreign firms because:
Answer: some customers have begun seeking alternative products and services untarnished bythe perception of having (complicity or unwittingly) provided private information toauthorities
Question: The virtual shutdown of websites by way of overloading them with seemingly legitimate requests sent simultaneously from thousands of machines is termed as _____ attacks
Answer: distributed denial of service (DDoS)
Question: _____, probably the most notorious known act of cyberwarfare effort to date (one expert called it "the most sophisticated worm ever created"), is suspected to have been launched by either U.S. or Israeli intelligence (or both), and it infiltrated Iranian nuclear facilitiesand reprogrammed the industrial control software operating hundreds of uranium- `enriching centrifuges
Answer: Stuxnet
Question: _____ refers to a term that either means breaking into a computer system or a particularly clever solution.
Answer: hack
Question: Former CIA employee and NSA contractor, ____________ is seen by many as either awhistle-blowing hero or a traitorous villain. This person gathered sensitive digitaldocuments from U.S., British, and Australian agencies, and leaked them to the press,exposing the extent of government surveillance efforts.
Answer: Edward Snowden
Question: Two-factor authentication is favored for most security situations since it's consideredto be fast and convenient for customers.
Answer: FALSE
Question: According to research firm Gartner, the majority of loss-causing security incidents involve the handiwork of international cyber-criminal gangs.
Answer: FALSE
Question: One of the reasons one should be careful about clicking on any URL in an e-mail isthat hackers can easily embed a redirection in e-mail links, reroutiing a user to analternate online destination.
Answer: TRUE
Question: The information systems of several firms have been compromised by insiders that caninclude contract employees, cleaning staff, and temporary staffers.
Answer: TRUE
Question: Social networking sites such as Facebook and LinkedIn form valuable sources of vitalinformation that can be used to craft a scam by con artists.
Answer: TRUE
Question: Spear phishing attacks specifically target a given organization or group of users.
Answer: TRUE
Question: URL-shortening services such as bit.ly limit the impact of phishing posts since theshortened URL will clearly reveal the destination arrived at when clicked on.
Answer: FALSE
Question: Challenge questions offered by Web sites to automate password distribution and resets are formidable in protecting the privacy of email accounts.
Answer: FALSE
Question: Web sites of reputed companies can also be sources of malware.
Answer: TRUE
Question: Dumpster diving refers to physically trawling through trash to mine any valuable dataor insights that can be stolen or used in a security attack.
Answer: TRUE
Question: Because of Moore's Law, widely-used encryption programs currently employed bybanks and ecommerce sites are now easily penetrated by brute-force attacks that can beemployed by hackers using just a handful of simple desktop computers.
Answer: FALSE
Question: In public-key encryption systems, the functions of the public and private keys are interchangeable.
Answer: FALSE
Question: It's bad when a firm's e-mail and password file is stolen; however the impact is minimized because user passwords set up for one system cannot be used on others.
Answer: FALSE
Question: Worms require an executable (a running program) to spread, attaching to other executables.
Answer: FALSE
Question: The use of public wireless connections can increase a user's vulnerability to monitoringand compromise. ____________ software can be used to encrypt transmissions over public networks, making it more difficult for a user's PC to be penetrated.
Answer: VPN
Question: Which of the following types of infiltration techniques does one open up to by postingsensitive personal information and details about one's workplace on social networkingsites?
Answer: social engineering
Question: Which of the following are considered sources of information that can potentially be usedby social engineers?
Answer: all of the abovea. LinkedInb. Corproate directoriesc. Social media postsd. Contests or surveys
Question: A bank customer receives a message, ostensibly from the bank's Web site, asking her toprovide her login information. Assuming the message is intended to defraud the customer,what type of infiltration technique is being used here?
Answer: Phising
Question: Attacks that are so new that they have not been clearly identified, and so have not made it into security screening systems are called _____.
Answer: zero-day exploits
Question: Some of the most common guidelines issued by Web sites when designing a secure password include:
Answer: The password should be at least eight characters long and include at least one number and other non alphabetic character
Question: Technologies that measure and analyze human body characteristics for identification or authentication are known as _____.
Answer: biometrics
Question: Viruses are programs that infect other software or files and require:
Answer: an executable program to spread.
Question: Computer systems are often infected with malware by means of exploits that sneak in masquerading as something they are not. These exploits are called:
Answer: trojans.
Question: _____ can be either software-based or deployed via hardware, such as a recording "dongle" that is plugged in between a keyboard and a PC.
Answer: Keyloggers
Question: Which weakness of Web sites to launch attacks does an SQL injection technique exploit?
Answer: Sloppy programming practices where software developers do not validate user input
Question: Sifting through trash in an effort to uncover valuable data or insights that can be stolen or used to launch a security attack is known as:
Answer: dumpster diving.
Question: The e-mail password of a senior employee in an organization was compromised by someone observing this user as the employee accessed his account. This is most likely a case of:
Answer: shoulder surfing.
Question: Attacks that exhaust all possible password combinations in order to break into an account are called _____ attacks.
Answer: brute-force
Question: Which of the following statements holds true for the term spoof?
Answer: It refers to e-mail transmissions and packets that have been altered to seem as if they came from another source
Question: Which of the following statements holds true for the term encryption?
Answer: It refers to scrambling data using a code or formula, known as a cipher, such that it is hidden from those who do not have the unlocking key.
Question: One of the major problems with the Heartbleed bug in OpenSSL software is that:
Answer: the software was embedded in many hardware products that could not be easily patched with automatic software updates.
Question: The phrase ______________ refers to security where identity is proven by presenting more than one item for proof of credentials. Multiple factors often include a password and some other identifier such as a unique code sent via e-mail or mobile phone text, a biometric reading (e.g. fingerprint or iris scan), a swipe or tap card, or other form if identification
Answer: two-factor or multi-factor authentication
Question: The phrase __________________ refers to security schemes that automatically send one- time use representations of a credit card that can be received and processed by banking and transaction firms at the time of payment. They are in use in ApplePay and Android Wallet.
Answer: tokenization
Question: _____________ refers to malware that encrypts a user's files (perhaps threatening to delete them), with demands that a user pay to regain control of their data and/or device.
Answer: Ransomware
Question: Public wireless networks are often vulnerable to monitoring and attack. The use of _______ software can limit threats by encrypting network transmissions over a network.
Answer: VPN or virtual private network
Question: Con games that trick employees into revealing information or performing other tasks thatcompromise a firm are known as _____ in security circles.
Answer: social engineering
Question: ____ refers to confidence scams executed through technology.
Answer: Phising
Question: 7. Fingerprint readers, retina scanners, voice and face recognition technologies are all part of___.
Answer: biometrics
Question: _____ are scrambled character images used to thwart things like automated account setup or ticket buying.
Answer: CAPTCHAs
Question: _____ refers to a trusted third party that provides authentication services in public key encryption schemes.
Answer: Certificate authority
Question: Regularly updated software lowers a system's vulnerable attack surface.
Answer: TRUE
Question: When using a public wireless network, using VPN software is not advisable as it can reveal your communications to any network eavesdroppers.
Answer: FALSE
Question: Hardware failure is the least likely of threats to one's data.
Answer: FALSE
Question: The term ISO 27000 refers to a series of standards representing the set of best practices for implementing, maintaining and improving organizational security.
Answer: TRUE
Question: Conforming to industry-standard guidelines and frameworks for organizational securityensures continued immunity from attacks on an organization's information.
Answer: FALSE
Question: A team working on organizational security should include representatives from generalcounsel, audit, public relations, and human resources, in addition to those from specialized security and broader technology and infrastructure functions
Answer: TRUE
Question: Online backup services are considered a poor choice for end-users, since this onlyincreases the likelihood that an individual's data will be hacked
Answer: FALSE
Question: Multiple administrators jointly controlling key systems are an unnecessary burden that adds to the complexity of managing security in an organization.
Answer: FALSE
Question: Information security policies would be ineffective without _____ and _____.
Answer: audit; enforcement
Question: In security circles the phrase "compliance" refers to:
Answer: legal or professionally binding steps that an organization must take.
Question: Updates that plug existing holes in a software are called:
Answer: patches
Question: One of the reasons organizations delay patches to plug holes in their security applications is:
Answer: the fear that the new technology contains a change that will cause problems down the road.
Question: A system that monitors network use for potential hacking attempts and takes preventative action to block, isolate, or identify attempted infiltration, and raise further alarms to warn security personnel is known as a(n):
Answer: c. intrusion detection system.
Question: Systems that deny the entry or exit of specific IP addresses, products, Internet domains, and other communication restrictions are said to employ a(n):
Answer: blacklists
Question: What type of tool enforces access privileges and helps verify that systems are not beingaccessed by the unauthorized, or in suspicious ways?
Answer: Access control tools
Question: What is the key takeaway from the Heartland breach?
Answer: Compliance does not equal security and firms that have passed multiple compliance audits may still remain vulnerable.
Question: _____ are seemingly tempting, but bogus targets meant to draw hacking attempts.
Answer: Honeypots
Question: _____ are highly restrictive programs that permit communication only with approved entities and/or in an approved manner.
Answer: Whitelists
Question: _____ are systems that act as controls for network traffic, blocking unauthorized trafficwhile permitting acceptable use
Answer: Firewalls