Chat with AI
Deck 6: Threats and Vulnerabilities
Full screen (f)
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/25
Play
Full screen (f)
Deck 6: Threats and Vulnerabilities
1
In the context of information security, bots are
A) Activities performed by agents to compromise assets
B) Malicious software that uses operating system or application vulnerabilities for propagation
C) Software that performs simple tasks automatically and repetitively, usually at the direction of another software
D) Malicious content entered by an end user on a web-based system
A) Activities performed by agents to compromise assets
B) Malicious software that uses operating system or application vulnerabilities for propagation
C) Software that performs simple tasks automatically and repetitively, usually at the direction of another software
D) Malicious content entered by an end user on a web-based system
C
2
The goal of agents running a 419 Nigerian scam is to
A) Damage the reputations of end users
B) Damage end user computers
C) Steal money
D) Steal intellectual property
A) Damage the reputations of end users
B) Damage end user computers
C) Steal money
D) Steal intellectual property
C
3
Internal auditors can be a threat agent by
A) Excessive adherence to compliance
B) Lack of attention to detail
C) Lack of training
D) Causing outages
A) Excessive adherence to compliance
B) Lack of attention to detail
C) Lack of training
D) Causing outages
A
4
External threat agents include
A) Partners and suppliers
B) Activist groups and competitors
C) Help desk and janitorial services
D) Auditors and hurricanes
A) Partners and suppliers
B) Activist groups and competitors
C) Help desk and janitorial services
D) Auditors and hurricanes
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
5
In the context of information security, worms are
A) Activities performed by agents to compromise assets
B) Malicious software that uses operating system or application vulnerabilities for propagation
C) Software that performs simple tasks automatically and repetitively, usually at the direction of another software
D) Malicious content entered by an end user on a web-based system
A) Activities performed by agents to compromise assets
B) Malicious software that uses operating system or application vulnerabilities for propagation
C) Software that performs simple tasks automatically and repetitively, usually at the direction of another software
D) Malicious content entered by an end user on a web-based system
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
6
Partner threat agents include
A) Activist groups and competitors
B) Consultants, cloud service providers and suppliers
C) Internal auditors and help desk
D) Competitors, organized groups and former employees
A) Activist groups and competitors
B) Consultants, cloud service providers and suppliers
C) Internal auditors and help desk
D) Competitors, organized groups and former employees
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
7
In the context of information security, cross-site scripting attacks are
A) Activities performed by agents to compromise assets
B) Malicious software that uses operating system or application vulnerabilities for propagation
C) Software that performs simple tasks automatically and repetitively, usually at the direction of another software
D) Malicious content entered by an end user on a web-based system
A) Activities performed by agents to compromise assets
B) Malicious software that uses operating system or application vulnerabilities for propagation
C) Software that performs simple tasks automatically and repetitively, usually at the direction of another software
D) Malicious content entered by an end user on a web-based system
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
8
Threats are
A) Capabilities, intentions and attack methods of adversaries
B) Interactions between relevant agents, actions
C) Individuals, organizations or groups that originate a particular threat action
D) Activist groups
A) Capabilities, intentions and attack methods of adversaries
B) Interactions between relevant agents, actions
C) Individuals, organizations or groups that originate a particular threat action
D) Activist groups
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
9
Natural causes include all of the following except
A) Arson
B) Earthquake
C) Tornadoes
D) Hurricanes
A) Arson
B) Earthquake
C) Tornadoes
D) Hurricanes
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
10
Top management can be a threat agent by
A) Abusing privileges
B) Lack of understanding of security issues
C) Pulling rank
D) All of the above
A) Abusing privileges
B) Lack of understanding of security issues
C) Pulling rank
D) All of the above
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
11
Threat agents are
A) Capabilities, intentions and attack methods of adversaries
B) Interactions between relevant agents, actions
C) Activist groups
D) Individuals, organizations or groups that originate a particular threat action
A) Capabilities, intentions and attack methods of adversaries
B) Interactions between relevant agents, actions
C) Activist groups
D) Individuals, organizations or groups that originate a particular threat action
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
12
In the context of internal security, partners are
A) People external to the organization
B) People directly associated with the organization, often as employees
C) Third parties sharing a business relationship with the organization
D) All of the above
A) People external to the organization
B) People directly associated with the organization, often as employees
C) Third parties sharing a business relationship with the organization
D) All of the above
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
13
The threat model includes
A) Actors, agents and assistants
B) Actions, assets and ambitions
C) Agents, actions and assets
D) Agents, actors and assets
A) Actors, agents and assistants
B) Actions, assets and ambitions
C) Agents, actions and assets
D) Agents, actors and assets
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
14
Threat actions are
A) Activities performed by agents to compromise assets
B) Capabilities, intentions and attack methods of adversaries
C) Interactions between relevant agents, actions and assets
D) Individuals, organizations or groups that originate a particular threat action
A) Activities performed by agents to compromise assets
B) Capabilities, intentions and attack methods of adversaries
C) Interactions between relevant agents, actions and assets
D) Individuals, organizations or groups that originate a particular threat action
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
15
Threat models are
A) Capabilities, intentions and attack methods of adversaries
B) Interactions between relevant agents, actions
C) Individuals, organizations or groups that originate a particular threat action
D) Activist groups
A) Capabilities, intentions and attack methods of adversaries
B) Interactions between relevant agents, actions
C) Individuals, organizations or groups that originate a particular threat action
D) Activist groups
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
16
Help desk staff can be a threat due to
A) Abuse of privileges
B) Human errors
C) Lack of training
D) All of the above
A) Abuse of privileges
B) Human errors
C) Lack of training
D) All of the above
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
17
Internal threat agents include
A) Partners and suppliers
B) Activist groups and competitors
C) Help desk and janitorial services
D) Auditors and hurricanes
A) Partners and suppliers
B) Activist groups and competitors
C) Help desk and janitorial services
D) Auditors and hurricanes
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
18
Most attacks on organizations originate from
A) Internal agents
B) External agents
C) Partners
D) Competitors, organized groups and former employees
A) Internal agents
B) External agents
C) Partners
D) Competitors, organized groups and former employees
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
19
Threat agents are typically classified as
A) External agents, internal agents and partners
B) Essentiality, and deferability
C) Internal auditors and help desk
D) Consultants, cloud service providers and suppliers
A) External agents, internal agents and partners
B) Essentiality, and deferability
C) Internal auditors and help desk
D) Consultants, cloud service providers and suppliers
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
20
The 419 Nigerian scam is an example of an)
A) Partner
B) Activist group
C) Natural cause
D) Cybercrime
A) Partner
B) Activist group
C) Natural cause
D) Cybercrime
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
21
Unapproved software can be a threat action because
A) The software may be exploited by hackers
B) Organizations do not like employees or users to pay for software
C) The software may take up hard disk space
D) The software may have been developed by a competitor
A) The software may be exploited by hackers
B) Organizations do not like employees or users to pay for software
C) The software may take up hard disk space
D) The software may have been developed by a competitor
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
22
Phishing is
A) An activity performed by agents to compromise assets
B) Convincing users to do something they would not ordinarily do
C) Using email to try and get a user to divulge confidential information
D) Malicious content entered by an end user on a web-based system
A) An activity performed by agents to compromise assets
B) Convincing users to do something they would not ordinarily do
C) Using email to try and get a user to divulge confidential information
D) Malicious content entered by an end user on a web-based system
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
23
OWASP is
A) An organization that is attempting to make web applications more secure
B) A species of Wasp that is abundant in the United States
C) The wasp species that Grace Hooper discovered in the Harvard Mark II computer as the source of errors in the computer
D) The little faults and difficulties in inventions, as labeled by Thomas Edison
A) An organization that is attempting to make web applications more secure
B) A species of Wasp that is abundant in the United States
C) The wasp species that Grace Hooper discovered in the Harvard Mark II computer as the source of errors in the computer
D) The little faults and difficulties in inventions, as labeled by Thomas Edison
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
24
As a threat action, social engineering is
A) An activity performed by agents to compromise assets
B) Convincing users to do something they would not ordinarily do
C) Software that performs simple tasks automatically and repetitively, usually at the direction of another software
D) Malicious content entered by an end user on a web-based system
A) An activity performed by agents to compromise assets
B) Convincing users to do something they would not ordinarily do
C) Software that performs simple tasks automatically and repetitively, usually at the direction of another software
D) Malicious content entered by an end user on a web-based system
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
25
In the information security context, Black Tuesday refers to
A) The day Google's stock fell by 50% immediately after its IPO
B) The day a company finally turns profitable for the year
C) The day the firm lost a bulk of its email
D) The typical day on which Microsoft releases patches
A) The day Google's stock fell by 50% immediately after its IPO
B) The day a company finally turns profitable for the year
C) The day the firm lost a bulk of its email
D) The typical day on which Microsoft releases patches
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
