Question 1

If you receive an email that says it is from Sam Johnson, your boss, with an odd EXE file as an attachment, it could be dangerous for all of the following reasons except:&#10;A) It could be dangerous because the email might not really be from Sam.&#10;B) It could be dangerous because the email might be from Sam's computer without his or her knowledge.&#10;C) It could be dangerous even if it was sent knowingly because Sam didn't know a virus might be attached.&#10;D) It could be dangerous because Sam gave someone his password once a long time ago&#10;E) None of the above (indicating that all are true).

Accepted Answer

All the options provided are valid reasons why the email could be dangerous, indicating that none of them are exceptions.

Question 2

An &#34;evil twin&#34; in the context of computer security is:&#10;A) A virus-laden attachment that looks just like a sincere attachment&#10;B) A duplicate badge that allows a nasty person entry into a data center&#10;C) Someone who looks just like the Chief Information Officer, but steals data&#10;D) An operating system that is not genuine&#10;E) A counterfeit wifi connection in a hotel or coffee shop that appears to be genuine

Accepted Answer

An "evil twin" in computer security refers to a type of attack in which a rogue wifi access point is set up to mimic a legitimate one, in order to lure users into connecting to it and potentially exposing sensitive information. This is typically done in public places such as hotels or coffee shops, where users might be more likely to connect to a free wifi network without verifying its authenticity. The rogue access point is referred to as an "evil twin" because it appears to be the same as the legitimate network, but is actually controlled by a malicious actor.

Question 3

On the black market, stolen data in a &#34;kit&#34; that contains credit card information plus social security number and medical information is worth:&#10;A) between $13 and $18 per record&#10;B) between $43 and 65 per record&#10;C) between $145 and $154 per record&#10;D) between $100 and $1,000 per record&#10;E) between $4,520 and $4,580 per record

Accepted Answer

According to various reports and studies, stolen data in a "kit" containing credit card information, social security numbers, and medical information can be sold on the black market for anywhere between $100 and $1,000 per record. The exact price may vary depending on the type and amount of information included in the kit, as well as the demand for it. Therefore, option D is the best choice.

Question 4

___ of breaches are caused by stealing a password&#10;A) A very low percentage (somewhere around 1%)&#10;B) A low percentage (around 10%)&#10;C) A moderate percentage (around 25%)&#10;D) A high percentage (around 50%)&#10;E) A very high percentage (around 80%)

Accepted Answer

The answer of ___ of breaches are caused by stealing...

Question 5

Thanks to tightened security in operating systems, it is more difficult than ever before for hackers to break into systems, compared to&#160;the early 1990s, when people were much less often protected, less aware of risks,&#160;and more easily fooled.

Accepted Answer

The answer of Thanks to tightened security in operating systems,...

Question 6

Examples of multi-factor authentication are:&#10;A) passwords and text messages&#10;B) passwords with longer than one character&#10;C) a human will chat with you to see who you are&#10;D) using two badges to allow you into a building&#10;E) none of the above

Accepted Answer

Multi-factor authentication involves using two or more different types of factors to verify identity, such as something you know (password) and something you have (text message).

Question 7

In the Office of Personnel Management's case, the security breach made many people vulnerable to this.&#10;A) Loss of personal property&#10;B) Inaccurate personal data&#10;C) Identity theft&#10;D) Loss of access to personal data&#10;E) Credit card fees

Accepted Answer

The security breach at the Office of Personnel Management resulted in the theft of personal information, including Social Security numbers, which could be used for identity theft. It did not result in loss of personal property, inaccurate personal data, loss of access to personal data, or credit card fees.

Question 8

It usually takes ____ for someone in a firm to discover a security compromise in a system, after the evidence shows up in logs or alerts&#10;A) Several seconds&#10;B) Several minutes&#10;C) Several hours&#10;D) Several days&#10;E) Several months

Accepted Answer

The answer of It usually takes ____ for someone in...

Question 9

Over time, attackers have had to increase their skills&#160;to be able to&#160;attack systems or create viruses.

Accepted Answer

The answer of Over time, attackers have had to increase...

Question 10

The cost of a data breach in 2015 is estimated to be:&#10;A) between $13 and $18 per record&#10;B) between $43 and 65 per record&#10;C) between $145 and $154 per record&#10;D) between $100 and $1,000 per record&#10;E) between $4,520 and $4,580 per record

Accepted Answer

According to the 2015 Cost of Data Breach Study by the Ponemon Institute, the cost per record in a data breach is estimated to be between $145 and $154. This cost includes expenses related to detection, notification, and response, as well as lost business and legal fees.

Question 11

Many organizations and even consumers use this to control access to a network like the Internet, allowing only authorized traffic to pass.&#10;A) Encryption&#10;B) VPN&#10;C) Firewall&#10;D) Anonymizing tools&#10;E) Filtering

Accepted Answer

The answer of Many organizations and even consumers use this...

Question 12

Included in the five critical elements that are used to raise security in a firm are all of the following except:&#10;A) Infrastructure&#10;B) Law enforcement&#10;C) Policies&#10;D) Training&#10;E) Investments

Accepted Answer

The answer of Included in the five critical elements that...

Question 13

All of the following are classic signs of a phishing message except:&#10;A) Your email in-box is full and you must click on a link to increase storage&#10;B) You just won a lottery or contest, and you need to click on a link to claim your prize&#10;C) Poor grammar or spelling in a note that purports to be from a large company&#10;D) Goods or services are offered at an impossibly low price&#10;E) An emailed ad oddly does not provide any active links

Accepted Answer

The answer of All of the following are classic signs...

Question 14

Who is responsible for developing security education, awareness, and training programs?&#10;A) IT people&#10;B) Shared: IT leaders and business leaders&#10;C) Business leaders&#10;D) Consultants&#10;E) Team of consultants and IT people

Accepted Answer

The answer of Who is responsible for developing security education,...

Question 15

Spoofing is:&#10;A) When someone makes fun of you for falling for a phishing scam&#10;B) When the &#34;from&#34; address says the name/email address of a person different from who really sent it&#10;C) When hackers snoop around in a system&#10;D) When a person from IT unlocks your email account&#10;E) When you receive a notice of an inheritance

Accepted Answer

The answer of Spoofing is:&#10;A) When someone makes fun of...

Question 16

The most common password of all in 2014 is:&#10;A) Something complex that is hard to remember&#10;B) None at all-they most commonly skip passwords and just press ENTER to continue&#10;C) &#34;password&#34;&#10;D) &#34;123456&#34;&#10;E) &#34;Rihanna&#34;

Accepted Answer

The answer of The most common password of all in...

Question 17

When the Office of Personnel Management was hacked, all of the following are true except:&#10;A) The hackers gained access to the building to steal the records&#10;B) It took the Office of Personnel Management many months to detect the break-in&#10;C) The hackers likely exploited a stolen password&#10;D) The hackers did not need to escape in the blue turbocharged vehicle&#10;E) None of the above (indicating that all are true)

Accepted Answer

The answer of When the Office of Personnel Management was...

Question 18

Who is responsible for decisions about security strategy?&#10;A) IT people&#10;B) Shared: IT leaders and business leaders&#10;C) Business leaders&#10;D) Consultants&#10;E) Team of consultants and IT people

Accepted Answer

The answer of Who is responsible for decisions about security...

Question 19

In the Anthem Blue Cross breach, where 80 million names, birthdays, social security numbers, etc., were stolen, the hackers got in by:&#10;A) Breaking into the building where they were stored&#10;B) Obtaining passwords of five or more high-level employees&#10;C) Making phone calls to insiders posing as IT people needing to log into their accounts&#10;D) Emailing each of the 80 million patients asking for their private information&#10;E) Recovering patient records from a large recycling bin

Accepted Answer

The answer of In the Anthem Blue Cross breach, where...

Question 20

It is estimated that ___ % of all firms have been breached:&#10;A) 5% or less&#10;B) 10% to 20%&#10;C) 40% to 60%&#10;D) 70% to 90%&#10;E) Over 95%

Accepted Answer

The answer of It is estimated that ___ % of...

Question 21

According to the late L. Dain Gary, &#34;You cannot make a computer secure.&#34;

Accepted Answer

The answer of According to the late L. Dain Gary,...

Question 22

What is Poulson's Law?

Accepted Answer

The answer of What is Poulson's Law?...

Question 23

You can purchase stolen credit cards on the &#34;deep web&#34; using a browser called &#34;Tor.&#34;

Accepted Answer

The answer of You can purchase stolen credit cards on...

Question 24

A hacker who buys credit card information from hackers receives a short-term guarantee in case the card is declined.

Accepted Answer

The answer of A hacker who buys credit card information...

Question 25

Two factor authentication is when you use two different methods for people trying to use the system. For instance, you can use a password and a challenge question

Accepted Answer

The answer of Two factor authentication is when you use...

Question 26

What are the shortcomings of passwords?

Accepted Answer

The answer of What are the shortcomings of passwords?...

Question 27

The deep web is a part of the internet that includes unindexed websites offering both legal and illegal items, such as passports, citizenship, and even murders for hire.

Accepted Answer

The answer of The deep web is a part of...

Question 28

Match the security tool to its security category.&#10;

Accepted Answer

The answer of Match the security tool to its security...

Question 29

What security and controls should a company use to protect its computer infrastructure? Why do managers need to be involved in the decisions about security and control measures?

Accepted Answer

The answer of What security and controls should a company...

Question 30

In the Target breach, the HVAC systems were actually attached to the retail sales system.

Accepted Answer

The answer of In the Target breach, the HVAC systems...

Question 31

Of the seven security policies noted in Chapter 7 (Figure 7.5), name at least three.&#10;Matching

Accepted Answer

The answer of Of the seven security policies noted in...

Question 32

If you receive an email from your son, and the body of the email tells you to open an attachment because it is funny, the risk is pretty close to zero because it came from your son.

Accepted Answer

The answer of If you receive an email from your...

Question 33

Firewalls can be either in hardware or software form.

Accepted Answer

The answer of Firewalls can be either in hardware or...

Question 34

A challenge question is when you are stopped at the gate and the guard asks who you are.

Accepted Answer

The answer of A challenge question is when you are...

Question 35

The Deep Web is reputed to be 400 times larger than the public web.

Accepted Answer

The answer of The Deep Web is reputed to be...

Question 36

What is a piece of software that traps keystrokes and stores them for hackers to inspect later?

Accepted Answer

The answer of What is a piece of software that...

Question 37

Internal threats are considered the most lethal threat. What are they, why are they so lethal and what can a company do to protect against them?

Accepted Answer

The answer of Internal threats are considered the most lethal...

Question 38

In the Target breach, the IT department was warned on or about the time the files were transferred.

Accepted Answer

The answer of In the Target breach, the IT department...

Question 39

This is a situation in which the thief counterfeits a different person's address

Accepted Answer

The answer of This is a situation in which the...

Question 40

What is a challenge question?

Accepted Answer

The answer of What is a challenge question?...

Deck 8: Security