ISM Exam 3 Quizzes, ISM3004 Exam 3, ISM 3004 Final exam scavenger hunt week 9, ISM3004 Week 6 scavenger hunt, ISM3004 Week 7 scavenger hunt, ISM3004 week 8 scavenger hunt
3 keer bekeken 0 keer verkocht
Vak
ISM 3004
Instelling
ISM 3004
ISM Exam 3 Quizzes, ISM3004 Exam 3, ISM 3004 Final exam scavenger hunt week 9, ISM3004 Week 6 scavenger hunt, ISM3004 Week 7 scavenger hunt, ISM3004 week 8 scavenger hunt
According to PWC's 2015 Global State of Information Security report, the number of information security incidents is growing ...
ISM Exam 3 Quizzes, ISM3004 Exam 3, ISM 3004 Final
exam scavenger hunt week 9, ISM3004 Week 6
scavenger hunt, ISM3004 Week 7 scavenger hunt,
ISM3004 week 8 scavenger hunt
According to PWC's 2015 Global State of Information Security report, the number
of information security incidents is growing at an annual rate of _____%.
66%
Your boss just read that Java contains this script: The very day the vulnerability
becomes known to the world, it also becomes known to the attackers. These
attackers are then using this vunerablilty to hack into other people's or
coroprations systems. Describing what?
zero day exploit
This week, you learned about a security breach of incredible size:
45.6 million customer credit cards stolen
Company estimates $150 million cost to clean it up
Total losses to the company estimated at $1 billion or higher
The cause? An insecure WiFi access point.
TJX
According to the latest data, about 5% of smartphones are lost each year.
____% of those phones had sensitive data.
Of those that had sensitive data, ____% did not have any protective measures at
all.
60% and 57%
Lost USB Flash drives can be a big problem if they contain confidential or
sensitive information!
Ponemon Institute says a good rule of thumb is that a company suffers a cost of
roughly ______ for every data record lost.
$200
We discussed three ways that an attacker can exploit a software bug.
Name one of them.
gain full control of the system to run undesired program and gain access to
unauthorized data
We discussed three ways that an attacker can exploit a software bug.
Name them.
sticky notes, guessable, lack of complexity
We discussed two technological vulnerabilities affecting mobile devices, such as
smart phones. Name one.
direct data flow where the data will go directly from the device to the provider
,This type of attack attempts to exploit naive people, tricking them into providing
information that the attacker will use to gain access to their networks and
systems.
social engineering
In the context of a security incident, which of the following people would not be
considered an insider?
1. external consultant paid to do work for your company
2. current employee
3. former employee
all of these are insiders
These days most malicious hacking attacks are the result of?
organized groups of professional cybercriminals
This emerging type of threat involves the actions of either a nation-state or an
international organization. Their goal is to attack or damage another nation's
computers and/or network infrastructure. Many national security and intelligence
experts consider this to be "the greatest national security threat to the United
States."
cyberwarfare
Exploit well-known vulnerabilities using publicly-available tools
script kiddies
Loose confederation of individuals who seek political change through
information security attacks on target organizations
hacktivists
Steal industrial secrets and sells them for profit
IP thieves
Fred's computer was just infected by malware. When he next tried to open an
Excel spreadsheet, the malware displayed a message stating that all of Fred's
files had been encrypted and that he must pay $250 to a particular website. If he
does, they'll send him a password to decrypt his files. If he doesn't then his files
are history.
What's the name for this type of malware payload?
ransomware
True or False: Mobile devices are immune to malware.
false
Sara got a popup message suggesting she try an amazing new disk defragger
application. The popup said it'd make her computer run 47% faster. She was
really excited and clicked to download and install the disk defragger. In addition
to being a disk utility, the program also contained a really nasty little piece of
malware. Sara's computer is now fully compromised and under the control of
some cybercriminals.
What type of malware did Sara download?
trojan
This type of malware is self-replicating. It hides itself inside of a host file, waiting
to be executed by an unsuspecting victim. The victim's computer is then
,compromised and the malware hides itself inside of even more host files on the
victim computer.
What type of malware is this?
virus
This type of malware does not rely on human interaction to spread. It is self-
propagating via a computer network, exploiting software vulnerabilities to invade
new systems.
worm
This type of cyber attack is basically a con game delivered via email.
The cybercriminal creates an email that looks like it's from a legitimate business,
such as a bank, probably even using the company logo and other graphics to
make it look more authentic.
The email tells the victim that he/she needs to provide some information about
his/her account, or perhaps update his/her password. Basically, the cybercriminal
is trying to trick the victim into providing critical information that has value to the
criminal.
The cybercriminal sends this email to a huge list of email addresses in the hopes
that at least one victim will fall for the trick.
What type of cyber attack is this?
phishing
Your company's e-commerce webserver normally handles about 500
simultaneous users without any problem. Your users are almost entirely from the
southeastern US.
Suddenly, over 100,000 machines from around the globe are sending bogus
service requests to your e-commerce webserver. Those requests are
overwhelming the server. It's unable to respond to anybody. Your legitimate
customers are getting frustrated and taking their business elsewhere.
What specific kind of attack are you experiencing?
DDoS
In the previous question, your company's e-commerce webserver was
simultaneously attacked by over 100,000 machines from around the globe.
What term is used to describe that collection of 100,000 attacking computers
(zombies)?
botnet
Your company's Chief Information Security Officer has announced a new
initiative. The goal is to make sure that the organization spends the right amount
of time and money protecting each information asset. As a metaphor, she
mentions that we don't want to spend $1 million to secure a chicken coop, nor do
, we want to only spend $10 to protect the company's crown jewels.
Which of the following terms is used for the initiative she is leading?
risk assessment
Your company has just started using something called "DBAN" as part of its
information security efforts. How is DBAN used to improve security?
erases data from hard drives before they are discarded
Your company has decided to implement public key encryption technology to
protect its email system.
Suppose that your boss has just sent an encrypted email message to you.
Software on your boss' computer encrypted the message using a
______________.
public key
Your company has decided to implement public key encryption technology to
protect its email system.
Suppose that your boss has just sent an encrypted email message to you.
Software on your computer will decrypt the message using a ____________.
private key
Natasha is a cybercriminal. Using social media, she has learned that the CEO of
MegaCorp just bought a new Ferrari. She carefully crafts a bogus email to the
CEO from the Ferrari Club of South Florida, offering some special benefits if the
CEO will just click a link and fill out a simple form. If the CEO does this, Natasha's
bogus website will be able to infect his machine with a keylogger and she'll
rapidly collect all manner of passwords and other valuable information. Excellent!
(for her)
What term best describes this kind of email scam?
spearphishing
Brian's computer was just infected with malware after he viewed a website that
exploited a vulnerability in his browser to install malware on his PC. What term
best describes how that happened?
drive by download
Charles visited his favorite financial news website, a legitimate and very popular
site. While there, he saw an interesting advertisement and clicked on it. Ads on
this site are provided by a variety of other web marketing companies.
Unfortunately, the ad Charles clicked had been hacked by a cybercriminal. When
he clicked the ad, his computer became infected with malware.
What terms best describes this situation?
malvertising
What are the four forces in Gartner's Nexus of Disruptive Forces?
social, mobile, cloud and information
Voordelen van het kopen van samenvattingen bij Stuvia op een rij:
Verzekerd van kwaliteit door reviews
Stuvia-klanten hebben meer dan 700.000 samenvattingen beoordeeld. Zo weet je zeker dat je de beste documenten koopt!
Snel en makkelijk kopen
Je betaalt supersnel en eenmalig met iDeal, creditcard of Stuvia-tegoed voor de samenvatting. Zonder lidmaatschap.
Focus op de essentie
Samenvattingen worden geschreven voor en door anderen. Daarom zijn de samenvattingen altijd betrouwbaar en actueel. Zo kom je snel tot de kern!
Veelgestelde vragen
Wat krijg ik als ik dit document koop?
Je krijgt een PDF, die direct beschikbaar is na je aankoop. Het gekochte document is altijd, overal en oneindig toegankelijk via je profiel.
Tevredenheidsgarantie: hoe werkt dat?
Onze tevredenheidsgarantie zorgt ervoor dat je altijd een studiedocument vindt dat goed bij je past. Je vult een formulier in en onze klantenservice regelt de rest.
Van wie koop ik deze samenvatting?
Stuvia is een marktplaats, je koop dit document dus niet van ons, maar van verkoper LectDan. Stuvia faciliteert de betaling aan de verkoper.
Zit ik meteen vast aan een abonnement?
Nee, je koopt alleen deze samenvatting voor $12.49. Je zit daarna nergens aan vast.
