Deck 5: Cybersecurity and Risk Management Technology

A)Social engineering
B)Backdoor
C)BYOD
D)Password cracking

A)Hacking;highly motivated hackers
B)Hacking;negligence
C)Malware;BYOD
D)Malware;negligence

A)Potential target users were informed within a month of the breach
B)Russian agents were indicted for the crime
C)Yahoo's value decreased by over $200 million
D)Users were advised to change their passwords and security questions

A)Damaged brands and reputations
B)Criminal charges
C)Financial penalties
D)Customer backlash

A)$1 million
B)$2 million
C)$4 million
D)$8 million

A)registry denial
B)advanced persistent threat
C)DDOS
D)hacktivist

A)Spyware
B)Ransomware
C)Spear phishing
D)Denial-of-service

A)White Hat hacker
B)Red Hat hacker
C)Black Hat Hacker
D)Gray Hat Hacker

A)By hacktivists
B)By hackers
C)On critical infrastructure
D)On industrial control systems

A)Android-hacking
B)BYOD
C)Hacktivism
D)Social engineering

A)Critical infrastructure
B)Cyber architecture
C)National networks
D)Strategic assets

A)persistent threats
B)POS attacks
C)mobile computing
D)the use of social media

A)they want to hide the attack from the government
B)they never knew they were hacked in the first place
C)they want to cover up the intrusion
D)they do not have to report them.

A)create awareness for their causes
B)remain unnoticed so they can continue to steal data
C)conduct cyberwarfare
D)reveal weaknesses in business and government websites and then force them offline.

A)security incidents increased steadily despite implementation of security practices
B)current cybersecurity technologies and policies are simply not keeping pace with fast-evolving threats.
C)Many threats and challenges that organizations face today were unimaginable 10 years ago.
D)Older threats such as fraud and identity theft have decreased significantly.

A)White Hat hacker
B)Red Hat hacker
C)Black Hat Hacker
D)Gray Hat Hacker

A)Employees will spend too much time playing games or using entertainment and recreation apps,thus reducing productivity.
B)Managers will be unable to monitor the time spent on personal calls made during work hours.
C)Many personal smartphones do not have anti-malware or data encryption apps,creating a security problem with respect to any confidential business data stored on the device.
D)Consumer-quality equipment are more likely to break or malfunction than enterprise quality devices.

A)advanced persistent threat
B)distributed denial-of-service
C)malware
D)phishing

A)Password Verification
B)Mobile Access Verification
C)Two Factor Authentication
D)Mobile Code Authentication

A)A weakness that threatens the confidentiality,integrity,or availability of data.
B)Something or someone that can damage,disrupt,or destroy an asset.
C)Estimated cost,loss,or damage that can result from an exploit.
D)Tools or techniques that take compromise a network.

A)Authentication
B)Defense-in-depth
C)Encryption
D)Hashing

A)Antimalware
B)Firewalls
C)Intrusion detection systems
D)Middleware

A)Fault tolerance
B)Hot site ready
C)Cold site ready
D)System override

A)Hacktivists
B)Hostile government agents
C)Industrial spies
D)Cyber terrorists

A)Data protection,equipment protection,reputation protection
B)Confidentiality,integrity,availability
C)Anticipate,defend,counter-attack
D)Identify,assess risk,take action

A)Integrity
B)Confidentiality
C)Availability
D)Reliability

A)Black Ops procedures
B)Do-Not-Carry rules
C)Foreign Threat Prevention procedures
D)Strict Security standards

A)data mining
B)data tampering
C)ransomware
D)a remote-access Trojan

A)intrusion prevention
B)critical infrastructure
C)corporate identity
D)intellectual property

A)To bribe employees to get access codes and passwords.
B)To bombard websites or networks with so much traffic that they "crash",exposing sensitive data.
C)To break into employees' mobile devices and leapfrog into employers' networks-stealing secrets without a trace.
D)Use a combination of sophisticated hardware tools designed to defeat IT security defenses.

A)Domestic terrorists
B)Amateur hackers
C)Organized crime syndicates based in the United States
D)Other countries

A)Integrity
B)Confidentiality
C)Availability
D)Reliability

A)A weakness that threatens the confidentiality,integrity,or availability of data.
B)Something or someone that can damage,disrupt,or destroy an asset.
C)Estimated cost,loss,or damage that can result from an exploit.
D)Tools or techniques that take compromise a network.

A)Integrity
B)Confidentiality
C)Availability
D)Reliability

A)A weakness that threatens the confidentiality,integrity,or availability of data.
B)Something or someone that can damage,disrupt,or destroy an asset.
C)Estimated cost,loss,or damage that can result from an exploit.
D)Tools or techniques that take advantage of a vulnerability.

A)A weakness that threatens the confidentiality,integrity,or availability of data.
B)Something or someone that can damage,disrupt,or destroy an asset.
C)Estimated cost,loss,or damage that can result from an exploit.
D)The probability of a threat exploiting a vulnerability and the resulting cost.

A)Identifying exposure
B)Risk management
C)A security audit
D)Encryption defenses

A)Bio-Engineering
B)Physical security
C)Biometrics
D)Human factors

A)Hacktivists
B)Political criminals
C)Industrial spies
D)Social engineers

A)botnet;a supercomputer
B)spyware;a DDoS attack
C)vector;zombies
D)spear phishing;a server

A)IT governance
B)Internal control
C)PCI DSS
D)FISMA

A)Senior management commitment and support
B)IT security procedures and enforcement
C)Hardware and software selection
D)Acceptable use policies and IT security training

A)IT governance
B)Internal control
C)PCI DSS
D)FISMA

A)accounting
B)economic use of resources
C)legality
D)COBIT

A)Botnets
B)Phishing
C)Spoofing
D)Click hijacking

A)An attacker who is trying to break into the credentials of a legitimate user in order to gain access to an IS,device,or network.
B)A legitimate user who performs actions he is not authorized to do.
C)A user who tries to disguise or cover up his actions by deleting audit files or system logs.
D)Employees who use computing or network resources inefficiently.

A)Users invite in and build relationships with others.Cybercriminals hack into these trusted relationships using stolen log-in credentials.
B)E-mail viruses and malware have been increasing for years even though e-mail security has improved.
C)Communication has shifted from social networks to smartphones.
D)Web filtering,user education,and strict policies cannot help prevent IT security dangers on Facebook and other social networks.

A)an ongoing unending process
B)a problem that is solved with hardware or software
C)defined in the AUP that is enforced periodically
D)primarily the responsibility of the IT and legal departments

A)Record
B)Authenticate
C)Substantiate
D)Validate

A)Political/civic unrest
B)Human errors
C)Environmental hazards
D)Computer systems failures

A)Report security breaches via media sources to inform the public
B)Backup sensitive data to offsite locations
C)Set up comprehensive internal controls
D)Inform the public about network failures in a timely manner

A)Data tampering
B)Worms
C)Phishing
D)Vectors

A)Senior management commitment and support
B)IT security procedures and enforcement
C)Hardware and software selection
D)Acceptable use policies and IT security training

A)Time-to-exploitation;days
B)Time-to-exploitation;minutes
C)Denial of service;days
D)Denial of service;seconds

A)Facebook scams
B)Ransomware
C)Rogue mobile apps
D)Spyware

A)Patches;service packs
B)Patches;downloads
C)Firewalls;spyware
D)Service packs;firewalls

A)Technically,malware is a computer program or code that can infect anything attached to the Internet and is able to process the code.
B)Setting an e-mail client,such as Microsoft Outlook or Gmail,to allow scripting blocks malware.
C)RATS create an unprotected backdoor into a system through which a hacker can remotely control that system.
D)The payload carries out the purpose of the malware.

A)failed to inform the public about network failures in a timely manner
B)failed to transmit sensitive data
C)did not report security breaches to law enforcement
D)lacked adequate policies and procedures to protect consumer data.

A)Software errors
B)Malicious employees
C)Social networks and cloud computing
D)Vendor sabotage

A)The source of the threat
B)Industry regulations regarding protection of sensitive data
C)What needs to be protected and the cost-benefit analysis
D)The available IT budget

A)Set of standards required by U.S.and international law for protecting credit card transaction data.
B)Set of industry standards required for all online merchants that store,process,or transmit cardholder data.
C)Set of voluntary security guidelines for retailers who accept Visa,MasterCard,American Express,and Discover credit cards.
D)Set of regulations (that vary from state to state,and country to country)that apply to credit card companies.

A)Application controls
B)Physical controls
C)General controls
D)Authentication controls

A)Detection
B)Lawsuits
C)Prevention
D)Prosecution

A)cryptography
B)biometrics
C)encryption
D)visualization

A)Anti-malware and firewalls
B)Internal audits and internal controls
C)Encryption and IDS
D)AUPs

A)Holding managers responsible for the actions of their employees
B)Peer monitoring (employees monitor each other)
C)Creating the perception that fraud will be detected and punished
D)A clearly written employee policy manual that explains unacceptable behaviors

A)Fostering company loyalty
B)Immediately revoking access privileges of dismissed,resigned,or transferred employees
C)Instituting separation of duties by dividing sensitive computer duties among as many employees as economically feasible
D)Performing authorization and authentication

A)Application controls
B)Physical controls
C)General controls
D)Authentication controls

A)Insider fraud
B)Identity theft
C)Occupational corruption
D)Document sabotage

A)Fraud and felonies
B)Occupational and opportunistic
C)Lethal and misdemeanors
D)violent and nonviolent

A)Security bonds or malfeasance insurance for key employees
B)Emergency power shutoff and backup batteries
C)Shielding against electromagnetic fields
D)Properly designed and maintained air-conditioning systems

A)mobile device
B)botnet
C)BYOD
D)firewall

A)Business impact analysis (BIA)
B)Vulnerability audit
C)Asset valuation audit
D)Computing Cost/Benefit (CCB)audit

A)fraudsters will be fired
B)fraudsters will be forced to repay what they stole plus interest
C)fraud could destroy the company and jobs.
D)fraud will be detected by IT monitoring systems and punished by the legal system.

A)A detailed recovery plan;containment,including a fault-tolerant system
B)Perimeter defense technologies,such as e-mail scanners;human resource procedures,such as recruitment screening
C)General controls;application controls
D)Physical controls,including authorization;authentication systems

A)Corporate governance
B)Access to legal counsel
C)Relationships with security vendors
D)Awareness of industry standards

A)Security audits
B)Pattern analysis
C)Behavior recognition scans
D)Anomaly detection analysis

A)Managerial corruption
B)Insider or internal fraud
C)Corporate fraud
D)Intentional fraud

A)Increases in hacker skills and capabilities
B)Poorly designed network protection software
C)Increasing sophistication of computer viruses and worms
D)Users who do not follow secure computing practices and procedures