Upgrade to remove ads
Chapter 03: Cyberattacks and Cybersecurity
Terms in this set (55)
Vishing frequently leads consumers to counterfeit Web sites designed to trick them into initiating a denial-of-service attack.
The Fifth Amendment regulates the collection of the content of wire and electronic communications.
Today's computer menace is much better organized and may be part of an organized group.
Computer viruses differ from worms in that viruses can propagate without human intervention, often sending copies of themselves to other computers by email.
The cost to repair the worldwide damage done by a computer worm has exceeded $1 billion on more than one occasion.
Ransomware is malware that stops you from using your computer or accessing your data until you meet certain demands, such as paying a ransom or sending photos to the attacker.
The Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act states that it is legal to spam, provided the messages meet a few basic requirements.
A spear phishing attack typically employs a group of zombies to keep the target so busy responding to a stream of automated requests that legitimate users cannot access the target.
Rootkit is a set of programs that enables its users to gain administrator-level access to a computer without the end user's consent or knowledge.
Trojan horse has become an umbrella term for many types of malicious code.
The cost of creating an email campaign for a product or a service is typically more expensive and takes longer to conduct than a direct-mail campaign.
Bring your own device (BYOD) is a business policy that permits, and in some cases encourages, employees to use their own mobile devices (smartphones, tablets, or laptops) to access company computing resources and applications.
Cyberterrorism involves the deployment of malware that secretly steals data in the computer systems of organizations, such as government agencies, military contractors, political organizations, and manufacturing firms.
After virus eradication, you can use a previous backup to restore an infected computer.
Cyberterrorism is the intimidation of government or civilian population by using information technology to disable critical national infrastructure to achieve political, religious, or ideological goals.
A completed risk assessment identifies the most dangerous threats to a company and helps focus security efforts on the areas of highest payoff.
A security policy outlines exactly what needs to be done to safeguard computers and their data, but not how it must be accomplished.
Whenever possible, automated system rules should mirror an organization's written policies.
Employees and contract workers must be educated about the importance of security so that they will be motivated to understand and follow the security policies.
Computer forensics is such a new field that there is little training or certification processes available.
Installation of a corporate firewall is the least common security precaution taken by businesses as it does not provide sufficient security.
A router is a hardware- or software-based network security system that is able to detect and block sophisticated attacks by filtering network traffic dependent on the packet contents.
It is not unusual for a security audit to reveal that too many people have access to critical data and that many people have capabilities beyond those needed to perform their jobs.
Even when preventive measures are implemented, no organization is completely secure from a determined computer attack.
Discussing security attacks through public trials and the associated publicity has not only enormous potential costs in public relations but real monetary costs as well.
Often a successful attack on an information system is due to poor system design or implementation. Once such a vulnerability is discovered, software developers quickly create and issue which of the following, in order to eliminate the problem?
Which of the following is a partnership between the Department of Homeland Security and the public and private sectors, established in 2003 to protect the nation's Internet infrastructure against cyberattacks?
U.S. Computer Emergency Readiness Team
Which of the following gets a rootkit installation started and can be easily activated by clicking on a link to a malicious Web site in an email or opening an infected PDF file?
Which of the following concepts recognizes that managers must use their judgment to ensure that the cost of control does not exceed the system's benefits or the risks involved?
Which of the following is a federal law that provides a definition of the term cyberterrorism and under which young people primarily involved in what they consider to be minor computer pranks have been tried as cyberterrorist?
USA Patriot Act
What type of viruses have become a common and easily created form of malware that are created using applications such as Visual Basic or VBScript?
The fundamental problem with trying to detect a rootkit is that the operating system cannot be trusted to provide which of the following?
valid test results
What exploit is characterized as the abuse of email systems to send unsolicited email to large numbers of people?
A network attack in which an intruder gains access to a network and stays there, undetected, with the intention of stealing data over a long period of time is known as which of the following?
Spammers can defeat the registration process of free email services by launching a coordinated attack that can sign up for thousands of untraceable email accounts. What is this type of attack known as?
Which type of attacker hacks computers or websites in an attempt to promote a political ideology?
A type of computer crime perpetrator whose primary motive is to achieve financial gain is known as which of the following?
Software and/or hardware that monitors system and network resources and activities, and notifies network security personnel when it identifies network traffic that attempts to circumvent the security measures of a networked computer environment is known as which of the following?
intrusion detection system
Which of the following is a form of Trojan horse which executes when it is triggered by a specific event such as a change in a particular file, by typing a specific series of keystrokes, or by a specific time or date?
In computing, a term for any sort of general attack on an information system that takes advantage of a particular system vulnerability is known as which of the following?
An antivirus software scans for a specific sequence of bytes that indicates the presence of specific malware. This sequence of bytes is known as which of the following?
A business policy that permits employees to use their own mobile devices to access company computing resources and applications is known as which of the following?
Bring your own device (BYOD)
What type of attack keeps the target so busy responding to a stream of automated requests that legitimate users cannot get in?
Many organizations use software to provide a comprehensive display of all key performance indicators related to an organization's security defenses, including threats, exposures, policy compliance, and incident alerts. What is this type of software known as?
Malware that stops you from using your computer or accessing your data until you meet certain demands is known as which of the following?
Which organization offers a number of security-related policy templates that can help an organization quickly develop effective security policies?
The most common computer security precaution taken by businesses is the installation of which of the following?
Which term is defined as an exploit that takes place before the security community or software developer knows about the vulnerability or has been able to repair it?
The act of fraudulently using email to try to get the recipient to reveal personal data is known as which of the following?
Which type of exploit is defined as the sending of fraudulent emails to an organization's employees designed to look like they came from high-level executives from within the organization?
The intimidation of government or civilian population by using information technology to disable critical national infrastructure in order to achieve political, religious, or ideological goals is known as which of the following?
Which of the following enables remote users to securely access an organization's collection of computing and storage devices and share data remotely?
virtual private network
Before the IT security group can begin an eradication effort, it must:
collect and log all possible criminal evidence from the system
A piece of programming code, usually disguised as something else, that causes a computer to behave in an unexpected and usually undesirable manner is known as which of the following?
Many organizations outsource their network security operations to a company that monitors, manages, and maintains computer and network security for them. This type of company is known as which of the following?
managed security service provider
Other sets by this creator
EC1a - Module 1 Practice Test
Test Your Knowledge: Chap 12 Assessment
Chapter 08: The Impact of Information Technology o…
Other Quizlet sets
History Honors Unit 2 Test
SCM 453 Exam 2