Chapter 7 Questions

Question 1

Spoofing is:

When the “from” address says the name/email address of a person different from who really sent it

When hackers snoop around in a system

When a person from IT unlocks your email account

When you receive a notice of an inheritance

Answer 1

When the “from” address says the name/email address of a person different from who really sent it

Question 2

In the Target breach, the HVAC systems were actually attached to the retail sales system.

True
False

Answer 2

True

Question 3

Many organizations and even consumers use this to control access to a network like the Internet, allowing only authorized traffic to pass.

Encryption

VPN

Firewall

Anonymizing tools

Filtering

Answer 3

Firewall

Question 4

In the Office of Personnel Management’s case, the security breach made many people vulnerable to this.

Loss of personal property

Inaccurate personal data

Identity theft

Loss of access to personal data

Credit card fees

Answer 4

Identity Theft

Question 5

All of the following are classic signs of a phishing message except:

Your email in-box is full and you must click on a link to increase storage

You just won a lottery or contest, and you need to click on a link to claim your prize

Poor grammar or spelling in a note that purports to be from a large company

Goods or services are offered at an impossibly low price

An emailed ad oddly does not provide any active links

Answer 5

An emailed ad oddly does not provide any active links

Question 6

According to the late L. Dain Gary, “You cannot make a computer secure.”

True
False

Answer 6

True

Question 7

You can purchase stolen credit cards on the “deep web” using a browser called “Tor.”

True
False

Answer 7

True

Question 8

Firewalls can be either in hardware or software form.

True
False

Answer 8

True

Question 9

Thanks to tightened security in operating systems, it is more difficult than ever before for hackers to break into systems, compared to the early 1990s, when people were much less often protected, less aware of risks, and more easily fooled.

True
False

Answer 9

False

Question 10

On the black market, stolen data in a “kit” that contains credit card information plus social security number and medical information is worth:

between $13 and $18 per record

between $43 and 65 per record

between $145 and $154 per record

between $100 and $1,000 per record

between $4,520 and $4,580 per record

Answer 10

between $100 and $1,000 per record

Question 11

Over time, attackers have had to increase their skills to be able to attack systems or create viruses.

True
False

Answer 11

False

Question 12

The deep web is a part of the internet that includes unindexed websites offering both legal and illegal items, such as passports, citizenship, and even murders for hire.

True
False

Answer 12

True

Question 13

Examples of multi-factor authentication are:

passwords and text messages

passwords with longer than one character

a human will chat with you to see who you are

using two badges to allow you into a building

none of the above

Answer 13

passwords and text messages

Question 14

A challenge question is when you are stopped at the gate and the guard asks who you are.

True
False

Answer 14

False

Question 15

In the Target breach, the IT department was warned on or about the time the files were transferred.

True
False

Answer 15

True

Question 16

If you receive an email that says it is from Sam Johnson, your boss, with an odd EXE file as an attachment, it could be dangerous for all of the following reasons except:

It could be dangerous because the email might not really be from Sam.

It could be dangerous because the email might be from Sam’s computer without his or her knowledge.

It could be dangerous even if it was sent knowingly because Sam didn’t know a virus might be attached.

It could be dangerous because Sam gave someone his password once a long time ago.

None of the above (indicating that all are true).

Answer 16

None of the above (indicating that all are true).

Question 17

It usually takes ____ for someone in a firm to discover a security compromise in a system, after the evidence shows up in logs or alerts

Several seconds

Several minutes

Several hours

Several days

Several months

Answer 17

Several months

Question 18

It is estimated that ___ % of all firms have been breached:

5% or less

10% to 20%

40% to 60%

70% to 90%

Over 95%

Answer 18

Over 95%

Question 19

The Deep Web is reputed to be 400 times larger than the public web.

True
False

Answer 19

True

Question 20

Included in the five critical elements that are used to raise security in a firm are all of the following except:

Infrastructure

Law enforcement

Policies

Training

Investments

Answer 20

Law enforcement

Question 21

A hacker who buys credit card information from hackers receives a short-term guarantee in case the card is declined.

True
False

Answer 21

True

Question 22

___ of breaches are caused by stealing a password

A very low percentage (somewhere around 1%)

A low percentage (around 10%)

A moderate percentage (around 25%)

A high percentage (around 50%)

A very high percentage (around 80%)

Answer 22

A very high percentage (around 80%)

Question 23

Two factor authentication is when you use two different methods for people trying to use the system. For instance, you can use a password and a challenge question

True
False

Answer 23

True

Question 24

When the Office of Personnel Management was hacked, all of the following are true except:

The hackers gained access to the building to steal the records

It took the Office of Personnel Management many months to detect the break-in

The hackers likely exploited a stolen password

The hackers did not need to escape in the blue turbocharged vehicle

None of the above (indicating that all are true)

Answer 24

The hackers gained access to the building to steal the records

Question 25

The most common password of all in 2014 is:

Something complex that is hard to remember

None at all-they most commonly skip passwords and just press ENTER to continue

“password”

“123456”

“Rihanna”

Answer 25

“123456”

Question 26

Who is responsible for developing security education, awareness, and training programs?

IT people

Shared: IT leaders and business leaders

Business leaders

Consultants

Team of consultants and IT people

Answer 26

Shared: IT leaders and business leaders

Question 27

The cost of a data breach in 2015 is estimated to be:

between $13 and $18 per record

between $43 and 65 per record

between $145 and $154 per record

between $100 and $1,000 per record

between $4,520 and $4,580 per record

Answer 27

between $145 and $154 per record

Question 28

If you receive an email from your son, and the body of the email tells you to open an attachment because it is funny, the risk is pretty close to zero because it came from your son.

True
False

Answer 28

False

Question 29

In the Anthem Blue Cross breach, where 80 million names, birthdays, social security numbers, etc., were stolen, the hackers got in by:

Breaking into the building where they were stored

Obtaining passwords of five or more high-level employees

Making phone calls to insiders posing as IT people needing to log into their accounts

Emailing each of the 80 million patients asking for their private information

Recovering patient records from a large recycling bin

Answer 29

Obtaining passwords of five or more high-level employees