BTECH FINAL STUDY GUIDE WITH GRADED SOLUTIONS #2
An __________ to an information resource is any danger to which a system may be
exposed. - correct answer threat
The __________ of an information resource is the harm, loss, or damage that can result
if a threat compromises the resources. - correct answer exposure
An information resource's __________ is the possibility that the system will be harmed
by a threat. - correct answer vulnerability
Which of the following does NOT contribute to the increasing vulnerability of
organizational information resources?
A) Increasing skills necessary to be a computer hacker
B) International organized crime taking over cybercrime
C) Lack of management support
D) Smaller, faster, cheaper computers and storage devices
E) Today's interconnected, interdependent, wirelessly networked business environment
- correct answer a
Which of the following does NOT contribute to the increasing vulnerability of
organizational information resources?
A) Additional management support
B) Decreasing skills necessary to be a computer hacker
C) International organized crime taking over cybercrime
D) Smaller, faster, cheaper computers and storage devices
E) Today's interconnected, interdependent, wirelessly networked business environment
- correct answer a
Computer crimes typically average_________ of dollars and cause
businesses_________ of dollars in damages. - correct answer hundreds of thousands;
billions
Careless Internet surfing is_________ and is an_________ mistake. - correct answer a
human error; unintentional
You leave your laptop at your desk while you go to the restroom. This is_________ and
is an_________ mistake. - correct answer a human error; unintentional
You lose the company's USB with your sales spreadsheets on it.This is_________ and
is an_________ mistake. - correct answer a human error; unintentional
,You open an e-mail from your friend that looks a little odd, but you figure your friend
would never send you anything bad. This is_________ and is an_________ mistake. -
correct answer a human error; unintentional
You don't lock your computer when you go to the restroom. This is_________ and is
an_________ mistake. - correct answer a human error; unintentional
Carelessness using unmanaged devices is _________ and is an _________ mistake. -
correct answer a human error; unintentional
You get a new smartphone and throw your old one away without erasing all your data.
This is_________ and is an_________ mistake. - correct answer a human error;
unintentional
_________ is an attack in which the perpetrator uses social skills to trick or manipulate
legitimate employees into providing confidential company information such as
passwords. - correct answer social engineering
You are a nice person, so you hold the door open for the person running in behind you.
Since you needed to use your ID badge to open the door, the person running in behind
you is __________; this is_________. - correct answer tailgating; an unintentional
threat to your organization
_________ is an unintentional threat. - correct answer social engineering
_________ occurs when an unauthorized individual attempts to gain illegal access to
organizational information. - correct answer espionage
_________ occur(s) when an attacker either threatens to steal, or actually steals,
information from a company and then demands payment for not carrying out a particular
act. - correct answer information extortion
_________ is a deliberate act that involves defacing an organization's website,
potentially damaging the organization's image and causing its customers to lose faith. -
correct answer sabotage
If humans are careless with laptops, this is an_________ error which could cause theft
of equipment or information (an_________ error) . - correct answer unintentional;
intentional
Intellectual property is NOT protected under_________ laws. - correct answer privacy
A ________ is an intellectual work that is not based on public information. - correct
answer trade secret
,A _________ is an official document that grants the holder exclusive rights on an
invention or a process for a specified period of time. - correct answer patent
A _________ is a statutory grant that provides the creators or owners of intellectual
property with ownership of the property for a designated period. - correct answer
copyright
Current US laws award patents for_________ years and copyright protection for
_________ years. - correct answer 20; life+70
You purchased a copy of Microsoft Office and give a copy to a friend so he/she doesn't
have to buy it too.This is _________ and is _________. - correct answer piracy; illegal
_________ is a remote attack requiring user action. - correct answer virus
_________ is a remote attack requiring no user action. - correct answer dos
_________ is an attack by a programmer developing a system. - correct answer A
trojan horse
Hackers would use a botnet to perform a _________. - correct answer ddos
_________ causes pop-up advertisements to appear on your screen. - correct answer
adware
_________ collects personal information about users without their consent. - correct
answer spyware
Keystroke loggers and screen scrapers are examples of _________. - correct answer
spyware
_________ is pestware that users your computer as a launch pad for unsolicited e-mail,
usually advertising for products and services. - correct answer spamware
Spam costs US companies_________ of dollars per year. - correct answer billions
If a hacker takes control of equipment such as power grids or nuclear power plants, this
is an example of a(n) _________ attack. - correct answer SCADA
_________ refers to malicious acts in which attackers use a target's computer systems
to cause physical, real-world harm or severe disruption, often to carry out a political
agenda. - correct answer cyberterrorism
The U.S. government considers the Sony hack _________. - correct answer
cyberterrorism
, A ______ attack is a targeted attempt to steal sensitive information from a company,
such as financial data or personal details about employees. - correct answer whaling
The goal of whaling is to trick a(n) _______ into revealing personal or corporate data. -
correct answer executive
The entire basis of a whaling attack is to ___________. - correct answer appears as
authentic as possible with actual logos, phone numbers, and various other details used
in communications that come from fake email addresses.
Jim finds out that someone accessed his bank account pretending to be him and stole
thousands of dollars. This is an example of ____________. - correct answer identity
theft
Sarah received an email that claimed to be from her bank. The email asked her to
provide her password. Sarah later found out that the email was not from her bank and
that she had given sensitive information to someone who gained access to her
accounts. This is an example of a ____________. - correct answer phishing attack
An employee at ABC Inc.downloaded an email and opened the attachment contained
within the message. Shortly afterwards all employees were blocked from accessing files
on the company's servers and the criminals told ABC Inc. They would have to pay a
large amount of Bitcoin to regain access to their files. ABC Inc. Was a victim of
____________. - correct answer ransomware
If you accept the potential risk, continue operating with no controls, and absorb any
damages that occur, you have adopted a risk _________ strategy. - correct answer
acceptance
Your company decides not to implement security procedures because employees
refuse to comply anyway.This is an example of risk _________. - correct answer
acceptance
If you limit your risk by implementing controls that minimize the impact of the threat, you
have implemented a risk _________ strategy. - correct answer limitation
Your company hires fireeye to install security software and monitor your systems.This is
an example of risk _________. - correct answer limitation
If you shift your risk by using other means to compensate for the loss like purchasing
insurance, you have implemented a risk _________ strategy. - correct answer
transference
Your company decides to purchase security insurance from Travelers Insurance in case
your systems get hacked and employee information is stolen. This is an example of risk
_________. - correct answer transference
An __________ to an information resource is any danger to which a system may be
exposed. - correct answer threat
The __________ of an information resource is the harm, loss, or damage that can result
if a threat compromises the resources. - correct answer exposure
An information resource's __________ is the possibility that the system will be harmed
by a threat. - correct answer vulnerability
Which of the following does NOT contribute to the increasing vulnerability of
organizational information resources?
A) Increasing skills necessary to be a computer hacker
B) International organized crime taking over cybercrime
C) Lack of management support
D) Smaller, faster, cheaper computers and storage devices
E) Today's interconnected, interdependent, wirelessly networked business environment
- correct answer a
Which of the following does NOT contribute to the increasing vulnerability of
organizational information resources?
A) Additional management support
B) Decreasing skills necessary to be a computer hacker
C) International organized crime taking over cybercrime
D) Smaller, faster, cheaper computers and storage devices
E) Today's interconnected, interdependent, wirelessly networked business environment
- correct answer a
Computer crimes typically average_________ of dollars and cause
businesses_________ of dollars in damages. - correct answer hundreds of thousands;
billions
Careless Internet surfing is_________ and is an_________ mistake. - correct answer a
human error; unintentional
You leave your laptop at your desk while you go to the restroom. This is_________ and
is an_________ mistake. - correct answer a human error; unintentional
You lose the company's USB with your sales spreadsheets on it.This is_________ and
is an_________ mistake. - correct answer a human error; unintentional
,You open an e-mail from your friend that looks a little odd, but you figure your friend
would never send you anything bad. This is_________ and is an_________ mistake. -
correct answer a human error; unintentional
You don't lock your computer when you go to the restroom. This is_________ and is
an_________ mistake. - correct answer a human error; unintentional
Carelessness using unmanaged devices is _________ and is an _________ mistake. -
correct answer a human error; unintentional
You get a new smartphone and throw your old one away without erasing all your data.
This is_________ and is an_________ mistake. - correct answer a human error;
unintentional
_________ is an attack in which the perpetrator uses social skills to trick or manipulate
legitimate employees into providing confidential company information such as
passwords. - correct answer social engineering
You are a nice person, so you hold the door open for the person running in behind you.
Since you needed to use your ID badge to open the door, the person running in behind
you is __________; this is_________. - correct answer tailgating; an unintentional
threat to your organization
_________ is an unintentional threat. - correct answer social engineering
_________ occurs when an unauthorized individual attempts to gain illegal access to
organizational information. - correct answer espionage
_________ occur(s) when an attacker either threatens to steal, or actually steals,
information from a company and then demands payment for not carrying out a particular
act. - correct answer information extortion
_________ is a deliberate act that involves defacing an organization's website,
potentially damaging the organization's image and causing its customers to lose faith. -
correct answer sabotage
If humans are careless with laptops, this is an_________ error which could cause theft
of equipment or information (an_________ error) . - correct answer unintentional;
intentional
Intellectual property is NOT protected under_________ laws. - correct answer privacy
A ________ is an intellectual work that is not based on public information. - correct
answer trade secret
,A _________ is an official document that grants the holder exclusive rights on an
invention or a process for a specified period of time. - correct answer patent
A _________ is a statutory grant that provides the creators or owners of intellectual
property with ownership of the property for a designated period. - correct answer
copyright
Current US laws award patents for_________ years and copyright protection for
_________ years. - correct answer 20; life+70
You purchased a copy of Microsoft Office and give a copy to a friend so he/she doesn't
have to buy it too.This is _________ and is _________. - correct answer piracy; illegal
_________ is a remote attack requiring user action. - correct answer virus
_________ is a remote attack requiring no user action. - correct answer dos
_________ is an attack by a programmer developing a system. - correct answer A
trojan horse
Hackers would use a botnet to perform a _________. - correct answer ddos
_________ causes pop-up advertisements to appear on your screen. - correct answer
adware
_________ collects personal information about users without their consent. - correct
answer spyware
Keystroke loggers and screen scrapers are examples of _________. - correct answer
spyware
_________ is pestware that users your computer as a launch pad for unsolicited e-mail,
usually advertising for products and services. - correct answer spamware
Spam costs US companies_________ of dollars per year. - correct answer billions
If a hacker takes control of equipment such as power grids or nuclear power plants, this
is an example of a(n) _________ attack. - correct answer SCADA
_________ refers to malicious acts in which attackers use a target's computer systems
to cause physical, real-world harm or severe disruption, often to carry out a political
agenda. - correct answer cyberterrorism
The U.S. government considers the Sony hack _________. - correct answer
cyberterrorism
, A ______ attack is a targeted attempt to steal sensitive information from a company,
such as financial data or personal details about employees. - correct answer whaling
The goal of whaling is to trick a(n) _______ into revealing personal or corporate data. -
correct answer executive
The entire basis of a whaling attack is to ___________. - correct answer appears as
authentic as possible with actual logos, phone numbers, and various other details used
in communications that come from fake email addresses.
Jim finds out that someone accessed his bank account pretending to be him and stole
thousands of dollars. This is an example of ____________. - correct answer identity
theft
Sarah received an email that claimed to be from her bank. The email asked her to
provide her password. Sarah later found out that the email was not from her bank and
that she had given sensitive information to someone who gained access to her
accounts. This is an example of a ____________. - correct answer phishing attack
An employee at ABC Inc.downloaded an email and opened the attachment contained
within the message. Shortly afterwards all employees were blocked from accessing files
on the company's servers and the criminals told ABC Inc. They would have to pay a
large amount of Bitcoin to regain access to their files. ABC Inc. Was a victim of
____________. - correct answer ransomware
If you accept the potential risk, continue operating with no controls, and absorb any
damages that occur, you have adopted a risk _________ strategy. - correct answer
acceptance
Your company decides not to implement security procedures because employees
refuse to comply anyway.This is an example of risk _________. - correct answer
acceptance
If you limit your risk by implementing controls that minimize the impact of the threat, you
have implemented a risk _________ strategy. - correct answer limitation
Your company hires fireeye to install security software and monitor your systems.This is
an example of risk _________. - correct answer limitation
If you shift your risk by using other means to compensate for the loss like purchasing
insurance, you have implemented a risk _________ strategy. - correct answer
transference
Your company decides to purchase security insurance from Travelers Insurance in case
your systems get hacked and employee information is stolen. This is an example of risk
_________. - correct answer transference
