Question 1

A research scientist with a major pharmaceutical firm in New Jersey is caught passing on sensitive information, worth millions of dollars, regarding the composition and test results of his firm's latest drug to a rival company. What crime is he being held responsible for?
A) Cyber-fraud
B) Corporate espionage
C) Carrying out technology disruptions
D) Extortion
E) Illegal funds transfer

Accepted Answer

Corporate espionage involves the illegal and unethical theft or espionage of proprietary, sensitive information such as trade secrets, patents, or proprietary processes from one corporation by another. In this case, the scientist passing on information about a drug's composition and test results to a competitor directly fits the definition of corporate espionage.

Question 2

Which of the followings aspects of international law would enable a cyber-criminal operating across borders to evade prosecution?
A) Lack of technology to identify the origin of a security attack
B) Non-recognition of commission of a security-related crime
C) Unwillingness of developed countries to share technical know-how with lesser-developed countries
D) Non-existent extradition agreements between two countries
E) Technological incompatibility between the two countries

Accepted Answer

Non-existent extradition agreements between two countries can allow cyber-criminals to evade prosecution, as there would be no legal framework to transfer the accused from one jurisdiction to another for trial.

Question 3

A vast majority of security breaches are not preventable and happen despite the best security practices.

Accepted Answer

Many security breaches can be prevented through the implementation of strong security practices, regular system updates, employee training, and adherence to security protocols.

Question 4

What are some of the key managerial takeaways from the Target security breach?

Accepted Answer

The answer of What are some of the key managerial...

Question 5

The term _____ originally referred to a particularly skilled programmer.
A) data harvester
B) cracke
C) hacker
D) black hat
E) hacktivist

Accepted Answer

The term "hacker" originally referred to a particularly skilled programmer, known for their ability to write elegant and efficient code, and not necessarily for malicious activities.

Question 6

An attack on the US power grid by terrorists or a foreign power is indicative of:
A) DDoS attacks.
B) espionage.
C) cyberwarfare.
D) extortion.
E) phishing.

Accepted Answer

An attack on the US power grid by terrorists or a foreign power is indicative of cyberwarfare, as it involves disrupting or damaging a nation's essential services through cyber means, which is a form of aggression or defense in the context of international relations or conflict.

Question 7

Which of the following statements is consistent with ground realities regarding information security?
A) Cyber-crime is not yet considered a serious enough threat to warrant the attention of law-enforcement agencies.
B) Law-enforcement agencies are well-resourced to fight cyber-crimes effectively.
C) Governments usually outmatch private industry in terms of retaining top talent with incentives and generous pay.
D) Law-enforcement agencies struggle to hire, train, and retain staff capable of keeping pace with today's cyber-criminals.
E) Cyber-crime is not rewarding in terms of financial gain.

Accepted Answer

Law-enforcement agencies often face challenges in hiring, training, and retaining staff with the necessary skills to combat the rapidly evolving tactics of cyber-criminals. This is due to various factors, including budget constraints, the fast pace of technological change, and competition with the private sector for skilled personnel.

Question 8

Almost all security breaches can be traced back to technology lapses personnel or procedural factors rarely factor in.

Accepted Answer

Security breaches often result from a combination of technology lapses, personnel errors, and procedural shortcomings, not just technology issues alone.

Question 9

Which of these would be an example of a DDoS attack?
A) An extortion attempt where hackers threaten to reveal names and social security information stolen from medical records databases
B) Overloading a popular social networking site with inbound messages in order to shut down access to the site
C) Launching a targeted phishing campaign on a department of defense or other surveilance network.
D) Stealing proprietary data directly from mobile phones using a distributed network of difficult-to-trace online services.
E) Launching tough-to-track click-fraud efforts

Accepted Answer

A Distributed Denial of Service (DDoS) attack involves overwhelming a website or online service with traffic from multiple sources to make it unavailable to users. Choice B, overloading a social networking site to shut down access, is a classic example of a DDoS attack.

Question 10

Which of the following is a valid statement on information security?
A) Security breaches cannot be prevented despite the adoption of the best security policies.
B) Technology lapses are solely responsible for almost all security breaches.
C) Information security is everybody's responsibility.
D) Greater expenditure on security products is the only way to contain security breaches.
E) A reactive, rather than proactive, approach is better suited for dealing with security breaches.

Accepted Answer

Information security is a shared responsibility that involves everyone in an organization, not just the IT department. This approach helps in creating a culture of security awareness and vigilance.

Question 11

Organized crime networks now have their own R&D labs and are engaged in sophisticated development efforts to piece together methods to thwart current security measures.

Accepted Answer

Organized crime networks have indeed evolved, investing in research and development (R&D) labs to innovate and find new methods to bypass security measures, reflecting their adaptation to technological advancements and efforts to stay ahead of law enforcement.

Question 12

Hackers might infiltrate computer systems to enlist ware for subsequent illegal acts.

Accepted Answer

Hackers often infiltrate computer systems to install malware or enlist computers into botnets, which can then be used for illegal activities such as DDoS attacks, spamming, or cryptocurrency mining without the owner's consent.

Question 13

A protester seeking to make a political point by leveraging technology tools, often through system infiltration, defacement, or damage is called a(n) _____.
A) activist
B) cyber agitator
C) hacktivist
D) ethical hacker
E) cybersquatter

Accepted Answer

Hacktivists use hacking techniques to promote political agendas or social change, distinguishing them from other types of hackers by their motive.

Question 14

Hordes of surreptitiously infiltrated computers, linked and controlled remotely, are known as zombie networks or:
A) honeypots.
B) zombots.
C) botnets.
D) blacklists.
E) megabots.

Accepted Answer

Botnets are networks of infected computers controlled remotely, often used for malicious activities.

Question 15

Many U.S. technology firms believe that U.S. government surveillance techniques put them at a disadvantage relative to foreign firms because:
A) some customers have begun seeking alternative products and services untarnished by the perception of having (complicity or unwittingly) provided private information to authorities.
B) the cost to include government surveillance technology inside their products is expensive and lowers profits compared to rivals.
C) the government-required installations of software, such as Stuxnet, that U.S. tech firms must comply with inevitably take up valuable storage space, adding cost to industrial and commercial products.
D) the cost to house government workers on-site is a burden private corporations should not have to shoulder.
E) firms in foreign governments are directly contracted to perform surveillance, and are compensated for their efforts with perks and tax breaks, while U.S. firms receive no such compensation.

Accepted Answer

The correct choice is A because it reflects concerns about customer trust and the perception of privacy issues associated with U.S. technology firms due to government surveillance practices. Customers seeking alternatives due to these perceptions can indeed put these firms at a competitive disadvantage.

Question 16

Cyber criminals who infiltrate systems and collect data for illegal resale are called _____.
A) cash-out fraudsters
B) data harvesters
C) corporate spies
D) ethical hackers
E) information hoarders

Accepted Answer

Data harvesters are cyber criminals who infiltrate systems to collect data, which they then often sell illegally. This term specifically describes their primary activity of gathering data for nefarious purposes.

Question 17

Several surprising findings were revealed in the wake of the Target breach, providing a cautionary tale for all executives and security professionals. Which of the following was thought to have occurred during the Target security breach?
a. Target had security software, but the notification alerts from the software were ignored.
b. Target had properly installed and configured its security software, but hackers got in, anyway.
c. Credit card databases were on entirely separate systems, not connected to other parts of the firm's information system, but wireless networking allowed hackers to access anything reachable from a cell phone connection.
d. Target regularly monitored file names and matched them to file sizes and archival copies to ensure that software was not installed on their systems using the names of legitimate products, but hackers saved files with blank file names so they wouldn't be detected.
e. All of the above

Accepted Answer

The answer of Several surprising findings were revealed in the...

Question 18

A black hat hacker looks for weaknesses in security mechanisms, with a view to help plug the holes that might be exploited by cyber-criminals.

Accepted Answer

A black hat hacker exploits weaknesses in security mechanisms for personal gain or malicious reasons, not to help plug the holes.

Question 19

Describe some of the factors at work that enabled the Target security breach to occur.

Accepted Answer

The answer of Describe some of the factors at work...

Question 20

A(n) _____ is someone who uncovers computer weaknesses and reveals them to manufacturers or system owners, without exploiting these vulnerabilities.
A) hacktivist
B) data harvester
C) corporate spy
D) white hat hacker
E) ethical cyber criminal

Accepted Answer

A white hat hacker is an ethical computer security expert who specializes in penetration testing and other testing methodologies to ensure the security of an organization's information systems. They uncover vulnerabilities without exploiting them and report them to the manufacturers or system owners for remediation.

Quiz 17: Information Security: Barbarians at the Gateway and Just About Everywhere Else

A research scientist with a major pharmaceutical firm in New Jersey is caught passing on sensitive information, worth millions of dollars, regarding the composition and test results of his firm's latest drug to a rival company. What crime is he being held responsible for?

Which of the followings aspects of international law would enable a cyber-criminal operating across borders to evade prosecution?

A vast majority of security breaches are not preventable and happen despite the best security practices.

What are some of the key managerial takeaways from the Target security breach?

The term _____ originally referred to a particularly skilled programmer.

An attack on the US power grid by terrorists or a foreign power is indicative of:

Which of the following statements is consistent with ground realities regarding information security?

Almost all security breaches can be traced back to technology lapses personnel or procedural factors rarely factor in.

Which of these would be an example of a DDoS attack?

Which of the following is a valid statement on information security?

Organized crime networks now have their own R&D labs and are engaged in sophisticated development efforts to piece together methods to thwart current security measures.

Hackers might infiltrate computer systems to enlist ware for subsequent illegal acts.

A protester seeking to make a political point by leveraging technology tools, often through system infiltration, defacement, or damage is called a(n) _____.

Hordes of surreptitiously infiltrated computers, linked and controlled remotely, are known as zombie networks or:

Many U.S. technology firms believe that U.S. government surveillance techniques put them at a disadvantage relative to foreign firms because:

Cyber criminals who infiltrate systems and collect data for illegal resale are called _____.

A black hat hacker looks for weaknesses in security mechanisms, with a view to help plug the holes that might be exploited by cyber-criminals.

Describe some of the factors at work that enabled the Target security breach to occur.

A(n) _____ is someone who uncovers computer weaknesses and reveals them to manufacturers or system owners, without exploiting these vulnerabilities.