CHAPTER 3: COMPUTER AND INTERNET CRIME 1. Vishing frequently leads consumers to counterfeit Web sites designed to trick them into initiating a denial-of-service attack. a. True b. False ANSWER: False 2. The Fifth Amendment regulates the collection of the content of wire and electronic communications. a. True b. False ANSWER: False 3. Smart and talented hackers who are technically inept are referred to as lamers or script kiddies by more skilled hackers. a. True b. False ANSWER: True 4. Computer viruses differ from worms in that viruses can propagate without human intervention, often sending copies of themselves to other computers by email. a. True b. False ANSWER: False 5. The cost to repair the worldwide damage done by a computer worm has exceeded $1 billion on more than one occasion. a. True b. False ANSWER: True 6. The security of any system or network is a combination of technology, policy, and people and requires a wide range of activities to be effective. a. True b. False ANSWER: True 7. According to the 2010/11 CSI Computer Crime and Security Survey, malware infection incidents were the most common security incident. a. True b. False ANSWER: True
8. A spear-phishing attack typically employs a group of zombies to keep the target so busy responding to a stream of automated requests that legitimate users cannot access the target. a. True b. False ANSWER: False 9. Rootkit is a set of programs that enables its users to gain administrator-level access to a computer without the end user’s consent or knowledge. a. True b. False ANSWER: True 10. Trojan horse has become an umbrella term for many types of malicious code. a. True b. False ANSWER: False 11. The cost of creating an email campaign for a product or a service is typically more expensive and takes longer to conduct than a direct-mail campaign. a. True b. False ANSWER: False 12. Fraud by malicious insiders often involves some form of collusion, or cooperation, between an employee and an outsider. a. True b. False ANSWER: True 13. Competitive intelligence is conducted by industrial spies. a. True b. False ANSWER: False 14. Malicious insiders mean well but have the potential to cause considerable damage through their actions. a. True b. False ANSWER: False
15. The USA Patriot Act defines cyberterrorism as hacking attempts that cause $5,000 in aggregate damage in one year to medical equipment, or that cause injury to any person. a. True b. False ANSWER: True 16. A completed risk assessment identifies the most dangerous threats to a company and helps focus security efforts on the areas of highest payoff. a. True b. False ANSWER: True 17. A security policy outlines exactly what needs to be done to safeguard computers and their data, but not how it must be accomplished. a. True b. False ANSWER: True 18. Whenever possible, automated system rules should mirror an organization’s written policies. a. True b. False ANSWER: True 19. Employees and contract workers must be educated about the importance of security so that they will be motivated to understand and follow the security policies. a. True b. False ANSWER: True 20. Computer forensics is such a new field that there is little training or certification processes available to practioners. a. True b. False ANSWER: False 21. Installation of a corporate firewall is the least common security precaution taken by businesses as it does not provide sufficient security. a. True b. False ANSWER: False
22. As a safeguard against attacks by malicious insiders, organizations must define employee roles so that a single employee can input as well as approve purchase orders. a. True b. False ANSWER: False 23. It is not unusual for a security audit to reveal that too many people have access to critical data and that many people have capabilities beyond those needed to perform their jobs. a. True b. False ANSWER: True 24. Even when preventive measures are implemented, no organization is completely secure from a determined computer attack. a. True b. False ANSWER: True 25. Discussing security attacks through public trials and the associated publicity has not only enormous potential costs in public relations but real monetary costs as well. a. True b. False ANSWER: True 26. In a security incident, the primary goal must be to regain control and limit damage, and not to attempt to monitor or catch an intruder. a. True b. False ANSWER: True 27. The use of cloud computing and virtualization software has significantly reduced computer security concerns. a. True b. False ANSWER: False 28. Hacktivism involves using illegal means to obtain trade secrets from competitors. a. True b. False ANSWER: False
29. An intrusion detection system monitors system and network resources and activities, and notifies the network security when it detects attempts to circumvent the security measures of a networked computer environment. a. True b. False ANSWER: True 30. Competitive intelligence combines elements of law and computer science to identify, collect, examine, and preserve data so that it is admissible in a court of law. a. True b. False ANSWER: False 31. Often a successful attack on an information system is due to poor system design or implementation. Once such a vulnerability is discovered, software developers quickly create and issue a to eliminate the problem. a. patch b. bot c. rootkit d. Trojan horse ANSWER: a 32. The is a partnership between the Department of Homeland Security and the public and private sectors, established in 2003 to protect the nation’s Internet infrastructure against cyberattacks. a. Carnegie Mellon’s Computer Response Team b. U.S. Computer Emergency Readiness Team c. The National Institute of Standards and Technology d. The Science and Technology Directorate of Homeland Security ANSWER: b 33. The code gets a rootkit installation started and can be easily activated by clicking on a link to a malicious Web site in an email or opening an infected PDF file. a. logic bomb b. zombie c. dropper d. loader ANSWER: c 34. The concept of recognizes that managers must use their judgment to ensure that the cost of control does not exceed the system’s benefits or the risks involved. a. competitive intelligence b. reasonable assurance c. separation of duties d. risk assessment ANSWER: b
35. The is a federal law that provides a definition of the term cyberterrorism and under which young people primarily involved in what they consider to be minor computer pranks have been tried as cyberterrorists. a. USA Patriot Act b. Computer Fraud and Abuse Act c. Stored Wire and Electronic Communications and Transactional Records Access Statutes
d. Identity Theft and Assumption Deterrence Act
ANSWER: a 36.
have become a common and easily created form of malware that are created using applications such as Visual Basic or VBScript. a. Macro viruses b. Logic bombs c. Trojan horses
d. Zombies
ANSWER: a 37. The fundamental problem with trying to detect a rootkit is that the operating system cannot be trusted to provide _____. a. valid test results b. correct system login ids c. the correct date and time d. sufficient memory for operations ANSWER: a 38.
is the abuse of email systems to send unsolicited email to large numbers of people. a. A botnet b. Spam c. Logic bombing
d. A worm
ANSWER: b 39. The protects against unreasonable search and seizure. a. Fourth Amendment b. Fifth Amendment c. Wiretap Act d. Pen Registers and Trap and Trace Devices Statute ANSWER: a 40. Spammers can defeat the registration process of free email services by launching a coordinated that can sign up for thousands of untraceable email accounts. a. distributed denial-of-service b. bot c. CAPTCHA ANSWER: b
d. logic bomb
attack
41.
test the limitations of information systems out of intellectual curiosity to see whether they can gain access and how far they can go. a. Industrial spies b. Hackers c. Cyberterrorists
d. Hacktivists
ANSWER: b 42. A(n) is a type of computer crime perpetrator whose primary motive is to achieve financial gain. a. industrial spy b. hacktivist c. script kiddie
d. cybercriminal
ANSWER: d 43. A software and/or hardware that monitors system and network resources and activities, and notifies network security personnel when it identifies network traffic that attempts to circumvent the security measures of a networked computer environment is a(n) . a. anti-virus device b. intrusion prevention system c. intrusion detection system d. virtual private network ANSWER: c 44. A is a form of Trojan horse which executes when it is triggered by a specific event such as a change in a particular file, by typing a specific series of keystrokes, or by a specific time or date. a. denial-of-service attack b. logic bomb c. botnet d. rootkit ANSWER: b 45. In computing, a(n) is a term for any sort of general attack on an information system that takes advantage of a particular system vulnerability. a. exploit b. patch c. firewall d. security audit ANSWER: a 46. An antivirus software scans for a specific sequence of bytes, known as a specific malware. a. script kiddie b. virus signature c. CAPTCHA d. Trojan horse ANSWER: b
, that indicates the presence of
47.
is an annual gathering in Las Vegas of computer hackers. a. Woodstock b. DEFCON c. Computer Security Institute convention
d. CAPTCHA
ANSWER: b 48. A attack keeps the target so busy responding to a stream of automated requests that legitimate users cannot get in. a. spam b. rootkit c. logic bomb
d. distributed denial-of-service
ANSWER: d 49.
pledged to deliver on a trustworthy computing initiative and defined four pillars of trustworthy computing. a. IBM b. Microsoft c. Oracle
d. Hewlett Packard
ANSWER: b 50. A strong security program begins by . a. assessing the threats to an organization’s computers and network b. authorizing a large budget to pay for the necessary hardware and software c. hiring a chief security officer d. monitoring the network for potential intrusions ANSWER: a 51. The policy is a template available from the SANS Institute that defines the means to establish a culture of openness, trust, and integrity in business practices. a. information sensitivity b. risk assessment c. ethics
d. voice-mail policy
ANSWER: c 52. Installation of a corporate a. emergency response team c. virtual private network ANSWER: d
is the most common computer security precaution taken by businesses. b. rootkit d. firewall
53. A is defined as an exploit that takes place before the security community or software developer knows about the vulnerability or has been able to repair it. a. logic bomb b. DDoS attack c. zero-day attack
d. rootkit
ANSWER: c 54.
is the act of fraudulently using email to try to get the recipient to reveal personal data. a. Pharming b. Phishing c. Spamdexing
d. Flyposting
ANSWER: b 55.
is the sending of fraudulent emails to an organization’s employees designed to look like they came from highlevel executives from within the organization. a. Spamdexing b. Vishing c. Smishing
d. Spear-phishing
ANSWER: d 56.
are poorly trained and inadequately managed employees who mean well but have the potential to cause much damage. a. Whistleblowers b. Negligent insiders c. Malicious insiders d. Industrial spies ANSWER: b
57. A(n) works by using the Internet to relay communications; it maintains privacy through security procedures and tunneling protocols, which encrypt data at the sending end and decrypt it at the receiving end. a. firewall b. social network c. intrusion detection device d. virtual private network ANSWER: d 58. Before the IT security group can begin an eradication effort, it must . a. seek permission of the firm’s legal counsel b. collect and log all possible criminal evidence from the system c. consider the potential for negative publicity
d. develop an estimate for the monetary damage caused
ANSWER: b 59. Technically, a(n) is a piece of programming code, usually disguised as something else, that causes a computer to behave in an unexpected and usually undesirable manner. a. virus b. operating system c. zombie ANSWER: a
d. CAPTCHA
60. The regulates the collection of the content of wire and electronic communications. a. Fourth Amendment b. Fifth Amendment c. Wiretap Act
d. Pen Registers and Trap and Trace Devices Statute
ANSWER: c 61.
operates in a software layer that runs on top of the operating system. ANSWER: Virtualization software
62. A(n)
is a harmful program that resides in the active memory of the computer and duplicates itself.
ANSWER: worm 63. A(n)
is a form of malware in which malicious code is hidden inside a seemingly harmless program.
ANSWER: Trojan horse 64. Workers in many organizations operate in a(n) provided via the Internet.
environment in which software and data storage are services
ANSWER: cloud computing 65. A large group of computers controlled from one or more remote locations by hackers without the knowledge or consent of their owners is called a(n) . ANSWER: botnet 66.
differ from viruses in that they propagate without human intervention, sending copies of themselves to other computers by email. ANSWER: Worms
67.
detracts recipients from the ability of recipients to communicate effectively due to full mailboxes and relevant emails being hidden among many unsolicited messages. ANSWER: Spam
68. Spammers can defeat the registration process of free e-mail services by launching a coordinated bot attack that can sign up for thousands of email accounts. A partial solution to this problem is the use of to ensure that only humans obtain free accounts. ANSWER: CAPTCHA 69. The Act went into effect in 2004 and states that it is legal to spam, provided the messages meet a few basic requirements. ANSWER: CAN-SPAM 70. Using text messaging (SMS) fraudulently to try to get the recipient to reveal personal data is called
.
ANSWER: smishing 71. The use of voice mail to tell someone to call a phone number, or access a Web site, in an attempt to gain personal information about that person is called .
ANSWER: vishing 72. A(n) is a security incident prevention tool that evaluates whether an organization has a well-considered security policy in place and if it is being followed. ANSWER: security audit 73.
has become an umbrella term for many types of malicious code. ANSWER: Computer virus
74. To initiate a denial-of-service attack, a tiny program is downloaded surreptitiously from the attacker’s computer to dozens, hundreds, or even thousands of computers all over the world. Based on a command by the attacker or at a preset time, the botnet computers, called , go into action, each sending a simple request for access to the target site again and again. ANSWER: zombies 75. The Act addresses the disclosure of stored wired and electronic communications and transaction records by Internet service providers. ANSWER: Stored Wire and Electronic Communications Act 76. An employee who seeks to disrupt his firm’s information systems or to use them to seek financial gain is called a(n) _____. ANSWER: malicious insider 77. The cooperation between an employee of a company and an outsider to commit fraud against the company is called _____. ANSWER: collusion 78.
is legally obtained information gathered using sources available to the public. ANSWER: Competitive intelligence
79. The encourages private industry to share confidential information about the nation’s critical infrastructure with the Department of Homeland Security under the assurance that the information will be protected from public disclosure. ANSWER: Protected Critical Infrastructure Information Program 80. People who use illegal means to obtain trade secrets from a competitor are called ANSWER: industrial spies
.
81. Hacking to achieve a political or social goal is known as
.
ANSWER: hacktivism 82. Debit and credit cards which contain a memory chip that is updated with encrypted data every time the cards are used are called . ANSWER: smart cards 83.
is a method of computing that delivers secure, private, and reliable computing experiences based on sound business practices. ANSWER: Trustworthy computing
84. The process of assessing security-related risks from both internal and external threats to an organization’s computers and networks is called . ANSWER: risk assessment