Field: Computer Science

 

A software designer has realized that a soon-to-be released version of a popular game contains a flaw that will make it especially vulnerable to hacking. The way best to protect against the exploitation of this flaw will involve:

 

A. setting up a firewall

B. issuing a patch

C. update antivirus software

D. change the graphic user interface

E. guarding against spoofing

A particular business has found its servers with firewalls subject to frequent port 80 attacks. To learn more about these attacks, the business decided to:

 

A. set up a honeypot

B. update its antivirus software

C. remove its firewall

D. harden all systems that face the Internet

E. engage in pharming

Having decided to shut down access to the servers of a large multinational business, hackers have:

 

A. engaged in spamming

B. thwarted the business’ firewalls

C. launched a distributed denial of service attack

D. defeated the biometric information safeguards

E. begun a sophisticated program of phishing

A type of encryption protocol is called Special Spoofing Layering (SSL).

 

 

True

 

False

A cybersecurity specialist, hired to test the security of a client’s servers, starts by looking at the long identification strings associated with each server. So, the specialiast is looking at:

 

A. firewalls

B. antivirus systems

C. certificates

D. remote access protocols

E. port 80 access

Virtual private networks are to computers as inbound proxy servers are to

 

A. smartphones

B. firewalls

C. antivirus systems

D. remote access protocols

E. USB drives

Being able to inspect information packets in a stream of network traffic is to a firewall as a triggering mechanism that detects changes in the environment is to:

 

A. an antivirus system

B. secure socket layering

C. a Demilitarized Zone

D. patches

E. tripwire

Cryptographic algorithms rely upon confusion and diffusion.

 

 

True

 

False

Time sharing is cloud computing as ARPANET is to

 

A. a Demilitarized Zone

B. Identity management systems

C. the Internet

D. Intrusion protection systems

E. web access firewalls

An Intrusion prevention system compares virus signatures with what viruses would look like as they traveled across the network.

 

 

True

 

False

In chapter 2 of the Cyber Security Policy Handbook text, the authors quote Hubbard: “Ineffective risk management methods that somehow manage to become standard spread vulnerability to everything they touch.” Explain what that quote means. Given an example to support your answer.

 

 

Maximum number of   characters (including HTML tags added by text editor): 32,000

At the time of the publication of the article, Brooks says that there are four types of malevolent software programs, which include:

 

A. directed denial of service attacks

B. logic bombs

C. spoofing

D. spamming

E. firewall sabotaging

Under a theory of recovery in tort for product liability, potential plaintiffs who used software defectively infected by a virus would include:

 

A. the purchaser

B. the software company

C. the ISPs

D. data repositories

E. bulletin board system operators

When a court would assess a plaintiff’s claim for negligence against a software programmer, it likely would find that the standard of care would be that which a reasonable or prudent software programmer would do under the circumstances.

 

 

True

 

False

Which one of the following could a tortfeasor expect to avoid having to face liability for committing, where the tortfeasor intentionally released a worm onto the Internet?

 

A. negligence

B. trespass to chattels

C. conversion

D. nuisance

E. interference with contract relations.

A trojan horse could release a virus.

 

 

True

 

False

An action in intentional tort could arise from a failure to exercise reasonable care to warn a user of a virus contained in software.

 

 

True

 

False

Given the foreseeability of injury to all who had personal information stored in a database, data possessors most often will have a duty to exercise reasonable care to protect data from intruders.

 

 

True

 

False

The party in the best position to win an action in common law negligence against a database possessor, according to Johnson, will be:

 

A. the Internet Service Provider

B. State law enforcement, such as a state police organization

C. a business customer

D. a non-profit organization

E. Federal law enforcement, such as the F.B.I.

According to Johnson, the best source of guidance that data possessors can get about meeting a duty of care should come from:

 

A. other data possessors

B. plaintiffs

C. international law

D. insurers

E. those convicted of crimes involving databases

An argument against imposing a burden against unauthorized access to a database would involve:

 

A. the impact of breach of duty of care upon the community

B. the kinds of losses that a database possessor might have to bear

C. the difficulty of creating an industry-wide standard

D. the availability of insurance

• E. how the risk of loss would deter a database      possessor from ignoring the dangers that could arise for negligently      protecting the data in the defendant’s possession.

Given the list of federal crimes at http://www.law.cornell.edu/wex/computer_and_internet_fraud, the most common crime associated with these is:

 

A. destruction of property

B. disorderly conduct

C. fraud

D. vandalism

E. electronic robbery

One definition of a Zero-Day vulnerability is that the software is obviously flawed from the moment it is released to the general public for use.

 

 

True

 

False

Most likely, a cybercrime will be against a:

 

A. non-profit organization

B. non-profit organization’s property

C. government agency

D. person’s property

E. law enforcement agency

Although stolen data might not be considered tangible property, in the way that a laptop is tangible, if a court did consider the stolen data to be tangible, then an offense that a thief could then face would be:

 

A. assault

B. vandalism

C. possession of stolen property

D. destruction of stolen property

E. computer sabotage

Identify who is not typically part of a financial transaction involving the use of a credit card to purchase an item.

 

A. purchaser

B. credit card company

C. merchant

D. thief

E. credit card company’s bank

Another criminal enterprise includes infecting computers, via a virus, so as to create a collection of compromised personal computers. The criminal has created a:

 

A. server farm

B. botnet

C. an online crime ecosystem

D. a network listening service

E. nothing; this cannot happen

A traditional view towards cybercrime might mean overlooking what kind of cybersecurity problem

 

A. an insider threat

B. the vulnerability of business websites

C. computer networks that thieves use to attack a website

D. electronic fraud

E. “logic bombs”

Identify at least five of the elements of the cyber underground economy.  Then, make the case for why one of those five plays the greatest role in maintaining the cyber underground economy.

 

 

Maximum number of   characters (including HTML tags added by text editor): 32,000

Make a persuasive case that a virus would cause more harm to a networked computer or make a persuasive case that a worm would cause more harm to a networked computer.