Deck 5: Cybersecurity and Risk Management

A)Hacking;highly motivated hackers
B)Hacking;negligence
C)Malware;BYOD
D)Malware;negligence

A)Too many companies are defending yesterday---that is,they rely on yesterday's cybersecurity practices that are ineffective at combating today's threats.
B)Protecting all data at an equally high level is now practical and feasible.
C)Most companies implement stringent security policies before moving to cloud computing,but not before implementing BYOD.
D)APTs require a new information-protection model that focuses on preventing DDoS attacks.

A)Is self-destructing if tampered with.
B)Uses dual SIM cards
C)Communicates via satellite
D)Is an Android device

A)Social engineering
B)Backdoor
C)BYOD
D)Password cracking

A)they want to hide the attack from the government
B)they never knew they were hacked in the first place
C)they want to cover up the intrusion
D)they do not have to report them.

A)Asia
B)China
C)Europe
D)The United States

A)4Q 2013 profit dropped 46% and sales revenue fell 5.3 % after breach was disclosed.
B)Gartner estimated the cost of the breach from $400 million to $450 million
C)Target faced 2 lawsuits-one related to privacy invasion and one for negligence.
D)The incident scared shoppers away,affecting the company's profits throughout 2014.

A)Android-hacking
B)BYOD
C)Hacktivism
D)Social engineering

A)persistent threats
B)POS attacks
C)mobile computing
D)the use of social media

A)By hacktivists
B)By hackers
C)On critical infrastructure
D)On industrial control systems

A)Critical infrastructure
B)Cyber architecture
C)National networks
D)Strategic assets

A)advanced persistent threat
B)distributed denial-of-service
C)malware
D)phishing

A)Employees will spend too much time playing games or using entertainment and recreation apps,thus reducing productivity.
B)Managers will be unable to monitor the time spent on personal calls made during work hours.
C)Many personal smartphones do not have anti-malware or data encryption apps,creating a security problem with respect to any confidential business data stored on the device.
D)Consumer-quality equipment are more likely to break or malfunction than enterprise quality devices.

A)create awareness for their causes
B)remain unnoticed so they can continue to steal data
C)conduct cyberwarfare
D)reveal weaknesses in business and government websites and then force them offline.

A)Hacktivists
B)Political criminals
C)Industrial spies
D)Social engineers

A)registry denial
B)advanced persistent threat
C)DDOS
D)hacktivist

A)LulzSec's.
B).RSA's
C)Fraudsters'
D)Botmasters'

A)Hacktivist
B)Political criminal
C)Industrial spy
D)Identity thief

A)security incidents increased 33% despite implementation of security practices
B)current cybersecurity technologies and policies are simply not keeping pace with fast-evolving threats.
C)Many threats and challenges that organizations face today were unimaginable 10 years ago.
D)Older threats such as fraud and identity theft have decreased significantly.

A)A weakness that threatens the confidentiality,integrity,or availability of data.
B)Something or someone that can damage,disrupt,or destroy an asset.
C)Estimated cost,loss,or damage that can result from an exploit.
D)Tools or techniques that take advantage of a vulnerability.

A)Integrity
B)Confidentiality
C)Availability
D)Reliability

A)Integrity
B)Confidentiality
C)Availability
D)Reliability

A)Make data and documents available and accessible 24/7 while simultaneously restricting access.
B)Promote secure and legal sharing of information among authorized persons and partners.
C)Ensure compliance with supply chain business partners.
D)Detect,diagnose,and respond to incidents and attacks in real time.

A)A weakness that threatens the confidentiality,integrity,or availability of data.
B)Something or someone that can damage,disrupt,or destroy an asset.
C)Estimated cost,loss,or damage that can result from an exploit.
D)Tools or techniques that take compromise a network.

A)To bribe employees to get access codes and passwords.
B)To bombard websites or networks with so much traffic that they "crash",exposing sensitive data.
C)To break into employees' mobile devices and leapfrog into employers' networks-stealing secrets without a trace.
D)Use a combination of sophisticated hardware tools designed to defeat IT security defenses.

A)Integrity
B)Confidentiality
C)Availability
D)Reliability

A)Black Ops procedures
B)Do-Not-Carry rules
C)Foreign Threat Prevention procedures
D)Strict Security standards

A)A weakness that threatens the confidentiality,integrity,or availability of data.
B)Something or someone that can damage,disrupt,or destroy an asset.
C)Estimated cost,loss,or damage that can result from an exploit.
D)Tools or techniques that take compromise a network.

A)Authentication
B)Defense-in-depth
C)Encryption
D)Hashing

A)Record
B)Authenticate
C)Substantiate
D)Validate

A)Bio-Engineering
B)Physical security
C)Biometrics
D)Human factors

A)Hacktivists
B)Hostile government agents
C)Industrial spies
D)Cyber terrorists

A)Banking and finance,entertainment and technology
B)Technology,banking and finance,and education
C)Energy,health care,and banking and finance
D)Healthcare,technology and defense

A)Antimalware
B)Firewalls
C)Intrusion detection systems
D)Middleware

A)Domestic terrorists
B)Amateur hackers
C)Organized crime syndicates based in the United States
D)Other countries

A)Data protection,equipment protection,reputation protection
B)Confidentiality,integrity,availability
C)Anticipate,defend,counter-attack
D)Identify,assess risk,take action

A)A weakness that threatens the confidentiality,integrity,or availability of data.
B)Something or someone that can damage,disrupt,or destroy an asset.
C)Estimated cost,loss,or damage that can result from an exploit.
D)The probability of a threat exploiting a vulnerability.

A)Fault tolerance
B)Hot site ready
C)Cold site ready
D)System override

A)Identifying exposure
B)Risk management
C)A security audit
D)Encryption defenses

A)Senior management commitment and support
B)IT security procedures and enforcement
C)Hardware and software selection
D)Acceptable use policies and IT security training

A)Time-to-exploitation;days
B)Time-to-exploitation;minutes
C)Denial of service;days
D)Denial of service;seconds

A)botnet;a supercomputer
B)spyware;a DDoS attack
C)vector;zombies
D)spear phishing;a server

A)Report security breaches via media sources to inform the public
B)Backup sensitive data to offsite locations
C)Protect personally identifiable information
D)Inform the public about network failures in a timely manner

A)Technically,malware is a computer program or code that can infect anything attached to the Internet and is able to process the code.
B)Setting an e-mail client,such as Microsoft Outlook or Gmail,to allow scripting blocks malware.
C)RATS create an unprotected backdoor into a system through which a hacker can remotely control that system.
D)The payload carries out the purpose of the malware.

A)An attacker who is using the identity or credentials of a legitimate user to gain access to an IS,device,or network.
B)A legitimate user who performs actions he is not authorized to do.
C)A user who tries to disguise or cover up his actions by deleting audit files or system logs.
D)Employees who use computing or network resources inefficiently.

A)Political/civic unrest
B)Human errors
C)Environmental hazards
D)Computer systems failures

A)an ongoing unending process
B)a problem that is solved with hardware or software
C)defined in the AUP that is enforced periodically
D)primarily the responsibility of the IT and legal departments

A)Senior management commitment and support
B)IT security procedures and enforcement
C)Hardware and software selection
D)Acceptable use policies and IT security training

A)Data tampering
B)Worms
C)Phishing
D)Vectors

A)Users invite in and build relationships with others.Cybercriminals hack into these trusted relationships using stolen log-in credentials.
B)E-mail viruses and malware have been increasing for years even though e-mail security has improved.
C)Communication has shifted from social networks to smartphones.
D)Web filtering,user education,and strict policies cannot help prevent IT security dangers on Facebook and other social networks.

A)Increases in hacker skills and capabilities
B)Poorly designed network protection software
C)Increasing sophistication of computer viruses and worms
D)Users who do not follow secure computing practices and procedures

A)Botnets
B)Phishing
C)Spoofing
D)Click hijacking

A)IT governance
B)Internal control
C)PCI DSS
D)FISMA

A)Software errors
B)Malicious employees
C)Social networks and cloud computing
D)Vendor sabotage

A)IT governance
B)Internal control
C)PCI DSS
D)FISMA

A)Transnational organized crime groups use money laundering to fund their operations,which creates international and national security threats.
B)Cybercrime is safer and easier than selling drugs,dealing in black market diamonds,or robbing banks.
C)Funds used to finance terrorist operations are easy to track,which provides evidence to identify and locate leaders of terrorist organizations and cells.
D)Online gambling offers easy fronts for international money-laundering operations.

A)accounting
B)economic use of resources
C)legality
D)COBIT

A)failed to inform the public about network failures in a timely manner
B)failed to transmit sensitive data
C)did not report security breaches to law enforcement
D)lacked adequate policies and procedures to protect consumer data.

A)Patches;service packs
B)Patches;downloads
C)Firewalls;spyware
D)Service packs;firewalls

A)Application controls
B)Physical controls
C)General controls
D)Authentication controls

A)Business impact analysis (BIA)
B)Vulnerability audit
C)Asset valuation audit
D)Computing Cost/Benefit (CCB)audit

A)fraudsters will be fired
B)fraudsters will be forced to repay what they stole plus interest
C)fraud could destroy the company and jobs.
D)fraud will be detected by IT monitoring systems and punished by the legal system.

A)mobile device
B)botnet
C)BYOD
D)firewall

A)Detection
B)Lawsuits
C)Prevention
D)Prosecution

A)Corporate governance
B)Access to legal counsel
C)Relationships with security vendors
D)Awareness of industry standards

A)Insider fraud
B)Identity theft
C)Occupational corruption
D)Document sabotage

A)Fraud and felonies
B)Occupational and opportunistic
C)Lethal and misdemeanors
D)violent and nonviolent

A)Anti-malware and firewalls
B)Internal audits and internal controls
C)Encryption and IDS
D)AUPs

A)Managerial corruption
B)Insider or internal fraud
C)Corporate fraud
D)Intentional fraud

A)Application controls
B)Physical controls
C)General controls
D)Authentication controls

A)Holding managers responsible for the actions of their employees
B)Peer monitoring (employees monitor each other)
C)Creating the perception that fraud will be detected and punished
D)A clearly written employee policy manual that explains unacceptable behaviors

A)A detailed recovery plan;containment,including a fault-tolerant system
B)Perimeter defense technologies,such as e-mail scanners;human resource procedures,such as recruitment screening
C)General controls;application controls
D)Physical controls,including authorization;authentication systems

A)cryptography
B)biometrics
C)encryption
D)visualization

A)by providing a single point of failure and attack for organized criminal networks
B)In Twitter and Facebook,users invite in and build relationships with others.Cybercriminals hack into these trusted relationships using stolen logins.
C)Twitter's use of service packs and patches have not been effective.
D)These networks and services increase exposure to risk because of the time-to-exploitation of today's sophisticated spyware and mobile viruses

A)Set of standards required by U.S.and international law for protecting credit card transaction data.
B)Set of industry standards required for all online merchants that store,process,or transmit cardholder data.
C)Set of voluntary security guidelines for retailers who accept Visa,MasterCard,American Express,and Discover credit cards.
D)Set of regulations (that vary from state to state,and country to country)that apply to credit card companies.

A)The source of the threat
B)Industry regulations regarding protection of sensitive data
C)What needs to be protected and the cost-benefit analysis
D)The available IT budget

A)Fostering company loyalty
B)Immediately revoking access privileges of dismissed,resigned,or transferred employees
C)Instituting separation of duties by dividing sensitive computer duties among as many employees as economically feasible
D)Performing authorization and authentication

A)Security audits
B)Pattern analysis
C)Behavior recognition scans
D)Anomaly detection analysis

A)Security bonds or malfeasance insurance for key employees
B)Emergency power shutoff and backup batteries
C)Shielding against electromagnetic fields
D)Properly designed and maintained air-conditioning systems