Question 1

One of the reasons one should be careful about clicking on any URL in an e-mail is that hackers can easily embed a redirection in e-mail links, reroutiing a user to an alternate online destination.

Accepted Answer

Hackers often use embedded redirection in email links to reroute users to malicious websites, which can lead to phishing attacks, malware infections, or other security breaches.

Question 2

_____, probably the most notorious known act of cyberwarfare effort to date (one expert called it "the most sophisticated worm ever created"), is suspected to have been launched by either U.S. or Israeli intelligence (or both), and it infiltrated Iranian nuclear facilities and reprogrammed the industrial control software operating hundreds of uranium-enriching centrifuges.

Accepted Answer

The answer of _____, probably the most notorious known act...

Question 3

The topic of U.S. government surveilance continues to be hotly debated, with strong opinions in favor of surveilance programs, as well as vocal protestations of government overreach. Briefly give the argument for and against U.S. government surveilance practices.

Accepted Answer

The answer of The topic of U.S. government surveilance continues...

Question 4

Social networking sites such as Facebook and LinkedIn form valuable sources of vital information that can be used to craft a scam by con artists.

Accepted Answer

Social networking sites contain personal information and details about individuals' lives and connections, which scammers can use to create targeted and convincing scams.

Question 5

What are botnets and how are criminals using this technology?

Accepted Answer

The answer of What are botnets and how are criminals...

Question 6

The information systems of several firms have been compromised by insiders that can include contract employees, cleaning staff, and temporary staffers.

Accepted Answer

Insiders, including contract employees, cleaning staff, and temporary staffers, can indeed compromise the information systems of firms due to their access to the premises and potentially to the systems themselves, making them a significant security risk.

Question 7

Former CIA employee and NSA contractor, ____________ is seen by many as either a whistle-blowing hero or a traitorous villain. This person gathered sensitive digital documents from U.S., British, and Australian agencies, and leaked them to the press, exposing the extent of government surveillance efforts.

Accepted Answer

The answer of Former CIA employee and NSA contractor, ____________...

Question 8

Web sites of reputed companies can also be sources of malware.

Accepted Answer

Even websites of reputed companies can be compromised by hackers and used to distribute malware to unsuspecting visitors.

Question 9

It's bad when a firm's e-mail and password file is stolen however the impact is minimized because user passwords set up for one system cannot be used on others.

Accepted Answer

Many users tend to reuse their passwords across multiple systems, so if a password is stolen from one system, it can potentially be used to gain unauthorized access to other accounts of the user.

Question 10

_____ refers to a term that either means breaking into a computer system or a particularly clever solution.

Accepted Answer

The answer of _____ refers to a term that either...

Question 11

The virtual shutdown of websites by way of overloading them with seemingly legitimate requests sent simultaneously from thousands of machines is termed as _____ attacks.

Accepted Answer

The answer of The virtual shutdown of websites by way...

Question 12

Because of Moore's Law, widely-used encryption programs currently employed by banks and ecommerce sites are now easily penetrated by brute-force attacks that can be employed by hackers using just a handful of simple desktop computers.

Accepted Answer

Moore's Law, which predicts the doubling of computer processing power approximately every two years, does indeed suggest that computing capabilities increase exponentially over time. However, encryption algorithms used by banks and e-commerce sites are designed to be secure against brute-force attacks even as computational power increases. Modern encryption standards, such as AES (Advanced Encryption Standard) with key lengths of 128, 192, or 256 bits, are considered secure against brute-force attacks with current and foreseeable technology. Additionally, the security community actively monitors the strength of encryption methods against advancing computational power and recommends updates or changes when necessary to maintain security.

Question 13

According to research firm Gartner, the majority of loss-causing security incidents involve the handiwork of international cyber-criminal gangs.

Accepted Answer

The answer of According to research firm Gartner, the majority...

Question 14

Dumpster diving refers to physically trawling through trash to mine any valuable data or insights that can be stolen or used in a security attack.

Accepted Answer

Dumpster diving is a technique used by attackers to sift through a company's or individual's trash to find valuable information that can be used for fraudulent activities or to launch security attacks.

Question 15

Spear phishing attacks specifically target a given organization or group of users.

Accepted Answer

Spear phishing attacks are highly targeted attempts to steal sensitive information from a specific victim or group, often by masquerading as a trustworthy entity in an electronic communication.

Question 16

URL-shortening services such as bit.ly limit the impact of phishing posts since the shortened URL will clearly reveal the destination arrived at when clicked on.

Accepted Answer

URL-shortening services obscure the final destination URL, making it easier for malicious actors to disguise phishing sites as legitimate links, thereby potentially increasing the risk of phishing attacks.

Question 17

Challenge questions offered by Web sites to automate password distribution and resets are formidable in protecting the privacy of email accounts.

Accepted Answer

Challenge questions, while useful, can often be bypassed or guessed by attackers, especially if the answers are easily discoverable through social media or other public information, making them less formidable in protecting privacy.

Question 18

Two-factor authentication is favored for most security situations since it's considered to be fast and conveient for customres.

Accepted Answer

Two-factor authentication is favored for its enhanced security, not necessarily for being fast or convenient. It adds an extra step, which can be seen as less convenient for users.

Question 19

Worms require an executable (a running program) to spread, attaching to other executables.

Accepted Answer

Worms are self-replicating malware that do not require attachment to an executable file to spread; they can propagate through networks independently.

Question 20

In public-key encryption systems, the functions of the public and private keys are interchangeable.

Accepted Answer

In public-key encryption systems, the public key is used for encryption, and the private key is used for decryption. They are not interchangeable functions.

Quiz 17: Information Security: Barbarians at the Gateway and Just About Everywhere Else