Fill This Form To Receive Instant Help
Homework answers / question archive / California State University, Fresno - IS 6E Package Title: Test Bank Course Title: Introduction to IS 6e Chapter Number: 4 Question Type: Multiple Choice 1)Which hacker group successfully attacked Sony Picture Entertainment on November 24, 2014? A
California State University, Fresno - IS 6E
Package Title: Test Bank
Course Title: Introduction to IS 6e
Chapter Number: 4
Question Type: Multiple Choice
1)Which hacker group successfully attacked Sony Picture Entertainment on November 24, 2014?
A. Anonymous
B. Guardians of Peace
C. Hackweiser
D. Legion of Doom
2. The main purpose for the attack on Sony Picture Entertainment on November 24, 2014 was to .
A. sell social security numbers
B. steal credit card numbers
C. stop the release of the move The Interview
D. threaten the US government
3. was originally accused of the Sony Picture Entertainment hack on November 24, 2014; their involvement been proved.
A. China; has
B. China; has not
C. North Korea; has
D. North Korea; has not
4. manages the internet connections for North Korea and could stop hacking attempts on the US.
A. Australia
B. China
C. India
D. Russia
5. Which country is currently in a dispute with the US over bilateral hacking?
A. Australia
B. China
C. India
D. United Kingdom
6. Which of the following is NOT a lesson learned from the Sony Picture Entertainment hack on November 24, 2014?
A. China is the leading hacking group that encourages similar behavior from other countries.
B. It appears that it is impossible to secure the Internet.
C. It is difficult, if not impossible, for organization to provide perfect security for their data.
D. There is a growing danger that countries are engaging in economic cyberwarfare among themselves.
7. is any danger to which a system may be exposed.
A. Exposure
B. Information security
C. Threat
D. Security
8. is the possibility that the system will be harmed by a threat.
A. Exposure
B. Threat
C. Security
D. Vulnerability
9. Wireless is a(n) inherently network.
A. trusted
B. neutral
C. untrusted
D. useful
10. Which of the following is FALSE?
A. It is easier to be a hacker nowadays.
B. Mainframes make it easy to communicate freely and seamlessly with everyone.
C. Management doesn’t always support security efforts.
D. Thumb drives make it easy to steal huge amounts of sensitive information.
11. Cybercriminals
A. are violent criminals.
B. can be easily arrested, once they are found.
C. don’t make that much money; they do it for fun.
D. target known software security weaknesses.
12. Which of the following is NOT one of the most dangerous employees to information security?
A. Accountants
B. HR employees
C. Janitors
D. MIS employees
13. The airport’s self check-in computers are a(n) threat.
A. outside
B. employee
C. hardware
D. software
14. Weak passwords are a(n) threat.
A. outside
B. employee
C. hardware
D. software
15. Which of the following is NOT an unintentional threat to information systems?
A. Careless monitoring of environmental hazards
B. Choosing a weak password
C. Having an unlocked desk or filing cabinet after going home
D. Viruses
16. is an attack in which the perpetrator uses social skills to trick or manipulate legitimate employees into providing confidential company information such as passwords.
A. Dumpster diving
B. Shoulder surfing
C. Social engineering
D. Tailgating
17. Social engineering is a(n) threat on the part of the employee and a(n)
threat on the part of the social engineer.
A. deliberate; unintentional
B. deliberate; deliberate
C. unintentional; deliberate
D. unintentional; unintentional
18. OpenSSL is software.
A. Banking
B. Encryption
C. Hacking
D. Free
19. The Heartbleed bug is an encryption security flaw in the software package that was an mistake by the software developer.
A. Microsoft; intended
B. Microsoft; unintended
C. OpenSSL; intended
D. OpenSSL; unintended
20. Google created a code fix for the Heartbleed bug. Which of the following is a TRUE statement?
A. Home internet routers should be largely safe from this bug since they don’t exchange enough sensitive data to be a target.
B. Industrial control systems are highly vulnerable since they are updated infrequently.
C. Organizations simply have to install the fix.
D. Organizations need to install the fix and just create new private key-public key pairs.
21. is threatening to steal or actually stealing information from a company and then demanding payment to not use or release that information.
A. Competitive intelligence
B. Espionage
C. Information extortion
D. Intellectual property
22. Phishing is an example of .
A. Copyright infringement
B. Espionage
C. Sabotage
D. Software attack
23. You start browsing your favorite home improvement company’s website and notice someone has changed all the logos to their main competitor’s logos. This is an example of .
A. Espionage
B. Identity theft
C. Information extortion
D. Sabotage
24. is an identity theft technique.
A. Dumpster diving
B. Espionage
C. Sabotage
D. Vandalism
25. Coca-Cola’s formula is an example of a .
A. Copyright
B. Patent
C. Trade secret
D. All of the above
26. A is a remote attack requiring user action.
A. back door
B. denial-of-service attack
C. logic bomb
D. phishing attack
27. A is a remote attack needing no user action.
A. back door
B. denial-of-service attack
C. logic bomb
D. phishing attack
28. A is an attack by a programmer developing a system.
A. back door
B. denial-of-service attack
C. phishing attack
D. virus
29. A is an attack by a programmer developing a system.
A. denial-of-service attack
B. logic bomb
C. phishing attack
D. worm
30. Which of the following is NOT an example of alien software?
A. Adware
B. Blockware
C. Spamware
D. Spyware
31. The goal of CAPTCHA is to .
A. ensure you aren’t alien software
B. hack into secure networks
C. protect networks against hackers
D. remove alien software from your computer
32. SCADA attacks typically occur on .
A. Hacker networks
B. Industrial control systems
C. Personal computers
D. Government networks
33. Shodan’s primary purpose is .
A. a hacker website
B. a service that searches the internet for devices connected to the internet
C. a website that shows which devices are vulnerable to hackers
D. to help users search for other people who use similar devices
34. Shodan is used for .
A. creating a backdoor
B. SCADA attacks
C. spreading viruses
D. phishing
35. The Shodan case illustrates .
A. how vulnerable all devices are, even if they aren’t connected to the internet
B. strong passwords aren’t necessary on home devices since most hackers don’t care about such a small target
C. that hackers and security researchers use the same sites to identify vulnerabilities
D. the government is doing nothing to protect our privacy
36. is a process whereby the organization takes concrete actions against risks, such as implementing controls and developing a disaster recovery plan.
A. Risk
B. Risk analysis
C. Risk management
D. Risk mitigation
37. You have a small business that has had problems with malware on your employees’ computers. You decide to hire a third-party company such as GFI Software to implement security controls and then monitor your company’s systems. You are adopting a risk
strategy.
A. acceptance
B. analysis
C. limitation
D. transference
38. Risk means absorbing any damages that occur.
A. acceptance
B. analysis
C. limitation
D. transference
39. If you hire a cybersecurity company like FireEye to identify security weaknesses in your information systems, you are using a risk strategy.
A. acceptance
B. analysis
C. limitation
D. transference
40. You decide to use the password “1234” on your computer because you figure nobody cares enough about your information to steal it. This is a risk strategy.
A. acceptance
B. analysis
C. limitation
D. transference
41. According to the “Catching a Hacker” case, is one of the most sophisticated and destructive malicious software programs ever developed.
A. the Heartbleed bug
B. FireEye
C. Shodan
D. SpyEye
42. The purpose of SpyEye is to .
A. catch hackers in the act of hacking
B. collect personal and financial information
C. facilitate SCADA attacks by seeing which systems are vulnerable
D. watch what you do on your computer
43. A firewall is a control.
A. access
B. communication
C. physical
D. virtual
44. Biometrics is something the user .
A. Does
B. Has
C. Is
D. Knows
45. A smart ID card is something the user .
A. Does
B. Has
C. Is
D. Knows
46. is one common example of SSL.
A. http
B. https
C. www
D. wwws
47. If you have an empty building you can move into if your primary location is destroyed, you’ve implemented a site.
A. Cold
B. Hot
C. Neutral
D. Warm
48. Auditing the computer means inputs, outputs, and processing are checked.
A. Around
B. Into
C. Through
D. With
49. percent of organizational breaches exploit weak or stolen user credentials.
A. 26
B. 51
C. 76
D. 99
50. Security must be balanced with for people to use systems.
A. Convenience
B. Cost
C. Time
D. Trust
51. The main problem with multifactor authentication is .
A. it’s a single point of failure
B. it’s too hard to do
C. it will invade our privacy
D. there are no problems with multifactor authentication
52. is a computer security firm that sells malware detection tools to companies like Target.
A. Heartbleed
B. FireEye
C. Shodan
D. SpyEye
53. The Target data breach started with a .
A. back door
B. denial-of-service attack
C. logic bomb
D. phishing attack
54. By hiring FireEye to improve their security, Target adopted a risk strategy; this strategy was .
A. limitation; a failure
B. limitation; successful
C. transference; a failure
D. transference; successful
Question Type: True/False
1. Wireless is an untrusted network.
2. Janitors are no threat to information security since they have no access to company systems.
3. A patent lasts for the life of the creator plus 70 years.
4. A copyright lasts 20 years.
5. Competitive intelligence is industrial espionage.
6. The goal of risk management is to reduce risk to acceptable levels.
7. Tracking down cybercriminals is the most difficult and only real challenge authorities face.
8. Biometrics is an authentication tool.
9. Blacklisting is when everything can run except what is on the list.
10. Whitelisting is when nothing can run unless it is on the list.
Question Type: Fill-in-the-Blank
1. is the loss of business from increased customer turnover.
2. refers to all the processes and policies designed to protect an organization’s information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
3. is an attack in which the perpetrator uses social skills to trick or manipulate legitimate employees into providing confidential company information such as passwords.
4. is software that causes pop-up advertisements to appear on your screen.
5. is the probability that a threat will impact an information resource.
6. controls restrict unauthorized individuals from using information resources.
Question Type: Essay
1. What are the five factors that contribute to the increasing vulnerability of organizational information resources? Using the Target case as an example, how did each of these five factors contribute to that situation?
2. Why are IT people, consultants, janitors, and guards such dangerous employees? How can you protect a company’s assets against these people?
3. Identity theft is a deliberate threat to information systems and is one of the largest concerns of consumers and businesses today. What are the four techniques the book mentions for illegally obtaining information? How can you protect yourself or your future business from these threats?
4. Why is it so difficult to stop cybercriminals?
5. What are the six basic guidelines for creating strong passwords? Without divulging your passwords, how do your passwords “add up” and why? HINT: You should specifically address each of the six guidelines for your passwords.
Already member? Sign In