Exam Review Questions and Answers

Exam Review Questions and Answers Planning, protection, and response follow a fairly strict sequence from one stage to another. False ________ is a form of online fraud when bogus clicks are performed to charge the advertiser without creating potential new customers. Click fraud Previous Play Next Rewind 10 seconds Move forward 10 seconds Unmute 0:00 / 0:15 Full screen Brainpower Read More Trade secret theft can occur through interception, hacking, and other traditional cybercrimes. True Failure to implement PCI-DSS control objectives can result in revocation of a company's ability to accept credit card payments. True A(n) ________ attack requires a victim host to prepare for many connections, using up resources until the computer can no longer serve legitimate users. (Choose the most specific choice) SYN Flooding Someone sends you a "game." When you run it, it logs you into an IRS server. This is hacking. False Security professionals should minimize burdens on functional departments. True The terms "intellectual property" and "trade secret" are synonymous. False It is acceptable for an employee to reveal ________. None of these. Which of the following are ways that trade secret espionage occur? theft through interception B) by bribing an employee C) None of these Correct Response D) All of these ________ audits are done by an organization on itself. Internal ________ means responding to risk by taking out insurance. Risk transference Attackers cannot use IP address spoofing in port scanning attack packets. True In ________, the perpetrator tries to obtain money or other goods by threatening to take actions that would be against the victim's interest. extortion Compared to non-computer crime, computer crime is very small. False What security functions typically are outsourced? Both intrusion detection and vulnerability testing In order to demonstrate support for security, top management must ________. A) ensure that security has an adequate budget B) support security when there are conflicts between the needs of security and the needs of other business functions C) follow security procedures themselves Correct Response D) All of these Policies should be written by ________. corporate teams involving people from multiple departments ________ examines IT processes for efficiency, effectiveness, and adequate controls. IT auditing Different honest people can make different ethical decisions in a given situation. True Money mules transfer stolen money for criminals and take a small percentage for themselves. True Senior officers often have an additional code of ethics. True In manual procedures, the segregation of duties ________. reduces risk Which of the following are types of countermeasures? A) preventative B) detective C) corrective Correct Response D) All of these The FTC can ________. Both impose fines and require annual audits by external auditing firms for many years Downloading pornography can lead to sexual harassment lawsuits. True ________ may engage in commercial espionage against a firm. Both Competitors and National governments ________ threaten to do at least temporary harm to the victim company's IT infrastructure unless the victim pays the attacker. Extortionists Misappropriation of assets is an example of employee financial theft. True Prosecuting attackers in other countries is relatively straightforward under existing computer crime laws. False Which of the following is a good rule for handling exceptions? A) Only some people should be allowed to request exceptions. B) The requestor and approver should be different people. C) The exception should be documented. Correct Response D) All of these. Which of the following is a way of responding to risk with active countermeasures? risk reduction