Deck 11: Cybercrime and It Security

A)It can improve employee productivity.
B)It can provide data security.
C)It creates a bug-free environment.
D)It enhances employee interaction.

A)An individual who attacks a computer system or network for financial gain
B)An individual who hacks computers or Web sites in an attempt to promote a political ideology
C)An individual who attempts to destroy the infrastructure components of governments and financial institutions
D)An individual who is hired by an organization to test the security of its information systems

A)It affects the productivity of the employees of a company.
B)It inhibits the privacy of the employees of a company.
C)It exposes a company's data to malware.
D)It creates the image of a company as not being flexible.

A)It propagates without human intervention,often sending copies of itself to other computers by email.
B)It allows hackers to destroy hard drives,corrupt files,and steal passwords by recording keystrokes and transmitting them to a server operated by a third party.
C)It inserts unwanted words,numbers,or phrases into documents or alters command functions in an infected document.
D)It abuses email systems to send unsolicited email to large numbers of people.

A)hacktivists
B)white hat hackers
C)black hat hackers
D)cyberterrorists

A)scareware
B)worm
C)virus
D)logic bomb

A)A Trojan horse
B)A distributed denial-of-service attack
C)A spam
D)A smish

A)It steals passwords and Social Security numbers.
B)It generates and grades tests that humans can pass but all but the most sophisticated computer programs cannot.
C)It causes productivity losses due to workers being unable to use their computers.
D)It fraudulently uses third-party emails to try to get the recipient to reveal personal data.

A)It is a harmful program that involves the use of Short Message Service to get personal details from victims.
B)It is the act of fraudulently using email to try to get the recipient to reveal personal data.
C)It is a piece of code that causes a computer to behave in an unexpected and usually undesirable manner.
D)It is the abuse of email systems to send unsolicited email to large numbers of people.

A)unidentified attack
B)zero-day attack
C)exploit
D)threat

A)exit door
B)glitch
C)bot
D)exploit

A)A red hat hacker
B)A gray hat hacker
C)A white hat hacker
D)A black hat hacker

A)An individual who attempts to destroy the infrastructure components of governments,financial institutions,utilities,and emergency response units
B)An individual who hacks computers or Web sites in an attempt to promote a political ideology
C)An employee or contractor who attempts to gain financially and/or disrupt a company's information systems and business operations
D)An individual who captures trade secrets and attempts to gain an unfair competitive advantage

A)They hack computers in an attempt to promote a political ideology.
B)They disrupt a company's information systems and business operations.
C)They are hired by an organization to test the security of its information systems.
D)They are hired by an organization to test the security of another organization's information systems.

A)black hat hackers
B)white hat hackers
C)hacktivists
D)crackers

A)Camware
B)Spyware
C)Scareware
D)Ransomware

A)They are hired by an organization to test the security of its information systems.
B)They disrupt a company's information systems and business operations.
C)They capture trade secrets and attempt to gain an unfair competitive advantage in a company.
D)They destroy the infrastructure components of governments,financial institutions,and emergency response units.

A)A patch
B)A key
C)A license
D)A constraint

A)white hat hackers
B)hacktivists
C)industrial spies
D)black hat hackers

A)Atomicity,consistency,isolation,and durability (ACID)
B)Microprocessor without Interlocked Pipeline Stages (MIPS)
C)Completely Automated Public Turing Test to Tell Computers and Humans Apart (CAPTCHA)
D)Document Style Semantics and Specification Language (DSSSL)

A)The phisher sends a survey to the employees of several organizations to obtain details of the configuration of their computing devices.
B)The phisher sends a voice mail message to a number of people to call a phone number or access a Web site.
C)The phisher sends legitimate-looking text messages through his or her phone to advertise a certain organization.
D)The phisher sends fraudulent emails to a certain organization's employees disguising them as mails from high-level executives from within the organization.

A)zombies
B)daemons
C)narutus
D)konohas

A)Cyberespionage
B)Spam
C)Phishing
D)Smishing

A)The phisher sends legitimate-looking messages through phone to acquire personal information.
B)The phisher sends a survey email to obtain the configuration of an unsuspecting user's computing device.
C)The phisher sends a voice mail message to an unsuspecting user to call a phone number or access a Web site.
D)The phisher sends fraudulent emails to a certain organization's employees.

A)Distributed denial-of-service
B)Smishing
C)Logic bomb
D)Phishing

A)Multimedia Messaging Service
B)Short Message Service
C)Email
D)Voice mail

A)They lead consumers to counterfeit Web sites designed to trick them into divulging personal data.
B)They are used by organizations to test the security of information systems.
C)They involve the use of Short Message Service (SMS)texting for phishing.
D)They spy on users by recording keystrokes and transmitting them to a server operated by a third party.

A)Multimedia Messaging Service
B)Short Message Service
C)Email
D)Voice mail

A)It is the act of fraudulently using email to try to get the recipient to reveal personal data by sending legitimate-looking emails urging the recipient to take action to avoid a negative consequence or to receive a reward.
B)It is the unintended release of sensitive data by unauthorized individuals.
C)It is the abuse of email systems to send unsolicited email to large numbers of people.
D)It is a set of programs that enables its user to gain administrator-level access to a computer without the end user's consent or knowledge.

A)dropper
B)loader
C)linker
D)adapter

A)rootkit
B)smishing
C)phishing
D)bootkit

A)A rootkit
B)A distributed denial-of-service attack
C)A logic bomb attack
D)A cyberespionage incident

A)A worm
B)Smishing
C)A logic bomb
D)Phishing

A)Spam is a type of attack with which a hacker takes over computers via the Internet and causes them to flood a target site with demands for data and other small tasks.
B)Spam is a program in which malicious code is hidden inside a seemingly harmless program.
C)Spam is a set of programs that enables its user to gain administrator-level access to a computer without the end user's consent or knowledge.
D)Spam is an extremely inexpensive method of marketing used by many legitimate organizations.

A)It legalizes spamming with certain restrictions.
B)It provides a solution to tackle a Trojan horse.
C)It identifies distributed denial-of-service attacks.
D)It prevents worms by eliminating their ability to replicate.

A)Spear-phishing
B)Botnet
C)Cyberespionage
D)Smishing

A)Spoofing
B)Vishing
C)Phishing
D)Smishing

A)advanced persistent threat
B)vishing scam
C)identity threat
D)data breach

A)scareware
B)patch
C)rootkit
D)worm

A)It decides whether or not to implement a particular countermeasure against attacks.
B)It recognizes that managers must use their judgment to ensure that the cost of control does not exceed a system's benefits.
C)It recognizes the loss events or the risks or threats that could occur,such as a distributed denial-of-service attack or insider fraud.
D)It determines the impact of each threat occurrence.

A)encryption
B)authentication
C)authorization
D)indexing

A)The data captured by an attacker is sent to the attacker's home base for analysis.
B)An attacker establishes a computer program that bypasses security mechanisms.
C)An attacker is ready to access compromised systems and capture information.
D)The valid user credentials gathered by an attacker is used to install backdoors for distributing malware.

A)An intruder gains useful information about the target.
B)An intruder establishes a computer program that bypasses security mechanisms.
C)An intruder is ready to access compromised systems and capture information.
D)An intruder gathers valid user credentials and installs backdoors for distributing malware.

A)Distributed denial-of-service attack
B)Cyberterrorism
C)Cyberespionage
D)Theft of device

A)Cyberterrorism
B)Smishing
C)Cyberespionage
D)Vishing

A)transaction incognito mode
B)transaction identification code
C)transaction-spam control software
D)transaction-risk scoring software

A)Virtual private network (VPN)
B)File transfer protocol (FTP)
C)Indexing
D)Data warehousing

A)An antivirus software
B)The concept of Reasonable assurance
C)A firewall
D)A browser

A)The discovery phase
B)The capture phase
C)The reconnaissance phase
D)The incursion phase

A)United States Computer Emergency Readiness Team (US-CERT)
B)United States Computer Query Emergency Team (US-CQET)
C)United States Computer Emergency Encryption Team (US-CEET)
D)United States Computer Emergency Authority Team (US-CEAT)

A)Personal identification number
B)Card verification value
C)Automated teller machine
D)Know your customer digits

A)The reconnaissance phase
B)The discovery phase
C)The capture phase
D)The export phase

A)It involves the deployment of malware that secretly steals data in the computer systems of organizations.
B)It is the unintended release of sensitive data or the access of sensitive data by unauthorized individuals.
C)It is a network attack in which an intruder gains access to a network and stays undetected with the intention of stealing data over a long period of time.
D)It is the intimidation of a government by using information technology to disable critical national infrastructure to achieve ideological goals.

A)smishing
B)phishing
C)data breach
D)identity theft

A)Automobile industry
B)Logistics industry
C)Gas industry
D)Health industry

A)Trustworthy computing
B)Cyberespionage
C)Cyberterrorism
D)Identity theft

A)An intruder gains useful information about the target.
B)An intruder establishes a means of accessing a computer program that bypasses security mechanisms.
C)An intruder gathers valid user credentials and installs backdoors for distributing malware.
D)An intruder is ready to access compromised systems and capture information.

A)A risk exportation
B)A data breach
C)Cyberterrorism
D)Rifting

A)Cloud computing
B)Trustworthy computing
C)Mobile computing
D)Cluster computing

A)Knowledge-based IDS
B)Behavior-based IDS
C)Threat-based IDS
D)Risk-based IDS

A)An IDS is a discipline that combines elements of law and computer science to identify,collect,examine,and preserve data from computer systems,networks,and storage devices.
B)An IDS evaluates an organization's security policy.
C)An IDS indicates the presence of a specific virus.
D)An IDS is software and/or hardware that monitors system and network resources for breaches.

A)It is a discipline that combines elements of law and computer science to identify,collect,examine,and preserve data from computer systems,networks,and storage devices.
B)It evaluates an organization's security policy.
C)It detects viruses in a computer system and quarantines them.
D)It is the software and/or hardware that monitors system and network resources and notifies network security personnel when it detects network traffic that attempts to circumvent the security measures of a networked computer environment.

A)It quarantines the virus present in a system.
B)It indicates the presence of a specific virus in a system.
C)It temporarily stops the activities of a detected virus.
D)It deletes a detected virus completely.

A)internet audit
B)cost audit
C)software audit
D)security audit