CSC220 Chapter 13

A hacktivist is someone who _______.
a. attempts to gain financially and/or disrupt a company’s information systems and business operations
b. hacks computers or Web sites in an attempt to promote a political ideology
c. attempts to destroy the infrastructure components of governments
d. violates computer or Internet security maliciously or for illegal personal gain

b. hacks computers or Web sites in an attempt to promote a political ideology

Someone who violates computer or Internet security maliciously or for illegal personal gain is known as a(n) _______.
a. black hat hacker
b. industrial spy
c. hacktivist
d. cyberterrorist

a. black hat hacker

This harmful malware is triggered by a specific event, such as Friday the 13th.
a. Virus
b. Worm
c. Logic bomb
d. Trojan bomb

c. logic bomb

A botnet is a ____.
a. network of robots that control an assembly line at a factory
b. network of servers that exchange traffic data
c. network of devices that are used for managing security
d. network of computers that send out access requests to servers repeatedly

d. network of computers that send out access requests to servers repeatedly

Your business has a web server that has suddenly become unresponsive. When you study the server’s logs there are a huge number of requests from what appear to be legitimate computers. The problem is likely because of _____.
a. a CAPTCHA issue
b. a denial~of~service attack
c. too many Spam emails
d. a logic bomb

b. a denial~of~service attack

The second phase of an Advanced Persistent Threat attack is _____.
a. capture
b. reconnaissance
c. incursion
d. discovery

c. incursion

The purpose of Advanced Persistent Threat (APT) usually is to ____.
a. steal money
b. interrupt service
c. steal data
d. annoy the users

c. steal data

You had used an online service to apply for a credit card. As part of the process, you submitted your personal information such as SSN, date of birth, employer information, etc. Soon after you started receiving bills for items you did not purchase. You have become a victim of ________.
a. cyberterrorism
b. ransomware
c. identity theft
d. cyber espionage

c. identity theft

The US~CERT incident reporting system is used to ____.
a. alert the bank about stolen credit cards
b. alert the government about missing computers
c. alert the Border Patrol about undocumented workers
d. alert the Department of Homeland Security about information security incidents

d. alert the department of homeland security about information security incidents

Which of the following subject areas does the USA Patriot Act cover?
a. Cyberterrorism
b. Identity theft
c. Credit card fraud
d. Transmitting virus programs

a. cyberterrorism

Which of the following laws covers false claims regarding unauthorized use of credit cards?
a. Computer Fraud and Abuse Act
b. Fraud and Related Activity in Connection with Access Devices Statute
c. Identity Theft and Assumption Deterrence Act
d. Stored Wire and Electronic Communications and Transactional Records Access Statutes

b. Fraud and Related Activity in Connection with Access Devices Statute

A company’s risk assessment process can include numerous threats to the computers and networks. Which of the following can be considered an adverse event?
a. Distributed denial~of~service attack
b. Email attachment with harmful worm
c. Harmful virus
d. All of the above

d. all of the above

Which of the following is the correct description of a firewall?
a. It is a software that deletes viruses from attachments.
b. It is hardware that prevents unauthorized data to enter the private network.
c. It is a software and hardware combination that limits the incoming and outgoing Internet traffic.
d. It is a concept used in developing security policies.

c. it is a software and hardware combination that limits the incoming and outgoing Internet traffic.

Which of the following shortcoming may be revealed during an IT security audit?
a. whether the IT budget is adequate or not
b. whether the users are satisfied with IT services or not
c. whether only a limited number of people have access to critical data or not
d. whether the firewall is tall enough

c. whether only a limited number of people have access to critical data or not

There has been a data breach at your business and the business has lost some customer data. It has led to angry customers who have filed charges. What is a recommended course of action to prepare for future events?
a. activate the forensics analysis team and prepare documentation
b. meet with your lawyers to prepare to counter~sue the customers
c. settle with the customers, however much it may cost
d. none of these answers

a. activate the forensics analysis team and prepare documentation