Question 1

The main purpose for the attack on Sony Picture Entertainment on November 24, 2014 was to __________.&#10;A)sell social security numbers&#10;B)steal credit card numbers&#10;C)stop the release of the move The Interview&#10;D)threaten the US government

Accepted Answer

The attack on Sony Picture Entertainment on November 24, 2014 was primarily aimed at preventing the release of the movie The Interview, which was a comedy film that mocked the North Korean regime and featured a plot to assassinate its leader, Kim Jong-Un. The hackers, who were allegedly backed by the North Korean government, warned Sony not to release the movie and threatened to carry out terrorist attacks against theaters that showed it. As a result of the threat, several major theater chains decided not to screen the film, and Sony eventually canceled its release altogether.

Question 2

Weak passwords are a(n)___________ threat.&#10;A)outside&#10;B)employee&#10;C)hardware&#10;D)software

Accepted Answer

Weak passwords are a threat caused by employees who fail to follow proper password guidelines and create easily guessable passwords. The other options - outside, hardware, and software - do not directly relate to password strength.

Question 3

_________ is the possibility that the system will be harmed by a threat.&#10;A)Exposure&#10;B)Threat&#10;C)Security&#10;D)Vulnerability

Accepted Answer

Vulnerability refers to the weakness or flaw in a system that makes it susceptible to threat or attack. It represents the potential for harm or damage to the system.

Question 4

The Heartbleed bug is an encryption security flaw in the ___________ software package that was an _____________ mistake by the software developer.&#10;A)Microsoft; intended&#10;B)Microsoft; unintended&#10;C)OpenSSL; intended&#10;D)OpenSSL; unintended

Accepted Answer

The Heartbleed bug is a security flaw in the OpenSSL software package, which is an open-source encryption technology used to encrypt sensitive data on websites, servers, and other devices. The bug was an unintended mistake in the coding by the OpenSSL developer team. Therefore, option D, OpenSSL; unintended, is the correct answer. Option A, Microsoft; intended, and option C, OpenSSL; intended, are incorrect as the Heartbleed bug has nothing to do with Microsoft and was not a deliberate act by the OpenSSL team.

Question 5

The airport's self check-in computers are a(n)__________ threat.&#10;A)outside&#10;B)employee&#10;C)hardware&#10;D)software

Accepted Answer

The self check-in computers are physical equipment, thus they are considered hardware. They are not an outside threat, as they are part of the airport's system. They are also not an employee threat, as they do not involve human actions. While there may be potential software vulnerabilities, the question specifically refers to the computers themselves, so the best choice is hardware.

Question 6

Which of the following is NOT an unintentional threat to information systems?&#10;A)Careless monitoring of environmental hazards&#10;B)Choosing a weak password&#10;C)Having an unlocked desk or filing cabinet after going home&#10;D)Viruses

Accepted Answer

Viruses are not unintentional threats as they are intentionally created by individuals with malicious intent. The other options are examples of unintentional threats as they are caused by human error or oversight.

Question 7

Social engineering is a(n)___________ threat on the part of the employee and a(n)_________ threat on the part of the social engineer.&#10;A)deliberate; unintentional&#10;B)deliberate; deliberate&#10;C)unintentional; deliberate&#10;D)unintentional; unintentional

Accepted Answer

Social engineering is typically an unintentional threat from the employee's perspective as they are often unaware they are being manipulated, while it is a deliberate threat from the social engineer's perspective as they intentionally deceive to gain information.

Question 8

_________________ was originally accused of the Sony Picture Entertainment hack on November 24, 2014; their involvement ____________ been proved.&#10;A)China; has&#10;B)China; has not&#10;C)North Korea; has&#10;D)North Korea; has not

Accepted Answer

North Korea was originally accused of the Sony Picture Entertainment hack, but their involvement has not been definitively proved.

Question 9

_________ is any danger to which a system may be exposed.&#10;A)Exposure&#10;B)Information security&#10;C)Threat&#10;D)Security

Accepted Answer

Threat is defined as any potential danger or risk to a system or organization's assets, such as data, information, or technology. Therefore, option C is the correct answer. Option A (Exposure) is the state of being vulnerable to threats or risks, whereas option B (Information Security) refers to the set of practices, procedures, and policies designed to protect sensitive information. Option D (Security) is too broad and general to be the correct answer.

Question 10

Which hacker group successfully attacked Sony Picture Entertainment on November 24, 2014?&#10;A)Anonymous&#10;B)Guardians of Peace&#10;C)Hackweiser&#10;D)Legion of Doom

Accepted Answer

It was the Guardians of Peace (GOP) who successfully attacked Sony Picture Entertainment on November 24, 2014. They were suspected of being associated with North Korea and carried out the attack in retaliation for the release of the film "The Interview," which depicted the assassination of North Korean leader Kim Jong-un.

Question 11

Which country is currently in a dispute with the US over bilateral hacking?&#10;A)Australia&#10;B)China&#10;C)India&#10;D)United Kingdom

Accepted Answer

The answer of Which country is currently in a dispute...

Question 12

Wireless is a(n)inherently _________ network.&#10;A)trusted&#10;B)neutral&#10;C)untrusted&#10;D)useful

Accepted Answer

The answer of Wireless is a(n)inherently _________ network.&#10;A)trusted&#10;B)neutral&#10;C)untrusted&#10;D)useful...

Question 13

Which of the following is NOT one of the most dangerous employees to information security?&#10;A)Accountants&#10;B)HR employees&#10;C)Janitors&#10;D)MIS employees

Accepted Answer

The answer of Which of the following is NOT one...

Question 14

Cybercriminals _________&#10;A)are violent criminals.&#10;B)can be easily arrested, once they are found.&#10;C)don't make that much money; they do it for fun.&#10;D)target known software security weaknesses.

Accepted Answer

The answer of Cybercriminals _________&#10;A)are violent criminals.&#10;B)can be easily arrested,...

Question 15

_____________________ is an attack in which the perpetrator uses social skills to trick or manipulate legitimate employees into providing confidential company information such as passwords.&#10;A)Dumpster diving&#10;B)Shoulder surfing&#10;C)Social engineering&#10;D)Tailgating

Accepted Answer

The answer of _____________________ is an attack in which the...

Question 16

Google created a code fix for the Heartbleed bug. Which of the following is a TRUE statement?&#10;A)Home internet routers should be largely safe from this bug since they don't exchange enough sensitive data to be a target.&#10;B)Industrial control systems are highly vulnerable since they are updated infrequently.&#10;C)Organizations simply have to install the fix.&#10;D)Organizations need to install the fix and just create new private key-public key pairs.

Accepted Answer

The answer of Google created a code fix for the...

Question 17

_________________ manages the internet connections for North Korea and could stop hacking attempts on the US.&#10;A)Australia&#10;B)China&#10;C)India&#10;D)Russia

Accepted Answer

The answer of _________________ manages the internet connections for North...

Question 18

Which of the following is NOT a lesson learned from the Sony Picture Entertainment hack on November 24, 2014?&#10;A)China is the leading hacking group that encourages similar behavior from other countries.&#10;B)It appears that it is impossible to secure the Internet.&#10;C)It is difficult, if not impossible, for organization to provide perfect security for their data.&#10;D)There is a growing danger that countries are engaging in economic cyberwarfare among themselves.

Accepted Answer

The answer of Which of the following is NOT a...

Question 19

OpenSSL is __________ software.&#10;A)Banking&#10;B)Encryption&#10;C)Hacking&#10;D)Free

Accepted Answer

The answer of OpenSSL is __________ software.&#10;A)Banking&#10;B)Encryption&#10;C)Hacking&#10;D)Free...

Question 20

Which of the following is FALSE?&#10;A)It is easier to be a hacker nowadays.&#10;B)Mainframes make it easy to communicate freely and seamlessly with everyone.&#10;C)Management doesn't always support security efforts.&#10;D)Thumb drives make it easy to steal huge amounts of sensitive information.

Accepted Answer

The answer of Which of the following is FALSE?&#10;A)It is...

Question 21

Phishing is an example of __________.&#10;A)Copyright infringement&#10;B)Espionage&#10;C)Sabotage&#10;D)Software attack

Accepted Answer

The answer of Phishing is an example of __________.&#10;A)Copyright infringement&#10;B)Espionage&#10;C)Sabotage&#10;D)Software...

Question 22

You decide to use the password &#34;1234&#34; on your computer because you figure nobody cares enough about your information to steal it. This is a risk __________ strategy.&#10;A)acceptance&#10;B)analysis&#10;C)limitation&#10;D)transference

Accepted Answer

The answer of You decide to use the password &#34;1234&#34;...

Question 23

A ___________ is a remote attack requiring user action.&#10;A)back door&#10;B)denial-of-service attack&#10;C)logic bomb&#10;D)phishing attack

Accepted Answer

The answer of A ___________ is a remote attack requiring...

Question 24

If you hire a cybersecurity company like FireEye to identify security weaknesses in your information systems, you are using a risk _________ strategy.&#10;A)acceptance&#10;B)analysis&#10;C)limitation&#10;D)transference

Accepted Answer

The answer of If you hire a cybersecurity company like...

Question 25

Risk _______________ means absorbing any damages that occur.&#10;A)acceptance&#10;B)analysis&#10;C)limitation&#10;D)transference

Accepted Answer

The answer of Risk _______________ means absorbing any damages that...

Question 26

A ___________ is an attack by a programmer developing a system.&#10;A)back door&#10;B)denial-of-service attack&#10;C)phishing attack&#10;D)virus

Accepted Answer

The answer of A ___________ is an attack by a...

Question 27

You have a small business that has had problems with malware on your employees' computers. You decide to hire a third-party company such as GFI Software to implement security controls and then monitor your company's systems. You are adopting a risk ________ strategy.

A)acceptance
B)analysis
C)limitation
D)transference

Accepted Answer

The answer of You have a small business that has...

Question 28

___________ is threatening to steal or actually stealing information from a company and then demanding payment to not use or release that information.&#10;A)Competitive intelligence&#10;B)Espionage&#10;C)Information extortion&#10;D)Intellectual property

Accepted Answer

The answer of ___________ is threatening to steal or actually...

Question 29

Coca-Cola's formula is an example of a ___________.&#10;A)Copyright&#10;B)Patent&#10;C)Trade secret&#10;D)All of the above

Accepted Answer

The answer of Coca-Cola's formula is an example of a...

Question 30

_______________ is a process whereby the organization takes concrete actions against risks, such as implementing controls and developing a disaster recovery plan.&#10;A)Risk&#10;B)Risk analysis&#10;C)Risk management&#10;D)Risk mitigation

Accepted Answer

The answer of _______________ is a process whereby the organization...

Question 31

Shodan is used for _________.&#10;A)creating a backdoor&#10;B)SCADA attacks&#10;C)spreading viruses&#10;D)phishing

Accepted Answer

The answer of Shodan is used for _________.&#10;A)creating a backdoor&#10;B)SCADA...

Question 32

A ___________ is an attack by a programmer developing a system.&#10;A)denial-of-service attack&#10;B)logic bomb&#10;C)phishing attack&#10;D)worm

Accepted Answer

The answer of A ___________ is an attack by a...

Question 33

__________ is an identity theft technique.&#10;A)Dumpster diving&#10;B)Espionage&#10;C)Sabotage&#10;D)Vandalism

Accepted Answer

The answer of __________ is an identity theft technique.&#10;A)Dumpster diving&#10;B)Espionage&#10;C)Sabotage&#10;D)Vandalism...

Question 34

Which of the following is NOT an example of alien software?&#10;A)Adware&#10;B)Blockware&#10;C)Spamware&#10;D)Spyware

Accepted Answer

The answer of Which of the following is NOT an...

Question 35

You start browsing your favorite home improvement company's website and notice someone has changed all the logos to their main competitor's logos. This is an example of ___________.&#10;A)Espionage&#10;B)Identity theft&#10;C)Information extortion&#10;D)Sabotage

Accepted Answer

The answer of You start browsing your favorite home improvement...

Question 36

Shodan's primary purpose is ___________.&#10;A)a hacker website&#10;B)a service that searches the internet for devices connected to the internet&#10;C)a website that shows which devices are vulnerable to hackers&#10;D)to help users search for other people who use similar devices

Accepted Answer

The answer of Shodan's primary purpose is ___________.&#10;A)a hacker website&#10;B)a...

Question 37

The Shodan case illustrates ___________.&#10;A)how vulnerable all devices are, even if they aren't connected to the internet&#10;B)strong passwords aren't necessary on home devices since most hackers don't care about such a small target&#10;C)that hackers and security researchers use the same sites to identify vulnerabilities&#10;D)the government is doing nothing to protect our privacy

Accepted Answer

The answer of The Shodan case illustrates ___________.&#10;A)how vulnerable all...

Question 38

The goal of CAPTCHA is to ___________.&#10;A)ensure you aren't alien software&#10;B)hack into secure networks&#10;C)protect networks against hackers&#10;D)remove alien software from your computer

Accepted Answer

The answer of The goal of CAPTCHA is to ___________.&#10;A)ensure...

Question 39

SCADA attacks typically occur on ___________.&#10;A)Hacker networks&#10;B)Industrial control systems&#10;C)Personal computers&#10;D)Government networks

Accepted Answer

The answer of SCADA attacks typically occur on ___________.&#10;A)Hacker networks&#10;B)Industrial...

Question 40

A ___________ is a remote attack needing no user action.&#10;A)back door&#10;B)denial-of-service attack&#10;C)logic bomb&#10;D)phishing attack

Accepted Answer

The answer of A ___________ is a remote attack needing...

Question 41

_________ is one common example of SSL.&#10;A)http&#10;B)https&#10;C)www&#10;D)wwws

Accepted Answer

The answer of _________ is one common example of SSL.&#10;A)http&#10;B)https&#10;C)www&#10;D)wwws...

Question 42

The purpose of SpyEye is to _____________.&#10;A)catch hackers in the act of hacking&#10;B)collect personal and financial information&#10;C)facilitate SCADA attacks by seeing which systems are vulnerable&#10;D)watch what you do on your computer

Accepted Answer

The answer of The purpose of SpyEye is to _____________.&#10;A)catch...

Question 43

___ percent of organizational breaches exploit weak or stolen user credentials.&#10;A)26&#10;B)51&#10;C)76&#10;D)99

Accepted Answer

The answer of ___ percent of organizational breaches exploit weak...

Question 44

A patent lasts for the life of the creator plus 70 years.

Accepted Answer

The answer of A patent lasts for the life of...

Question 45

By hiring FireEye to improve their security, Target adopted a risk _________ strategy; this strategy was ___________.&#10;A)limitation; a failure&#10;B)limitation; successful&#10;C)transference; a failure&#10;D)transference; successful

Accepted Answer

The answer of By hiring FireEye to improve their security,...

Question 46

Competitive intelligence is industrial espionage.

Accepted Answer

The answer of Competitive intelligence is industrial espionage....

Question 47

The Target data breach started with a ____________.&#10;A)back door&#10;B)denial-of-service attack&#10;C)logic bomb&#10;D)phishing attack

Accepted Answer

The answer of The Target data breach started with a...

Question 48

The main problem with multifactor authentication is _____________.&#10;A)it's a single point of failure&#10;B)it's too hard to do&#10;C)it will invade our privacy&#10;D)there are no problems with multifactor authentication

Accepted Answer

The answer of The main problem with multifactor authentication is...

Question 49

__________ is a computer security firm that sells malware detection tools to companies like Target.&#10;A)Heartbleed&#10;B)FireEye&#10;C)Shodan&#10;D)SpyEye

Accepted Answer

The answer of __________ is a computer security firm that...

Question 50

A copyright lasts 20 years.

Accepted Answer

The answer of A copyright lasts 20 years....

Question 51

Wireless is an untrusted network.

Accepted Answer

The answer of Wireless is an untrusted network....

Question 52

Security must be balanced with _________ for people to use systems.&#10;A)Convenience&#10;B)Cost&#10;C)Time&#10;D)Trust

Accepted Answer

The answer of Security must be balanced with _________ for...

Question 53

According to the &#34;Catching a Hacker&#34; case, ____________ is one of the most sophisticated and destructive malicious software programs ever developed.&#10;A)the Heartbleed bug&#10;B)FireEye&#10;C)Shodan&#10;D)SpyEye

Accepted Answer

The answer of According to the &#34;Catching a Hacker&#34; case,...

Question 54

Auditing __________ the computer means inputs, outputs, and processing are checked.&#10;A)Around&#10;B)Into&#10;C)Through&#10;D)With

Accepted Answer

The answer of Auditing __________ the computer means inputs, outputs,...

Question 55

If you have an empty building you can move into if your primary location is destroyed, you've implemented a _________ site.&#10;A)Cold&#10;B)Hot&#10;C)Neutral&#10;D)Warm

Accepted Answer

The answer of If you have an empty building you...

Question 56

Janitors are no threat to information security since they have no access to company systems.

Accepted Answer

The answer of Janitors are no threat to information security...

Question 57

A firewall is a _______ control.&#10;A)access&#10;B)communication&#10;C)physical&#10;D)virtual

Accepted Answer

The answer of A firewall is a _______ control.&#10;A)access&#10;B)communication&#10;C)physical&#10;D)virtual...

Question 58

Biometrics is something the user _______.&#10;A)Does&#10;B)Has&#10;C)Is&#10;D)Knows

Accepted Answer

The answer of Biometrics is something the user _______.&#10;A)Does&#10;B)Has&#10;C)Is&#10;D)Knows...

Question 59

The goal of risk management is to reduce risk to acceptable levels.

Accepted Answer

The answer of The goal of risk management is to...

Question 60

A smart ID card is something the user _______.&#10;A)Does&#10;B)Has&#10;C)Is&#10;D)Knows

Accepted Answer

The answer of A smart ID card is something the...

Question 61

________________ controls restrict unauthorized individuals from using information resources.

Accepted Answer

The answer of ________________ controls restrict unauthorized individuals from using...

Question 62

Identity theft is a deliberate threat to information systems and is one of the largest concerns of consumers and businesses today. What are the four techniques the book mentions for illegally obtaining information? How can you protect yourself or your future business from these threats?

Accepted Answer

The answer of Identity theft is a deliberate threat to...

Question 63

What are the five factors that contribute to the increasing vulnerability of organizational information resources? Using the Target case as an example, how did each of these five factors contribute to that situation?

Accepted Answer

The answer of What are the five factors that contribute...

Question 64

____________________ is the loss of business from increased customer turnover.

Accepted Answer

The answer of ____________________ is the loss of business from...

Deck 4: Information Security