30 QUIZ Cyber Security
A software designer has realized that a soon-to-be released version of a popular game contains a flaw that will make it especially vulnerable to hacking. The way best to protect against the exploitation of this flaw will involve:
A. setting up a firewall
B. issuing a patch
C. update antivirus software
D. change the graphic user interface
E. guarding against spoofing
A particular business has found its servers with firewalls subject to frequent port 80 attacks. To learn more about these attacks, the business decided to:
A. set up a honeypot
B. update its antivirus software
C. remove its firewall
D. harden all systems that face the Internet
E. engage in pharming
Having decided to shut down access to the servers of a large multinational business, hackers have:
A. engaged in spamming
B. thwarted the business’ firewalls
C. launched a distributed denial of service attack
D. defeated the biometric information safeguards
E. begun a sophisticated program of phishing
A type of encryption protocol is called Special Spoofing Layering (SSL).
True
False
A cybersecurity specialist, hired to test the security of a client’s servers, starts by looking at the long identification strings associated with each server. So, the specialiast is looking at:
A. firewalls
B. antivirus systems
C. certificates
D. remote access protocols
E. port 80 access
Virtual private networks are to computers as inbound proxy servers are to
A. smartphones
B. firewalls
C. antivirus systems
D. remote access protocols
E. USB drives
Being able to inspect information packets in a stream of network traffic is to a firewall as a triggering mechanism that detects changes in the environment is to:
A. an antivirus system
B. secure socket layering
C. a Demilitarized Zone
D. patches
E. tripwire
Cryptographic algorithms rely upon confusion and diffusion.
True
False
Time sharing is cloud computing as ARPANET is to
A. a Demilitarized Zone
B. Identity management systems
C. the Internet
D. Intrusion protection systems
E. web access firewalls
An Intrusion prevention system compares virus signatures with what viruses would look like as they traveled across the network.
True
False
In chapter 2 of the Cyber Security Policy Handbook text, the authors quote Hubbard: “Ineffective risk management methods that somehow manage to become standard spread vulnerability to everything they touch.” Explain what that quote means. Given an example to support your answer.
Maximum number of characters (including HTML tags added by text editor): 32,000
At the time of the publication of the article, Brooks says that there are four types of malevolent software programs, which include:
A. directed denial of service attacks
B. logic bombs
C. spoofing
D. spamming
E. firewall sabotaging
Under a theory of recovery in tort for product liability, potential plaintiffs who used software defectively infected by a virus would include:
A. the purchaser
B. the software company
C. the ISPs
D. data repositories
E. bulletin board system operators
When a court would assess a plaintiff’s claim for negligence against a software programmer, it likely would find that the standard of care would be that which a reasonable or prudent software programmer would do under the circumstances.
True
False
Which one of the following could a tortfeasor expect to avoid having to face liability for committing, where the tortfeasor intentionally released a worm onto the Internet?
A. negligence
B. trespass to chattels
C. conversion
D. nuisance
E. interference with contract relations.
A trojan horse could release a virus.
True
False
An action in intentional tort could arise from a failure to exercise reasonable care to warn a user of a virus contained in software.
True
False
Given the foreseeability of injury to all who had personal information stored in a database, data possessors most often will have a duty to exercise reasonable care to protect data from intruders.
True
False
The party in the best position to win an action in common law negligence against a database possessor, according to Johnson, will be:
A. the Internet Service Provider
B. State law enforcement, such as a state police organization
C. a business customer
D. a non-profit organization
E. Federal law enforcement, such as the F.B.I.
According to Johnson, the best source of guidance that data possessors can get about meeting a duty of care should come from:
A. other data possessors
B. plaintiffs
C. international law
D. insurers
E. those convicted of crimes involving databases
An argument against imposing a burden against unauthorized access to a database would involve:
A. the impact of breach of duty of care upon the community
B. the kinds of losses that a database possessor might have to bear
C. the difficulty of creating an industry-wide standard
D. the availability of insurance
- E. how the risk of loss would deter a database possessor from ignoring the dangers that could arise for negligently protecting the data in the defendant’s possession.
Given the list of federal crimes at http://www.law.cornell.edu/wex/computer_and_internet_fraud, the most common crime associated with these is:
A. destruction of property
B. disorderly conduct
C. fraud
D. vandalism
E. electronic robbery
One definition of a Zero-Day vulnerability is that the software is obviously flawed from the moment it is released to the general public for use.
True
False
Most likely, a cybercrime will be against a:
A. non-profit organization
B. non-profit organization’s property
C. government agency
D. person’s property
E. law enforcement agency
Although stolen data might not be considered tangible property, in the way that a laptop is tangible, if a court did consider the stolen data to be tangible, then an offense that a thief could then face would be:
A. assault
B. vandalism
C. possession of stolen property
D. destruction of stolen property
E. computer sabotage
Identify who is not typically part of a financial transaction involving the use of a credit card to purchase an item.
A. purchaser
B. credit card company
C. merchant
D. thief
E. credit card company’s bank
Another criminal enterprise includes infecting computers, via a virus, so as to create a collection of compromised personal computers. The criminal has created a:
A. server farm
B. botnet
C. an online crime ecosystem
D. a network listening service
E. nothing; this cannot happen
A traditional view towards cybercrime might mean overlooking what kind of cybersecurity problem
A. an insider threat
B. the vulnerability of business websites
C. computer networks that thieves use to attack a website
D. electronic fraud
E. “logic bombs”
Identify at least five of the elements of the cyber underground economy. Then, make the case for why one of those five plays the greatest role in maintaining the cyber underground economy.
Maximum number of characters (including HTML tags added by text editor): 32,000
Make a persuasive case that a virus would cause more harm to a networked computer or make a persuasive case that a worm would cause more harm to a networked computer.