Adel uses the default preview screen when he is in his email, so when he single-clicks on a message, it shows in the preview below the message pane. Recently, he received a notice from his bank about a large withdrawal from his account. He was supposed to open the email and click on the button to review the transaction. However, he didn't do any of those things, yet malware was still able to access his computer. Why was that able to happen?

Viewing in preview is equivalent to opening email.

It was a new type of malware that attacks systems on delivery.

Anti-malware software was not set up to check email.

Anti-virus software was out of date.

Which type of attack occurs when a few sources attack an external target or an internal target by flooding a system with enough requests that services cannot respond?

DRDoS (distributed reflection DoS) attack

Which attack is carried out through numerous sources, most of which are zombies, meaning that the owners are unaware that their computers are being used in the coordinated attack?

DRDoS (distributed reflection DoS) attack

Which type of attack is bounced off uninfected computers, called reflectors, before being directed at the target?

DRDoS (distributed reflection DoS) attack

Which attack relies on intercepting and redirecting secure transmissions as they occur?

deauth (deauthentication) attack

Brenda used an ATM on Friday to withdraw $$500 for the weekend. She usually checks her account balance on Mondays to ensure that her checkbook is accurate. However, this past Monday, she found that $$ 1,500 was missing from her account. The withdrawal occurred 3 minutes after she left the ATM, and it was the maximum daily limit of $$2,000, which included the $$ 500 she withdrew. There was no one near her when she made the transaction, so how could that money have been withdrawn?

Someone used a camera and card skimmer.

Brenda forgot about a $1,500 debit that had not cleared yet.

In a team exercise, two teams of different colors are tasked with attacking and defending a client's network. One team is a hired outside firm, and the other is the company's own IT organization. The outside firm is responsible for attacking the network, while the company's IT organization is responsible for defending the network. Which team is responsible for attacking the network and which team is responsible for defending the network? Choose all that apply.

The red team conducts the attack.

The blue team defends the network.

The blue team conducts the attack.

The red team defends the network.

Which intrusion detection and prevention system increases security for the entire network?

NIDS and HIPS (network intrusion detection system and host intrusion protection system)

NIDS and HIDS (network intrusion detection system and host intrusion detection system)

NIPS and HIPS (network intrusion protection system and host intrusion protection system)

NIPS and HIDS (network intrusion protection system and host intrusion detection system)

What is the purpose of a honeypot?

lure hackers into a decoy network to study their hacking techniques

catch employees trying to steal secrets in the act

a complex DMZ to keep hackers at bay

act as a primary firewall for the network

While a honeypot focuses on attracting and analyzing attacks on a single system, a honeynet provides a broader and more detailed understanding of attack strategies and behaviors across a simulated network environment.

While a honeypot focuses on attracting and analyzing attacks on a single system, a honeynet provides a broader and more detailed understanding of attack strategies and behaviors across a simulated network environment.

A honeynet uses fewer resources than a honeypot.

A honeypot uses more resources than a honeypot.

Why is it important to standardize OS and application versions across the network?

to simplify the change process for future updates

to ensure all systems have identical performance levels

to make sure all systems use the same amount of power

to ensure compatibility with all types of peripherals

Since this issue happened twice with two consecutive firmware updates, it might be best to shut off the firmware update feature on the device. If two separate firmware updates in a row fail, chances are there will not be any updates that will work. What should you do?

shut off the firmware update feature

continue trying when new updates are published

Enya was going through the updates available through Windows Update after the latest Patch Tuesday. One of the updates caught her eye-it was a critical update for Microsoft Webserver. However, she does not have Microsoft Webserver installed on the server that she is working on. Is ignoring the patch a good idea, considering it is marked as critical?

Install the patch only if it is relevant to existing software.

The patch may involve other issues it could fix.

The patch will be there if the program is installed.

The patch could possibly damage existing software.

Risk Management N10-009

Authored by willie reynolds

Instructional Technology

Vocational training

Used 4+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

39 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Chapter 10 Risk Management 1. Hackers are individuals who gain unauthorized access to systems or networks with or without malicious intent.

True

False

Answer explanation

The statement is true because hackers can access systems without permission, and their intent can vary from malicious to benign. Therefore, the definition provided is accurate.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which group of hackers follows their own code of ethics and is vulnerable to legal prosecution, often going to great lengths to remain anonymous and to assist and educate?

black hat hacker

white hat hacker

gray hat hackers

red hat hackers

Answer explanation

Gray hat hackers operate between ethical boundaries, often helping organizations by identifying vulnerabilities while still risking legal consequences. They adhere to their own code of ethics, unlike black hats who exploit systems for malicious intent.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which groups or individuals use their skills to bypass security systems with the intent to cause damage, steal data, or compromise privacy? Some of these hackers and groups are also available for hire to serve someone else's agenda.

black hat hacker

white hat hacker

gray hat hackers

red hat hackers

Answer explanation

Black hat hackers exploit security systems to cause harm, steal data, or invade privacy. Unlike white hat hackers who protect systems, black hats often work for personal gain or to fulfill someone else's malicious agenda.

MULTIPLE SELECT QUESTION

30 sec • 1 pt

What is the term for a vulnerability in a system, process, or architecture that could result in compromised information or unauthorized access, or more broadly, the term for anything that can cause harm? Choose all that apply.

exploit

vulnerability

risk

threat

Answer explanation

A 'vulnerability' is a weakness that can be exploited, while a 'threat' is anything that can cause harm. Both terms apply to the potential for compromised information or unauthorized access.

MULTIPLE SELECT QUESTION

30 sec • 1 pt

What is the term for the act of taking advantage of a known vulnerability in cybersecurity, and what is the other, more broadly used term for the likelihood that a vulnerability will be exploited? Choose all that apply.

exploit

vulnerability

risk

threat

Answer explanation

The term 'exploit' refers to taking advantage of a known vulnerability in cybersecurity. 'Risk' is the broader term that describes the likelihood of that vulnerability being exploited.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is the term used to describe the technique of deception that a person uses to follow an authorized employee into a restricted area?

tailgating

piggybacking

shoulder surfing

Answer explanation

The term 'tailgating' refers to the technique where an unauthorized person follows an authorized employee into a restricted area, often without the employee's knowledge. This is a common security breach tactic.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is the term used to describe this technique?

tailgating

piggybacking

shoulder surfing

quid pro quo

Answer explanation

The correct term is 'piggybacking', which refers to the practice of gaining unauthorized access to a restricted area by following someone who has legitimate access. This technique is often used in security breaches.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Popular Resources on Wayground

20 questions

STAAR Review Quiz #3

Quiz

•

8th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

6 questions

Marshmallow Farm Quiz

Quiz

•

2nd - 5th Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

20 questions

Inferences

Quiz

•

4th Grade

19 questions

Classifying Quadrilaterals

Quiz

•

3rd Grade

12 questions

What makes Nebraska's government unique?

Quiz

•

4th - 5th Grade

Risk Management N10-009

Chapter 10 Risk Management 1. Hackers are individuals who gain unauthorized access to systems or networks with or without malicious intent.

The statement is true because hackers can access systems without permission, and their intent can vary from malicious to benign. Therefore, the definition provided is accurate.

Which group of hackers follows their own code of ethics and is vulnerable to legal prosecution, often going to great lengths to remain anonymous and to assist and educate?

Gray hat hackers operate between ethical boundaries, often helping organizations by identifying vulnerabilities while still risking legal consequences. They adhere to their own code of ethics, unlike black hats who exploit systems for malicious intent.

Which groups or individuals use their skills to bypass security systems with the intent to cause damage, steal data, or compromise privacy? Some of these hackers and groups are also available for hire to serve someone else's agenda.

Black hat hackers exploit security systems to cause harm, steal data, or invade privacy. Unlike white hat hackers who protect systems, black hats often work for personal gain or to fulfill someone else's malicious agenda.

What is the term for a vulnerability in a system, process, or architecture that could result in compromised information or unauthorized access, or more broadly, the term for anything that can cause harm? Choose all that apply.

A 'vulnerability' is a weakness that can be exploited, while a 'threat' is anything that can cause harm. Both terms apply to the potential for compromised information or unauthorized access.

What is the term for the act of taking advantage of a known vulnerability in cybersecurity, and what is the other, more broadly used term for the likelihood that a vulnerability will be exploited? Choose all that apply.

The term 'exploit' refers to taking advantage of a known vulnerability in cybersecurity. 'Risk' is the broader term that describes the likelihood of that vulnerability being exploited.

What is the term used to describe the technique of deception that a person uses to follow an authorized employee into a restricted area?

The term 'tailgating' refers to the technique where an unauthorized person follows an authorized employee into a restricted area, often without the employee's knowledge. This is a common security breach tactic.

What is the term used to describe this technique?

The correct term is 'piggybacking', which refers to the practice of gaining unauthorized access to a restricted area by following someone who has legitimate access. This technique is often used in security breaches.

Viewing an email in the preview pane can execute scripts or load content, making it equivalent to opening the email. This allowed the malware to access Adel's computer without him clicking on the email.

An employee is only given access and privileges to do their jobs and nothing else. What this principle called?

The principle of least privilege ensures that employees have only the access necessary to perform their jobs, minimizing potential security risks. This is correctly identified as the 'principle of least privilege'.

When there is sensitive data on the network that needs protection from unauthorized access, what solution can be deployed to safeguard it?

Data loss prevention (DLP) solutions are specifically designed to protect sensitive data from unauthorized access and breaches, making it the correct choice for safeguarding sensitive information on the network.

Access all questions and much more by creating a free account

Popular Resources on Wayground