Chapter 7 Questions Flashcards
Spoofing is:
When the “from” address says the name/email address of a person different from who really sent it
When hackers snoop around in a system
When a person from IT unlocks your email account
When you receive a notice of an inheritance
When the “from” address says the name/email address of a person different from who really sent it
In the Target breach, the HVAC systems were actually attached to the retail sales system.
True
False
True
Many organizations and even consumers use this to control access to a network like the Internet, allowing only authorized traffic to pass.
Encryption
VPN
Firewall
Anonymizing tools
Filtering
Firewall
In the Office of Personnel Management’s case, the security breach made many people vulnerable to this.
Loss of personal property
Inaccurate personal data
Identity theft
Loss of access to personal data
Credit card fees
Identity Theft
All of the following are classic signs of a phishing message except:
Your email in-box is full and you must click on a link to increase storage
You just won a lottery or contest, and you need to click on a link to claim your prize
Poor grammar or spelling in a note that purports to be from a large company
Goods or services are offered at an impossibly low price
An emailed ad oddly does not provide any active links
An emailed ad oddly does not provide any active links
According to the late L. Dain Gary, “You cannot make a computer secure.”
True
False
True
You can purchase stolen credit cards on the “deep web” using a browser called “Tor.”
True
False
True
Firewalls can be either in hardware or software form.
True
False
True
Thanks to tightened security in operating systems, it is more difficult than ever before for hackers to break into systems, compared to the early 1990s, when people were much less often protected, less aware of risks, and more easily fooled.
True
False
False
On the black market, stolen data in a “kit” that contains credit card information plus social security number and medical information is worth:
between $13 and $18 per record
between $43 and 65 per record
between $145 and $154 per record
between $100 and $1,000 per record
between $4,520 and $4,580 per record
between $100 and $1,000 per record
Over time, attackers have had to increase their skills to be able to attack systems or create viruses.
True
False
False
The deep web is a part of the internet that includes unindexed websites offering both legal and illegal items, such as passports, citizenship, and even murders for hire.
True
False
True
Examples of multi-factor authentication are:
passwords and text messages
passwords with longer than one character
a human will chat with you to see who you are
using two badges to allow you into a building
none of the above
passwords and text messages
A challenge question is when you are stopped at the gate and the guard asks who you are.
True
False
False
In the Target breach, the IT department was warned on or about the time the files were transferred.
True
False
True
If you receive an email that says it is from Sam Johnson, your boss, with an odd EXE file as an attachment, it could be dangerous for all of the following reasons except:
It could be dangerous because the email might not really be from Sam.
It could be dangerous because the email might be from Sam’s computer without his or her knowledge.
It could be dangerous even if it was sent knowingly because Sam didn’t know a virus might be attached.
It could be dangerous because Sam gave someone his password once a long time ago.
None of the above (indicating that all are true).
None of the above (indicating that all are true).
It usually takes ____ for someone in a firm to discover a security compromise in a system, after the evidence shows up in logs or alerts
Several seconds
Several minutes
Several hours
Several days
Several months
Several months
It is estimated that ___ % of all firms have been breached:
5% or less
10% to 20%
40% to 60%
70% to 90%
Over 95%
Over 95%
The Deep Web is reputed to be 400 times larger than the public web.
True
False
True
Included in the five critical elements that are used to raise security in a firm are all of the following except:
Infrastructure
Law enforcement
Policies
Training
Investments
Law enforcement
A hacker who buys credit card information from hackers receives a short-term guarantee in case the card is declined.
True
False
True
___ of breaches are caused by stealing a password
A very low percentage (somewhere around 1%)
A low percentage (around 10%)
A moderate percentage (around 25%)
A high percentage (around 50%)
A very high percentage (around 80%)
A very high percentage (around 80%)
Two factor authentication is when you use two different methods for people trying to use the system. For instance, you can use a password and a challenge question
True
False
True
When the Office of Personnel Management was hacked, all of the following are true except:
The hackers gained access to the building to steal the records
It took the Office of Personnel Management many months to detect the break-in
The hackers likely exploited a stolen password
The hackers did not need to escape in the blue turbocharged vehicle
None of the above (indicating that all are true)
The hackers gained access to the building to steal the records
The most common password of all in 2014 is:
Something complex that is hard to remember
None at all-they most commonly skip passwords and just press ENTER to continue
“password”
“123456”
“Rihanna”
“123456”
Who is responsible for developing security education, awareness, and training programs?
IT people
Shared: IT leaders and business leaders
Business leaders
Consultants
Team of consultants and IT people
Shared: IT leaders and business leaders
The cost of a data breach in 2015 is estimated to be:
between $13 and $18 per record
between $43 and 65 per record
between $145 and $154 per record
between $100 and $1,000 per record
between $4,520 and $4,580 per record
between $145 and $154 per record
If you receive an email from your son, and the body of the email tells you to open an attachment because it is funny, the risk is pretty close to zero because it came from your son.
True
False
False
In the Anthem Blue Cross breach, where 80 million names, birthdays, social security numbers, etc., were stolen, the hackers got in by:
Breaking into the building where they were stored
Obtaining passwords of five or more high-level employees
Making phone calls to insiders posing as IT people needing to log into their accounts
Emailing each of the 80 million patients asking for their private information
Recovering patient records from a large recycling bin
Obtaining passwords of five or more high-level employees
