Question 1

The Societe Generale employee alleged to have committed fraud against the firm that resulted in a loss to the bank of some €4.9 billion was ____.

Accepted Answer

The correct answer is Jerome Kerviel. He was a junior trader at Societe Generale who allegedly made unauthorized and fraudulent trades that resulted in the bank's loss of €4.9 billion in 2008. Robert Richardson, Daniel Boulton, and Nicholas Sarkozy have no connection to this fraud case.

Question 2

A security policy details exactly what needs to be done and how it must be accomplished.

Accepted Answer

A security policy outlines the rules and guidelines for protecting an organization's assets but does not specify the exact methods or procedures for implementation.

Question 3

It is estimated that about one in ____ personal computers in the United States is part of a botnet.

Accepted Answer

The answer of It is estimated that about one in...

Question 4

Installation of a corporate firewall is the most common security precaution taken by business. Once a good firewall is in place, the organization is safe from future attacks.

Accepted Answer

While installing a firewall can provide significant protection, it is not a foolproof solution and does not guarantee complete safety from future attacks. It is important for businesses to also implement other security measures and regularly update and monitor their systems for potential vulnerabilities.

Question 5

Whenever possible, automated system rules should mirror an organization's written policies.

Accepted Answer

Automated system rules should align with an organization's written policies to ensure consistency and compliance with regulations. This also makes it easier to track and audit the application of the rules.

Question 6

____ viruses have become a common and easily created form of virus. Attackers use an application macro language to create these programs that infect documents and templates.

Accepted Answer

Macro viruses are programs written in application macro language which can infect documents and templates. They are considered to be one of the most common forms of viruses because they are relatively easy to create and spreads through macros included in documents or downloaded from malicious websites. Logic bombs, Trojan horses, and applications refer to different types of malicious software that serve different purposes.

Question 7

Organizations must define employee roles so that a single employee can input as well as approve purchase orders. Such action is needed to provide adequate redundancy in the event of a pandemic or other form of disaster.

Accepted Answer

It is not recommended to have a single employee input and approve purchase orders as it lacks segregation of duties and increases the risk of fraud. It is important to define separate roles for inputting and approving purchase orders to maintain proper controls, even in the event of a disaster.

Question 8

A(n) ____ is a term for any sort of general attack on an information system that takes advantage of a particular system vulnerability.

Accepted Answer

An exploit is a general term for any attack on an information system that takes advantage of a particular system vulnerability. It can refer to a specific type of attack, such as a zero-day attack, but is not limited to that. A virus and a worm are specific types of malware, which can be used in exploits but are not interchangeable with the term "exploit."

Question 9

____ is a form of Trojan horse which executes when it is triggered by a specific event such as a change in a particular files, by typing a specific series of keystrokes, or by a specific time or date.

Accepted Answer

A logic bomb is a type of Trojan horse that is programmed to execute when a specific event occurs, such as a specific date or time. It can also be triggered by a specific keystroke or a change in a certain file. This makes it a dangerous threat, as it can remain undetected until the trigger event occurs. Distributed denial-of-service attacks, botnets, and worms are not specifically designed to be triggered by a specific event or action.

Question 10

Antivirus software works to prevent an attack by blocking viruses, malformed packets, and other threats from getting into the protected network.

Accepted Answer

The answer of Antivirus software works to prevent an attack...

Question 11

While it is important that employees should be well aware of an organization's security policies, this information should not be shared with part-time workers and contractors.

Accepted Answer

All employees, including part-time workers and contractors, should be made aware of an organization's security policies as they also have access to sensitive information and systems.

Question 12

____ was a worm that was released in 2007 and caused billions of dollars in damages.

Accepted Answer

The Storm worm was released in 2007 and caused significant financial damage globally.

Question 13

An organization can never be prepared for the worst-a successful attack that defeats all or some of a system's defenses and damages data and information systems.

Accepted Answer

While an organization can never be 100% prepared for every possible scenario, including successful attacks, they can take steps to prevent, detect, and respond to these attacks through measures such as regular security assessments, implementing strong access controls and monitoring, and having incident response plans in place.

Question 14

____ is a form of security incident that first registered on the CSI Computer Crime and Security Survey in 2007.

Accepted Answer

Instant messaging abuse was first registered as a form of security incident in the CSI Computer Crime and Security Survey in 2007.

Question 15

It is not unusual for a security audit to reveal that too many people have access to critical data and that many people have capabilities beyond those needed to perform their jobs.

Accepted Answer

This statement is true. It is a common finding in security audits that organizations have granted unnecessary access or privileges to employees, contractors, or third-party vendors. This can increase the risk of data breaches, insider threats, and unauthorized access to sensitive information. Organizations should regularly review and update their access controls to ensure that only authorized individuals can access data and systems needed to perform their job duties.

Question 16

Some IT security experts warn that is will not be long before we see ____ aimed at smartphones to steal user's data or turn them into remote-controlled bots.

Accepted Answer

The answer of Some IT security experts warn that is...

Question 17

A ____ attack keeps the target so busy responding to a stream of automated requests that legitimate users cannot get in.

Accepted Answer

A distributed denial-of-service attack (DDoS) floods a network or system with traffic or requests, overwhelming it and rendering it unusable. This attack is automated and comes from multiple sources, making it difficult to identify and block. Its purpose is to disrupt services or take down a website, which can cause significant financial losses for businesses or damage to a company's reputation.

Question 18

Often a successful attack on an information system is due to poor system design or implementation. Once such a vulnerability is discovered, software developers quickly create and issue a ____ to eliminate the problem.

Accepted Answer

A patch is a software update that is designed to fix a specific vulnerability or issue in a system. Once a vulnerability is discovered, software developers will often create and issue a patch to eliminate the problem. This is a common practice in the software industry and is essential for maintaining the security and integrity of information systems.

Question 19

An intrusion prevention system is software and/or hardware that monitors system and network resources and activities, and notifies network security personnel when it identifies possible intrusions from outside the organization or misuse from within the organization.

Accepted Answer

An intrusion prevention system (IPS) not only monitors and notifies but also actively blocks or prevents potential threats, unlike an intrusion detection system (IDS) which only monitors and alerts.

Question 20

Discussing security attacks through public trials and the associated publicity has not only enormous potential costs in public relations but real monetary costs as well.

Accepted Answer

Public discussions of security attacks can cause significant damage to a company's reputation and can also result in actual financial losses. The negative publicity can lead to a loss of trust from customers and investors, resulting in decreased sales and stock prices. Additionally, the cost of remedying the security breach and implementing new security measures can be substantial.

Quiz 3: Computer and Internet Crime