Question 1

Viruses are programs that infect other software or files and require:

Accepted Answer

A)  a large file size to spread. 
B)  the computer to be shutdown to spread. 
C)  Windows as an operating system to spread. 
D)  a disk based operating system to spread. 
E)  an executable program to spread. 
A)  a large file size to spread. 
B)  the computer to be shutdown to spread. 
C)  Windows as an operating system to spread. 
D)  a disk based operating system to spread. 
E)  an executable program to spread. E

Question 2

Attacks that are so new that they have not been clearly identified, and so have not made it into security screening systems are called _____.

Accepted Answer

A)  novel attacks 
B)  first mover attacks 
C)  non-precedent breaches 
D)  zero-day exploits 
E)  brute force attacks 
A)  novel attacks 
B)  first mover attacks 
C)  non-precedent breaches 
D)  zero-day exploits 
E)  brute force attacks D

Question 3

The topic of U.S. government surveilance continues to be hotly debated, with strong opinions in favor of surveilance programs, as well as vocal protestations of government overreach. Briefly give the argument for and against U.S. government surveilance practices.

Accepted Answer

The U.S. government contends that hundreds of terrorists have been captured using technology surveillance methods, implying that this surveillance makes the world more secure. The U.S. government claims that safeguards are in place to prevent widespread abuse and these include the need to obtain a warrant from the Foreign Intelligence Surveillance Court (or FISA) when specifically targeting surveillance in the United States.
Those concerned with government surveillance state that no such warrants are required for intercepting communication between U.S.-based persons and "foreign targets," and FISA has rejected only a small number of requests (less than 0.03 percent through 2012). Even if such surveillance programs are well intentioned, risks include having the data fall into the hands of foreign spies, rogue employees, criminals, or unscrupulous government employees. U.S. technology firms have also complained that the actions of surveillance agencies have put them at a disadvantage, with customers looking for alternatives free of the tarnished perception of having (complicity or unwittingly) provided private information to authorities.

Question 4

Several surprising findings were revealed in the wake of the Target breach, providing a cautionary tale for all executives and security professionals. Which of the following was not thought to have occurred during the Target security breach?

Accepted Answer

A)  Target had security software, but the notification alerts from the software were ignored. 
B)  Target had properly installed and configured its security software, but hackers got in, anyway. 
C)  Credit card databases were on entirely separate systems, not connected to other parts of the firm's information system, but wireless networking allowed hackers to access anything reachable from a cell phone connection. 
D)  Target regularly monitored file names and matched them to file sizes and archival copies to ensure that software was not installed on their systems using the names of legitimate products, but hackers saved files with blank file names so they wouldn't be detected. 
E)  All of the above 
A)  Target had security software, but the notification alerts from the software were ignored. 
B)  Target had properly installed and configured its security software, but hackers got in, anyway. 
C)  Credit card databases were on entirely separate systems, not connected to other parts of the firm's information system, but wireless networking allowed hackers to access anything reachable from a cell phone connection. 
D)  Target regularly monitored file names and matched them to file sizes and archival copies to ensure that software was not installed on their systems using the names of legitimate products, but hackers saved files with blank file names so they wouldn't be detected. 
E)  All of the above

Question 5

Which of these would be an example of a DDoS attack?

Accepted Answer

A)  An extortion attempt where hackers threaten to reveal names and social security information stolen from medical records databases 
B)  Overloading a popular social networking site with inbound messages in order to shut down access to the site 
C)  Launching a targeted phishing campaign on a department of defense or other surveilance network. 
D)  Stealing proprietary data directly from mobile phones using a distributed network of difficult-to-trace online services. 
E)  Launching tough-to-track click-fraud efforts 
A)  An extortion attempt where hackers threaten to reveal names and social security information stolen from medical records databases 
B)  Overloading a popular social networking site with inbound messages in order to shut down access to the site 
C)  Launching a targeted phishing campaign on a department of defense or other surveilance network. 
D)  Stealing proprietary data directly from mobile phones using a distributed network of difficult-to-trace online services. 
E)  Launching tough-to-track click-fraud efforts

Question 6

A team working on organizational security should include representatives from general counsel, audit, public relations, and human resources, in addition to those from specialized security and broader technology and infrastructure functions.

Accepted Answer

A) True 
 B)False

Question 7

One of the major problems with the Heartbleed bug in OpenSSL software is that:

Accepted Answer

A)  the software was embedded in many hardware products that could not be easily patched with automatic software updates. 
B)  any password typed into a CAPTCHA could be monitored by a Van Eck device. 
C)  social engineers could exploit the bug through SQL injection. 
D)  all social media profile data was exposed, giving hackers access to the potential answers many firms ask as part of password security questions. 
E)  it eliminated the ability to expose a URL's desitination by hoving the cursor over an address. 
A)  the software was embedded in many hardware products that could not be easily patched with automatic software updates. 
B)  any password typed into a CAPTCHA could be monitored by a Van Eck device. 
C)  social engineers could exploit the bug through SQL injection. 
D)  all social media profile data was exposed, giving hackers access to the potential answers many firms ask as part of password security questions. 
E)  it eliminated the ability to expose a URL's desitination by hoving the cursor over an address.

Question 8

The information systems of several firms have been compromised by insiders that can include contract employees, cleaning staff, and temporary staffers.

Accepted Answer

A) True 
 B)False

Question 9

_____ are seemingly tempting, but bogus targets meant to draw hacking attempts.

Accepted Answer

The answer of _____ are seemingly tempting, but bogus targets...

Question 10

Hardware failure is the least likely of threats to one's data.

Accepted Answer

A) True 
 B)False

Question 11

Online backup services are considered a poor choice for end-users, since this only increases the liklihood that an individual's data will be hacked.

Accepted Answer

A) True 
 B)False

Question 12

_____ refers to a term that either means breaking into a computer system or a particularly clever solution.

Accepted Answer

The answer of _____ refers to a term that either...

Question 13

Con games that trick employees into revealing information or performing other tasks that compromise a firm are known as _____ in security circles.

Accepted Answer

The answer of Con games that trick employees into revealing...

Question 14

Which of the following statements is consistent with ground realities regarding information security?

Accepted Answer

A)  Cyber-crime is not yet considered a serious enough threat to warrant the attention of law-enforcement agencies. 
B)  Law-enforcement agencies are well-resourced to fight cyber-crimes effectively. 
C)  Governments usually outmatch private industry in terms of retaining top talent with incentives and generous pay. 
D)  Law-enforcement agencies struggle to hire, train, and retain staff capable of keeping pace with today's cyber-criminals. 
E)  Cyber-crime is not rewarding in terms of financial gain. 
A)  Cyber-crime is not yet considered a serious enough threat to warrant the attention of law-enforcement agencies. 
B)  Law-enforcement agencies are well-resourced to fight cyber-crimes effectively. 
C)  Governments usually outmatch private industry in terms of retaining top talent with incentives and generous pay. 
D)  Law-enforcement agencies struggle to hire, train, and retain staff capable of keeping pace with today's cyber-criminals. 
E)  Cyber-crime is not rewarding in terms of financial gain.

Question 15

According to research firm Gartner, the majority of loss-causing security incidents involve the handiwork of international cyber-criminal gangs.

Accepted Answer

A) True 
 B)False

Question 16

Worms require an executable (a running program) to spread, attaching to other executables.

Accepted Answer

A) True 
 B)False

Question 17

An attack on the US power grid by terrorists or a foreign power is indicative of:

Accepted Answer

A)  DDoS attacks. 
B)  espionage. 
C)  cyberwarfare. 
D)  extortion. 
E)  phishing. 
A)  DDoS attacks. 
B)  espionage. 
C)  cyberwarfare. 
D)  extortion. 
E)  phishing.

Question 18

Many U.S. technology firms believe that U.S. government surveillance techniques put them at a disadvantage relative to foreign firms because:

Accepted Answer

A)  some customers have begun seeking alternative products and services untarnished by the perception of having (complicity or unwittingly) provided private information to authorities. 
B)  the cost to include government surveillance technology inside their products is expensive and lowers profits compared to rivals. 
C)  the government-required installations of software, such as Stuxnet, that U.S. tech firms must comply with inevitably take up valuable storage space, adding cost to industrial and commercial products. 
D)  the cost to house government workers on-site is a burden private corporations should not have to shoulder. 
E)  firms in foreign governments are directly contracted to perform surveillance, and are compensated for their efforts with perks and tax breaks, while U.S. firms receive no such compensation. 
A)  some customers have begun seeking alternative products and services untarnished by the perception of having (complicity or unwittingly) provided private information to authorities. 
B)  the cost to include government surveillance technology inside their products is expensive and lowers profits compared to rivals. 
C)  the government-required installations of software, such as Stuxnet, that U.S. tech firms must comply with inevitably take up valuable storage space, adding cost to industrial and commercial products. 
D)  the cost to house government workers on-site is a burden private corporations should not have to shoulder. 
E)  firms in foreign governments are directly contracted to perform surveillance, and are compensated for their efforts with perks and tax breaks, while U.S. firms receive no such compensation.

Question 19

_____ can be either software-based or deployed via hardware, such as a recording "dongle" that is plugged in between a keyboard and a PC.

Accepted Answer

A)  Shadow-keyboards 
B)  Bootloggers 
C)  KitRoots 
D)  Keyloggers 
E)  Adwares 
A)  Shadow-keyboards 
B)  Bootloggers 
C)  KitRoots 
D)  Keyloggers 
E)  Adwares

Question 20

Describe some of the factors at work that enabled the Target security breach to occur.

Accepted Answer

Security software notification went off

Viruses are programs that infect other software or files and require:

Attacks that are so new that they have not been clearly identified, and so have not made it into security screening systems are called _____.

The topic of U.S. government surveilance continues to be hotly debated, with strong opinions in favor of surveilance programs, as well as vocal protestations of government overreach. Briefly give the argument for and against U.S. government surveilance practices.

Several surprising findings were revealed in the wake of the Target breach, providing a cautionary tale for all executives and security professionals. Which of the following was not thought to have occurred during the Target security breach?

Which of these would be an example of a DDoS attack?

A team working on organizational security should include representatives from general counsel, audit, public relations, and human resources, in addition to those from specialized security and broader technology and infrastructure functions.

One of the major problems with the Heartbleed bug in OpenSSL software is that:

The information systems of several firms have been compromised by insiders that can include contract employees, cleaning staff, and temporary staffers.

_____ are seemingly tempting, but bogus targets meant to draw hacking attempts.

Hardware failure is the least likely of threats to one's data.

Online backup services are considered a poor choice for end-users, since this only increases the liklihood that an individual's data will be hacked.

_____ refers to a term that either means breaking into a computer system or a particularly clever solution.

Con games that trick employees into revealing information or performing other tasks that compromise a firm are known as _____ in security circles.

Which of the following statements is consistent with ground realities regarding information security?

According to research firm Gartner, the majority of loss-causing security incidents involve the handiwork of international cyber-criminal gangs.

Worms require an executable (a running program) to spread, attaching to other executables.

An attack on the US power grid by terrorists or a foreign power is indicative of:

Many U.S. technology firms believe that U.S. government surveillance techniques put them at a disadvantage relative to foreign firms because:

_____ can be either software-based or deployed via hardware, such as a recording "dongle" that is plugged in between a keyboard and a PC.

Describe some of the factors at work that enabled the Target security breach to occur.

Setting the Stage: Technology and the Modern Enterprise

Strategy and Technology: Concepts and Frameworks for Understanding What Separates Winners From Losers

Zara: Fast Fashion From Savvy Systems

Netflix in Two Acts: the Making of an E-Commerce Giant and the Uncertain Future of Atoms to Bits

Moores Law and More: Fast, Cheap Computing and What This Means for the Manager

Disruptive Technologies: Understanding the Giant Killers and Considerations for Avoiding Extinction

Amazoncom: an Empire Stretching From Cardboard Box to Kindle to Cloud

Understanding Network Effects: Strategies for Competing in a Platform-Centric, Winner-Take-All World

Social Media, Peer Production, and Web 2.0

The Sharing Economy, Collaborative Consumption, and Creating More Efficient Markets Through Technology

Facebook: Building a Business From the Social Graph

Rent the Runway: Entrepreneurs Expanding an Industry by Blending Tech With Fashion, John Gallaugher - Information Systems: a Managers Guide to Harnessing Technology, Version 40

Understanding Software: a Primer for Managers

Software in Flux: Partly Cloudy and Sometimes Free

The Data Asset: Databases, Business Intelligence, Analytics, Big Data, and Competitive Advantage

A Managers Guide to the Internet and Telecommunications

Google in Three Parts: Search, Online Advertising, and Beyond

Filters

Exam 17: Information Security: Barbarians at the Gateway and Just About Everywhere Else

Viruses are programs that infect other software or files and require:

Attacks that are so new that they have not been clearly identified, and so have not made it into security screening systems are called _____.

The topic of U.S. government surveilance continues to be hotly debated, with strong opinions in favor of surveilance programs, as well as vocal protestations of government overreach. Briefly give the argument for and against U.S. government surveilance practices.

Several surprising findings were revealed in the wake of the Target breach, providing a cautionary tale for all executives and security professionals. Which of the following was not thought to have occurred during the Target security breach?

Which of these would be an example of a DDoS attack?

A team working on organizational security should include representatives from general counsel, audit, public relations, and human resources, in addition to those from specialized security and broader technology and infrastructure functions.

One of the major problems with the Heartbleed bug in OpenSSL software is that:

The information systems of several firms have been compromised by insiders that can include contract employees, cleaning staff, and temporary staffers.

_____ are seemingly tempting, but bogus targets meant to draw hacking attempts.

Hardware failure is the least likely of threats to one's data.

Online backup services are considered a poor choice for end-users, since this only increases the liklihood that an individual's data will be hacked.

_____ refers to a term that either means breaking into a computer system or a particularly clever solution.

Con games that trick employees into revealing information or performing other tasks that compromise a firm are known as _____ in security circles.

Which of the following statements is consistent with ground realities regarding information security?

According to research firm Gartner, the majority of loss-causing security incidents involve the handiwork of international cyber-criminal gangs.

Worms require an executable (a running program) to spread, attaching to other executables.

An attack on the US power grid by terrorists or a foreign power is indicative of:

Many U.S. technology firms believe that U.S. government surveillance techniques put them at a disadvantage relative to foreign firms because:

_____ can be either software-based or deployed via hardware, such as a recording "dongle" that is plugged in between a keyboard and a PC.

Describe some of the factors at work that enabled the Target security breach to occur.

Setting the Stage: Technology and the Modern Enterprise

Strategy and Technology: Concepts and Frameworks for Understanding What Separates Winners From Losers

Zara: Fast Fashion From Savvy Systems

Netflix in Two Acts: the Making of an E-Commerce Giant and the Uncertain Future of Atoms to Bits

Moores Law and More: Fast, Cheap Computing and What This Means for the Manager

Disruptive Technologies: Understanding the Giant Killers and Considerations for Avoiding Extinction

Amazoncom: an Empire Stretching From Cardboard Box to Kindle to Cloud

Understanding Network Effects: Strategies for Competing in a Platform-Centric, Winner-Take-All World

Social Media, Peer Production, and Web 2.0

The Sharing Economy, Collaborative Consumption, and Creating More Efficient Markets Through Technology

Facebook: Building a Business From the Social Graph

Rent the Runway: Entrepreneurs Expanding an Industry by Blending Tech With Fashion, John Gallaugher - Information Systems: a Managers Guide to Harnessing Technology, Version 40

Understanding Software: a Primer for Managers

Software in Flux: Partly Cloudy and Sometimes Free

The Data Asset: Databases, Business Intelligence, Analytics, Big Data, and Competitive Advantage

A Managers Guide to the Internet and Telecommunications

Google in Three Parts: Search, Online Advertising, and Beyond

Filters