Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Financial Transactions > Cyberfraud > Flashcards

Cyberfraud Flashcards

1
Q

Pharming is a type of attack in which users are fooled into entering sensitive data into a malicious website that imitates a legitimate website.

A. True
B. False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Matthew receives a voice mail message telling him that his credit card might have been used fraudulently. He is asked to call a phone number. When he calls the number, he hears a menu and a list of choices that closely resembles those used by his credit card company. The phone number even appears to be similar to that of his card issuer. Of which of the following types of schemes has Matthew become the target?

A. Pharming
B. Vishing
C. Smishing
D. Spear phishing

A

B. Vishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following is a technical security control that involves application-level controls implemented to prevent data from being accessed, stolen, modified, or deleted by unauthorized users?

A. Multifactor authentication
B. Data classification
C. Application security
D. Network security

A

C. Application security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Vishing is a type of phishing scheme that uses text messages or other short message systems to dupe an individual or business into providing sensitive data by falsely claiming to be from an actual business, bank, internet service provider (ISP), or other entity.

A. True
B. False

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following is an administrative security control that an organization’s management can implement?

A. Creating an incident response plan
B. Issuing smart access cards to employees
C. Installing a firewall for the network
D. Backing up system files regularly

A

A. Creating an incident response plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following activities does NOT typically occur during the containment and eradication step of the recommended methodology for responding to cybersecurity incidents?

A. Limiting the damage caused by the attack
B. Restoring control of the affected systems
C. Identifying all breaches that occurred
D. Notifying the appropriate internal personnel

A

C. Identifying all breaches that occurred

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following is the MOST ACCURATE definition of a Trojan horse?

A. A program or command procedure that appears useful but contains hidden code that causes damage
B. A software program that contains various instructions that are executed every time a computer is turned on
C. A virus that changes its structure to avoid detection
D. A type of software that collects and reports information about a computer user without the user’s knowledge or consent

A

A. A program or command procedure that appears useful but contains hidden code that causes damage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

All the following are best practices for ensuring separation of duties within the information systems department and between IT and business unit personnel EXCEPT:

A. End users should not have access to production data outside the scope of their normal job duties.
B. Program developers should not be responsible for testing programs.
C. IT departments should not overlap with information user departments.
D. Only programmers should be server administrators.

A

D. Only programmers should be server administrators.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following is the MOST ACCURATE definition of spyware?

A. A type of software that collects and reports information about a computer user without the user’s knowledge or consent
B. A computer program that replicates itself and penetrates operating systems to spread malicious code to other computers
C. A program or command procedure that appears useful but contains hidden code that causes damage
D. Any software application that displays advertisements while it is operating

A

A. A type of software that collects and reports information about a computer user without the user’s knowledge or consent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A data classification policy can BEST be described as a(n):

A. Technical security control
B. Physical security control
C. Application security control
D. Administrative security control

A

D. Administrative security control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following BEST describes phishing?

A. A method for acquiring sensitive information needed to facilitate a specific scheme by searching through large quantities of available data
B. A method for acquiring sensitive information in which an attacker hides near the target to gain unauthorized access to a computer system
C. A method for acquiring sensitive information by bypassing a computer system’s security using an undocumented operating system and network functions
D. A method for acquiring sensitive information by falsely claiming through electronic communication to be from an entity with which the target does business

A

D. A method for acquiring sensitive information by falsely claiming through electronic communication to be from an entity with which the target does business

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following types of malware can be used to generate illicit income in the form of cryptocurrency while slowing an infected computer and causing victims to incur costs related to power usage or cloud storage?

A. Spyware
B. Coin miners
C. Overwrite viruses
D. Keyloggers

A

B. Coin miners

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following BEST describes social engineering?

A. A method for gaining unauthorized access to a computer system in which an attacker hides near the target to obtain sensitive information that they can use to facilitate their intended scheme
B. A method for gaining unauthorized access to a computer system in which an attacker bypasses a system’s security using an undocumented operating system and network functions
C. A method for gaining unauthorized access to a computer system in which an attacker searches through large quantities of available data to find sensitive information that they can use to facilitate their intended scheme
D. A method for gaining unauthorized access to a computer system in which an attacker deceives victims into disclosing personal information or convinces them to commit acts that facilitate the attacker’s intended scheme

A

D. A method for gaining unauthorized access to a computer system in which an attacker deceives victims into disclosing personal information or convinces them to commit acts that facilitate the attacker’s intended scheme

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following refers to the type of network security systems that are designed to supplement firewalls and other forms of network security by detecting malicious activity coming across the network or on a host?

A. Intrusion detection systems
B. Intrusion admission systems
C. Network access controls
D. Network address prevention systems

A

A. Intrusion detection systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following is a type of physical access control device that can be used to control access to physical objects?

A. Locks and keys
B. Electronic access cards
C. Biometric systems
D. All of the above

A

D. All of the above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

To ensure separation of duties within the information systems department and between IT and business unit personnel, computer operators should be responsible for performing computer programming.

A. True
B. False

A

False

17
Q

Logical access controls, encryption, and application security are all technical security controls used to safeguard computer systems and communication networks.

A. True
B. False

A

True

18
Q

Which of the following objectives MOST ACCURATELY describes administrative security controls?

A. Ensuring that all personnel who have access to computing resources have the required authorizations and appropriate security clearances
B. Providing connectivity with acceptable response times, user-friendly access, and a secure mode at an acceptable cost to the organization
C. Keeping unauthorized personnel from entering physical facilities and warning personnel when physical security measures are being violated
D. Fully securing all organizational systems and data without considering budget implications

A

A. Ensuring that all personnel who have access to computing resources have the required authorizations and appropriate security clearances

19
Q

An incident response plan should be created and implemented during the breach notification step of the recommended methodology for responding to cybersecurity incidents.

A. True
B. False

A

False

20
Q

The primary purpose of physical access controls is to prevent unauthorized access to computer software.

A. True
B. False

A

False

21
Q

After paying the ransom demanded by the fraudster, a ransomware victim is always granted access to all locked files on the compromised computer.

A. True
B. False

A

False

22
Q

Which of the following is NOT an indicator that a computer or network might have been accessed or compromised by an unauthorized user or entity?

A. Users receive a notification to update their system passwords before they expire.
B. A user in the IT department detects geographical irregularities in network traffic.
C. Users are prompted to install unusual software or patches onto their computers.
D. An authorized user is denied access to an area in the network that is part of their role.

A

A. Users receive a notification to update their system passwords before they expire.

23
Q

Which of the following is the MOST ACCURATE definition of a computer worm?

A. A program or command procedure that appears useful but contains hidden code that causes damage
B. A type of software that, while not definitely malicious, has a suspicious or potentially unwanted aspect to it
C. A computer program that replicates itself and penetrates operating systems to spread malicious code to other computers
D. Any software application that displays advertisements while it is operating

A

C. A computer program that replicates itself and penetrates operating systems to spread malicious code to other computers CORR

24
Q

is the technical security control involving deliberate scrambling of a message so that it is unreadable except to those who hold the key for unscrambling the message.

A. Alteration of input
B. Firewall security
C. Encryption
D. Customer validation

A

C. Encryption

25
Q

Which of the following is NOT a common carrier of malware?

A. Email attachments
B. Dual in-line memory modules
C. Files downloaded from the internet
D. Freeware and shareware files

A

B. Dual in-line memory modules

26
Q

Which of the following is an accurate definition of smishing?

A. Using computers to steal data from payroll accounts
B. Using text messages to obtain sensitive data
C. Using voice mail to steal private financial data
D. Impersonating a government official to obtain sensitive data

A

B. Using text messages to obtain sensitive data

27
Q

Which of the following is the MOST ACCURATE definition of a software keylogger?

A. A program or command procedure that appears useful but contains hidden code that causes damage
B. A type of software that, while not definitely malicious, has a suspicious or potentially unwanted aspect to it
C. A computer program that replicates itself and penetrates operating systems to spread malicious code to other computers
D. A type of program that monitors and logs the keys pressed on a system’s keyboard

A

D. A type of program that monitors and logs the keys pressed on a system’s keyboard

28
Q

Which of the following statements about ransomware is TRUE?

A. Ransomware is a form of malware that locks a user’s operating system and restricts access to data files until a payment is made.
B. Ransomware is a program or command procedure that appears useful but contains hidden code that causes damage.
C. Ransomware is a classification of malware designed to simplify or automate online criminal activities.
D. Ransomware is a type of software that collects and reports information about a computer user without the user’s knowledge or consent.

A

A. Ransomware is a form of malware that locks a user’s operating system and restricts access to data files until a payment is made

29
Q

Which of the following are information security goals that an e-commerce system should endeavor to meet for its users and asset holders?

I. Penetrability of data

II. Materiality of data

III. Integrity of data

IV. Availability of data

A. III and IV only
B. II and III only
C. I, II, III, and IV
D. I, II, and III only

A

A. III and IV only

30
Q

Which of the following is the MOST ACCURATE description of logical access?

A. The process by which users are allowed to access and use physical objects
B. The process by which users are allowed to use computer systems and networks
C. The process by which computer systems’ contents are encrypted
D. The process by which users can bypass application security over the software and libraries

A

B. The process by which users are allowed to use computer systems and networks

31
Q

A pharming scheme differs from phishing because:

A. The attacker must rely on users clicking a link in an email or other message to direct them to the malicious website that is imitating a legitimate website.
B. The attacker does not have to rely on users clicking a link in an email or other message to direct them to the malicious website that is imitating a legitimate website.
C. The attacker delivers the solicitation message via short message service (also known as SMS or text messaging) instead of email.
D. The attacker delivers the solicitation message via telephones using Voice over Internet Protocol (VoIP) instead of email.

A

B. The attacker does not have to rely on users clicking a link in an email or other message to direct them to the malicious website that is imitating a legitimate website.

32
Q

Which of the following is an information security goal that an e-commerce system should endeavor to meet for its users and asset holders?

A. Systems reliability
B. Exactness
C. Access authority
D. Non-repudiation

A

D. Non-repudiation

33
Q

All the following can help prevent a computer from infection by malicious software EXCEPT:

A. Installing shareware into a system’s root directory
B. Updating the operating system regularly
C. Using anti-malware software
D. Updating with the latest security patches

A

A. Installing shareware into a system’s root directory

34
Q

Which of the following is an example of an effective administrative security control?

A. Security audits and tests
B. Separation of duties
C. Security policies and awareness training
D. All of the above

A

D. All of the above

35
Q

Which of the following is NOT an example of a business email compromise (BEC) scheme?

A. Fraudsters posing as a company’s foreign supplier send an email to the company and request that funds be transferred to an alternate account controlled by the fraudsters.
B. Fraudsters use botnets to send massive amounts of emails for the purpose of enticing the recipients to click on a fraudulent URL.
C. Fraudsters use the compromised email account of an executive to request employees’ personally identifiable information from the person who maintains such information.
D. Fraudsters use the compromised email account of a high-level executive to pose as the executive and ask an employee to transfer funds to the fraudsters’ account.

A

B. Fraudsters use botnets to send massive amounts of emails for the purpose of enticing the recipients to click on a fraudulent URL.

36
Q

Which of the following is a measure that management can take to prevent an organization’s computers from infection by malicious software?

A. Require that users reuse passwords for important accounts.
B. Only allow systems to boot with removable storage devices.
C. Regularly update the organization’s operating systems.
D. Prevent employees from opening any emails with attachments.

A

C. Regularly update the organization’s operating systems.

37
Q

Which of the following lists the information security goals that an e-commerce system should achieve for its users and asset holders?

A. Penetrability, accuracy, exactness, materiality, and systems reliability
B. Confidentiality, integrity, availability, authentication, and non-repudiation
C. Penetrability, accuracy, availability, authentication, and systems reliability
D. Exactness, invulnerability, accuracy, materiality, and data/systems response

A

B. Confidentiality, integrity, availability, authentication, and non-repudiation

Financial Transactions (15 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions