Test Bank for Corporate Computer Security, 5th Edition

Page 1 of 16

Test Bank for Corporate Computer Security, 5th Edition - Page 1 preview image

1Corporate Computer Security, 5e(Boyle/Panko)Chapter 1 The Threat Environment1) The three common core goals of security are ________.A) confidentiality, information, and authorizationB) confidentiality, integrity, and authenticationC) confidentiality, information, and availabilityD) confidentiality, integrity, and availabilityAnswer: DPage Ref: 3Learning Objective: 1.1 Define the term threat environmentDifficulty: Moderate2) If an attacker breaks into a corporate databaseand deletes critical files, this is an attack againstthe ________ security goal.A) confidentialityB) integrityC) availabilityD) CIAAnswer: BPage Ref: 3Learning Objective: 1.1 Define the term threat environmentDifficulty: Moderate3) Whichof the following is NOT a type of countermeasure?A) CorrectiveB) PreventativeC) DetectiveD) SustainableAnswer: DPage Ref: 4Learning Objective: 1.1 Define the term threat environmentDifficulty: Moderate4) When a threat succeeds in causingharm to a business, this is known as a(n) ________.A) breachB) PIIC) CIAD) unintended accessAnswer: APage Ref: 4Learning Objective: 1.1 Define the term threat environmentDifficulty: Easy

Page 2 of 16

Test Bank for Corporate Computer Security, 5th Edition - Page 2 preview image

Page 3 of 16

Test Bank for Corporate Computer Security, 5th Edition - Page 3 preview image

25) Methods that security professionals use to try to stop threats include all of the followingEXCEPT ________.A) safeguardsB) countermeasureC) protectionsD) breachesAnswer: DPage Ref: 3Learning Objective: 1.1 Define the term threat environmentDifficulty: Moderate6) Which of the following is NOT a type of countermeasure?A) DetectiveB) CorrectiveC) CyberwarD) PreventativeAnswer: CPage Ref: 4Learning Objective: 1.1 Define the term threat environmentDifficulty: Easy7) The costof computer crime is well known.Answer: FALSEPage Ref: 2LearningObjective: 1.1 Define the term threat environmentDifficulty: Moderate8) Availability means that attackers cannot change or destroy information.Answer: FALSEPage Ref: 3Learning Objective: 1.1 Define the term threat environmentDifficulty: Easy9) Costs for all threats is increasing annually.Answer: TRUEPage Ref: 3Learning Objective: 1.1 Define the term threat environmentDifficulty: Easy10) Corrective countermeasures identify when a threat is attacking.Answer: FALSEPage Ref: 4Learning Objective: 1.1 Define the term threat environmentDifficulty: Easy

Page 4 of 16

Test Bank for Corporate Computer Security, 5th Edition - Page 4 preview image

311) Preventative countermeasures keep attacks from succeeding.Answer: TRUEPage Ref: 4Learning Objective: 1.1 Define the term threat environmentDifficulty: Easy12) Detective countermeasures is considered one of the security goals of computer staff.Answer: FALSEPage Ref: 4Learning Objective: 1.1 Define the term threat environmentDifficulty: Easy13) Most countermeasure controls are preventative controls.Answer: TRUEPage Ref: 4Learning Objective: 1.1 Define the term threat environmentDifficulty: Easy14) A ________ happens when an unauthorized person is able to view, alter, or steal secureddata.A) countermeasureB) data breachC) safeguardD) compromiseAnswer: BPage Ref: 5Learning Objective: 1.2 Describe the impact of data breachesDifficulty: Easy15) More than ________ records were stolen in 2018.A) 2.2 billionB) 1 millionC) 5 billionD) 100,000Answer: CPage Ref: 5Learning Objective: 1.2 Describe the impact of data breachesDifficulty: Easy

Page 5 of 16

Test Bank for Corporate Computer Security, 5th Edition - Page 5 preview image

416)Which of the following is true about data breaches in 2018?A) It's likely that half of all Americans lost their records at least one time in 2018.B) It's likely that nearly everyone lost their records at least one time in 2018.C) More than 12 billion people lost their records in 2018.D) Slightly less than half of the world's population lost their records at least once in 2018.Answer: BPage Ref: 5Learning Objective: 1.2 Describe the impact ofdata breachesDifficulty: Moderate17) Indirect costs due to data breaches are estimated to be:A) $3.9 million per incidentB) $150 million per yearC) $10,000 per incidentD) $190,000 per yearAnswer: APage Ref: 5Learning Objective: 1.2 Describe the impact of data breachesDifficulty: Easy18) The chances of an organization having a data breach over the next two years isapproximately ________.A) 10 percentB) 20 percentC) 42 percentD) 28 percentAnswer: DPage Ref: 5Learning Objective: 1.2Describe the impact of data breachesDifficulty: Easy19) Which of the following is NOT an indirect cost of a major data breach?A) Loss of reputationB) Notification costsC) Abnormal customer turnoverD) Increased customer acquisition activitiesAnswer: BPage Ref: 5Learning Objective: 1.2 Describe the impact of data breachesDifficulty: Moderate

Page 6 of 16

Test Bank for Corporate Computer Security, 5th Edition - Page 6 preview image

520) Which of the following is NOT a direct cost of a major data breach?A) Loss of reputationB) Notification costsC) Legal feesD) DetectionAnswer: APage Ref: 5Learning Objective: 1.2 Describe the impact of data breachesDifficulty: Moderate21) Which of the following companies experienced the largest data breach in history in 2016?A) AmazonB) Yahoo! Inc.C) First American Corp.D) FacebookAnswer: BPage Ref: 5Learning Objective: 1.2 Describe the impact of data breachesDifficulty: Easy22) When a data breach occurs, hackers are primarily looking for ________.A) personal and business addressesB) access to systemsC) personally identifiable informationD) cash and credit card numbersAnswer: CPage Ref: 6Learning Objective: 1.2 Describe the impact of data breachesDifficulty: Easy23) Stolen information is commonly used for ________.A) credit card fraudB) identity theftC) false claimsD) data mismanagementAnswer: APage Ref: 6Learning Objective: 1.2 Describe the impact of databreachesDifficulty: Easy

Page 7 of 16

Test Bank for Corporate Computer Security, 5th Edition - Page 7 preview image

624) Which of the following is typically considered the first step in protecting your company fromdata breaches?A) Locking upyour data to prevent data breachesB) Understanding how data breaches happenC) Purchasing softwareto prevent data breachesD) Hiring a qualified data security teamAnswer: BPage Ref: 7Learning Objective: 1.2 Describe the impact of data breachesDifficulty: Easy25) Data from Target customers was stolen ________.A) onlineB) from point-of-sale (POS) systemsC) primary by internal hackers, mostly employeesD) through employee extortionAnswer: BPage Ref: 7Learning Objective: 1.2 Describe the impact of data breachesDifficulty: Easy26) Attackers in the Target data breach used malware and then used ______ or ______ to infect aTarget third party vendor.A) spear phishing; sabotageB) hacking; sabotageC) spear phishing; a targeted phishing attackD) viruses; wormsAnswer: CPage Ref: 7Learning Objective: 1.2 Describe the impact of data breachesDifficulty: Moderate27) What is Trojan.POSRAM in regard to Target's data breach?A) Employee sabotageB) MalwareC) A virusD) A wormAnswer: BPage Ref: 8Learning Objective: 1.2 Describe the impact of data breachesDifficulty: Easy

Page 8 of 16

Test Bank for Corporate Computer Security, 5th Edition - Page 8 preview image

728) The Target data breach helped impact a shift from swipe cards to ________.A) EMV-compliant smart cardsB) POS systemsC) keystroke loggerD) rootkitsAnswer:APage Ref: 8Learning Objective: 1.2 Describe the impact of data breachesDifficulty: Easy29) One of the long-lasting effects of the data breach to Target was ________.A) loss of moneyB) loss of customer confidenceC) loss of merchandiseD) employee dissatisfactionAnswer: BPage Ref: 8Learning Objective: 1.2 Describe the impact of data breachesDifficulty: Moderate30) Data breaches are rarely costly to a company.Answer: FALSEPage Ref: 5Learning Objective: 1.2 Describe the impact of databreachesDifficulty: Moderate31) Data breaches are always the result of hackers in distant locations.Answer: FALSEPage Ref: 5Learning Objective: 1.2 Describe the impact of data breachesDifficulty: Easy32) Direct costs of handling a data breachinclude paying for notification and detection.Answer: TRUEPage Ref: 5Learning Objective: 1.2 Describe the impact of data breachesDifficulty: Easy33) Indirect cost related to data breaches average an addition $10 million per incident in the U.S.Answer: FALSEPage Ref: 5Learning Objective: 1.2 Describe the impact of data breachesDifficulty: Easy

Page 9 of 16

Test Bank for Corporate Computer Security, 5th Edition - Page 9 preview image

834) There is about a one in four chance that your organization will experience a data breach.Answer: TRUEPage Ref: 5Learning Objective: 1.2 Describe the impact of data breachesDifficulty: Easy35) More than 67 percent of data breaches come from hackers trying to make money.Answer: TRUEPage Ref: 5Learning Objective: 1.2 Describe the impact of data breachesDifficulty: Easy36) Rogue internal employees typically have a more difficult time stealing data than do externalhackers.Answer: FALSEPage Ref: 6Learning Objective: 1.2 Describe the impact of data breachesDifficulty: Easy37) The Target data breach affected 30 percent of the population of the U.S.Answer: TRUEPage Ref: 7Learning Objective: 1.2 Describe the impact of data breachesDifficulty: Easy38) Trojan.POSRAM is a variant ofthe ILOVEYOU virus.Answer: FALSEPage Ref: 8Learning Objective: 1.2 Describe the impact ofdata breachesDifficulty: Easy39) Hackers sold stolen credit card information gained from the Target breach.Answer: TRUEPage Ref: 9Learning Objective: 1.2 Describe the impact of data breachesDifficulty: Easy40)Which of the following is FALSEabout employees being considered dangerous in regard tosecurity?A) Employees usually have extensive knowledge of systems.B) Employees often have the credentials needed to access sensitive parts of systems.C) Companiesgenerally have little trust in their employees.D) Employees know corporate control mechanisms and so often know how to avoid detection.Answer: CPage Ref: 11Learning Objective: 1.3 Describe threats from employees and ex-employeesDifficulty: Moderate

Page 10 of 16

Test Bank for Corporate Computer Security, 5th Edition - Page 10 preview image

941) ________ are considered the most dangerous of all employees.A) Financial professionalsB) IT security employeesC) CEOsD) Data entry clerksAnswer: BPage Ref: 11Learning Objective: 1.3 Describe threats from employees and ex-employeesDifficulty: Moderate42) ________ isthe destruction of hardware, software, or data.A) ExtortionB) Denial of serviceC) HackingD) SabotageAnswer: DPage Ref: 13Learning Objective: 1.3 Describe threats from employees and ex-employeesDifficulty: Easy43) In ________, a perpetrator tries to obtain money or other goods by threatening to takeactions that would be against the victim's interest.A) fraudB) hackingC) abuseD) extortionAnswer: DPage Ref: 14Learning Objective: 1.3 Describe threatsfrom employees and ex-employeesDifficulty: Easy44) ________ consists of activities that violate a company's IT use and/or ethics policies.A) AbuseB) FraudC) ExtortionD) HackingAnswer: APage Ref: 14Learning Objective: 1.3 Describe threatsfrom employees and ex-employeesDifficulty: Easy

Page 11 of 16

Test Bank for Corporate Computer Security, 5th Edition - Page 11 preview image

1045) Which of the following is considered a trade secret?A) Product formulationsB) PatentsC) Trade namesD) TrademarksAnswer: APage Ref: 14Learning Objective: 1.3 Describe threats from employees and ex-employeesDifficulty:Easy46) Employees often have extensive knowledge of systems and can pose a greater risk thanexternal attackers.Answer: TRUEPage Ref: 11Learning Objective: 1.3 Describe threats from employees and ex-employeesDifficulty: Easy47) Penalties for hacking are significantly different if you are attempting to steal a million dollarsor attempting to steal nothing of value.Answer: FALSEPage Ref: 11Learning Objective: 1.3 Describe threats from employees and ex-employeesDifficulty: Easy48) Misappropriation of assets is an example of employee financial theft.Answer: TRUEPage Ref: 13Learning Objective: 1.3 Describe threats from employees and ex-employeesDifficulty: Easy49) Downloading pornography can invoke a sexual harassment lawsuit.Answer: TRUEPage Ref: 13Learning Objective: 1.3 Describe threats from employees and ex-employeesDifficulty: Easy50) If you are explicitlyor implicitly allowed to use the resources that you're accessing on acompany computer, you have authorizationto do so.Answer: TRUEPage Ref: 13Learning Objective: 1.3 Describe threats from employees and ex-employeesDifficulty: Easy

Page 12 of 16

Test Bank for Corporate Computer Security, 5th Edition - Page 12 preview image

1151) Copyrights and patents are known as trade secrets.Answer: FALSEPage Ref: 13Learning Objective: 1.3 Describe threatsfrom employees and ex-employeesDifficulty: Moderate52) You have access to your home page on a server. By accident, you discover that if you hit acertain key, you can get into someone else's files. You spend just a few minutes looking around.This ishacking.Answer: TRUEPage Ref: 13Learning Objective: 1.3 Describe threats from employees and ex-employeesDifficulty: Moderate53) The terms "intellectual property" and "trade secret" are synonymous.Answer: FALSEPage Ref: 13Learning Objective:1.3 Describe threats from employees and ex-employeesDifficulty: Easy54) Contract workers can also be considered a threat to a business.Answer: TRUEPage Ref: 15Learning Objective: 1.3 Describe threats from employees and ex-employeesDifficulty:Easy55) ________ is a generic term for "evil software."A) SpywareB) PayloadsC) MalwareD) RansomwareAnswer: CPage Ref: 16Learning Objective: 1.4 Describe threats from malware writersDifficulty: Easy56) ________ are programs that attach themselves to legitimate programs.A) VirusesB) WormsC) PayloadsD) Direct-propagation wormsAnswer: APage Ref: 16Learning Objective: 1.4 Describe threats from malware writersDifficulty: Easy

Page 13 of 16

Test Bank for Corporate Computer Security, 5th Edition - Page 13 preview image

1257) ________ are spread through e-mail with infectedattachments.A) VirusesB) WormsC) Direct-propagation wormsD) Distributed denial-of-service (DDoS) attacksAnswer: CPage Ref: 16Learning Objective: 1.4 Describe threats from malware writersDifficulty: Moderate58) Some ________ can jump directly between computers without human intervention.A) DDoS attacksB) virusesC) wormsD) direct-propagation wormsAnswer: BPage Ref: 16Learning Objective: 1.4 Describe threats from malware writersDifficulty: Easy59) ________ take advantage of vulnerabilities in software.A) Direct-propagation wormsB) Trojan horsesC) Blended threatsD) BotsAnswer: DPage Ref: 16Learning Objective: 1.4 Describe threats from malware writersDifficulty: Moderate60) What is a payload?A) Malicious softwarethat blocks access to a system or data until money is paid to the attackerB) A generic name for any "evil software"C) A piece of code executed by a virus or a wormD) A program that gives an attacker remote control of your computerAnswer: CPage Ref:18Learning Objective: 1.4 Describe threats from malware writersDifficulty: Difficult

Page 14 of 16

Test Bank for Corporate Computer Security, 5th Edition - Page 14 preview image

1361)A program that gives an attacker remote access control of your computer is known as________.A) a RATB) a Trojan horseC) spywareD) a cookieAnswer: APage Ref: 19Learning Objective: 1.4 Describe threats from malware writersDifficulty: Moderate62) A ________ is a small program that, after installed, downloads a larger attack program.A) rootkitB) keystroke loggerC) downloaderD) Trojan horseAnswer: CPage Ref: 19Learning Objective: 1.4 Describe threats from malware writersDifficulty: Moderate63) Which of the following is a type of spyware?A) Keystroke loggersB) RootkitsC) SpamD) DownloadersAnswer: APage Ref: 20Learning Objective: 1.4 Describe threats from malware writersDifficulty: Moderate64)Which of the following is FALSE about rootkits?A) Rootkits are seldom caught by ordinary antivirus programs.B) Rootkits take over the root account of a computer.C) Rootkits use aroot account's privileges to hide themselves.D) Rootkits are typically less of a threat than are Trojan horses.Answer: DPage Ref: 20Learning Objective: 1.4 Describe threats from malware writersDifficulty: Difficult

Page 15 of 16

Test Bank for Corporate Computer Security, 5th Edition - Page 15 preview image

1465) Mobile code usually is delivered through ________.A) e-mailB) direct-propagation wormsC) webpagesD) spamAnswer: CPage Ref: 20Learning Objective: 1.4 Describe threats from malware writersDifficulty: Moderate66) ________ take advantage of flawed human judgment by convincing a victim to take actionsthat are counter to security policies.A)Phishing attacksB) HoaxesC) Social engineering attacksD) Spear phishing attacksAnswer: CPage Ref: 21Learning Objective: 1.4 Describe threats from malware writersDifficulty: Moderate67) You receive an e-mail that seems to come from your bank. Clicking on a link in the messagetakes you to a website that seems to be your bank's website. However, the website is fake. This iscalled ________.A) a hoaxB) social engineeringC) spear fishingD) phishingAnswer: DPage Ref: 21Learning Objective: 1.4 Describe threats from malware writersDifficulty: Moderate68) You receive an e-mail that appears to come from a frequent customer. It contains specificinformation aboutyour relationship with the customer. Clicking on a link in the message takesyou to a website that seems to be your customer's website. However, the website is fake. This isan example of ________.A) social engineeringB) spear fishingC) phishingD)a hoaxAnswer: BPage Ref: 21Learning Objective: 1.4 Describe threats from malware writersDifficulty: Moderate

Page 16 of 16

Test Bank for Corporate Computer Security, 5th Edition - Page 16 preview image

1569) Worms and viruses act much in the same way in how they propagate.Answer: TRUEPage Ref: 16Learning Objective: 1.4 Describe threats from malware writersDifficulty:Easy70) Nonmobile malware can be carried to a system as part of a payload.Answer: TRUEPage Ref: 18Learning Objective: 1.4 Describe threats from malware writersDifficulty: Easy71) A malicious payload is a program that hides itself by deleting a system file and taking on thesystem file's name.Answer: FALSEPage Ref: 19Learning Objective: 1.4 Describe threats from malware writersDifficulty: Moderate72) Cookies are small text strings stored on your ownpersonal computer.Answer: TRUEPage Ref: 20Learning Objective: 1.4 Describe threats from malware writersDifficulty: Easy73) Mobile code usually is contained in webpages.Answer: TRUEPage Ref: 20Learning Objective: 1.4 Describe threats from malware writersDifficulty: Easy74) The definition of spam is "unsolicited commercial e-mail."Answer: TRUEPage Ref: 21Learning Objective: 1.4 Describe threats from malware writersDifficulty: Easy75)Most traditional external attackers were primarily motivated by ________.A) the thrill of breaking inB) making money through crimeC) stealing personal identity dataD) capturing thousands and thousands of credit card numbersAnswer: APage Ref: 22Learning Objective: 1.5 Describe traditional external hackers and their attacks, including break-in processes, social engineering, and denial-of-service attacksDifficulty: Easy

Preview Mode

This document has 246 pages. Sign in to access the full document!

Report

Learning Tools

Writing Tools

Browse Resources

Test Bank for Corporate Computer Security, 5th Edition - Page 1

Study Now!

Document Details

Related Documents

DevOps and Its Importance Study Notes

Veeam Certified Engineer VMCE-V12

Modules 1 - 3 Basic Network Connectivity and Commu

Notes CCNA

CCNA 200-301 Portable Command Guide 5th Edition 20

CCNA 200-301 Portable Command Guide 5th Edition 22

CCNA 200-301 Portable Command Guide 5th Edition 36

Foundations of Novell Networking Section 26

Modulo 7 DHCPv4

Build and troubleshooting Integration Challenge

Company

Explore

Study Tools