Question 1

A zero-day attack is an attack on an information system that takes advantage of a particular system vulnerability before the security community or system developer knows about the vulnerability or has been able to repair it. Such attacks are quite common and occur nearly everyday.

Accepted Answer

False

Question 2

Although the necessity of security is obvious, it must often be balanced against other business needs and issues. As a result, most organizations spend 5 percent or less of their overall IT budget on information security.

Accepted Answer

Organizations often allocate a small percentage of their IT budget to information security, balancing it with other business priorities and operational costs.

Question 3

The Computer Fraud and Abuse Act addresses identity theft.

Accepted Answer

The Computer Fraud and Abuse Act primarily addresses unauthorized access to computers and networks, not specifically identity theft.

Question 4

A completed risk assessment identifies the most dangerous threats to a company and helps focus security efforts on the areas of highest payoff.

Accepted Answer

This statement is accurate as a completed risk assessment allows a company to prioritize its security efforts and allocate resources accordingly to mitigate the most dangerous threats.

Question 5

Crackers break into other people's networks and systems to cause harm-defacing Web pages, crashing computers, and spreading harmful programs or hateful messages.

Accepted Answer

Crackers, also known as malicious hackers, infiltrate networks and systems with the intent to cause harm by defacing web pages, spreading harmful programs, and spreading hateful messages.

Question 6

The USA Patriot Act defines cyberterrorism as hacking attempts that cause $5,000 in aggregate damage in one year, damage to medical equipment, or injury to any person. Because the $5,000 threshold is easy to exceed, many young people who have been involved in what they consider to be "minor computer pranks" have found that they meet the criteria to be tried as cyberterrorists.

Accepted Answer

The statement accurately describes the definition of cyberterrorism under the USA Patriot Act and the potential consequences for those who may underestimate the severity of their actions.

Question 7

Individuals committed to trustworthy computing take a pledge to not send viruses and worms and to refrain from spamming others.

Accepted Answer

The answer of Individuals committed to trustworthy computing take a...

Question 8

According to the 2008 CSI Computer Crime and Security Survey, virus related incidents were the most common security incident.

Accepted Answer

The 2008 CSI Computer Crime and Security Survey found that virus related incidents were indeed the most common security incident reported by organizations surveyed.

Question 9

Fraud often involves some form of collusion, or cooperation, between an employee and an outsider.

Accepted Answer

Fraud can involve collusion between an employee and an outsider, such as a vendor, customer, or even a family member or friend. This can make it more difficult to detect and prevent fraud, as there may be multiple parties involved in the scheme.

Question 10

Rootkit is a set of programs that enables its users to gain administrator level access to a computer without the end user's consent or knowledge. Fortunately, rootkits are fairly easy to discover and remove from infected computers.

Accepted Answer

Rootkits are designed to hide their presence from anti-virus and anti-malware software, making them difficult to detect and remove. It often requires specialized tools and expertise to completely remove a rootkit from an infected computer.

Question 11

Societe Generale, France's second largest banking establishment, had long had a reputation for having poor internal controls. It is no wonder that a relatively inexperienced trader was able to take advantage of the bank's system of weak internal controls to exceed his trading limit and cause the bank to lose more than €4.9 billion.

Accepted Answer

The answer of Societe Generale, France's second largest banking establishment,...

Question 12

A distributed denial-of-service attack keeps the target so busy responding to a stream of automated requests that legitimate users cannot access the target.

Accepted Answer

A distributed denial-of-service attack overwhelms the target with a flood of requests, making it unavailable to legitimate users.

Question 13

The cost of creating an e-mail campaign for a product or a service can easily exceed the cost of a direct-mail campaign. Such an e-mail campaign also typically takes longer to develop.

Accepted Answer

The statement is false. Creating an e-mail campaign is typically less expensive and can be developed faster than a direct-mail campaign.

Question 14

A hacktivist is a person who wishes to destroy the infrastructure components of financial institutions, utilities, and emergency response units.

Accepted Answer

A hacktivist is a person who uses hacking as a form of activism, often targeting government or corporate websites to protest against their policies or actions. While their actions may cause disruption, their aim is not to destroy infrastructure components.

Question 15

The security of any system or network is a combination of technology, policy, and people and requires a surprisingly narrow range of activities to be effective.

Accepted Answer

The security of any system or network requires a broad range of activities, including technology, policy, and human factors, to be effective.

Question 16

Phishing frequently leads consumers to counterfeit Web sites designed to trick them into initiating a denial-of-service attack.

Accepted Answer

Phishing can lead consumers to counterfeit websites designed to steal their personal information or credentials, but it does not typically directly result in a denial-of-service attack initiated by the consumer.

Question 17

Unlike a computer worm, which requires users to spread infected files to other users, a virus is a harmful program that resides in the active memory of the computer and duplicates itself. A virus can propagate without human intervention.

Accepted Answer

A computer virus requires human intervention to spread, such as opening an infected file, while a worm can propagate itself without human intervention.

Question 18

Industrial espionage and competitive intelligence are the same thing.

Accepted Answer

Industrial espionage involves illegal or unethical methods of gathering confidential information from competitors, while competitive intelligence involves collecting and analyzing publicly available information to gain a competitive advantage. They may have some similarities, but they are not the same thing.

Question 19

The use of smart cards which contain a memory chip that is updated with encrypted data every time the card is used, is much more popular in the United States than Europe.

Accepted Answer

This statement is false. Smart cards are much more popular in Europe than in the United States, where magnetic stripe cards are still widely used.

Question 20

The cost to repair the worldwide damage done by a computer worm has exceeded $1 billion on more than one occasion.

Accepted Answer

There have been several instances of computer worms causing damage that has surpassed the $1 billion mark in repair costs. For example, the Mydoom worm in 2004 caused an estimated $38 billion in damage, and the WannaCry ransomware attack in 2017 caused around $4 billion in losses.

Quiz 3: Computer and Internet Crime