Deck 16: Cybersecurity

A) actions by programmers with malicious intentions that pose a risk to a company.
B) the measures a company takes to protect a computer or system against unauthorized access or attacks.
C) actions taken by managers which pose a risk to the company.
D) actions by executives who treat the company's assets as their own.

A) chaos and destruction.
B) financial data breach.
C) ransomware.
D) reconnaissance.

A) obtain financial data.
B) create a denial of service.
C) obtain customer information.
D) cause chaos and destruction.

A) a financial data breach.
B) ransomware.
C) reconnaissance.
D) chaos and destruction.

A) Chief Executive Officer.
B) Chief Information Officer.
C) Chief Marketing Officer.
D) Chief Operating Officer.

A) Chief Executive Officer.
B) Chief Marketing Officer.
C) Chief Technology Officer.
D) Chief Operating Officer.

A) Chief Executive Officer.
B) Chief Marketing Officer.
C) Chief Operating Officer.
D) Chief Information Security Officer.

A) Recover
B) Identify
C) Protect
D) Detect

A) Recover
B) Identify
C) Protect
D) Detect

A) Recover
B) Identify
C) Protect
D) Detect

A) Recover
B) Identify
C) Protect
D) Detect

A) Respond
B) Identify
C) Protect
D) Detect

A) a list of cybersecurity risks companies may face.
B) a catalog of security control baselines for business.
C) a checklist for Information Technology professionals.
D) a list of entry level cybersecurity jobs for Accounting professionals.

A) 53 chapters.
B) 5 sections.
C) 18 control families.
D) 27 volumes.

A) AT
B) AN
C) AL
D) AC

A) AT
B) AN
C) AL
D) AC

A) SA
B) CA
C) AA
D) AS

A) CO
B) MC
C) CM
D) CP

A) MT
B) AM
C) MN
D) MA

A) PE
B) PP
C) PH
D) PY

A) PR
B) PS
C) PE
D) SE

A) SY
B) SS
C) SI
D) SN

A) Gather information about the network, access the network, disrupt the network
B) Access the network, gather information about the network, disrupt the network
C) Access the network, disrupt the network, gather information about the network
D) Disrupt the network, gather information about the network, access the network

A) Steal passwords
B) Gather information about the network
C) Access the network
D) Disrupt the network

A) person, company
B) company, person
C) person, technical weak point
D) company, technical weak point

A) Conceptual attack, theoretical attack
B) Conceptual attack, logical attack
C) Physical attack, conceptual attack
D) Physical attack, logical attack

A) Reconnaissance attack
B) Access attack
C) Disruptive attack
D) Translucent attack

A) Reconnaissance attack
B) Access attack
C) Disruptive attack
D) Translucent attack

A) Reconnaissance attack
B) Access attack
C) Disruptive attack
D) Translucent attack

A) Email phishing
B) Dumpster diving
C) Eavesdropping
D) Malware

A) Phishing
B) Dumpster diving
C) Eavesdropping
D) Malware

A) Phishing
B) Dumpster diving
C) Eavesdropping
D) Malware

A) Only allow email from certified businesses
B) Shut down email
C) Monitor employee's email
D) Train employees to recognize and report red flags

A) Sending from obscure domains that are designed to look similar to legitimate domains
B) Addressing the email to a generic recipient
C) Including grammar or spelling mistakes
D) Using words like "suspended", "security concerns," and "immediately"

A) Sending from obscure domains that are designed to look similar to legitimate domains
B) Addressing the email to a generic recipient
C) Including grammar or spelling mistakes
D) Using words like "suspended", "security concerns," and "immediately"

A) Sending from obscure domains that are designed to look similar to legitimate domains
B) Addressing the email to a generic recipient
C) Including grammar or spelling mistakes
D) Using words like "suspended", "security concerns," and "immediately"

A) Sending from obscure domains that are designed to look similar to legitimate domains
B) Addressing the email to a generic recipient
C) Including grammar or spelling mistakes
D) Using words like "suspended", "security concerns," and "immediately"

A) Hovering over a link in the email shows the actual link is not the same as the displayed text.
B) Addressing the email to a generic recipient
C) Including grammar or spelling mistakes
D) Using words like "suspended", "security concerns," and "immediately"

A) Sending from obscure domains that are designed to look similar to legitimate domains
B) Asking for personal information in a survey instead of taking you to a company portal to input information directly in the corporate system
C) Including grammar or spelling mistakes
D) Using words like "suspended", "security concerns," and "immediately"

A) Sending from obscure domains that are designed to look similar to legitimate domains
B) A standard network protocol that allows users to transfer files between the company network and outside parties
C) The process of using an algorithm to encode a plaintext message and converting it to something that is seemingly meaningless
D) Asking for personal information in a survey instead of taking you to a company portal to input information directly in the corporate system

A) Sending from obscure domains that are designed to look similar to legitimate domains
B) A standard network protocol that allows users to transfer files between the company network and outside parties
C) The process of using an algorithm to encode a plaintext message and converting it to something that is seemingly meaningless
D) Asking for personal information in a survey instead of taking you to a company portal to input information directly in the corporate system

A) ping sweep
B) port scan
C) computer scan
D) network sweep

A) ping sweep
B) port scans
C) computer scan
D) network sweep

A) Vulnerability scans
B) Penetration tests
C) Patches
D) Upgrades

A) Vulnerability scans
B) Penetration tests
C) Patches
D) Upgrades

A) Vulnerability scans
B) Penetration tests
C) Patches
D) Upgrades

A) result in access to either hardware or people.
B) seek unauthorized access to a system by either exploiting a network vulnerability or attempting to use force to get through network security.
C) result in access to customers or vendors.
D) seek unauthorized access to employee records on the network.

A) Networks
B) Humans
C) Systems
D) Routers

A) Unauthorized users are aware that there is a tailgater.
B) The authorized user is aware of the other person and blocks entry to the tailgater.
C) Authorized users are unaware that there is a tailgater.
D) The authorized user is aware of the other person but may politely hold the door for the tailgater.

A) Unauthorized users are aware that there is a tailgater.
B) The authorized user is aware of the other person and blocks entry to the tailgater.
C) Authorized users are unaware that there is a tailgater.
D) The authorized user is aware of the other person but may politely hold the door for the tailgater.

A) result in access to either hardware or people.
B) seek unauthorized access to a system by either exploiting a network vulnerability or attempting to use force to get through network security.
C) result in access to customers or vendors.
D) seek unauthorized access to employee records on the network.

A) Brute-force attack
B) On-path attack
C) IP spoofing
D) Tailgating

A) An attacker forces access to the network by attempting many passwords or phrases until finding the correct one.
B) An attacker attempts to gain access to an on-going communication between two endpoints by pretending to be each of the parties.
C) An attacker disguises their identity and impersonates a legitimate computer on the network.
D) An attacker follows an authorized user into the system.

A) Brute-force attack
B) On-path attack
C) IP spoofing
D) Tailgating

A) An on-path attack is when the attacker forces access to the network by attempting many passwords or phrases until finding the correct one.
B) An on-path attack is when the attacker attempts to gain access to an on-going communication between two endpoints by pretending to be each of the parties.
C) An on-path attack is when the attacker disguises their identity and impersonates a legitimate computer on the network.
D) An on-path attack is when the attacker follows an authorized user into the system.

A) Brute-force attack
B) On-path attack
C) IP spoofing
D) Tailgating

A) IP spoofing is when the attacker forces access to the network by attempting many passwords or phrases until finding the correct one.
B) IP spoofing is when the attacker attempts to gain access to an on-going communication between two endpoints by pretending to be each of the parties.
C) IP spoofing is when the attacker disguises their identity and impersonates a legitimate computer on the network.
D) IP spoofing is when the attacker follows an authorized user into the system.

A) 2 - 6 characters
B) 18 - 32 characters
C) 4 - 8 characters
D) 8 - 64 characters

A) Mixture of letters, numbers, and special characters
B) Numbers only
C) Mixture of numbers and letters
D) Letters only

A) Reset your password every month.
B) Only reset your password if you know it has been compromised.
C) Reset your password every six months.
D) Never reset your password.

A) Combine multiple common words in a password.
B) Reuse previous passwords so you remember them.
C) Avoid dictionary words.
D) Use your name as the password.

A) The hacker is actively communicating with the server.
B) The hacker is passively injected into the connection.
C) The hacker is actively injected into the connection.
D) The hacker is only listening to or intercepting the communication.

A) Brute-force attack
B) On-path attack
C) IP spoofing
D) Tailgating

A) Brute-force attack
B) On-path attack
C) IP spoofing
D) Tailgating

A) Brute-force attack
B) On-path attack
C) IP spoofing
D) Tailgating

A) Brute-force attack
B) On-path attack
C) IP spoofing
D) Tailgating

A) Brute-force attack
B) On-path attack
C) IP spoofing
D) Tailgating

A) Brute-force attack
B) On-path attack
C) IP spoofing
D) Tailgating

A) Denial-of-service attack
B) Malware attack
C) Virus attack
D) Logic bomb attack

A) An attack that prohibits users from using resources such as computers, websites, servers, or an entire network
B) An attack that uses destructive programs to take down a system
C) An attack that is disguised as benign software but carries malicious code that may be activated via a logic bomb
D) An attack that is a piece of malicious code that is programmed into a system and remains dormant until certain conditions are met

A) An attack that creates a virus that cause a variety of problems
B) An attack that is disguised as benign software but carries malicious code that may be activated via a logic bomb
C) An attack that uses computers infected with malware that function like robots
D) An attack that uses multiple machines or IP addresses to force the target to shut down

A) An attack that creates a virus that cause a variety of problems
B) An attack that is disguised as benign software but carries malicious code that may be activated via a logic bomb
C) An attack that uses computers infected with malware that function like robots
D) An attack that uses multiple machines or IP addresses to force the target to shut down

A) firewalls
B) servers
C) websites
D) ecommerce sites

A) servers
B) routers
C) websites
D) ecommerce sites

A) servers
B) websites
C) intrusion detection systems
D) ecommerce sites

A) Manage capacity, bandwidth, or other redundancy to limit the effects of an attack.
B) Employ malicious code protection mechanisms at information system entry and exit points.
C) Configure malicious code detection to perform periodic scans of the information system, block malicious code, quarantine malicious code, and notify the administrator.
D) Monitor the information systems to detect attacks and indicators of potential attacks, including unauthorized local, network, and remote connections.

A) Employ malicious code protection mechanisms at information system entry and exit points.
B) Employ monitoring tools to detect indicators of attacks against, or launched from, the system.
C) Configure malicious code detection to perform periodic scans of the information system, block malicious code, quarantine malicious code, and notify the administrator.
D) Monitor the information systems to detect attacks and indicators of potential attacks, including unauthorized local, network, and remote connections.

A) Employ malicious code protection mechanisms at information system entry and exit points.
B) Configure malicious code detection to perform periodic scans of the information system, block malicious code, quarantine malicious code, and notify the administrator.
C) Monitor system resources to determine if sufficient resources exist to prevent effective attacks.
D) Monitor the information systems to detect attacks and indicators of potential attacks, including unauthorized local, network, and remote connections.

A) Denial-of-service attack
B) Malware attack
C) Virus attack
D) Logic bomb attack