Chapter 18 (Lesson 12) Flashcards
- What are the major categories of computer crime?
- The major categories of computer crime are
- military/intelligence attacks,
- business attacks,
- financial attacks,
- terrorist attacks,
- grudge attacks,
- thrill attacks.
- What is the main motivation behind a thrill attack?
- Thrill attacks are motivated by individuals seeking to achieve the “high” associated with successfully breaking into a computer system.
- What is the difference between an interview and an interrogation?
- Interviews are conducted with the intention of gathering information from individuals to assist with your investigation.
Interrogations are conducted with the intent of gathering evidence from suspects to be used in a criminal prosecution.
- What is the difference between an event and an incident?
- An event is any occurrence that takes place during a certain period of time.
Incidents are events that have negative outcomes affecting the confidentiality, integrity, or availability of your data.
- Who are the common members of an incident response team?
- Incident response teams normally include representatives from
senior management,
information security professionals,
legal representatives,
public affairs/communications representatives,
and technical engineers.
- What are the three phases of the incident response process?
- The three phases of the incident response process are
- detection and identification,
- response and reporting,
- recovery and remediation.
- What are the three basic requirements that evidence must meet in order to be admissible in court?
- To be admissible, evidence must be reliable, competent, and material to the case.
- What is a computer crime?
A. Any attack specifically listed in your security policy
B. Any illegal attack that compromises a protected computer
C. Any violation of a law or regulation that involves a computer
D. Failure to practice due diligence in computer security
- C. A crime is any violation of a law or regulation. The violation stipulation defines the action as a crime. It is a computer crime if the violation involves a computer either as the target or as a tool.
- What is the main purpose of a military and intelligence attack?
A. To attack the availability of military systems
B. To obtain secret and restricted information from military or law enforcement sources
C. To utilize military or intelligence agency systems to attack other nonmilitary sites
D. To compromise military systems for use in attacks against other systems
- B. A military and intelligence attack is targeted at the classified data that resides on the system. To the attacker, the value of the information justifies the risk associated with such an attack. The information extracted from this type of attack is often used to plan subsequent attacks.
- What type of attack targets proprietary information stored on a civilian organization’s system?
A. Business attack
B. Denial-of-service attack
C. Financial attack
D. Military and intelligence attack
- A. Confidential information that is not related to the military or intelligence agencies is the target of business attacks. The ultimate goal could be destruction, alteration, or disclosure of confidential information.
- What goal is not a purpose of a financial attack?
A. Access services you have not purchased
B. Disclose confidential personal employee information
C. Transfer funds from an unapproved source into your account
D. Steal money from another organization
- B. A financial attack focuses primarily on obtaining services and funds illegally.
- Which one of the following attacks is most indicative of a terrorist attack?
A. Altering sensitive trade secret documents
B. Damaging the ability to communicate and respond to a physical attack
C. Stealing unclassified information
D. Transferring funds to other countries
- B. A terrorist attack is launched to interfere with a way of life by creating an atmosphere of fear. A computer terrorist attack can reach this goal by reducing the ability to respond to a simultaneous physical attack.
- Which of the following would not be a primary goal of a grudge attack?
A. Disclosing embarrassing personal information
B. Launching a virus on an organization’s system
C. Sending inappropriate email with a spoofed origination address of the victim organization
D. Using automated tools to scan the organization’s systems for vulnerable ports
- D. Any action that can harm a person or organization, either directly or through embarrassment, would be a valid goal of a grudge attack. The purpose of such an attack is to “get back” at someone.
- What are the primary reasons attackers engage in thrill attacks? (Choose all that apply.)
A. Bragging rights
B. Money from the sale of stolen documents
C. Pride of conquering a secure system
D. Retaliation against a person or organization
- A, C. Thrill attacks have no reward other than providing a boost to pride and ego. The thrill of launching the attack comes from the act of participating in the attack (and not getting caught).
- What is the most important rule to follow when collecting evidence?
A. Do not turn off a computer until you photograph the screen.
B. List all people present while collecting evidence.
C. Never modify evidence during the collection process.
D. Transfer all equipment to a secure storage location.
- C. Although the other options have some merit in individual cases, the most important rule is to never modify, or taint, evidence. If you modify evidence, it becomes inadmissible in court.