Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Deck 27: Data Breaches

Full screen (f)
exit full mode
Question
A student at the MSA University hacked into the university's official Web site and stole some confidential information about the scholarship program. This incident is an example of ________.

A) a data breach
B) asynchronous communication
C) key escrow
D) a sequence flow
Use Space or
up arrow
down arrow
to flip the card.
Question
Each type of data breach is different because hackers are continually developing new tools and techniques that enable them to steal more data.
Question
An exploit is a type of attack vector used by hackers.
Question
A group of hackers use a targeted phishing attack to breach a company's firewalls and hack into its security system. Which of the following techniques have the hackers used?

A) pretexting
B) IP spoofing
C) spear phishing
D) phone phishing
Question
Direct costs of handling a data breach do not include paying for detection of the breach.
Question
Spear phishing is used by organizations to monitor traffic passing through their internal network.
Question
Stuart works for a financial brokerage. His job involves handling sensitive client information such as financial details. Stuart illegally transfers details of some clients from his office computer to his personal email ID, to misuse later. With reference to this situation, Stuart is guilty of ________.

A) exfiltrating
B) carding
C) hardening
D) pretexting
Question
Attack vectors refer to the ways hackers attack a target.
Question
Explain how hackers use information stolen from data breaches for credit card forgery.
Question
A group of hackers decide to steal credit card details of the users of Swift Shopping Inc., a leading e-commerce company. They infect the security system of the company's third-party vendor and gain access into its internal network. They compromise an internal Windows server of the company and use a malware to extract customer data. Which of the following is illustrated in this scenario?

A) hardening
B) carding
C) pretexting
D) data breaching
Question
________ refers to the process of placing a small charge on a credit card to ensure it is working.

A) Hoarding
B) Carding
C) Phishing
D) Credit card hijacking
Question
According to the reports in Ponemon's 2014 Cost of Data Breach Study, organizations are more likely to lose larger amounts of data than smaller amounts of data.
Question
Which of the following is a direct cost of handling a data breach?

A) loss of reputation
B) abnormal customer turnover
C) legal fees and consultation
D) increased customer acquisition activities
Question
Explain how data breach occurs with an example.
Question
Sam is a hacker who makes money by stealing and selling credit cards. He has targeted the employees of a local firm and is looking for details such as names, addresses, dates of birth, social security numbers, credit card numbers, or health records. In this case, Sam is looking for ________.

A) firewall security measures
B) business continuity plans
C) malware definitions
D) personally identifiable information
Question
Stolen credit card information is validated through a process called carding.
Question
Bob, a hacker, encountered a vulnerability in a bank's firewall when he was trying to hack into its Web site. Which of the following can Bob use to take advantage of this liability?

A) exploit
B) attack vector
C) carding
D) wardriver
Question
Personally identifiable information includes a person's bank account numbers, personal identification numbers, email address, and social security numbers.
Question
The first step in protecting oneself from data breaches is ________.

A) securing credit and debit card details
B) understanding how they happen
C) learning the technologies used for these activities
D) installing necessary software to protect from possible breaches
Question
Which of the following is TRUE of the measures to be taken by an organization in the event of a data breach?

A) The organization must delay informing its users so that the occurrence of data breach remains private.
B) The organization must not involve additional technical or law enforcement professionals, as it may lead to further damage to its data.
C) The organization must destroy the evidence of the breach to avoid future security problems.
D) The organization must respond quickly to mitigate the amount of damage hackers can do with the stolen data.
Question
Organizations need to understand the body of regulatory law relative to the type of information they store because they will be held accountable for implementing those standards.
Question
The Federal Information Security Management Act (FISMA) details the procedures to be followed by a federal agency in case an organization fails to ensure the minimum security requirements for its data and systems.
Question
Data breach notifications should state that the existing security policies and procedures are inadequate and that changes are being made to prevent similar breaches in the future.
Question
Despite data breach, organizations should refrain from informing their users immediately as it will lead to mass user defection.
Question
Which of the following regulatory laws requires data protection for health care institutions?

A) the Gramm-Leach-Bliley Act (GLBA)
B) the Federal Information Security Management Act (FISMA)
C) the Health Information Portability and Accountability Act (HIPAA)
D) the Health Maintenance Organization Act of 1973
Question
Data extrusion helps organizations secure their data from possible data breaches.
Question
Which of the following regulatory laws requires data protection for financial institutions?

A) the Family Educational Rights and Privacy Act (FERPA)
B) the Federal Information Security Management Act (FISMA)
C) the Gramm-Leach-Bliley Act (GLBA)
D) the Health Information Portability and Accountability Act (HIPAA)
Question
Performing a walkthrough should be done as part of a business continuity planning session.
Question
The ________ is a regulatory law that provides protection for student education records.

A) Family Educational Rights and Privacy Act (FERPA)
B) Equal Educational Opportunities Act of 1974
C) Smith-Lever Act of 1914
D) Federal Information Security Management Act (FISMA)
Question
The Gramm-Leach-Bliley Act (GLBA) is a universal regulatory law that applies to all types of industries.
Question
Decisions on how to respond to a data breach are most effective if they are made when the breach is happening.
Question
Adam owns and manages a large insurance company. In order to protect his organization from data breach, Adam has to ensure that he has incorporated the security measures required by the ________.

A) Family Educational Rights and Privacy Act (FERPA)
B) Federal Information Security Management Act (FISMA)
C) Payment Card Industry Data Security Standard (PCI DSS)
D) Gramm-Leach-Bliley Act (GLBA)
Question
Which of the following should be done by employees to protect against data breaches?

A) They should develop new exploits.
B) They should remove existing honeypots.
C) They should design methods for data extrusion.
D) They should conduct a walkthrough.
Question
The ________ is a regulatory law that requires security precautions for government agencies.

A) Federal Information Security Management Act (FISMA)
B) Gramm-Leach-Bliley Act (GLBA)
C) Payment Card Industry Data Security Standard (PCI DSS)
D) Family Educational Rights and Privacy Act (FERPA)
Question
Jobs Dot Com, an online recruitment site, was hacked into, and personal information of a number of users was stolen. What information should Jobs Dot Com include in its data breach notification to its users?

A) the costs incurred due to the breach
B) a sincere apology and an acceptance of responsibility for the incident
C) details of how the breach occurred and the reasons for the breach
D) a report on the current security measures
Question
Venclave Hospital is a privately-owned organization that specializes in treating neurological diseases. Which of the following regulatory laws governs the data security measures to be taken by this hospital for protecting against data breach?

A) the Health Maintenance Organization Act of 1973
B) the Health Information Portability and Accountability Act (HIPAA)
C) the Gramm-Leach-Bliley Act (GLBA)
D) the Federal Information Security Management Act (FISMA)
Question
Executives, managers, and all systems personnel of an organization discuss the actions to be taken by each employee in case a data breach occurs. They identify areas that would need immediate attention and assign specific responsibilities to each employee. The employees of the organization are performing a(n) ________.

A) exfiltration
B) documentation
C) walkthrough
D) case study
Question
Why should organizations respond quickly to data breaches?
Question
What are the steps involved in an organization's plan for a data breach?
Question
The purpose of a business continuity planning session in an organization is to ________.

A) discuss how to return the organization to normal operations as quickly as possible after a data breach
B) build plans to increase the market presence of the organization and increase its user base
C) identify new markets that will accelerate the growth of the organization
D) understand the type of information stored by the organization and implement relevant security measures as required by regulatory laws
Question
Which of the following is NOT a way for criminals to make money from data breaches?

A) selling a stolen purse
B) identify theft
C) extortion
D) industrial espionage
Question
A(n) ________ is used to examine traffic passing through an organization's internal network.

A) honeypot
B) attack vector
C) security protocols open repository
D) network intrusion detection system
Question
What are countermeasures? Why is it important for organizations to implement countermeasures?
Question
An organization can easily stop a simple SQL injection attack on its online store by additional user training, stronger vendor authentication, or an internal network intrusion detection system.
Question
List some of the regulatory laws that govern the secure storage of data in certain industries.
Question
________ are countermeasures designed to prevent sensitive data from being released to unauthorized persons.

A) Malware definitions
B) Attack vectors
C) Data loss prevention systems
D) Data extrusion prevention systems
Question
When planning for a data breach which of the following should be part of the process?

A) a walkthrough
B) being honest with customers
C) exfiltrating
D) perform a forensic investigation
Question
________ are software or procedures used to prevent an information security attack.

A) Malware definitions
B) Countermeasures
C) Exploits
D) Attack vectors
Question
Which of the following are NOT ways a company should handle a data breach?

A) Respond quickly.
B) Be honest about the breach.
C) Only send notification to a small number of users.
D) Notify users as soon as possible.
Question
Talgedco Inc., a software company, has taken several steps to secure its systems and data. The company has also installed a network intrusion detection system and data loss prevention system. Employees of this company have also been trained on the procedures to be followed to reduce the probability of a data breach. These steps taken by Talgedco are an example of ________.

A) attack vectors
B) countermeasures
C) malware
D) exfiltration
Question
Hackers experiment with new ________ or ways of attacking a target.

A) exploit
B) attack vector
C) carding
D) wardriver
Question
Which company waited four years before information their customers about a data breach?

A) Target
B) Macys
C) The IRS
D) LinkedIn
Question
Organizations can implement countermeasures that make data breaches impossible to occur.
Question
Stolen information is commonly used to pay bills.
Question
It is easy for organizations to prepare a list of countermeasures against many different types of attacks and take appropriate measures accordingly.
Question
Which of the following is a best practice for notifying users of a data breach?

A) Keep the information internal until the executive can decide how to deal with the breach.
B) Notify the clients there is no evidence their cards have been compromised.
C) Stay focused and concise.
D) Do not give out key details about the breach.
Question
What was one major change that happen in business because of the Target breach?

A) a shift from magnetic swipe cards to smart cards
B) the government requiring all companies to hire a CISO
C) people choosing to use cash instead of credit cards
D) companies granting all of their customers credit monitoring services
Question
Internal employees can steal data more easily than external hackers.
Question
All of these are PCI DSS requirements EXCEPT ________.

A) build a secure network
B) test networks once every ten years
C) maintain an information policy
D) protect cardholder data
Question
Explain the basic countermeasures to be taken by organizations to protect themselves against data breaches.
Question
All of the following these legal actions can occur as a consequence of a data breach EXCEPT ________.

A) lawsuits
B) fines for violating industry regulations
C) a massive reduction in consumer confidence
D) fines from payment card issuers
Question
If a company wants to prevent a SQL injection attack, all they have to do is train their users.
Question
Regulatory fines imposed after a data breach can never be higher than the financial damage done during the data breach.
Question
List suggestions for preventing data loss?
Question
Companies can implement measures that make data breaches impossible.
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/65
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 27: Data Breaches
1
A student at the MSA University hacked into the university's official Web site and stole some confidential information about the scholarship program. This incident is an example of ________.

A) a data breach
B) asynchronous communication
C) key escrow
D) a sequence flow
A
2
Each type of data breach is different because hackers are continually developing new tools and techniques that enable them to steal more data.
True
3
An exploit is a type of attack vector used by hackers.
True
4
A group of hackers use a targeted phishing attack to breach a company's firewalls and hack into its security system. Which of the following techniques have the hackers used?

A) pretexting
B) IP spoofing
C) spear phishing
D) phone phishing
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
5
Direct costs of handling a data breach do not include paying for detection of the breach.
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
6
Spear phishing is used by organizations to monitor traffic passing through their internal network.
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
7
Stuart works for a financial brokerage. His job involves handling sensitive client information such as financial details. Stuart illegally transfers details of some clients from his office computer to his personal email ID, to misuse later. With reference to this situation, Stuart is guilty of ________.

A) exfiltrating
B) carding
C) hardening
D) pretexting
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
8
Attack vectors refer to the ways hackers attack a target.
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
9
Explain how hackers use information stolen from data breaches for credit card forgery.
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
10
A group of hackers decide to steal credit card details of the users of Swift Shopping Inc., a leading e-commerce company. They infect the security system of the company's third-party vendor and gain access into its internal network. They compromise an internal Windows server of the company and use a malware to extract customer data. Which of the following is illustrated in this scenario?

A) hardening
B) carding
C) pretexting
D) data breaching
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
11
________ refers to the process of placing a small charge on a credit card to ensure it is working.

A) Hoarding
B) Carding
C) Phishing
D) Credit card hijacking
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
12
According to the reports in Ponemon's 2014 Cost of Data Breach Study, organizations are more likely to lose larger amounts of data than smaller amounts of data.
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
13
Which of the following is a direct cost of handling a data breach?

A) loss of reputation
B) abnormal customer turnover
C) legal fees and consultation
D) increased customer acquisition activities
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
14
Explain how data breach occurs with an example.
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
15
Sam is a hacker who makes money by stealing and selling credit cards. He has targeted the employees of a local firm and is looking for details such as names, addresses, dates of birth, social security numbers, credit card numbers, or health records. In this case, Sam is looking for ________.

A) firewall security measures
B) business continuity plans
C) malware definitions
D) personally identifiable information
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
16
Stolen credit card information is validated through a process called carding.
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
17
Bob, a hacker, encountered a vulnerability in a bank's firewall when he was trying to hack into its Web site. Which of the following can Bob use to take advantage of this liability?

A) exploit
B) attack vector
C) carding
D) wardriver
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
18
Personally identifiable information includes a person's bank account numbers, personal identification numbers, email address, and social security numbers.
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
19
The first step in protecting oneself from data breaches is ________.

A) securing credit and debit card details
B) understanding how they happen
C) learning the technologies used for these activities
D) installing necessary software to protect from possible breaches
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
20
Which of the following is TRUE of the measures to be taken by an organization in the event of a data breach?

A) The organization must delay informing its users so that the occurrence of data breach remains private.
B) The organization must not involve additional technical or law enforcement professionals, as it may lead to further damage to its data.
C) The organization must destroy the evidence of the breach to avoid future security problems.
D) The organization must respond quickly to mitigate the amount of damage hackers can do with the stolen data.
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
21
Organizations need to understand the body of regulatory law relative to the type of information they store because they will be held accountable for implementing those standards.
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
22
The Federal Information Security Management Act (FISMA) details the procedures to be followed by a federal agency in case an organization fails to ensure the minimum security requirements for its data and systems.
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
23
Data breach notifications should state that the existing security policies and procedures are inadequate and that changes are being made to prevent similar breaches in the future.
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
24
Despite data breach, organizations should refrain from informing their users immediately as it will lead to mass user defection.
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
25
Which of the following regulatory laws requires data protection for health care institutions?

A) the Gramm-Leach-Bliley Act (GLBA)
B) the Federal Information Security Management Act (FISMA)
C) the Health Information Portability and Accountability Act (HIPAA)
D) the Health Maintenance Organization Act of 1973
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
26
Data extrusion helps organizations secure their data from possible data breaches.
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
27
Which of the following regulatory laws requires data protection for financial institutions?

A) the Family Educational Rights and Privacy Act (FERPA)
B) the Federal Information Security Management Act (FISMA)
C) the Gramm-Leach-Bliley Act (GLBA)
D) the Health Information Portability and Accountability Act (HIPAA)
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
28
Performing a walkthrough should be done as part of a business continuity planning session.
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
29
The ________ is a regulatory law that provides protection for student education records.

A) Family Educational Rights and Privacy Act (FERPA)
B) Equal Educational Opportunities Act of 1974
C) Smith-Lever Act of 1914
D) Federal Information Security Management Act (FISMA)
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
30
The Gramm-Leach-Bliley Act (GLBA) is a universal regulatory law that applies to all types of industries.
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
31
Decisions on how to respond to a data breach are most effective if they are made when the breach is happening.
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
32
Adam owns and manages a large insurance company. In order to protect his organization from data breach, Adam has to ensure that he has incorporated the security measures required by the ________.

A) Family Educational Rights and Privacy Act (FERPA)
B) Federal Information Security Management Act (FISMA)
C) Payment Card Industry Data Security Standard (PCI DSS)
D) Gramm-Leach-Bliley Act (GLBA)
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
33
Which of the following should be done by employees to protect against data breaches?

A) They should develop new exploits.
B) They should remove existing honeypots.
C) They should design methods for data extrusion.
D) They should conduct a walkthrough.
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
34
The ________ is a regulatory law that requires security precautions for government agencies.

A) Federal Information Security Management Act (FISMA)
B) Gramm-Leach-Bliley Act (GLBA)
C) Payment Card Industry Data Security Standard (PCI DSS)
D) Family Educational Rights and Privacy Act (FERPA)
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
35
Jobs Dot Com, an online recruitment site, was hacked into, and personal information of a number of users was stolen. What information should Jobs Dot Com include in its data breach notification to its users?

A) the costs incurred due to the breach
B) a sincere apology and an acceptance of responsibility for the incident
C) details of how the breach occurred and the reasons for the breach
D) a report on the current security measures
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
36
Venclave Hospital is a privately-owned organization that specializes in treating neurological diseases. Which of the following regulatory laws governs the data security measures to be taken by this hospital for protecting against data breach?

A) the Health Maintenance Organization Act of 1973
B) the Health Information Portability and Accountability Act (HIPAA)
C) the Gramm-Leach-Bliley Act (GLBA)
D) the Federal Information Security Management Act (FISMA)
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
37
Executives, managers, and all systems personnel of an organization discuss the actions to be taken by each employee in case a data breach occurs. They identify areas that would need immediate attention and assign specific responsibilities to each employee. The employees of the organization are performing a(n) ________.

A) exfiltration
B) documentation
C) walkthrough
D) case study
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
38
Why should organizations respond quickly to data breaches?
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
39
What are the steps involved in an organization's plan for a data breach?
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
40
The purpose of a business continuity planning session in an organization is to ________.

A) discuss how to return the organization to normal operations as quickly as possible after a data breach
B) build plans to increase the market presence of the organization and increase its user base
C) identify new markets that will accelerate the growth of the organization
D) understand the type of information stored by the organization and implement relevant security measures as required by regulatory laws
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
41
Which of the following is NOT a way for criminals to make money from data breaches?

A) selling a stolen purse
B) identify theft
C) extortion
D) industrial espionage
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
42
A(n) ________ is used to examine traffic passing through an organization's internal network.

A) honeypot
B) attack vector
C) security protocols open repository
D) network intrusion detection system
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
43
What are countermeasures? Why is it important for organizations to implement countermeasures?
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
44
An organization can easily stop a simple SQL injection attack on its online store by additional user training, stronger vendor authentication, or an internal network intrusion detection system.
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
45
List some of the regulatory laws that govern the secure storage of data in certain industries.
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
46
________ are countermeasures designed to prevent sensitive data from being released to unauthorized persons.

A) Malware definitions
B) Attack vectors
C) Data loss prevention systems
D) Data extrusion prevention systems
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
47
When planning for a data breach which of the following should be part of the process?

A) a walkthrough
B) being honest with customers
C) exfiltrating
D) perform a forensic investigation
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
48
________ are software or procedures used to prevent an information security attack.

A) Malware definitions
B) Countermeasures
C) Exploits
D) Attack vectors
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
49
Which of the following are NOT ways a company should handle a data breach?

A) Respond quickly.
B) Be honest about the breach.
C) Only send notification to a small number of users.
D) Notify users as soon as possible.
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
50
Talgedco Inc., a software company, has taken several steps to secure its systems and data. The company has also installed a network intrusion detection system and data loss prevention system. Employees of this company have also been trained on the procedures to be followed to reduce the probability of a data breach. These steps taken by Talgedco are an example of ________.

A) attack vectors
B) countermeasures
C) malware
D) exfiltration
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
51
Hackers experiment with new ________ or ways of attacking a target.

A) exploit
B) attack vector
C) carding
D) wardriver
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
52
Which company waited four years before information their customers about a data breach?

A) Target
B) Macys
C) The IRS
D) LinkedIn
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
53
Organizations can implement countermeasures that make data breaches impossible to occur.
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
54
Stolen information is commonly used to pay bills.
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
55
It is easy for organizations to prepare a list of countermeasures against many different types of attacks and take appropriate measures accordingly.
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
56
Which of the following is a best practice for notifying users of a data breach?

A) Keep the information internal until the executive can decide how to deal with the breach.
B) Notify the clients there is no evidence their cards have been compromised.
C) Stay focused and concise.
D) Do not give out key details about the breach.
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
57
What was one major change that happen in business because of the Target breach?

A) a shift from magnetic swipe cards to smart cards
B) the government requiring all companies to hire a CISO
C) people choosing to use cash instead of credit cards
D) companies granting all of their customers credit monitoring services
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
58
Internal employees can steal data more easily than external hackers.
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
59
All of these are PCI DSS requirements EXCEPT ________.

A) build a secure network
B) test networks once every ten years
C) maintain an information policy
D) protect cardholder data
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
60
Explain the basic countermeasures to be taken by organizations to protect themselves against data breaches.
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
61
All of the following these legal actions can occur as a consequence of a data breach EXCEPT ________.

A) lawsuits
B) fines for violating industry regulations
C) a massive reduction in consumer confidence
D) fines from payment card issuers
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
62
If a company wants to prevent a SQL injection attack, all they have to do is train their users.
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
63
Regulatory fines imposed after a data breach can never be higher than the financial damage done during the data breach.
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
64
List suggestions for preventing data loss?
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
65
Companies can implement measures that make data breaches impossible.
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 65 flashcards in this deck.
Examlex
Examlex
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App

Scan to downloadDownload the App
qr-code

Copyright © 2025 Examlex LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree