Information Security Chapter 1 Introduction and Security Trends 1. Which Internet worm, released in 1988, is considered to be one of the first real

Information Security

Chapter 1 Introduction and Security Trends

1. Which Internet worm, released in 1988, is considered to be one of the first real Internet crime cases?

A. The Code Red Worm

B. The Morris Worm

C. The Slammer Worm

D. The Jester Worm

2. What target did the teenage hacker who went by the name "Jester" attack in March 1997?

A. He hacked Sony, stealing over 70 million user accounts.

B. He broke into the U.S. electric power grid, mapped it out, and planted destructive programs that could be activated at a later date.

C. . He attacked Estonia with a massive denial-ofservice (DoS) cyberattack.

D. He cut off telephone services to the FAA control tower as well as the emergency services at the Worcester Airport and the community of Rutland, Massachusetts.

3. What name was given to an intellectual property attack executed against oil, gas, and petrochemical companies in the United States?

A. Operation Night Dragon

B. Shamoon

C. Jester

D. Stuxnet

4. The term "script kiddies" refers to

A. A hacker of low-end technical ability

B. A children's television show

C. A type of video game

D. An Internet site for peer-to-peer music sharing

5. Who is considered to be the ultimate insider, with his name being synonymous with the insider threat issue?

A. Robert Morris

B. Edward Snowden

C. Kevin Mitnick

D. Vladimir Levin

6. Into which threat category does information warfare fall?

A. Structured

B. Highly Structured

C. Critical

D. Open-Source

7. Which statement applies to viruses?

A. They typically are highly visible once released.

B. They are the best tool to use in highly structured attacks.

C. They are the best tool to use in attacks where secrecy is vital.

D. They are targeted at a specific organization.

8. In 2014, on how many different threat actors, including criminals, hactivists, state-sponsored groups, and nation states, did CrowdStrike report?

A. 19

B. 29

C. 39

D. 49

9. Which Internet criminal is famous for conducting his attacks using a number of different "tools" and techniques, including social engineering, sniffers, and cloned cellular telephones?

A. Robert Morris

B. Kevin Mitnick

C. Vladimir Levin

D. David Smith

10. What was the primary lesson learned from the Slammer worm?

A. It made security personnel aware of attacks that had been going on for years without being noticed.

B. It drove home the point that the Internet could be adversely impacted in a matter of minutes.

C. It brought the attention of state-sponsored malware to light.

D. It made security personnel aware of data breaches that had been dominating the security landscape.

11. How did the Code Red worm spread?

A. It exploited a buffer-overflow vulnerability in computers running Microsoft SQL Server or SQL Server Desktop Engine.

B. It collected key-strokes, screenshots, and network traffic from open ports.

C. It made use of a buffer-overflow condition in Microsoft's IIS web servers that had been known for a month.

D. It entered through the victim's Outlook address book software and then replicated itself by sending infected emails to the first 50 contacts.

12. Which Internet worm created infected systems that were part of what is known as a bot network (or botnet) and could be used to cause a DoS attack on a target or to forward spam e-mail to millions of users?

A. Slammer

B. Code Red

C. "ILOVEYOU"

D. Conficker

13. In April 2009, Homeland Security Secretary Janet Napolitano told reporters

A. Organized crime made attempts to break into the US electric power grid

B. Hacktivists made attempts to break into the US electric power grid

C. Terrorists made attempts to break into the US electric power grid

D. China and Russia made attempts to break into the US electric power grid

14. What name was given to the advanced persistent threat (APT) style spy network responsible for bugging the Dalai Lama's office?

A. Melissa

B. GhostNet

C. Conficker

D. Code Red

15. Which term refers to an attack conducted against a site with software that is vulnerable to a specific exploit?

A. Time bombs

B. Advanced persistent threats

C. Specific target attack

D. Target of opportunity

16. Today, the data stored and processed by computers is almost always more valuable than the hardware.(T/F)

17. Criminal activity on the Internet, at its most basic, is quite different from criminal activity in the physical world.(T/F)

18. In the early days of computers, security was considered to be a binary condition in which your system was either secure or not secure.(T/F)

19. Because of malware's nefarious purpose, there is no criminal distinction between the writers of malware and those who release malware.(T/F)

20. Most current ransomware attacks use a hybrid encrypting scheme, locking the files on a victim's computer until a ransom is paid.(T/F)

21. Melissa is the best known of the early macro-type viruses that attach themselves to documents for programs that have limited macro programming capability.(T/F)

22. In many early cases of computer crime, the perpetrator of the crime intended to cause damage to the computer.(T/F)