100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Previously searched by you
Previously searched by you
logo
ISM Exam 3 Quizzes, ISM3004 Exam 3, ISM 3004 Final exam scavenger hunt week 9, ISM3004 Week 6 scavenger hunt, ISM3004 Week 7 scavenger hunt, ISM3004 week 8 scavenger hunt CA$17.47   Add to cart
Quickly navigate to
Preview
  2.  
  3. ISM 3004
  4.  
  5. ISM 3004

Exam (elaborations)

ISM Exam 3 Quizzes, ISM3004 Exam 3, ISM 3004 Final exam scavenger hunt week 9, ISM3004 Week 6 scavenger hunt, ISM3004 Week 7 scavenger hunt, ISM3004 week 8 scavenger hunt
 3 views  0 purchase
  • Course
  • ISM 3004
  • Institution
  • ISM 3004

ISM Exam 3 Quizzes, ISM3004 Exam 3, ISM 3004 Final exam scavenger hunt week 9, ISM3004 Week 6 scavenger hunt, ISM3004 Week 7 scavenger hunt, ISM3004 week 8 scavenger hunt According to PWC's 2015 Global State of Information Security report, the number of information security incidents is growing ...

[Show more]

Preview 4 out of 37  pages

Document information

  • October 3, 2023
  • 37
  • 2023/2024
  • Exam (elaborations)
  • Questions & answers

Subjects

  • ism exam 3 quizzes ism3004 exam 3 ism 3004 final

Written for

  • ISM 3004
All documents for this subject (4)

Seller

avatar-seller
LectDan

Reviews received

Content preview

ISM Exam 3 Quizzes, ISM3004 Exam 3, ISM 3004 Final
exam scavenger hunt week 9, ISM3004 Week 6
scavenger hunt, ISM3004 Week 7 scavenger hunt,
ISM3004 week 8 scavenger hunt
According to PWC's 2015 Global State of Information Security report, the number
of information security incidents is growing at an annual rate of _____%.
66%
Your boss just read that Java contains this script: The very day the vulnerability
becomes known to the world, it also becomes known to the attackers. These
attackers are then using this vunerablilty to hack into other people's or
coroprations systems. Describing what?
zero day exploit
This week, you learned about a security breach of incredible size:
45.6 million customer credit cards stolen
Company estimates $150 million cost to clean it up
Total losses to the company estimated at $1 billion or higher
The cause? An insecure WiFi access point.
TJX
According to the latest data, about 5% of smartphones are lost each year.

____% of those phones had sensitive data.

Of those that had sensitive data, ____% did not have any protective measures at
all.
60% and 57%
Lost USB Flash drives can be a big problem if they contain confidential or
sensitive information!

Ponemon Institute says a good rule of thumb is that a company suffers a cost of
roughly ______ for every data record lost.
$200
We discussed three ways that an attacker can exploit a software bug.
Name one of them.
gain full control of the system to run undesired program and gain access to
unauthorized data
We discussed three ways that an attacker can exploit a software bug.
Name them.
sticky notes, guessable, lack of complexity
We discussed two technological vulnerabilities affecting mobile devices, such as
smart phones. Name one.
direct data flow where the data will go directly from the device to the provider

,This type of attack attempts to exploit naive people, tricking them into providing
information that the attacker will use to gain access to their networks and
systems.
social engineering
In the context of a security incident, which of the following people would not be
considered an insider?
1. external consultant paid to do work for your company
2. current employee
3. former employee
all of these are insiders
These days most malicious hacking attacks are the result of?
organized groups of professional cybercriminals
This emerging type of threat involves the actions of either a nation-state or an
international organization. Their goal is to attack or damage another nation's
computers and/or network infrastructure. Many national security and intelligence
experts consider this to be "the greatest national security threat to the United
States."
cyberwarfare
Exploit well-known vulnerabilities using publicly-available tools
script kiddies
Loose confederation of individuals who seek political change through
information security attacks on target organizations
hacktivists
Steal industrial secrets and sells them for profit
IP thieves
Fred's computer was just infected by malware. When he next tried to open an
Excel spreadsheet, the malware displayed a message stating that all of Fred's
files had been encrypted and that he must pay $250 to a particular website. If he
does, they'll send him a password to decrypt his files. If he doesn't then his files
are history.

What's the name for this type of malware payload?
ransomware
True or False: Mobile devices are immune to malware.
false
Sara got a popup message suggesting she try an amazing new disk defragger
application. The popup said it'd make her computer run 47% faster. She was
really excited and clicked to download and install the disk defragger. In addition
to being a disk utility, the program also contained a really nasty little piece of
malware. Sara's computer is now fully compromised and under the control of
some cybercriminals.

What type of malware did Sara download?
trojan
This type of malware is self-replicating. It hides itself inside of a host file, waiting
to be executed by an unsuspecting victim. The victim's computer is then

,compromised and the malware hides itself inside of even more host files on the
victim computer.

What type of malware is this?
virus
This type of malware does not rely on human interaction to spread. It is self-
propagating via a computer network, exploiting software vulnerabilities to invade
new systems.
worm
This type of cyber attack is basically a con game delivered via email.

The cybercriminal creates an email that looks like it's from a legitimate business,
such as a bank, probably even using the company logo and other graphics to
make it look more authentic.

The email tells the victim that he/she needs to provide some information about
his/her account, or perhaps update his/her password. Basically, the cybercriminal
is trying to trick the victim into providing critical information that has value to the
criminal.

The cybercriminal sends this email to a huge list of email addresses in the hopes
that at least one victim will fall for the trick.

What type of cyber attack is this?
phishing
Your company's e-commerce webserver normally handles about 500
simultaneous users without any problem. Your users are almost entirely from the
southeastern US.

Suddenly, over 100,000 machines from around the globe are sending bogus
service requests to your e-commerce webserver. Those requests are
overwhelming the server. It's unable to respond to anybody. Your legitimate
customers are getting frustrated and taking their business elsewhere.

What specific kind of attack are you experiencing?
DDoS
In the previous question, your company's e-commerce webserver was
simultaneously attacked by over 100,000 machines from around the globe.

What term is used to describe that collection of 100,000 attacking computers
(zombies)?
botnet
Your company's Chief Information Security Officer has announced a new
initiative. The goal is to make sure that the organization spends the right amount
of time and money protecting each information asset. As a metaphor, she
mentions that we don't want to spend $1 million to secure a chicken coop, nor do

, we want to only spend $10 to protect the company's crown jewels.

Which of the following terms is used for the initiative she is leading?
risk assessment
Your company has just started using something called "DBAN" as part of its
information security efforts. How is DBAN used to improve security?
erases data from hard drives before they are discarded
Your company has decided to implement public key encryption technology to
protect its email system.

Suppose that your boss has just sent an encrypted email message to you.

Software on your boss' computer encrypted the message using a
______________.
public key
Your company has decided to implement public key encryption technology to
protect its email system.

Suppose that your boss has just sent an encrypted email message to you.

Software on your computer will decrypt the message using a ____________.
private key
Natasha is a cybercriminal. Using social media, she has learned that the CEO of
MegaCorp just bought a new Ferrari. She carefully crafts a bogus email to the
CEO from the Ferrari Club of South Florida, offering some special benefits if the
CEO will just click a link and fill out a simple form. If the CEO does this, Natasha's
bogus website will be able to infect his machine with a keylogger and she'll
rapidly collect all manner of passwords and other valuable information. Excellent!
(for her)

What term best describes this kind of email scam?
spearphishing
Brian's computer was just infected with malware after he viewed a website that
exploited a vulnerability in his browser to install malware on his PC. What term
best describes how that happened?
drive by download
Charles visited his favorite financial news website, a legitimate and very popular
site. While there, he saw an interesting advertisement and clicked on it. Ads on
this site are provided by a variety of other web marketing companies.
Unfortunately, the ad Charles clicked had been hacked by a cybercriminal. When
he clicked the ad, his computer became infected with malware.

What terms best describes this situation?
malvertising
What are the four forces in Gartner's Nexus of Disruptive Forces?
social, mobile, cloud and information

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller LectDan. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for CA$17.47. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

77764 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
CA$17.47
  • (0)
  Add to cart