Media Study

Q: Most traditional external attackers were heavily motivated by ________. A) the thrill of breaking in B) making money through crime C) Both A and B D) Neither A nor B

Q: You receive an e-mail that seems to come from a frequent customer. It contains specific information about your relationship with the customer. Clicking on a link in the message takes you to a website that seems to be your customer's website. However, the website is fake. This is ________. (Pick the most precise answer.) A) social engineering B) a hoax C) phishing D) spear fishing

Q: You receive an e-mail that seems to come from your bank. Clicking on a link in the message takes you to a website that seems to be your bank's website. However, the website is fake. This is called a ________ attack. (Pick the most precise answer.) A) social engineering B) a hoax C) phishing D) spear fishing

Q: The definition of spam is "unsolicited commercial e-mail."

Q: ________ attacks take advantage of flawed human judgment by convincing the victim to take actions that are counter to security policies. (Choose the best answer.) A) Social engineering B) Spam C) E-mail attachment D) Mobile code

Q: Mobile code usually is contained in webpages.

Q: Mobile code usually is delivered through ________. A) webpages B) e-mail C) directly propagating worms D) All of the above

Q: Which type of program can hide itself from normal inspection and detection? A) Trojan horse B) Stealth Trojan C) Spyware D) Rootkit

Q: Rootkits replace legitimate programs and are considered a deeper threat than a set of programs called Trojan horses.

Q: Most cookies are dangerous.

Q: Which of the following can be a type of spyware? A) A cookie B) A keystroke logger C) Both A and B D) Neither A nor B

Q: A ________ is a small program that, after installed, downloads a larger attack program. A) Trojan horse B) Trojan pony C) Stub D) Downloader

Q: A program that gives the attacker remote access control of your computer is specifically called a ________. A) Trojan horse B) spyware program C) cookie D) RAT

Q: A Trojan horse is a program that hides itself by deleting a system file and taking on the system file's name.

Q: Nonmobile malware can be on webpages that users download.

Q: In a virus, the code that does damage is called the ________. A) exploit B) compromise C) payload D) vector

Q: The fastest propagation occurs with some types of ________. A) viruses B) worms C) Trojan horses D) bots

Q: Some ________ can jump directly between computers without human intervention. A) viruses B) worms C) Both A and B D) Neither A nor B

Q: ________ can spread through e-mail attachments. A) Viruses B) Worms C) Both A and B D) Neither A nor B

Q: ________ are programs that attach themselves to legitimate programs. A) Viruses B) Worms C) Both A and B D) Neither A nor B

Q: ________ is a generic term for "evil software." A) Virus B) Worm C) Malware D) Threat

Q: ________ consists of activities that violate a company's IT use policies or ethics policies. A) Fraud B) Extortion C) Hacking D) Abuse

Q: In fraud, the perpetrator tries to obtain money or other goods by threatening to take actions that would be against the victim's interest.

Q: In hacking, the perpetrator tries to obtain money or other goods by threatening to take actions that would be against the victim's interest.

Q: In ________, the perpetrator tries to obtain money or other goods by threatening to take actions that would be against the victim's interest. A) fraud B) extortion C) hacking D) abuse

Q: The terms "intellectual property" and "trade secret" are synonymous.

Q: Penalties for hacking are ________. A) limited only if a hacker stole $1000 B) limited only if a hacker stole over $1,000,000 C) irrelevant of the amount stolen D) none of the above

Q: The definition of hacking is "intentionally accessing a computer resource without authorization or in excess of authorization."

Q: When considering penalties for hacking, motivation is irrelevant.

Q: The definition of hacking is "accessing a computer resource without authorization or in excess of authorization."

Q: You have access to your home page on a server. By accident, you discover that if you hit a certain key, you can get into someone else's files. You spend just a few minutes looking around. This is hacking.

Q: Someone sends you a "game." When you run it, it logs you into an IRS server. This is hacking.

Q: You accidentally find someone's password and use it to get into a system. This is hacking.

Q: Downloading pornography can lead to sexual harassment lawsuits.

Q: Misappropriation of assets is an example of employee financial theft.

Q: ________ is the destruction of hardware, software, or data. A) Sabotage B) Hacking C) Extortion D) Denial of Service

Q: What type of employee is the most dangerous when it comes to internal IT attacks? A) Data entry clerks B) Financial professionals C) IT professionals D) IT security professionals

Q: Employees are very dangerous because they ________. A) often have access to sensitive parts of the system B) are trusted by companies C) Both A and B D) Neither A nor B

Q: Employees often have extensive knowledge of systems and can pose a greater risk than external attackers.

Q: Employees pose an increased risk to organizations as they ofter have access to sensitive parts of systems.

Q: What were the approximate dollar losses for the series of data breaches against Sony Corp? A) $54 million B) $171 million C) $254 million D) $1.6 billion

Q: Why did hackers attack Sony Corp? A) To test their technical skills B) Because Sony was suing a fellow hacker C) As part of a larger cyberwar exercise D) Because Sony put a malicious rootkit on certain music disks

Q: About how long was the Sony PlayStation Network offline as a result of the cyber attacks? A) 3 days B) 3 weeks C) 3 months D) It never went down.

Q: The attack method used in the Sony data breaches was ________. A) Cross-site scripting B) SQL injection C) Denial of service D) None of the above

Q: Most countermeasure controls are detective controls.

Q: Most countermeasure controls are preventative controls.

Q: Preventative countermeasures keep attacks from succeeding.

Q: Detective countermeasures keep attacks from succeeding.

Q: Detective countermeasures identify when a threat is attacking and especially when it is succeeding.

Q: Preventative countermeasures identify when a threat is attacking and especially when it is succeeding.

Q: Which of the following is a type of countermeasure? A) Detective B) Corrective C) Both A and B D) Neither A nor B

Q: Another name for safeguard is ________. A) countermeasure B) compromise C) Both A and B D) Neither A nor B

Q: When a threat succeeds in causing harm to a business, this is a(n) ________. A) breach B) countermeasure C) Both A and B D) Neither A nor B

Q: When a threat succeeds in causing harm to a business, this is called a ________. A) breach B) compromise C) incident D) All of the above

Q: Which of the following are types of countermeasures? A) Preventative B) Detective C) Corrective D) All of the above

Q: If an attacker breaks into a corporate database and deletes critical files, this is a attack against the ________ security goal. A) integrity B) confidentiality C) Both A and B D) Neither A nor B

Q: The three common core goals of security are ________. A) confidentiality, integrity, and availability B) confidentiality, information, and availability C) confidentiality, integrity, and authentication D) confidentiality, information, and authorization

Q: Confidentiality means that attackers cannot change or destroy information.

Q: Threat environment consists of the types of attackers and attacks that companies face.

Q: In e-mail, the security standards situation is mature.

Q: Which of the following sends passwords in the clear? A) FTP B) SSH C) Both A and B D) Neither A nor B

Q: In e-mail, the ________ protocol is fused or downloading new mail from the recipient's mail server to the recipient's PC. A) SMTP B) POP C) Both A and B D) Neither A nor B

Q: There usually are two protocols for each application.

Q: The SNMP ________ command is very dangerous. A) SET B) GET C) Both A and B D) Neither A nor B

Q: To get configuration information from managed devices on the network and to change the configuration of managed devices, companies use ________. A) DNS B) DHCP C) SNMP D) ICMP

Q: ________ is not limited to TCP/IP routing. A) OSPF B) RIP C) BGP D) EIGRP

Q: The main exterior dynamic routing protocol is ________. A) OSPF B) RIP C) BGP D) EIGRP

Q: The main TCP/IP interior dynamic routing protocol for large networks is ________. A) OSPF B) RIP C) BGP D) EIGRP

Q: A ________ server gives an original host the IP address of another host to which the original host wishes to send packets. A) DHCP B) DNS C) Both A and B D) Neither A nor B

Q: A ________ is likely to have the same address each time it goes on the Internet. A) client B) server C) Both A and B D) Neither A nor B

Q: Client usually get ________. A) static IP addresses B) ephemeral IP addresses C) dynamic IP addresses D) None of the above.

Q: Servers get ________. A) static IP addresses B) ephemeral IP addresses C) dynamic IP addresses D) None of the above.

Q: DNSSEC ________. A) is still under development B) is widely used C) is no longer used D) There is no such thing as DNSSEC.

Q: In DNS cache poisoning, an attacker replaces the IP address of a host name with another IP address.

Q: An organization with a ________ domain name must maintain one or more DNS servers. A) first-level B) second-level C) third-level D) All of the above.

1 2 3 … 27 Next »

Subjects