Security Awareness: Applying Practical Security in Your World, 4th Edition solutions manual and test bank Mark Ciampa
1. The process of providing proof that the user is “genuine” or authentic is known as_________.
A. authentication
B. registration
C. genuinization
D. identification
2. Each of the following is a characteristic of a weak password except:
A. A password with fewer than two characters
B. It is complicated.
C. Personal information in a password
D. A common dictionary word
3. Relying on deceiving someone to obtain secure information is known as_____.
A. social engineering
B. magic attack
C. brute force attack
D. sleight attack
4. The goal of a phishing attack is_____.
A. to send a fraudulent e-mail to a user
B. to trick a user into surrendering personal information
C. to duplicate a legitimate service
D. to capture keystrokes
5. Each of the following may be performed by an identity thief except:
A. Produce counterfeit checks or debit cards and then remove all money from the bank account.
B. File for bankruptcy under the person’s name to avoid paying debts they have incurred or to avoid eviction.
C. Open a bank account in the person’s name and write bad checks on that account.
D. Send malware into a bank’s online accounting system.
6. Each of the following is a step to deter identity theft except:
A. Carry a copy of a Social Security card in a wallet instead of the original.
B. Keep personal information in a secure location.
C. Shred financial documents and paperwork that contains personal information.
D. Do not provide personal information either over the phone or through an e-mail message.
7. Each of the following is a means of authentication except:
A. What you have
B. What you do
C. What you know
D. What you are
8. A(n) _____ is a unique name for identification.
A. password
B. value
C. authentication
D. username
9. Each of the following is a characteristic of a strong password except:
A. It must be lengthy.
B. It must be easy to memorize.
C. It must be complex.
D. It must not be repeated on multiple accounts.
10. When a user creates a password the _____ of that password is stored on the computer.
A. symbol
B. digest
C. hash code
D. co-mark
11. Which of these password attacks is the most thorough?
A. Dictionary attack
B. Brute force attack
C. Online guessing attack
D. Offline grill attack
12. Observing someone entering a keypad code from a distance is known as _______.
A. shoulder surfing
B. piggybacking
C. spoofing
D. watching
13. _____ is following an authorized person through a secure door.
A. Tagging
B. Tailgating
C. Social Engineering Following (SEF)
D. Backpacking
14. Which of the following is not an item that could be retrieved through dumpster diving that would provide useful information?
A. calendars
B. memos
C. USB flash drive
D. dictionary
15. How can an attacker use a hoax?
A. A hoax could convince a user that malware is circulating and that he should change his security settings.
B. By sending out a hoax, an attacker can convince a user to read his e-mail more often.
C. A user who receives multiple hoaxes could contact his supervisor for help.
D. Hoaxes are not used by attackers today.
16. Erin pretends to be a manager from another city and calls Nick to trick him into giving her his password. What social- engineering attack has Erin performed?
A. Aliasing
B. luring
C. impersonation
D. duplicity
17. _____ sends phishing messages only to wealthy individuals.
A. Spear phishing
B. Target phishing
C. Microing
D. Whaling
18. Which of the following is a social-engineering technique that uses flattery on a victim?
A. conformity
B. friendliness
C. fear
D. ingratiation
19. Each of the following may be used by an attacker when performing a social-engineering attack except:
A. Ask for all the information available.
B. Make the request believable.
C. Smile and ask simple questions.
D. Flirtation
20. Each of the following could be performed in a shoulder surfing attack except:
A. Watching the victim insert her plastic card into an ATM
B. Viewing a person writing down his Social Security number on a paper form
C. Observing a person entering a password on a computer keyboard
D. Watching a person enter a PIN at a register in a store
1. Chapter 1: Introduction to Security Question TF #1 (1.0 point)
There is a straightforward and easy solution to securing computers.
a. True
*b. False
2. Chapter 1: Introduction to Security Question TF #2 (1.0 point)
Attack tools can initiate new attacks without any human participation, thus increasing the speed at which systems are attacked.
*a. True
b. False
3. Chapter 1: Introduction to Security Question TF #3 (1.0 point)
Today, many attack tools are freely available and do not require any technical knowledge to use.
*a. True
b. False
4. Chapter 1: Introduction to Security Question TF #4 (1.0 point)
Financial cybercrime is often divided into two categories. The first category focuses on individuals and businesses.
*a. True
b. False
5. Chapter 1: Introduction to Security Question TF #5 (1.0 point)
In a well-run information security program, attacks will never get through security perimeters and local defenses.
a. True
*b. False
6. Chapter 1: Introduction to Security Question MC #1 (1.0 point)
On average it takes ____ days for a victim to recover from an attack.
a. three
b. five
c. eight
*d. ten
7. Chapter 1: Introduction to Security Question MC #2 (1.0 point)
In the last year, over 600,000 Apple Macs were infected with a malicious software called ____.
*a. Flashback
b. Melissa
c. Slapper
d. Morris
8. Chapter 1: Introduction to Security Question MC #3 (1.0 point)
“____” involves breaking into a car’s electronic system.
*a. Car hacking
b. Car hijack
c. Car riding
d. Joyriding
9. Chapter 1: Introduction to Security Question MC #4 (1.0 point)
From January 2005 through July 2012, over ____ electronic data records in the United States were breached, exposing to attackers a range of personal electronic data, such as address, Social Security numbers, health records, and credit card numbers.
a. 456,000
b. 22 million
*c. 562 million
d. 660 billion
10. Chapter 1: Introduction to Security Question MC #5 (1.0 point)
Attackers today use common Internet ____ and applications to perform attacks, making it difficult to distinguish an attack from legitimate traffic.
a. languages
b. interfaces
*c. protocols
d. scripting
11. Chapter 1: Introduction to Security Question MC #6 (1.0 point)
Security ____ convenience.
a. cannot coexist with
*b. is inversely proportional to
c. is proportional to
d. should be subservient to
12. Chapter 1: Introduction to Security Question MC #7 (1.0 point)
The term ____ is frequently used to describe the tasks of securing information that is in a digital format.
a. network security
b. information assurance
*c. information security
d. information warfare
13. Chapter 1: Introduction to Security Question MC #8 (1.0 point)
____ ensures that information is correct and no unauthorized person or malicious software has altered that data.
a. Protection
b. Availability
c. Confidentiality
*d. Integrity
14. Chapter 1: Introduction to Security Question MC #9 (1.0 point)
____ ensures that data is accessible when needed to authorized users.
a. Confidentiality
b. Non-repudiation
c. Integrity
*d. Availability
15. Chapter 1: Introduction to Security Question MC #10 (1.0 point)
Information (contained on the devices) is protected by three layers: products, ____, and policies and procedures.
*a. people
b. systems
c. applications
d. tools
16. Chapter 1: Introduction to Security Question MC #11 (1.0 point)
A(n) ____ is a type of action that has the potential to cause harm.
a. asset
b. vulnerability
*c. threat
d. threat agent
17. Chapter 1: Introduction to Security Question MC #12 (1.0 point)
A(n) ____ is a person or element that has the power to carry out a threat.
*a. threat agent
b. vulnerability
c. risk
d. attack agent
18. Chapter 1: Introduction to Security Question MC #13 (1.0 point)
A(n) ____ is a flaw or weakness that allows a threat agent to bypass security.
a. threat agent
*b. vulnerability
c. asset
d. threat
19. Chapter 1: Introduction to Security Question MC #14 (1.0 point)
____ involves stealing another person’s personal information, such as a Social Security number, and then using the information to impersonate the victim, generally for financial gain.
a. White hat hacking
*b. Identity theft
c. Cyberterrorism
d. Digital fraud
20. Chapter 1: Introduction to Security Question MC #15 (1.0 point)
Under____, healthcare enterprises must guard protected health information and implement policies and procedures to safeguard it, whether it be in paper or electronic format.
a. Sarbox
b. COPPA
c. GLBA
*d. HIPAA
21. Chapter 1: Introduction to Security Question MC #16 (1.0 point)
____ requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information.
a. Sarbox
b. COPPA
*c. GLBA
d. HIPAA
22. Chapter 1: Introduction to Security Question MC #17 (1.0 point)
The FBI defines ____ as any “premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against non-combatant targets by sub-national groups or clandestine agents.”
a. information warfare
b. cyberware
*c. cyberterrorism
d. eTerrorism
23. Chapter 1: Introduction to Security Question MC #18 (1.0 point)
In the past, the term ____ was commonly used to refer to a person who uses advanced computer skills to attack computers.
a. slacker
*b. hacker
c. white-hat
d. black-hat
24. Chapter 1: Introduction to Security Question MC #19 (1.0 point)
____ are individuals who want to attack computers yet they lack the knowledge of computers and networks needed to do so.
a. Hackers
b. Elites
c. Crackers
*d. Script kiddies
25. Chapter 1: Introduction to Security Question MC #20 (1.0 point)
A computer ____ is a person who has been hired to break into a computer and steal information.
a. mole
*b. spy
c. worm
d. hacker
26. Chapter 1: Introduction to Security Question MC #21 (1.0 point)
Terrorists who turn their attacks to the network and computer infrastructure to cause panic among citizens are known as ____.
*a. cyberterrorists
b. spies
c. hackers
d. hacktivists
27. Chapter 1: Introduction to Security Question CO #1 (1.0 point)
In a general sense, ____________________ can be defined as the necessary steps to protect a person or property from harm.
Correct Answer(s):
a. security
28. Chapter 1: Introduction to Security Question CO #2 (1.0 point)
A(n) ____________________ is defined as something that has a value.
Correct Answer(s):
a. asset
29. Chapter 1: Introduction to Security Question CO #3 (1.0 point)
Targeted attacks against financial networks, unauthorized access to information, and the theft of personal information are sometimes known as ____________________.
Correct Answer(s):
a. cybercrime
30. Chapter 1: Introduction to Security Question CO #4 (1.0 point)
It is vital to have ____________________ security on all of the personal computers to defend against any attack that breaches the perimeter.
Correct Answer(s):
a. local
31. Chapter 1: Introduction to Security Question CO #5 (1.0 point)
It is important that action be taken in advance in order to ____________________. This may involve keeping backup copies of important data stored in a safe place.
Correct Answer(s):
a. minimize losses
32. Chapter 1: Introduction to Security Question MA #1-9 (10.0 points)
Match each term with the correct statement below.Due to overwhelmed vendors trying to keep pace by updating their products against attacksPotentially the next target for attackers.Made possible by new software tools and techniquesResults in attackers that can launch attacks against millions of computers within minutesResults in attack tools that can vary their behavior so the same attack appears differently each timeResults in attacks that are no longer limited to highly skilled attackersAllows attackers from anywhere in the world can send attacksHappens when attackers use thousands of computers in an attack against a single computer or networkHappens when users are required to make difficult security decisions with little or no instructionDelays in security updating Personal medical devices Faster detection of vulnerabilities Speed of attacks Greater sophistication of attacks Simplicity of attack tools Universally connected devices Distributed attacks User confusion
[a] 1. Due to overwhelmed vendors trying to keep pace by updating their products against attacks
[b] 2. Potentially the next target for attackers.
[c] 3. Made possible by new software tools and techniques
[d] 4. Results in attackers that can launch attacks against millions of computers within minutes
[e] 5. Results in attack tools that can vary their behavior so the same attack appears differently each time
[f] 6. Results in attacks that are no longer limited to highly skilled attackers
[g] 7. Allows attackers from anywhere in the world can send attacks
[h] 8. Happens when attackers use thousands of computers in an attack against a single computer or network
[i] 9. Happens when users are required to make difficult security decisions with little or no instruction
a. Delays in security updating
b. Personal medical devices
c. Faster detection of vulnerabilities
d. Speed of attacks
e. Greater sophistication of attacks
f. Simplicity of attack tools
g. Universally connected devices
h. Distributed attacks
i. User confusion
33. Chapter 1: Introduction to Security Question SA #1 (1.0 point)
What is car hacking?
Correct Answer:
“Car hacking” involves breaking into a car’s electronic system. Recent work by researchers has revealed that a car’s electronics can be infected to change a car’s settings or bypass the standard car defenses like power door locks. This can now be done remotely through wireless connections. In one test researchers were able to take control of the car’s electronics through this system by making calls to the car’s Bluetooth-enabled cell phone and then upload malware to the car. Another type of car hacking stores malware on a USB flash drive, which is then inserted into the car’s stereo system. Through this malware researchers were able to turn off the engine, lock the doors, turn off the brakes, and change the odometer readings on the car. With this level of control it is possible that an attacker could remotely direct a car to transmit its vehicle identification number and current location via the car’s Global Positioning System (GPS) to a Web site. Car thieves could then check to see if a particular make and model car they wanted to steal was in their area. After paying the car hacker a fee, a command would be sent to unlock the car’s doors.
No comments:
Post a Comment