Question 1

Which of the following should be done by employees to protect against data breaches?

Accepted Answer

A)  They should develop new exploits. 
B)  They should remove existing honeypots. 
C)  They should design methods for data extrusion. 
D)  They should conduct a walkthrough. 
A)  They should develop new exploits. 
B)  They should remove existing honeypots. 
C)  They should design methods for data extrusion. 
D)  They should conduct a walkthrough.

Question 2

Despite data breach, organizations should refrain from informing their users immediately as it will lead to mass user defection.

Accepted Answer

A) True 
 B)False

Question 3

Performing a walkthrough should be done as part of a business continuity planning session.

Accepted Answer

A) True 
 B)False

Question 4

The first step in protecting oneself from data breaches is ________.

Accepted Answer

A)  securing credit and debit card details 
B)  understanding how they happen 
C)  learning the technologies used for these activities 
D)  installing necessary software to protect from possible breaches 
A)  securing credit and debit card details 
B)  understanding how they happen 
C)  learning the technologies used for these activities 
D)  installing necessary software to protect from possible breaches

Question 5

It is easy for organizations to prepare a list of countermeasures against many different types of attacks and take appropriate measures accordingly.

Accepted Answer

A) True 
 B)False

Question 6

________ are software or procedures used to prevent an information security attack.

Accepted Answer

A)  Malware definitions 
B)  Countermeasures 
C)  Exploits 
D)  Attack vectors 
A)  Malware definitions 
B)  Countermeasures 
C)  Exploits 
D)  Attack vectors

Question 7

An exploit is a type of attack vector used by hackers.

Accepted Answer

A) True 
 B)False

Question 8

What was one major change that happen in business because of the Target breach?

Accepted Answer

A)  a shift from magnetic swipe cards to smart cards 
B)  the government requiring all companies to hire a CISO 
C)  people choosing to use cash instead of credit cards 
D)  companies granting all of their customers credit monitoring services 
A)  a shift from magnetic swipe cards to smart cards 
B)  the government requiring all companies to hire a CISO 
C)  people choosing to use cash instead of credit cards 
D)  companies granting all of their customers credit monitoring services

Question 9

Organizations need to understand the body of regulatory law relative to the type of information they store because they will be held accountable for implementing those standards.

Accepted Answer

A) True 
 B)False

Question 10

All of these are PCI DSS requirements EXCEPT ________.

Accepted Answer

A)  build a secure network 
B)  test networks once every ten years 
C)  maintain an information policy 
D)  protect cardholder data 
A)  build a secure network 
B)  test networks once every ten years 
C)  maintain an information policy 
D)  protect cardholder data

Question 11

A student at the MSA University hacked into the university's official Web site and stole some confidential information about the scholarship program. This incident is an example of ________.

Accepted Answer

A)  a data breach 
B)  asynchronous communication 
C)  key escrow 
D)  a sequence flow 
A)  a data breach 
B)  asynchronous communication 
C)  key escrow 
D)  a sequence flow

Question 12

Executives, managers, and all systems personnel of an organization discuss the actions to be taken by each employee in case a data breach occurs. They identify areas that would need immediate attention and assign specific responsibilities to each employee. The employees of the organization are performing a(n) ________.

Accepted Answer

A)  exfiltration 
B)  documentation 
C)  walkthrough 
D)  case study 
A)  exfiltration 
B)  documentation 
C)  walkthrough 
D)  case study

Question 13

________ refers to the process of placing a small charge on a credit card to ensure it is working.

Accepted Answer

A)  Hoarding 
B)  Carding 
C)  Phishing 
D)  Credit card hijacking 
A)  Hoarding 
B)  Carding 
C)  Phishing 
D)  Credit card hijacking

Question 14

The purpose of a business continuity planning session in an organization is to ________.

Accepted Answer

A)  discuss how to return the organization to normal operations as quickly as possible after a data breach 
B)  build plans to increase the market presence of the organization and increase its user base 
C)  identify new markets that will accelerate the growth of the organization 
D)  understand the type of information stored by the organization and implement relevant security measures as required by regulatory laws 
A)  discuss how to return the organization to normal operations as quickly as possible after a data breach 
B)  build plans to increase the market presence of the organization and increase its user base 
C)  identify new markets that will accelerate the growth of the organization 
D)  understand the type of information stored by the organization and implement relevant security measures as required by regulatory laws

Question 15

Which of the following regulatory laws requires data protection for financial institutions?

Accepted Answer

A)  the Family Educational Rights and Privacy Act (FERP
A)  
B)  the Federal Information Security Management Act (FISM
A)  
C)  the Gramm-Leach-Bliley Act (GLB
A)  
D)  the Health Information Portability and Accountability Act (HIPA
A)  
A)  the Family Educational Rights and Privacy Act (FERP
A)  
B)  the Federal Information Security Management Act (FISM
A)  
C)  the Gramm-Leach-Bliley Act (GLB
A)  
D)  the Health Information Portability and Accountability Act (HIPA
A)

Question 16

Why should organizations respond quickly to data breaches?

Accepted Answer

Organizations need to respond to data br

Question 17

Which of the following is a best practice for notifying users of a data breach?

Accepted Answer

A)  Keep the information internal until the executive can decide how to deal with the breach. 
B)  Notify the clients there is no evidence their cards have been compromised. 
C)  Stay focused and concise. 
D)  Do not give out key details about the breach. 
A)  Keep the information internal until the executive can decide how to deal with the breach. 
B)  Notify the clients there is no evidence their cards have been compromised. 
C)  Stay focused and concise. 
D)  Do not give out key details about the breach.

Question 18

What are countermeasures? Why is it important for organizations to implement countermeasures?

Accepted Answer

Countermeasures are software or procedur

Question 19

Internal employees can steal data more easily than external hackers.

Accepted Answer

A) True 
 B)False

Question 20

Explain how hackers use information stolen from data breaches for credit card forgery.

Accepted Answer

Over 67 percent of data breaches come fr

Exam 27: Data Breaches

Which of the following should be done by employees to protect against data breaches?

Despite data breach, organizations should refrain from informing their users immediately as it will lead to mass user defection.

Performing a walkthrough should be done as part of a business continuity planning session.

The first step in protecting oneself from data breaches is ________.

It is easy for organizations to prepare a list of countermeasures against many different types of attacks and take appropriate measures accordingly.

________ are software or procedures used to prevent an information security attack.

An exploit is a type of attack vector used by hackers.

What was one major change that happen in business because of the Target breach?

Organizations need to understand the body of regulatory law relative to the type of information they store because they will be held accountable for implementing those standards.

All of these are PCI DSS requirements EXCEPT ________.

A student at the MSA University hacked into the university's official Web site and stole some confidential information about the scholarship program. This incident is an example of ________.

________ refers to the process of placing a small charge on a credit card to ensure it is working.

The purpose of a business continuity planning session in an organization is to ________.

Which of the following regulatory laws requires data protection for financial institutions?

Why should organizations respond quickly to data breaches?

Which of the following is a best practice for notifying users of a data breach?

What are countermeasures? Why is it important for organizations to implement countermeasures?

Internal employees can steal data more easily than external hackers.

Explain how hackers use information stolen from data breaches for credit card forgery.

The Importance of Mis

Business Processes, Information Systems, and Information

Organizational Strategy, Information Systems, and Competitive Advantage

Hardware and Software

Database Processing

The Cloud

Processes, Organizations, and Information Systems

Social Media Information Systems

Business Intelligence Systems

Information Systems Security

Information Systems Management

Information Systems Development

Collaboration Information Systems for Decision Making, Problem Solving, and Project Management

Collaborative Information Systems for Student Projects

Mobile Systems

Introduction to Microsoft Excel 2016

Database Design

Using Microsoft Access 2016

Using Excel and Access Together

Network and Cloud Technology

Enterprise Resource Planning Erp Systems

Supply Chain Management

Enterprise Social Networks and Knowledge Management

Database Marketing

Reporting Systems and Olap

Artificial Intelligence and Automation

International Mis

Systems Development Project Management

Agile Development

Business Process Management

Filters