Question 1

_____________ is the elapsed time between when vulnerability in a software app or system is discovered and when it's exploited.

Accepted Answer

Time-to-ex

Question 2

___________ is a term referring to a variety of criminal behaviors perpetrated by an organization's own employees or contractors.

Accepted Answer

A) Managerial corruption 
B) Insider or internal fraud 
C) Corporate fraud 
D) Intentional fraud 
A) Managerial corruption 
B) Insider or internal fraud 
C) Corporate fraud 
D) Intentional fraud

Question 3

Which of the following represents a cybersecurity concern about employees using their own smartphones for work purposes?

Accepted Answer

A) Employees will spend too much time playing games or using entertainment and recreation apps,thus reducing productivity. 
B) Managers will be unable to monitor the time spent on personal calls made during work hours. 
C) Many personal smartphones do not have anti-malware or data encryption apps,creating a security problem with respect to any confidential business data stored on the device. 
D) Consumer-quality equipment are more likely to break or malfunction than enterprise quality devices. 
A) Employees will spend too much time playing games or using entertainment and recreation apps,thus reducing productivity. 
B) Managers will be unable to monitor the time spent on personal calls made during work hours. 
C) Many personal smartphones do not have anti-malware or data encryption apps,creating a security problem with respect to any confidential business data stored on the device. 
D) Consumer-quality equipment are more likely to break or malfunction than enterprise quality devices.

Question 4

The three key cybersecurity principles are:

Accepted Answer

A) Data protection,equipment protection,reputation protection 
B) Confidentiality,integrity,availability 
C) Anticipate,defend,counter-attack 
D) Identify,assess risk,take action 
A) Data protection,equipment protection,reputation protection 
B) Confidentiality,integrity,availability 
C) Anticipate,defend,counter-attack 
D) Identify,assess risk,take action

Question 5

The smart strategy is to invest more to protect the company's most valuable assets rather than try to protect all assets equally.

Accepted Answer

A) True 
 B)False

Question 6

Social networks and cloud computing have increased vulnerabilities in all of the following ways except ________.

Accepted Answer

A) by providing a single point of failure and attack for organized criminal networks 
B) In Twitter and Facebook,users invite in and build relationships with others.Cybercriminals hack into these trusted relationships using stolen logins. 
C) Twitter's use of service packs and patches have not been effective. 
D) These networks and services increase exposure to risk because of the time-to-exploitation of today's sophisticated spyware and mobile viruses 
A) by providing a single point of failure and attack for organized criminal networks 
B) In Twitter and Facebook,users invite in and build relationships with others.Cybercriminals hack into these trusted relationships using stolen logins. 
C) Twitter's use of service packs and patches have not been effective. 
D) These networks and services increase exposure to risk because of the time-to-exploitation of today's sophisticated spyware and mobile viruses

Question 7

The discount retailer Target suffered a hacker attack during the fourth quarter of 2013 (4Q2013)that exposed customer account information.Which of the following was not an impact of Target's hacker attack and data breach?

Accepted Answer

A) 4Q 2013 profit dropped 46% and sales revenue fell 5.3 % after breach was disclosed. 
B) Gartner estimated the cost of the breach from $400 million to $450 million 
C) Target faced 2 lawsuits-one related to privacy invasion and one for negligence. 
D) The incident scared shoppers away,affecting the company's profits throughout 2014. 
A) 4Q 2013 profit dropped 46% and sales revenue fell 5.3 % after breach was disclosed. 
B) Gartner estimated the cost of the breach from $400 million to $450 million 
C) Target faced 2 lawsuits-one related to privacy invasion and one for negligence. 
D) The incident scared shoppers away,affecting the company's profits throughout 2014.

Question 8

_________ is a term referring to a variety of deceptive behaviors perpetrated by an organization's own employees or contractors.

Accepted Answer

Insider or

Question 9

Voice and fingerprint _______ can significantly improve the security of physical devices and provide stronger authentication for remote access or cloud services.

Accepted Answer

A) cryptography 
B) biometrics 
C) encryption 
D) visualization 
A) cryptography 
B) biometrics 
C) encryption 
D) visualization

Question 10

According to a Mobile Phone report,17 rogue apps managed to get into Google Play and they were downloaded over 700,000 times before being removed.Rogue mobile apps can contain malware or launch phishing attacks.

Accepted Answer

A) True 
 B)False

Question 11

.Botnets are stealth network attacks in which an unauthorized person gains access to a network and remains undetected for a long time to steal data continuously.

Accepted Answer

A) True 
 B)False

Question 12

Which of the following is not a type of administrative control for information assurance and risk management?

Accepted Answer

A) Fostering company loyalty 
B) Immediately revoking access privileges of dismissed,resigned,or transferred employees 
C) Instituting separation of duties by dividing sensitive computer duties among as many employees as economically feasible 
D) Performing authorization and authentication 
A) Fostering company loyalty 
B) Immediately revoking access privileges of dismissed,resigned,or transferred employees 
C) Instituting separation of duties by dividing sensitive computer duties among as many employees as economically feasible 
D) Performing authorization and authentication

Question 13

Which of the following statements about malware is false?

Accepted Answer

A) Technically,malware is a computer program or code that can infect anything attached to the Internet and is able to process the code. 
B) Setting an e-mail client,such as Microsoft Outlook or Gmail,to allow scripting blocks malware. 
C) RATS create an unprotected backdoor into a system through which a hacker can remotely control that system. 
D) The payload carries out the purpose of the malware. 
A) Technically,malware is a computer program or code that can infect anything attached to the Internet and is able to process the code. 
B) Setting an e-mail client,such as Microsoft Outlook or Gmail,to allow scripting blocks malware. 
C) RATS create an unprotected backdoor into a system through which a hacker can remotely control that system. 
D) The payload carries out the purpose of the malware.

Question 14

Most viruses,trojans,and worms are activated when an attachment is opened or a link is clicked.

Accepted Answer

A) True 
 B)False

Question 15

A stealth network attack in which an unauthorized person gains access to a network and remains undetected for a long time is referred to as a(n)__________ attack.

Accepted Answer

A) registry denial 
B) advanced persistent threat 
C) DDOS 
D) hacktivist 
A) registry denial 
B) advanced persistent threat 
C) DDOS 
D) hacktivist

Question 16

A defense strategy requires several controls._________are established to protect the system regardless of the specific application.

Accepted Answer

A) Application controls 
B) Physical controls 
C) General controls 
D) Authentication controls 
A) Application controls 
B) Physical controls 
C) General controls 
D) Authentication controls

Question 17

Describe spear phishing.How does spear phishing work?

Accepted Answer

Spear phishers often target select group

Question 18

Risk is the probability of a threat successfully exploiting a vulnerability and the estimated cost of the loss or damage.

Accepted Answer

A) True 
 B)False

Question 19

Hacking is an industry with its own way of operating,a workforce,and support services,such as contract hackers.

Accepted Answer

A) True 
 B)False

Question 20

All of the following describe The Sarbanes-Oxley Act except:

Accepted Answer

A) Is an antifraud law 
B) Forces more accurate business reporting and disclosure of GAAP (generally accepted accounting principles)violations. 
C) Makes it necessary to find and root out fraud. 
D) Has been adopted by all countries in North American and the European Union 
A) Is an antifraud law 
B) Forces more accurate business reporting and disclosure of GAAP (generally accepted accounting principles)violations. 
C) Makes it necessary to find and root out fraud. 
D) Has been adopted by all countries in North American and the European Union

_____________ is the elapsed time between when vulnerability in a software app or system is discovered and when it's exploited.

___________ is a term referring to a variety of criminal behaviors perpetrated by an organization's own employees or contractors.

Which of the following represents a cybersecurity concern about employees using their own smartphones for work purposes?

The three key cybersecurity principles are:

The smart strategy is to invest more to protect the company's most valuable assets rather than try to protect all assets equally.

Social networks and cloud computing have increased vulnerabilities in all of the following ways except ________.

The discount retailer Target suffered a hacker attack during the fourth quarter of 2013 (4Q2013)that exposed customer account information.Which of the following was not an impact of Target's hacker attack and data breach?

_________ is a term referring to a variety of deceptive behaviors perpetrated by an organization's own employees or contractors.

Voice and fingerprint _______ can significantly improve the security of physical devices and provide stronger authentication for remote access or cloud services.

According to a Mobile Phone report,17 rogue apps managed to get into Google Play and they were downloaded over 700,000 times before being removed.Rogue mobile apps can contain malware or launch phishing attacks.

.Botnets are stealth network attacks in which an unauthorized person gains access to a network and remains undetected for a long time to steal data continuously.

Which of the following is not a type of administrative control for information assurance and risk management?

Which of the following statements about malware is false?

Most viruses,trojans,and worms are activated when an attachment is opened or a link is clicked.

A stealth network attack in which an unauthorized person gains access to a network and remains undetected for a long time is referred to as a(n)__________ attack.

A defense strategy requires several controls._________are established to protect the system regardless of the specific application.

Describe spear phishing.How does spear phishing work?

Risk is the probability of a threat successfully exploiting a vulnerability and the estimated cost of the loss or damage.

Hacking is an industry with its own way of operating,a workforce,and support services,such as contract hackers.

All of the following describe The Sarbanes-Oxley Act except:

Doing Business in Digital Times

Data Governance and IT Architecture Support Long-Term Performance

Data Management, Big Data Analytics, and Records Management

Networks for Efficient Operations and Sustainability

Attracting Buyers With Search, Semantic, and Recommendation Technology

Mobile Technologies and Commerce

Retail, E-Commerce, and Mobile Commerce Technology

Effective and Efficient Business Functions

Strategic Technology and Enterprise Systems

Data Visualization and Geographic Information Systems

IT Strategy and Balanced Scorecard

Project Management and SDLC

Ethical Risks and Responsibilities of IT Innovations

Filters

Exam 5: Cybersecurity and Risk Management

_____________ is the elapsed time between when vulnerability in a software app or system is discovered and when it's exploited.

___________ is a term referring to a variety of criminal behaviors perpetrated by an organization's own employees or contractors.

Which of the following represents a cybersecurity concern about employees using their own smartphones for work purposes?

The three key cybersecurity principles are:

The smart strategy is to invest more to protect the company's most valuable assets rather than try to protect all assets equally.

Social networks and cloud computing have increased vulnerabilities in all of the following ways except ________.

The discount retailer Target suffered a hacker attack during the fourth quarter of 2013 (4Q2013)that exposed customer account information.Which of the following was not an impact of Target's hacker attack and data breach?

_________ is a term referring to a variety of deceptive behaviors perpetrated by an organization's own employees or contractors.

Voice and fingerprint _______ can significantly improve the security of physical devices and provide stronger authentication for remote access or cloud services.

According to a Mobile Phone report,17 rogue apps managed to get into Google Play and they were downloaded over 700,000 times before being removed.Rogue mobile apps can contain malware or launch phishing attacks.

.Botnets are stealth network attacks in which an unauthorized person gains access to a network and remains undetected for a long time to steal data continuously.

Which of the following is not a type of administrative control for information assurance and risk management?

Which of the following statements about malware is false?

Most viruses,trojans,and worms are activated when an attachment is opened or a link is clicked.

A stealth network attack in which an unauthorized person gains access to a network and remains undetected for a long time is referred to as a(n)__________ attack.

A defense strategy requires several controls._________are established to protect the system regardless of the specific application.

Describe spear phishing.How does spear phishing work?

Risk is the probability of a threat successfully exploiting a vulnerability and the estimated cost of the loss or damage.

Hacking is an industry with its own way of operating,a workforce,and support services,such as contract hackers.

All of the following describe The Sarbanes-Oxley Act except:

Doing Business in Digital Times

Data Governance and IT Architecture Support Long-Term Performance

Data Management, Big Data Analytics, and Records Management

Networks for Efficient Operations and Sustainability

Attracting Buyers With Search, Semantic, and Recommendation Technology

Mobile Technologies and Commerce

Retail, E-Commerce, and Mobile Commerce Technology

Effective and Efficient Business Functions

Strategic Technology and Enterprise Systems

Data Visualization and Geographic Information Systems

IT Strategy and Balanced Scorecard

Project Management and SDLC

Ethical Risks and Responsibilities of IT Innovations

Filters