Module 2 quiz

Question 1

With the removal of copyright protection mechanisms, software can be easily and illegally distributed and installed.

Answer 1

True

Question 2

2. Compared to Website defacement, vandalism within a network is less malicious in intent and more public.

Answer 2

False

Question 3

3. A worm requires another program is running before it can begin functioning.

Answer 3

False

Question 4

4. Forces of nature, sometimes called Acts of God, can present some of the most dangerous threats because they usually occur with very little warning and are beyond the control of people.

Answer 4

True

Question 5

5. When electronic information is stolen, the crime is readily apparent.

Answer 5

False

Question 6

6. Organizations can use dictionaries to regulate password selection during the reset process and thus guard against easy-to-guess passwords.

Answer 6

True

Question 7

7. As an organization grows, it must often use more robust technology to replace the security technologies it may have outgrown.

Answer 7

True

Question 8

1. An advance-fee fraud attack involves the interception of cryptographic elements to determine keys and encryption algorithms.

Answer 8

False

Question 9

9. A sniffer program can reveal data transmitted on a network segment, including passwords, the embedded and attached files—such as word-processing documents—and sensitive data transmitted to or from applications.

Answer 9

True

Question 10

10. Media as a subset of information assets are the systems and networks that store, process, and transmit information.

Answer 10

True

Question 11

11. Attacks conducted by scripts are usually unpredictable.

Answer 11

False

Question 12

12. The information security function in an organization safeguards its technology assets.

Answer 12

False

Question 13

13. An e-mail bomb is a form of DoS attack

Answer 13

True

Question 14

14. When information gatherers employ techniques that cross a legal or ethical threshold, they are conducting______.

Answer 14

Industrial Espionage

Question 15

15. Human errors or failure often can be prevented with training, ongoing awareness activities, and _____.

Answer 15

Controls

Question 16

16. Web hosting services are usually arranged with an agreement defining minimum service levels known as a(n) _______.

Answer 16

SLA

Question 17

17. The ______ hijacking attack uses IP spoofing to enable an attacker to impersonate another entity on the network.

Answer 17

TCP (Transmission Control Protocol)

Question 18

18. A table of hash values and their corresponding plaintext values that can be used to look up password values if an attacker is able to steal a system’s encrypted password file is known as a(n)______.

Answer 18

Rainbow Table

Question 19

19. A short-term interruption in electrical power availability is known as a ____.

Answer 19

Fault

Question 20

20. A _____ is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time.

Answer 20

Distributed denial-of-service

Question 21

21. The redirection of legitimate user Web traffic to illegitimate Web sites with the intent to collect personal information is known as _____.

Answer 21

Pharming

Question 22

22. Hackers can be generalized into two skill groups: expert and _____

Answer 22

Novice

Question 23

23. Microsoft acknowledged that if you type a res://URL (a Microsoft-devised type of URL) longer than ______ characters in Internet Explorer 4.0, the browser will crash.

Answer 23

256

Question 24

24. The process of maintaining the confidentiality, integrity, and availability of data managed by a DBMS (Database Management System) is known as ______ security.

Answer 24

Database

Question 25

25. In an ______ attack, the attacker sends a large number of connection or information requests to disrupt a target from a small number of sources.

Answer 25

denial-of-service

Question 26

26. One form of online vandalism is ______ operations, which interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency.

Answer 26

hacktivist

Question 27

27. Which of the following is an example of a trojan horse program?

Answer 27

Happy99.exe

Question 28

28. ______ is the premeditated, politically motivated attacks against information, computer systems, computer programs, and data that result in violence against noncombatant targets by subnational groups or clandestine agents.

Answer 28

cyberterrorism

Question 29

29. In the _____ attack, an attacker monitors (sniffs) packets from a network, modifies them, and inserts them back into the network.

Answer 29

man-in-the-middle

Question 30

30. The average amount of time between hardware failures, calculated as the total amount of operation time for a specified number of units divided by the total number of failures, is known as ______.

Answer 30

mean-time-between-failures (MTBF)

Question 31

31. Acts of ______ can lead to unauthorized real or virtual actions that enable information gatherers to enter premises or systems they have not been authorized to enter.

Answer 31

trespass

Question 32

32. As frustrating as viruses and worms are, perhaps more money is spent on resolving virus _____.

Answer 32

hoaxes

Question 33

33. ______ are malware programs that hide their true nature and reveal designed behavior only when activated.

Answer 33

trojan horses

Question 34

34. A long-term interruption (outage) in electrical power availability is known as a(n) ____.

Answer 34

blackout

Question 35

35. _____ is any technology that aids in gathering information about a person or organization without their knowledge.

Answer 35

spyware

Question 36

36. Which of the following functions does information security perform for an organization?

Answer 36

• All of the above
  Protecting the organization’s ability to function
  Enabling the safe operation of applications implemented on the organization’s IT system Protecting the data the organization collects and uses.

Question 37

37. ______are compromised systems that are directed remotely (usually by a transmitted command) by the attacker to participate in an attack.

Answer 37

Zombies (safe definition alos applies to bots)

Question 38

38. The _____ data file contains hashed representations of the user’s password.

Answer 38

SAM (Security Account Manager)

Question 39

39. Advanced-fee fraud is an example of an ____ attack.

Answer 39

Social Engineering

Question 40

40. The average amount of time until the next hardware failure is known as ____.

Answer 40

mean-time-to-failure (MTTF)