CHAPTER 11— CYBERCRIME AND IT SECURITY

from Test Bank for Information Technology for Managers, 2nd Edn, George Reynolds, (Complete Download)

by ACADEMIAMILL

CHAPTER 12— ETHICAL, LEGAL, AND SOCIAL ISSUES OF INFORMATION TECHNOLOGY

Multiple Choice

1. Identify a true statement about the bring your own device (BYOD) business policy.

a. It can improve employee productivity.

b. It can provide data security.

c. It creates a bug-free environment.

d. It enhances employee interaction.

ANS: A a. It affects the productivity of the employees of a company. b. It inhibits the privacy of the employees of a company. c. It exposes a company’s data to malware. d. It creates the image of a company as not being flexible.

RATIONALE: Bring your own device (BYOD) is a business policy that permits, and in some cases encourages, employees to use their own mobile devices to access company computing resources and applications, including email, corporate databases, the corporate intranet, and the Internet. Proponents of BYOD say it improves employee productivity by allowing workers to use devices with which they are already familiar—while also helping to create an image of a company as a flexible and progressive employer.

2. Which of the following is a drawback of the bring your own device (BYOD) business policy?

ANS: C a. exit door b. glitch c. bot d. exploit

RATIONALE: Most companies have found they cannot entirely prevent employees from using their own devices to perform work functions. However, this practice raises many potential security issues as it is highly likely that such devices are also used for nonwork activity (browsing Web sites, blogging, shopping, visiting social networks, etc.) that exposes them to malware much more frequently than a device used strictly for business purposes.

3. In computing, a(n) _____ is an attack on an information system that takes advantage of a particular system vulnerability.

ANS: D a. A patch b. A key c. A license d. A constraint

RATIONALE: In computing, an exploit is an attack on an information system that takes advantage of a particular system vulnerability. Often this attack is due to poor system design or implementation. Once the vulnerability is discovered, software developers create and issue a “fix,” or patch, to eliminate the problem.

4. Which of the following is created and issued by software engineers to remove a system vulnerability?

ANS: A

RATIONALE: Once a vulnerability is discovered, software developers create and issue a “fix,” or patch, to eliminate the problem. Users of the system or application are responsible for obtaining and installing the patch, which they can usually download from the Web.

5. The attack that takes place before a software developer knows about the vulnerability is known as a(n) a. unidentified attack b. zero-day attack c. exploit d. threat

_____.

ANS: B a. A red hat hacker b. A gray hat hacker c. A white hat hacker d. A black hat hacker

RATIONALE: It is difficult to keep up with all the required patches to fix vulnerabilities. Of special concern is a zero-day attack that takes place before the security community or software developer knows about the vulnerability or has been able to repair it.

6. Which perpetrator violates computer or Internet security maliciously for illegal personal gain?

ANS: D a. They hack computers in an attempt to promote a political ideology. b. They disrupt a company’s information systems and business operations. c. They are hired by an organization to test the security of its information systems. d. They are hired by an organization to test the security of another organization’s information systems.

RATIONALE: A black hat hacker is someone who violates computer or Internet security maliciously or for illegal personal gain (in contrast to a white hat hacker who is someone who has been hired by an organization to test the security of its information systems). He breaks into secure networks to destroy, modify, or steal data.

7. Which of the following best describes malicious insiders?

ANS: B a. white hat hackers b. hacktivists c. industrial spies d. black hat hackers

RATIONALE: A malicious insider is an employee or contractor who attempts to gain financially and/or disrupt a company’s information systems and business operations. He or she has inside information concerning the organization's security practices, data, or computer systems.

8. Those who capture trade secrets and attempt to gain an unfair competitive advantage are known as _____.

ANS: C a. They are hired by an organization to test the security of its information systems. b. They disrupt a company’s information systems and business operations. c. They capture trade secrets and attempt to gain an unfair competitive advantage in a company. d. They destroy the infrastructure components of governments, financial institutions, and emergency response units.

RATIONALE: Industrial spies are individuals who capture trade secrets and attempt to gain an unfair competitive advantage. They are usually hired by organizations or individuals to illegally gain data and access to other organization’s trade secrets.

9. Which of the following is true of white hat hackers?

ANS: A a. black hat hackers b. white hat hackers c. hacktivists d. crackers

RATIONALE: White hat hackers are people who have been hired by an organization to test the security of its information systems. They use their skills to improve security by exposing vulnerabilities before malicious hackers (known as black hat hackers) can detect and exploit them.

10. In the context of computer crimes, those who cause problems, steal data, and corrupt systems are known as _____.

ANS: D a. An individual who attacks a computer system or network for financial gain b. An individual who hacks computers or Web sites in an attempt to promote a political ideology c. An individual who attempts to destroy the infrastructure components of governments and financial institutions d. An individual who is hired by an organization to test the security of its information systems

RATIONALE: A cracker is an individual who causes problems, steals data, and corrupts systems. He or she possesses a high level of skill and knowledge with computers that enables him or her to interfere with the confidentiality of any information or security system.

11. Which of the following best describes a cybercriminal?

ANS: A a. An individual who attempts to destroy the infrastructure components of governments, financial institutions, utilities, and emergency response units b. An individual who hacks computers or Web sites in an attempt to promote a political ideology c. An employee or contractor who attempts to gain financially and/or disrupt a company’s information systems and business operations d. An individual who captures trade secrets and attempts to gain an unfair competitive advantage

RATIONALE: A cybercriminal is someone who attacks a computer system or network for financial gain. He or she attacks other people's computers to perform malicious activities, such as spreading viruses, data theft, identity theft, etc.

12. Which of the following best describes a hacktivist?

ANS: B a. hacktivists b. white hat hackers c. black hat hackers d. cyberterrorists

RATIONALE: A hacktivist is an individual who hacks computers or Web sites in an attempt to promote a political ideology. Hacktivism is defined as hacking or breaking into an information or security system for a political or socially motivated purpose. The tools used by a hacktivist are similar to the ones used by a hacker, only the purpose and agenda vary.

13. In the context of computer crimes, those who attempt to destroy the infrastructure components of governments and financial institutions are known as _____.

ANS: D a. Camware b. Spyware c. Scareware d. Ransomware

RATIONALE: A cyberterrorist is someone who attempts to destroy the infrastructure components of governments, financial institutions, utilities, and emergency response units. Cyberterrorism uses the Internet to spread terrorist activities, which generally revolve around political, social or religious agendas.

14. Which of the following exploits when downloaded onto a smartphone takes control of the device and its data until the owner agrees to pay a sum of money to the attacker?

ANS: D a. It is a harmful program that involves the use of Short Message Service to get personal details from victims. b. It is the act of fraudulently using email to try to get the recipient to reveal personal data. c. It is a piece of code that causes a computer to behave in an unexpected and usually undesirable manner. d. It is the abuse of email systems to send unsolicited email to large numbers of people.

RATIONALE: Ransomware is a malware, which when downloaded onto a smartphone (or another device), takes control of the device and its data until the owner agrees to pay a ransom to the attacker. The users get limited or no access to their devices once a ransomware is uploaded. It is not guaranteed that paying the ransom will grant users uninterrupted access to their device.

15. Which of the following is a technical description of a virus?

ANS: C a. It propagates without human intervention, often sending copies of itself to other computers by email. b. It allows hackers to destroy hard drives, corrupt files, and steal passwords by recording keystrokes and transmitting them to a server operated by a third party. c. It inserts unwanted words, numbers, or phrases into documents or alters command functions in an infected document. d. It abuses email systems to send unsolicited email to large numbers of people.

RATIONALE: Computer virus has become an umbrella term for many types of malicious code. Technically, a virus is a piece of programming code, usually disguised as something else that causes a computer to behave in an unexpected and usually undesirable manner.

16. Which of the following is true of a macro virus?

ANS: C a. scareware b. worm c. virus d. logic bomb

RATIONALE: Macro viruses can insert unwanted words, numbers, or phrases into documents or alter command functions in an infected document. After a macro virus infects a user’s application, it can embed itself in all future documents created with the application.

17. A _____ is a harmful program that resides in the active memory of a computer and duplicates itself.

ANS: B a. They abuse email systems to send unsolicited email to large numbers of people. b. They allow hackers to destroy hard drives, corrupt files, and steal passwords by recording keystrokes and transmitting them to a server operated by a third party. c. They insert unwanted words, numbers, or phrases into documents or alter command functions in an infected document. d. They propagate without human intervention, often sending copies of themselves to other computers by email.

RATIONALE: Unlike a computer virus, which requires users to spread infected files to other users, a worm is a harmful program that resides in the active memory of the computer and duplicates itself. A worm can propagate without human intervention, often sending copies of themselves to other computers by email.

18. Which of the following statements is true about worms?

ANS: D a. It steals passwords and Social Security numbers. b. It generates and grades tests that humans can pass but all but the most sophisticated computer programs cannot. c. It causes productivity losses due to workers being unable to use their computers. d. It fraudulently uses third-party emails to try to get the recipient to reveal personal data.

RATIONALE: Unlike a computer virus, which requires users to spread infected files to other users, a worm is a harmful program that resides in the active memory of the computer and duplicates itself. Worms differ from viruses in that they can propagate without human intervention, often sending copies of themselves to other computers by email.

19. How does a worm negatively impact an organization?

ANS: C a. A Trojan horse b. A distributed denial-of-service attack c. A spam d. A smish

RATIONALE: The negative impact of a worm attack on an organization’s computers can be considerable— lost data and programs, lost productivity due to workers being unable to use their computers, additional lost productivity as workers attempt to recover data and programs, and lots of effort for IT workers to clean up the mess and restore everything to as close to normal as possible.

20. _____ is a program in which malicious code is hidden inside a seemingly harmless program.

ANS: A a. They lead consumers to counterfeit Web sites designed to trick them into divulging personal data. b. They are used by organizations to test the security of information systems. c. They involve the use of Short Message Service (SMS) texting for phishing. d. They spy on users by recording keystrokes and transmitting them to a server operated by a third party.

RATIONALE: A Trojan horse is a program in which malicious code is hidden inside a seemingly harmless program. The program’s harmful payload might be designed to enable the hacker to destroy hard drives, corrupt files, control the computer remotely, launch attacks against other computers, steal passwords or Social Security numbers, or spy on users by recording keystrokes and transmitting them to a server operated by a third party.

21. Identify a true statement about Trojan horses.

ANS: D a. A worm b. Smishing c. A logic bomb d. Phishing

22. David, a software engineer, was creating a report using Microsoft Word. After completing 15 pages in the file, he noticed that whenever he copied something using the keyboard, the contents were modified with unwanted numbers and phrases. Which of the following could have caused this problem?

ANS: C a. Cyberespionage b. Spam c. Phishing d. Smishing

RATIONALE: Another type of Trojan horse is a logic bomb, which executes when it is triggered by a specific event. For example, logic bombs can be triggered by a change in a particular file, by typing a specific series of keystrokes, or at a specific time or date.

23. _____ is the abuse of email systems to send unsolicited email to large numbers of people.

ANS: B a. Spam is a type of attack with which a hacker takes over computers via the Internet and causes them to flood a target site with demands for data and other small tasks. b. Spam is a program in which malicious code is hidden inside a seemingly harmless program. c. Spam is a set of programs that enables its user to gain administrator-level access to a computer without the end user’s consent or knowledge. d. Spam is an extremely inexpensive method of marketing used by many legitimate organizations.

RATIONALE: Email spam is the abuse of email systems to send unsolicited email to large numbers of people. Most spam is a form of low-cost commercial advertising, sometimes for questionable products such as pornography, phony get-rich-quick schemes, and worthless stock.

24. Which of the following is true of spam?

ANS: D a. It legalizes spamming with certain restrictions. b. It provides a solution to tackle a Trojan horse. c. It identifies distributed denial-of-service attacks. d. It prevents worms by eliminating their ability to replicate.

RATIONALE: Most spam is a form of low-cost commercial advertising, sometimes for questionable products such as pornography, phony get-rich-quick schemes, and worthless stock. Spam is also an extremely inexpensive method of marketing used by many legitimate organizations.

25. Which of the following statements is true of the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act?

ANS: A a. Atomicity, consistency, isolation, and durability (ACID) b. Microprocessor without Interlocked Pipeline Stages (MIPS) c. Completely Automated Public Turing Test to Tell Computers and Humans Apart (CAPTCHA) d. Document Style Semantics and Specification Language (DSSSL)

RATIONALE: The Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act went into effect in January 2004. The act says that it is legal to spam, provided the messages meet a few basic requirements—spammers cannot disguise their identity by using a false return address, the email must include a label specifying that it is an ad or a solicitation, and the email must include a way for recipients to indicate that they do not want future mass mailings.

26. Which of the following is used to ensure that only humans obtain free email accounts?

ANS: C a. Distributed denial-of-service b. Smishing c. Logic bomb d. Phishing

RATIONALE: Spammers can defeat the registration process of free email services by launching a coordinated bot attack that can sign up for thousands of email accounts. These accounts are then used by the spammers to send thousands of untraceable email messages for free. A partial solution to this problem is the use of CAPTCHA to ensure that only humans obtain free accounts. CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) software generates and grades tests that humans can pass but all but the most sophisticated computer programs cannot.

27. Identify the attack in which a malicious hacker floods a target site with demands for data and other small tasks.

ANS: A a. Spear-phishing b. Botnet c. Cyberespionage d. Smishing

RATIONALE: In a distributed denial-of-service (DDoS) attack, a malicious hacker takes over computers via the Internet and causes them to flood a target site with demands for data and other small tasks. A distributed denial-of-service attack does not involve infiltration of the targeted system. Instead, it keeps the target so busy responding to a stream of automated requests that legitimate users cannot get in.

28. Which of the following terms is used to describe a large group of computers controlled from one or more remote locations by hackers without the knowledge of their owners?

ANS: B a. zombies b. daemons c. narutus d. konohas

RATIONALE: In a distributed denial-of-service (DDoS) attack, a tiny program is downloaded surreptitiously from the attacker’s computer to dozens, hundreds, or even thousands of computers all over the world.

The term botnet is used to describe a large group of such computers, which are controlled from one or more remote locations by hackers, without the knowledge or consent of their owners.

29. Botnet computers are also called _____.

ANS: A a. It is the act of fraudulently using email to try to get the recipient to reveal personal data by sending legitimate-looking emails urging the recipient to take action to avoid a negative consequence or to receive a reward. b. It is the unintended release of sensitive data by unauthorized individuals. c. It is the abuse of email systems to send unsolicited email to large numbers of people. d. It is a set of programs that enables its user to gain administrator-level access to a computer without the end user’s consent or knowledge.

RATIONALE: The term botnet is used to describe a large group of computers, which are controlled from one or more remote locations by hackers, without the knowledge or consent of their owners. Based on a command by the attacker or at a preset time, the botnet computers (also called zombies) go into action, each sending a simple request for access to the target site again and again—dozens of times per second.

30. Which of the following defines a rootkit?

ANS: D a. scareware b. patch c. rootkit d. worm

RATIONALE: A rootkit is a set of programs that enables its user to gain administrator-level access to a computer without the end user’s consent or knowledge. Once installed, the attacker can gain full control of the system and even obscure the presence of the rootkit from legitimate system administrators.

31. A _____ is used by attackers to execute files, access logs, monitor user activity, and change a computer’s configuration.

ANS: C a. A rootkit b. A distributed denial-of-service attack c. A logic bomb attack d. A cyberespionage incident

32. Andrew, a writer, noticed that his blog was filled with repetitive advertisements and surveys that prevented him from accessing his blog and editing an article. Which of the following has caused this problem?

ANS: B a. dropper b. loader c. linker d. adapter

RATIONALE: A distributed denial-of-service (DDoS) attack is one in which a malicious hacker takes over computers via the Internet and causes them to flood a target site with demands for data and other small tasks. A distributed denial-of-service attack does not involve infiltration of the targeted system. Instead, it keeps the target so busy responding to a stream of automated requests that legitimate users cannot get through to the target computer.

33. The _____ code of a rootkit gets the rootkit installation started and can be activated by clicking on a link to a malicious Web site in an email or opening an infected PDF file.

ANS: A a. rootkit b. smishing c. phishing d. bootkit

RATIONALE: Rootkits are one part of a blended threat, consisting of a dropper, a loader, and a rootkit. The dropper code gets the rootkit installation started and can be activated by clicking on a link to a malicious Web site in an email or opening an infected PDF file. The dropper launches the loader program and then deletes itself.

34. Jack was shocked to witness the sudden drop in performance of his laptop. He also found that the screen saver constant changed and that the taskbar had disappeared. The given problems are symptoms of _____ infections.

ANS: A

RATIONALE: A rootkit is a set of programs that enables its user to gain administrator-level access to a computer without the end user’s consent or knowledge. The following are some symptoms of rootkit infections: a. Spoofing b. Vishing c. Phishing d. Smishing

 The computer locks up or fails to respond to input from the keyboard or mouse.

 The screen saver changes without any action on the part of the user.

 The taskbar disappears.

 Network activities function extremely slowly.

35. _____ is the act of fraudulently using email to try to get the recipient to reveal personal data.

ANS: C a. The phisher sends a survey to the employees of several organizations to obtain details of the configuration of their computing devices. b. The phisher sends a voice mail message to a number of people to call a phone number or access a Web site. c. The phisher sends legitimate-looking text messages through his or her phone to advertise a certain organization. d. The phisher sends fraudulent emails to a certain organization’s employees disguising them as mails from high-level executives from within the organization.

RATIONALE: Phishing is the act of fraudulently using email to try to get the recipient to reveal personal data. In a phishing scam, con artists send legitimate-looking emails urging the recipient to take action to avoid a negative consequence or to receive a reward. The requested action may involve clicking on a link to a Web site or opening an email attachment.

36. Which of the following best describes spear-phishing?

ANS: D a. Multimedia Messaging Service b. Short Message Service c. Email d. Voice mail

RATIONALE: Spear-phishing is a variation of phishing in which the phisher sends fraudulent emails to a certain organization’s employees. It is known as spear-phishing because the attack is much more precise and narrow, like the tip of a spear.

37. Identify the mode of message transmission used in smishing.

ANS: B a. The phisher sends legitimate-looking messages through phone to acquire personal information. b. The phisher sends a survey email to obtain the configuration of an unsuspecting user’s computing device. c. The phisher sends a voice mail message to an unsuspecting user to call a phone number or access a Web site. d. The phisher sends fraudulent emails to a certain organization’s employees.

RATIONALE: Smishing (also called SMS phishing and SMiShing) is another variation of phishing that involves the use of Short Message Service (SMS) texting. In a smishing scam, people receive a legitimatelooking text message on their phone telling them to call a specific phone number or to log on to a Web site. This is often done under the guise that there is a problem with their bank account or credit card that requires immediate attention.

38. Identify a true statement about smishing.

ANS: A a. Multimedia Messaging Service b. Short Message Service c. Email d. Voice mail

RATIONALE: In a smishing scam, people receive a legitimate-looking text message on their phone telling them to call a specific phone number or to log on to a Web site. This is often done under the guise that there is a problem with their bank account or credit card that requires immediate attention.

39. Identify the mode of message transmission used in vishing.

ANS: D a. advanced persistent threat b. vishing scam c. identity threat d. data breach

RATIONALE: Vishing is similar to smishing except that the victims receive a voice mail message telling them to call a phone number or access a Web site. Financial institutions, credit card companies, and other organizations whose customers may be targeted by criminals in this manner should be on the alert for phishing, smishing, and vishing scams. They must be prepared to act quickly and decisively without alarming their customers if such a scam is detected.

40. A(n) _____ is a network attack in which an intruder gains access to a network and stays undetected with the intention of stealing data.

ANS: A a. The discovery phase b. The capture phase c. The reconnaissance phase d. The incursion phase

RATIONALE: An advanced persistent threat (APT) is a network attack in which an intruder gains access to a network and stays there—undetected—with the intention of stealing data over a long period of time. Attackers in an APT must continuously rewrite code and employ sophisticated evasion techniques to avoid discovery. APT attacks target organizations with high-value information, such as banks and financial institutions, government agencies, and insurance companies.

41. Which phase of an advanced persistent threat enables an intruder to gain useful information about the target?

ANS: C a. An intruder gains useful information about the target. b. An intruder establishes a means of accessing a computer program that bypasses security mechanisms. c. An intruder gathers valid user credentials and installs backdoors for distributing malware. d. An intruder is ready to access compromised systems and capture information.

RATIONALE: An advanced persistent threat (APT) is a network attack in which an intruder gains access to a network and stays there—undetected—with the intention of stealing data over a long period of time. The intruder begins by conducting reconnaissance on the network to gain useful information about the target (security software installed, computing resources connected to the network, number of users, etc.).

42. Identify a true statement about the incursion phase in an advanced persistent threat.

ANS: B a. An intruder gains useful information about the target. b. An intruder establishes a computer program that bypasses security mechanisms. c. An intruder is ready to access compromised systems and capture information. d. An intruder gathers valid user credentials and installs backdoors for distributing malware.

RATIONALE: In the incursion phase of an advanced persistent threat, an attacker gains incursion to the network at a low level to avoid setting off any alarms or suspicion. Some form of spear-fishing may be employed in this phase. Once incursion to the target has been gained, the attacker establishes a back door, or a means of accessing a computer program that bypasses security mechanisms.

43. Which of the following statements is true of the discovery phase of an advanced persistent threat?

ANS: D a. The reconnaissance phase b. The discovery phase c. The capture phase d. The export phase

RATIONALE: In the discovery phase of an advanced persistent threat, an intruder begins a discovery process to gather valid user credentials (especially administrative ones) and move laterally across the network, installing more back doors. These back doors enable the attacker to install bogus utilities for distributing malware that remains hidden in plain sight.

44. In the context of an advanced persistent threat, identify the phase during which an intruder is ready to access unprotected or compromised systems.

ANS: C a. The data captured by an attacker is sent to the attacker’s home base for analysis. b. An attacker establishes a computer program that bypasses security mechanisms. c. An attacker is ready to access compromised systems and capture information. d. The valid user credentials gathered by an attacker is used to install backdoors for distributing malware.

RATIONALE: An advanced persistent threat (APT) is a network attack in which an intruder gains access to a network and stays there—undetected—with the intention of stealing data over a long period of time. In the capture phase of the advanced persistent threat, the attacker is ready to access unprotected or compromised systems and capture information over a long period of time.

45. Which of the following statements best describes the export phase of an advanced persistent threat?

ANS: A a. Trustworthy computing b. Cyberespionage c. Cyberterrorism d. Identity theft

RATIONALE: An advanced persistent threat (APT) is a network attack in which an intruder gains access to a network and stays there—undetected—with the intention of stealing data over a long period of time. In the export phase, the captured data is exported back to the attacker’s home base for analysis and/or used to commit fraud and other crimes.

46. _____ occurs when the personal information of an individual is stolen and used.

ANS: D a. A risk exportation b. A data breach c. Cyberterrorism d. Rifting

RATIONALE: Identity theft occurs when someone steals a person’s personal information and uses it without his or her permission. Often, stolen personal identification information, such as names, Social Security numbers, or credit card numbers, are used to commit fraud or other crimes.

47. _____ is the unintended access of sensitive data by unauthorized individuals.

ANS: B a. smishing b. phishing c. data breach d. identity theft

RATIONALE: A data breach is the unintended release of sensitive data or the access of sensitive data by unauthorized individuals. An unauthorized individual can get access to sensitive, protected, or confidential data that can be copied, transmitted, viewed, or stolen.

48. Ricky, an employee of Gycl Inc., has unknowingly shared his company’s tender details and appraisal structure with the market competitor. This is an example of _____.

ANS: C a. encryption b. authentication c. authorization d. indexing

49. To reduce the potential for online credit card fraud, most e-commerce Web sites use some form of _____ technology to protect information as it comes in from the consumer.

ANS: A a. Personal identification number b. Card verification value c. Automated teller machine d. Know your customer digits

RATIONALE: To reduce the potential for online credit card fraud, most e-commerce Web sites use some form of encryption technology to protect information as it comes in from the consumer. Some also verify the address submitted online against the one the issuing bank has on file, although the merchant may inadvertently throw out legitimate orders as a result.

50. _____ is a three-digit number above the signature panel on the back of a credit card.

ANS: B a. transaction incognito mode b. transaction identification code c. transaction-spam control software d. transaction-risk scoring software

51. The additional security option, used for credit card transactions, that keeps track of a customer’s historical shopping patterns and notes deviations from the norm is _____.

ANS: D a. Cyberterrorism b. Smishing c. Cyberespionage d. Vishing

RATIONALE: Card verification value is a three-digit number above the signature panel on the back of a credit card. This technique makes it impossible to make purchases with a credit card number stolen online. An additional security option is transaction-risk scoring software, which keeps track of a customer’s historical shopping patterns and notes deviations from the norm.

52. _____ involves the deployment of malware that secretly steals data in the computer systems of organizations.

ANS: C a. It involves the deployment of malware that secretly steals data in the computer systems of organizations. b. It is the unintended release of sensitive data or the access of sensitive data by unauthorized individuals. c. It is a network attack in which an intruder gains access to a network and stays undetected with the intention of stealing data over a long period of time. d. It is the intimidation of a government by using information technology to disable critical national infrastructure to achieve ideological goals.

RATIONALE: Cyberespionage involves the deployment of malware that secretly steals data in the computer systems of organizations, such as government agencies, military contractors, political organizations, and manufacturing firms. The type of data most frequently targeted includes data that can provide an unfair competitive advantage to the perpetrator.

53. Which of the following statements best defines cyberterrorism?

ANS: D a. United States Computer Emergency Readiness Team (US-CERT) b. United States Computer Query Emergency Team (US-CQET) c. United States Computer Emergency Encryption Team (US-CEET) d. United States Computer Emergency Authority Team (US-CEAT)

54. _____ serves as a clearinghouse for information on new viruses, worms, and other computer security topics.

ANS: A a. Automobile industry b. Logistics industry c. Gas industry d. Health industry

RATIONALE: Cyberterrorism is the intimidation of a government or a civilian population by using information technology to disable critical national infrastructure (e.g., energy, transportation, financial, law enforcement, emergency response) to achieve political, religious, or ideological goals. Established in 2003 to protect the nation’s Internet infrastructure against cyberattacks, United States Computer Emergency Readiness Team serves as a clearinghouse for information on new viruses, worms, and other computer security topics (over 500 new viruses and worms are developed each month).

55. Identify the industry that is considered as a high-value target for cyberterrorists.

ANS: C a. Cloud computing b. Trustworthy computing c. Mobile computing d. Cluster computing

RATIONALE: Companies in the oil and gas industry are seen as high-value targets for cyberterrorists. Some cyberterrorists are interested in taking control over the flow of oil and natural gas in computercontrolled refineries and the movement of oil through pipelines.

56. _____ is a method of computing that delivers secure, private, and reliable computing experiences based on sound business practices.

ANS: B a. It decides whether or not to implement a particular countermeasure against attacks. b. It recognizes that managers must use their judgment to ensure that the cost of control does not exceed a system’s benefits. c. It recognizes the loss events or the risks or threats that could occur, such as a distributed denial-ofservice attack or insider fraud. d. It determines the impact of each threat occurrence.

RATIONALE: Trustworthy computing is a method of computing that delivers secure, private, and reliable computing experiences based on sound business practices—which is what organizations worldwide are demanding today. Software and hardware manufacturers, consultants, and programmers all understand that this is a priority for their customers.

57. In the context of general security risk assessment, which of the following is true of the concept of reasonable assurance?

ANS: B a. Distributed denial-of-service attack b. Cyberterrorism c. Cyberespionage d. Theft of device

RATIONALE: No amount of resources can guarantee a perfect security system, so organizations must balance the risk of a security breach with the cost of preventing one. The concept of reasonable assurance recognizes that managers must use their judgment to ensure that the cost of control does not exceed the system’s benefits or the risks involved.

58. Identify the primary security threat for mobile devices.

ANS: D a. Virtual private network (VPN) b. File transfer protocol (FTP) c. Indexing d. Data warehousing

RATIONALE: Mobile devices such as smartphones can be susceptible to viruses and worms. However, the primary security threat for mobile devices continues to be loss or theft of the device.

59. Which of the following uses encryption to provide secure access to a remote computer over the Internet?

ANS: A a. An antivirus software b. The concept of Reasonable assurance c. A firewall d. A browser

RATIONALE: Wary companies have begun to include special security requirements for mobile devices as part of their security policies. In some cases, users of laptops and mobile devices must use a virtual private network (a method employing encryption to provide secure access to a remote computer over the Internet) to gain access to their corporate network.

60. Which of the following limits network access based on an organization’s access policy?

ANS: C a. An IDS is a discipline that combines elements of law and computer science to identify, collect, examine, and preserve data from computer systems, networks, and storage devices. b. An IDS evaluates an organization’s security policy. c. An IDS indicates the presence of a specific virus. d. An IDS is software and/or hardware that monitors system and network resources for breaches.

RATIONALE: Installation of a corporate firewall is the most common security precaution taken by businesses. A firewall stands guard between an organization’s internal network and the Internet, and it limits network access based on the organization’s access policy.

61. Which of the following statements defines an intrusion detection system (IDS)?

ANS: D a. Knowledge-based IDS b. Behavior-based IDS c. Threat-based IDS d. Risk-based IDS

RATIONALE: An intrusion detection system (IDS) is software and/or hardware that monitors system and network resources and activities and notifies network security personnel when it detects network traffic that attempts to circumvent the security measures of a networked computer environment. Such activities usually signal an attempt to breach the integrity of the system or to limit the availability of network resources.

62. Which intrusion detection system (IDS) contains information about specific attacks and system vulnerabilities?

ANS: A

RATIONALE: Knowledge-based approaches and behavior-based approaches are two fundamentally different approaches to intrusion detection. Knowledge-based intrusion detection systems contain information about specific attacks and system vulnerabilities and watch for attempts to exploit these vulnerabilities, such as repeated failed login attempts or recurring attempts to download a program to a server. When such an attempt is detected, an alarm is triggered. a. It quarantines the virus present in a system. b. It indicates the presence of a specific virus in a system. c. It temporarily stops the activities of a detected virus. d. It deletes a detected virus completely.

63. Which of the following is true of a virus signature?

ANS: B a. internet audit b. cost audit c. software audit d. security audit

RATIONALE: Antivirus software should be installed on each user’s personal computer to scan a computer’s memory and disk drives regularly for viruses. Antivirus software scans for a specific sequence of bytes, known as a virus signature, that indicates the presence of a specific virus.

64. A thorough _____ should test system safeguards to ensure that they are operating as intended.

ANS: D a. It is a discipline that combines elements of law and computer science to identify, collect, examine, and preserve data from computer systems, networks, and storage devices. b. It evaluates an organization’s security policy. c. It detects viruses in a computer system and quarantines them. d. It is the software and/or hardware that monitors system and network resources and notifies network security personnel when it detects network traffic that attempts to circumvent the security measures of a networked computer environment.

RATIONALE: A security audit evaluates whether an organization has a well-considered security policy in place and if it is being followed. A thorough security audit should also test system safeguards to ensure that they are operating as intended.

65. Which of the following defines computer forensics?

ANS: A

RATIONALE: Computer forensics is a discipline that combines elements of law and computer science to identify, collect, examine, and preserve data from computer systems, networks, and storage devices in a manner that preserves the integrity of the data gathered so that it is admissible as evidence in a court of law. A computer forensics investigation may be opened in response to a criminal investigation or civil litigation.

TRUE/FALSE

1. An industrial spy hacks computers or Web sites in an attempt to promote a political ideology.

ANS: False

RATIONALE: Industrial spies capture trade secrets and attempt to gain an unfair competitive advantage. They are usually hired by organizations or individuals to illegally gain data and access to other organizations’ trade secrets.

2. Macros can insert unwanted words, numbers, or phrases into documents or alter command functions.

ANS: True

RATIONALE: Macros can insert unwanted words, numbers, or phrases into documents or alter command functions. After a macro virus infects a user’s application, it can embed itself in all future documents created with the application.

3. Worms propagate without human intervention and send copies of themselves to other computers via email.

ANS: True

RATIONALE: Unlike a computer virus, which requires users to spread infected files to other users, a worm is a harmful program that resides in the active memory of the computer and duplicates itself. Worms differ from viruses in that they can propagate without human intervention, often sending copies of themselves to other computers by email.

4. A Trojan horse abuses email systems to send unsolicited email to large numbers of people.

ANS: False

5. A distributed denial-of-service attack involves infiltration of target systems.

ANS: False

RATIONALE: A distributed denial-of-service attack does not involve infiltration of the targeted system. Instead, it keeps the target so busy responding to a stream of automated requests that legitimate users cannot get in—the Internet equivalent of dialing a telephone number repeatedly so that all other callers hear a busy signal.

6. A rootkit can be disinfected without formatting the hard disk or reinstalling the operating system.

ANS: False

RATIONALE: When it is determined that a computer has been infected with a rootkit, there is little to do but reformat the disk; reinstall the operating system and all applications; and reconfigure the user’s settings, such as mapped drives. This can take hours, and the user may be left with a basic working machine, but all locally held data and settings may be lost.

7. In a smishing scam, people receive a legitimate-looking text message on their phone telling them to call a specific phone number or to log on to a Web site.

ANS: True

8. In an advanced persistent threat, the intruder gains useful information about the target in the incursion stage.

ANS: False

RATIONALE: In an advanced persistent threat, the intruder gains useful information about the target in the reconnaissance stage. The intruder begins by conducting reconnaissance on the network to gain useful information about the target (security software installed, computing resources connected to the network, number of users, etc.).

9. In the context of an information technology risk assessment, assets refer to hardware components only.

ANS: False

RATIONALE: Risk assessment is the process of assessing security-related risks to an organization’s computers and networks from both internal and external threats. In the context of an information technology risk assessment, an asset is any hardware, software, information system, network, or database that is used by the organization to achieve its business objectives.

10. Firewalls are used to block access to certain Web sites.

ANS: True

RATIONALE: Firewalls can be established through the use of software, hardware, or a combination of both. Any Internet traffic that is not explicitly permitted into the internal network is denied entry. Similarly, most firewalls can be configured so that internal network users can be blocked from gaining access to certain Web sites based on such content as sex and violence.

Essay

1. What are the steps that can be taken by organizations to safeguard people from phishing, smishing, and vishing scams?

ANSWER: Financial institutions, credit card companies, and other organizations whose customers are targeted by criminals through short message service or voice mail should be on the alert for phishing, smishing, and vishing scams. They must be prepared to act quickly and decisively without alarming their customers if such a scam is detected. Recommended action steps for institutions and organizations include the following:

 Companies should educate their customers about the dangers of phishing, smishing, and vishing through letters, recorded messages for those calling into the company’s call center, and articles on the company’s Web site.

 Call center service employees should be trained to detect customer complaints that indicate a scam is being perpetrated. They should attempt to capture key pieces of information, such as the callback number the customer was directed to use, details of the phone message or text message, and the type of information requested.

 Customers should be notified immediately if a scam occurs. This can be done via a recorded message for customers phoning the call center, working with local media to place a news article in papers serving the area of the attack, placing a banner on the institution’s Web page, and even displaying posters in bank drive-through and lobby areas.

 If it is determined that the calls are originating from within the United States, companies should report the scam to the Federal Bureau of Investigation.

 Institutions can also try to notify the telecommunications carrier for the particular numbers to request that they shut down the phone numbers victims are requested to call.

2. Explain the different phases of an advanced persistent threat (APT).

ANSWER: An advanced persistent threat (APT) attack advances through the following five phases:

 Reconnaissance: The intruder begins by conducting reconnaissance on the network to gain useful information about the target (security software installed, computing resources connected to the network, number of users, etc.)

 Incursion: The attacker next gains incursion to the network at a low level to avoid setting off any alarms or suspicion. Some form of spear-fishing may be employed in this phase. Once incursion to the target has been gained, the attacker establishes a back door, or a means of accessing a computer program that bypasses security mechanisms.

 Discovery: The intruder now begins a discovery process to gather valid user credentials (especially administrative ones) and move laterally across the network, installing more back doors. These back doors enable the attacker to install bogus utilities for distributing malware that remains hidden in plain sight.

 Capture: The attacker is now ready to access unprotected or compromised systems and capture information over a long period of time.

 Export: Captured data is then exported back to the attacker’s home base for analysis and/or used to commit fraud and other crimes

3. What are the steps involved in a general security risk assessment process?

ANSWER: The steps in a general security risk assessment process are as follows:

 Step1—Identify the set of IT assets about which the organization is most concerned. Priority is typically given to those assets that support the organization’s mission and the meeting of its primary business goals.

 Step 2—Identify the loss events or the risks or threats that could occur, such as a distributed denialof-service attack or insider fraud.

 Step 3—Assess the frequency of events or the likelihood of each potential threat; some threats, such as insider fraud, are more likely to occur than others.

 Step 4—Determine the impact of each threat occurring.

 Step 5—Determine how each threat can be mitigated so that it becomes much less likely to occur or, if it does occur, has less of an impact on the organization.

 Step 6—Assess the feasibility of implementing the mitigation options.

 Step 7—Perform a cost-benefit analysis to ensure that your efforts will be cost effective.

 Step 8—Make the decision on whether or not to implement a particular countermeasure.

4. What are the characteristics of a good antivirus software?

ANSWER: A good antivirus software checks vital system files when the system is booted up, monitors the system continuously for virus-like activity, scans disks, scans memory when a program is run, checks programs when they are downloaded, and scans email attachments before they are opened. Two of the most widely used antivirus software products are Norton AntiVirus from Symantec and Personal Firewall from McAfee.

5. Explain the need for a security audit in an organization.

ANSWER: A security audit evaluates whether an organization has a well-considered security policy in place and if it is being followed. One result of a good audit is a list of items that needs to be addressed in order to ensure that the security policy is being met. A thorough security audit should also test system safeguards to ensure that they are operating as intended. Such tests might include trying the default system passwords that are active when software is first received from the vendor. The goal of such a test is to ensure that all such known passwords have been changed.

CHAPTER 11— CYBERCRIME AND IT SECURITY

Next Article

CHAPTER 12— ETHICAL, LEGAL, AND SOCIAL ISSUES OF INFORMATION TECHNOLOGY

Multiple Choice

TRUE/FALSE

Essay

More articles from this publication:

CHAPTER 12— ETHICAL, LEGAL, AND SOCIAL ISSUES OF INFORMATION TECHNOLOGY

This article is from:

Test Bank for Information Technology for Managers, 2nd Edn, George Reynolds, (Complete Download)