Chapter 16 Cybersecurity Test Bank Answers - Digital Test Bank | Accounting Info Systems 1e by Arline A. Savage. DOCX document preview.
Accounting Information Systems, 1e (Savage)
Chapter 16 Cybersecurity
1) The terms "hacker" and "attacker" are used to refer to
A) programmers with malicious intentions that pose a risk to a company.
B) analysts with ulterior motives.
C) managers whose behavior poses a risk to the company.
D) executives who treat the company's assets as their own.
Diff: 1
Learning Objective: 16.1 Describe the relationship between cybersecurity risks and the accounting profession
Section Reference: Introduction
AACSB: None
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
2) Cybersecurity encompasses
A) actions by programmers with malicious intentions that pose a risk to a company.
B) the measures a company takes to protect a computer or system against unauthorized access or attacks.
C) actions taken by managers which pose a risk to the company.
D) actions by executives who treat the company's assets as their own.
Diff: 1
Learning Objective: 16.1 Describe the relationship between cybersecurity risks and the accounting profession
Section Reference: Introduction
AACSB: None
Bloom's: Comprehension
AICPA: AC: Risk Assessment, Analysis, and Management
3) Colonial Pipeline, which provides almost 50% of the fuel for the East Coast, is an example of an attack of
A) chaos and destruction.
B) financial data breach.
C) ransomware.
D) reconnaissance.
Diff: 1
Learning Objective: 16.1 Describe the relationship between cybersecurity risks and the accounting profession
Section Reference: Recent Cybersecurity Threats
AACSB: None
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
4) Florida Water Supply, a water treatment facility, is an example of being hacked to
A) obtain financial data.
B) create a denial of service.
C) obtain customer information.
D) cause chaos and destruction.
Diff: 1
Learning Objective: 16.1 Describe the relationship between cybersecurity risks and the accounting profession
Section Reference: Recent Cybersecurity Threats
AACSB: None
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
5) Equifax, a credit reporting agency, was victim to
A) a financial data breach.
B) ransomware.
C) reconnaissance.
D) chaos and destruction.
Diff: 1
Learning Objective: 16.1 Describe the relationship between cybersecurity risks and the accounting profession
Section Reference: Recent Cybersecurity Threats
AACSB: None
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
6) At larger companies, the cybersecurity program is usually the responsibility of a dedicated executive leader. This could include the
A) Chief Executive Officer.
B) Chief Information Officer.
C) Chief Marketing Officer.
D) Chief Operating Officer.
Diff: 1
Learning Objective: 16.1 Describe the relationship between cybersecurity risks and the accounting profession
Section Reference: Relevance to Accounting Professionals
AACSB: None
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
7) At larger companies, the cybersecurity program is usually the responsibility of a dedicated executive leader. This could include the
A) Chief Executive Officer.
B) Chief Marketing Officer.
C) Chief Technology Officer.
D) Chief Operating Officer.
Diff: 1
Learning Objective: 16.1 Describe the relationship between cybersecurity risks and the accounting profession
Section Reference: Relevance to Accounting Professionals
AACSB: None
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
8) At larger companies, the cybersecurity program is usually the responsibility of a dedicated executive leader. This could include the
A) Chief Executive Officer.
B) Chief Marketing Officer.
C) Chief Operating Officer.
D) Chief Information Security Officer.
Diff: 1
Learning Objective: 16.1 Describe the relationship between cybersecurity risks and the accounting profession
Section Reference: Relevance to Accounting Professionals
AACSB: None
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
9) The National Institute of Standards and Technology (NIST) Cybersecurity Framework is displayed below.
What is function A?
A) Recover
B) Identify
C) Protect
D) Detect
Diff: 1
Learning Objective: 16.1 Describe the relationship between cybersecurity risks and the accounting profession
Section Reference: Governance and Policies
AACSB: None
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
10) The National Institute of Standards and Technology (NIST) Cybersecurity Framework is displayed below.
What is function B?
A) Recover
B) Identify
C) Protect
D) Detect
Diff: 1
Learning Objective: 16.1 Describe the relationship between cybersecurity risks and the accounting profession
Section Reference: Governance and Policies
AACSB: None
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
11) The National Institute of Standards and Technology (NIST) Cybersecurity Framework is displayed below.
What is function C?
A) Recover
B) Identify
C) Protect
D) Detect
Diff: 1
Learning Objective: 16.1 Describe the relationship between cybersecurity risks and the accounting profession
Section Reference: Governance and Policies
AACSB: None
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
12) The National Institute of Standards and Technology (NIST) Cybersecurity Framework is displayed below.
What is function D?
A) Recover
B) Identify
C) Protect
D) Detect
Diff: 1
Learning Objective: 16.1 Describe the relationship between cybersecurity risks and the accounting profession
Section Reference: Governance and Policies
AACSB: None
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
13) The National Institute of Standards and Technology (NIST) Cybersecurity Framework is displayed below.
What is function E?
A) Respond
B) Identify
C) Protect
D) Detect
Diff: 1
Learning Objective: 16.1 Describe the relationship between cybersecurity risks and the accounting profession
Section Reference: Governance and Policies
AACSB: None
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
14) The National Institute of Standards and Technology (NIST) has published Security and Privacy Controls for Federal Information Systems and Organizations (NIST-800-53). The NIST-800-53 document is
A) a list of cybersecurity risks companies may face.
B) a catalog of security control baselines for business.
C) a checklist for Information Technology professionals.
D) a list of entry level cybersecurity jobs for Accounting professionals.
Diff: 1
Learning Objective: 16.1 Describe the relationship between cybersecurity risks and the accounting profession
Section Reference: Governance and Policies
AACSB: None
Bloom's: Comprehension
AICPA: AC: Risk Assessment, Analysis, and Management
15) The National Institute of Standards and Technology (NIST) has published Security and Privacy Controls for Federal Information Systems and Organizations (NIST-800-53). The NIST-800-53 document is divided into
A) 53 chapters.
B) 5 sections.
C) 18 control families.
D) 27 volumes.
Diff: 1
Learning Objective: 16.1 Describe the relationship between cybersecurity risks and the accounting profession
Section Reference: Governance and Policies
AACSB: None
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
16) The National Institute of Standards and Technology (NIST) has published Security and Privacy Controls for Federal Information Systems and Organizations (NIST-800-53). One of the control families is Access Control. What ID does Access Control family use?
A) AT
B) AN
C) AL
D) AC
Diff: 1
Learning Objective: 16.1 Describe the relationship between cybersecurity risks and the accounting profession
Section Reference: Governance and Policies
AACSB: None
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
17) The National Institute of Standards and Technology (NIST) has published Security and Privacy Controls for Federal Information Systems and Organizations (NIST-800-53). One of the control families is Awareness and Training. What ID does Awareness and Training family use?
A) AT
B) AN
C) AL
D) AC
Diff: 1
Learning Objective: 16.1 Describe the relationship between cybersecurity risks and the accounting profession
Section Reference: Governance and Policies
AACSB: None
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
18) The National Institute of Standards and Technology (NIST) has published Security and Privacy Controls for Federal Information Systems and Organizations (NIST-800-53). The NIST-800-53 document is divided into 18 control families. One of the control families is Security Assessment and Authorization. What ID does Security Assessment and Authorization family use?
A) SA
B) CA
C) AA
D) AS
Diff: 1
Learning Objective: 16.1 Describe the relationship between cybersecurity risks and the accounting profession
Section Reference: Governance and Policies
AACSB: None
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
19) The National Institute of Standards and Technology (NIST) has published Security and Privacy Controls for Federal Information Systems and Organizations (NIST-800-53). The NIST-800-53 document is divided into 18 control families. One of the control families is Configuration Management. What ID does Configuration Management family use?
A) CO
B) MC
C) CM
D) CP
Diff: 1
Learning Objective: 16.1 Describe the relationship between cybersecurity risks and the accounting profession
Section Reference: Governance and Policies
AACSB: None
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
20) The National Institute of Standards and Technology (NIST) has published Security and Privacy Controls for Federal Information Systems and Organizations (NIST-800-53). The NIST-800-53 document is divided into 18 control families. One of the control families is Maintenance. What ID does Maintenance family use?
A) MT
B) AM
C) MN
D) MA
Diff: 1
Learning Objective: 16.1 Describe the relationship between cybersecurity risks and the accounting profession
Section Reference: Governance and Policies
AACSB: None
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
21) The National Institute of Standards and Technology (NIST) has published Security and Privacy Controls for Federal Information Systems and Organizations (NIST-800-53). The NIST-800-53 document is divided into 18 control families. One of the control families is Physical and Environmental Protection. What ID does Physical and Environmental Protection family use?
A) PE
B) PP
C) PH
D) PY
Diff: 1
Learning Objective: 16.1 Describe the relationship between cybersecurity risks and the accounting profession
Section Reference: Governance and Policies
AACSB: None
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
22) The National Institute of Standards and Technology (NIST) has published Security and Privacy Controls for Federal Information Systems and Organizations (NIST-800-53). The NIST-800-53 document is divided into 18 control families. One of the control families is Personal Security. What ID does Personal Security family use?
A) PR
B) PS
C) PE
D) SE
Diff: 1
Learning Objective: 16.1 Describe the relationship between cybersecurity risks and the accounting profession
Section Reference: Governance and Policies
AACSB: None
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
23) The National Institute of Standards and Technology (NIST) has published Security and Privacy Controls for Federal Information Systems and Organizations (NIST-800-53). The NIST-800-53 document is divided into 18 control families. One of the control families is System and Information Integrity. What ID does System and Information Integrity family use?
A) SY
B) SS
C) SI
D) SN
Diff: 1
Learning Objective: 16.1 Describe the relationship between cybersecurity risks and the accounting profession
Section Reference: Governance and Policies
AACSB: None
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
24) Which of the following reflects the correct sequence of the three steps of the cyber-kill chain?
A) Gather information about the network, access the network, disrupt the network
B) Access the network, gather information about the network, disrupt the network
C) Access the network, disrupt the network, gather information about the network
D) Disrupt the network, gather information about the network, access the network
Diff: 1
Learning Objective: 16.2 Describe the characteristics of reconnaissance attacks
Section Reference: Introduction
AACSB: None
Bloom's: Comprehension
AICPA: AC: Risk Assessment, Analysis, and Management
25) What step do reconnaissance attacks correspond to in the cyber-kill chain?
A) Steal passwords
B) Gather information about the network
C) Access the network
D) Disrupt the network
Diff: 2
Learning Objective: 16.2 Describe the characteristics of reconnaissance attacks
Section Reference: Introduction
AACSB: None
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
26) Cybercriminals look for vulnerabilities in the network, through either a ________, who exposes valuable information or a ________ in the network.
A) person, company
B) company, person
C) person, technical weak point
D) company, technical weak point
Diff: 1
Learning Objective: 16.2 Describe the characteristics of reconnaissance attacks
Section Reference: Introduction
AACSB: None
Bloom's: Comprehension
AICPA: AC: Risk Assessment, Analysis, and Management
27) What two categories do cyberattacks fall into?
A) Conceptual attack, theoretical attack
B) Conceptual attack, logical attack
C) Physical attack, conceptual attack
D) Physical attack, logical attack
Diff: 1
Learning Objective: 16.2 Describe the characteristics of reconnaissance attacks
Section Reference: Introduction
AACSB: None
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
28) Attackers us these three types of attacks to plan, enter, and damage a victim's network:
What type of attack is A?
A) Reconnaissance attack
B) Access attack
C) Disruptive attack
D) Translucent attack
Diff: 1
Learning Objective: 16.2 Describe the characteristics of reconnaissance attacks
Section Reference: Introduction
AACSB: None
Bloom's: Comprehension
AICPA: AC: Risk Assessment, Analysis, and Management
29) Attackers us these three types of attacks to plan, enter, and damage a victim's network:
What type of attack is B?
A) Reconnaissance attack
B) Access attack
C) Disruptive attack
D) Translucent attack
Diff: 1
Learning Objective: 16.2 Describe the characteristics of reconnaissance attacks
Section Reference: Introduction
AACSB: None
Bloom's: Comprehension
AICPA: AC: Risk Assessment, Analysis, and Management
30) Attackers us these three types of attacks to plan, enter, and damage a victim's network:
What type of attack is C?
A) Reconnaissance attack
B) Access attack
C) Disruptive attack
D) Translucent attack
Diff: 1
Learning Objective: 16.2 Describe the characteristics of reconnaissance attacks
Section Reference: Introduction
AACSB: None
Bloom's: Comprehension
AICPA: AC: Risk Assessment, Analysis, and Management
31) Which of the physical reconnaissance attacks is a deceptive request designed to trick victims into sharing private information?
A) Email phishing
B) Dumpster diving
C) Eavesdropping
D) Malware
Diff: 1
Learning Objective: 16.2 Describe the characteristics of reconnaissance attacks
Section Reference: Physical Reconnaissance Attacks
AACSB: None
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
32) Which of the physical reconnaissance attacks is looking through someone else's physical trash?
A) Phishing
B) Dumpster diving
C) Eavesdropping
D) Malware
Diff: 1
Learning Objective: 16.2 Describe the characteristics of reconnaissance attacks
Section Reference: Physical Reconnaissance Attacks
AACSB: None
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
33) Which of the physical reconnaissance attacks is the unauthorized interception of communication?
A) Phishing
B) Dumpster diving
C) Eavesdropping
D) Malware
Diff: 1
Learning Objective: 16.2 Describe the characteristics of reconnaissance attacks
Section Reference: Physical Reconnaissance Attacks
AACSB: None
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
34) What is a company's best defense against phishing attacks?
A) Only allow email from certified businesses
B) Shut down email
C) Monitor employee's email
D) Train employees to recognize and report red flags
Diff: 1
Learning Objective: 16.2 Describe the characteristics of reconnaissance attacks
Section Reference: Physical Reconnaissance Attacks
AACSB: None
Bloom's: Comprehension
AICPA: AC: Risk Assessment, Analysis, and Management
35) What is an incorrect sender address red flag?
A) Sending from obscure domains that are designed to look similar to legitimate domains
B) Addressing the email to a generic recipient
C) Including grammar or spelling mistakes
D) Using words like "suspended", "security concerns," and "immediately"
Diff: 1
Learning Objective: 16.2 Describe the characteristics of reconnaissance attacks
Section Reference: Physical Reconnaissance Attacks
AACSB: None
Bloom's: Comprehension
AICPA: AC: Risk Assessment, Analysis, and Management
36) What is a vague salutation red flag?
A) Sending from obscure domains that are designed to look similar to legitimate domains
B) Addressing the email to a generic recipient
C) Including grammar or spelling mistakes
D) Using words like "suspended", "security concerns," and "immediately"
Diff: 1
Learning Objective: 16.2 Describe the characteristics of reconnaissance attacks
Section Reference: Physical Reconnaissance Attacks
AACSB: None
Bloom's: Comprehension
AICPA: AC: Risk Assessment, Analysis, and Management
37) A company's best defense against phishing attacks is to train employees to recognize and report red flags. The correct definition of a poor grammar or spelling red flag is
A) Sending from obscure domains that are designed to look similar to legitimate domains
B) Addressing the email to a generic recipient
C) Including grammar or spelling mistakes
D) Using words like "suspended", "security concerns," and "immediately"
Diff: 2
Learning Objective: 16.2 Describe the characteristics of reconnaissance attacks
Section Reference: Physical Reconnaissance Attacks
AACSB: None
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
38) What is an urgency red flag?
A) Sending from obscure domains that are designed to look similar to legitimate domains
B) Addressing the email to a generic recipient
C) Including grammar or spelling mistakes
D) Using words like "suspended", "security concerns," and "immediately"
Diff: 1
Learning Objective: 16.2 Describe the characteristics of reconnaissance attacks
Section Reference: Physical Reconnaissance Attacks
AACSB: None
Bloom's: Comprehension
AICPA: AC: Risk Assessment, Analysis, and Management
39) What is an unusual links red flag?
A) Hovering over a link in the email shows the actual link is not the same as the displayed text.
B) Addressing the email to a generic recipient
C) Including grammar or spelling mistakes
D) Using words like "suspended", "security concerns," and "immediately"
Diff: 1
Learning Objective: 16.2 Describe the characteristics of reconnaissance attacks
Section Reference: Physical Reconnaissance Attacks
AACSB: None
Bloom's: Comprehension
AICPA: AC: Risk Assessment, Analysis, and Management
40) What is a surveys red flag?
A) Sending from obscure domains that are designed to look similar to legitimate domains
B) Asking for personal information in a survey instead of taking you to a company portal to input information directly in the corporate system
C) Including grammar or spelling mistakes
D) Using words like "suspended", "security concerns," and "immediately"
Diff: 1
Learning Objective: 16.2 Describe the characteristics of reconnaissance attacks
Section Reference: Physical Reconnaissance Attacks
AACSB: None
Bloom's: Comprehension
AICPA: AC: Risk Assessment, Analysis, and Management
41) What is encryption?
A) Sending from obscure domains that are designed to look similar to legitimate domains
B) A standard network protocol that allows users to transfer files between the company network and outside parties
C) The process of using an algorithm to encode a plaintext message and converting it to something that is seemingly meaningless
D) Asking for personal information in a survey instead of taking you to a company portal to input information directly in the corporate system
Diff: 1
Learning Objective: 16.2 Describe the characteristics of reconnaissance attacks
Section Reference: Physical Reconnaissance Attacks
AACSB: None
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
42) What is file transfer protocol (FTP)?
A) Sending from obscure domains that are designed to look similar to legitimate domains
B) A standard network protocol that allows users to transfer files between the company network and outside parties
C) The process of using an algorithm to encode a plaintext message and converting it to something that is seemingly meaningless
D) Asking for personal information in a survey instead of taking you to a company portal to input information directly in the corporate system
Diff: 1
Learning Objective: 16.2 Describe the characteristics of reconnaissance attacks
Section Reference: Physical Reconnaissance Attacks
AACSB: None
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
43) The purpose of a ________, also called an IP probe, is to identify which hosts are active in the network by sending a communication to each IP address to see if there is a response packet.
A) ping sweep
B) port scan
C) computer scan
D) network sweep
Diff: 1
Learning Objective: 16.2 Describe the characteristics of reconnaissance attacks
Section Reference: Logical Reconnaissance Attacks
AACSB: None
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
44) For hackers to narrow their results, they use ________, which indicates which ports are open and sending or receiving data on the network.
A) ping sweep
B) port scans
C) computer scan
D) network sweep
Diff: 1
Learning Objective: 16.2 Describe the characteristics of reconnaissance attacks
Section Reference: Logical Reconnaissance Attacks
AACSB: None
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
45) What is it called when a company performs sweeps and scans to detect and classify loopholes in their infrastructure?
A) Vulnerability scans
B) Penetration tests
C) Patches
D) Upgrades
Diff: 1
Learning Objective: 16.2 Describe the characteristics of reconnaissance attacks
Section Reference: Logical Reconnaissance Attacks
AACSB: None
Bloom's: Comprehension
AICPA: AC: Risk Assessment, Analysis, and Management
46) What is it called when a company attempts to hack their own systems?
A) Vulnerability scans
B) Penetration tests
C) Patches
D) Upgrades
Diff: 1
Learning Objective: 16.2 Describe the characteristics of reconnaissance attacks
Section Reference: Logical Reconnaissance Attacks
AACSB: None
Bloom's: Comprehension
AICPA: AC: Risk Assessment, Analysis, and Management
47) What does a company apply to ensure that systems are running up-to-date security when they are available?
A) Vulnerability scans
B) Penetration tests
C) Patches
D) Upgrades
Diff: 1
Learning Objective: 16.2 Describe the characteristics of reconnaissance attacks
Section Reference: Logical Reconnaissance Attacks
AACSB: None
Bloom's: Comprehension
AICPA: AC: Risk Assessment, Analysis, and Management
48) Physical access attacks
A) result in access to either hardware or people.
B) seek unauthorized access to a system by either exploiting a network vulnerability or attempting to use force to get through network security.
C) result in access to customers or vendors.
D) seek unauthorized access to employee records on the network.
Diff: 1
Learning Objective: 16.3 Compare and contrast physical and logical access attacks
Section Reference: Physical Access Attacks
AACSB: None
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
49) ________ are the biggest weakness in a company's internal control environment.
A) Networks
B) Humans
C) Systems
D) Routers
Diff: 1
Learning Objective: 16.3 Compare and contrast physical and logical access attacks
Section Reference: Physical Access Attacks
AACSB: None
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
50) What is accidental tailgating?
A) Unauthorized users are aware that there is a tailgater.
B) The authorized user is aware of the other person and blocks entry to the tailgater.
C) Authorized users are unaware that there is a tailgater.
D) The authorized user is aware of the other person but may politely hold the door for the tailgater.
Diff: 1
Learning Objective: 16.3 Compare and contrast physical and logical access attacks
Section Reference: Physical Access Attacks
AACSB: None
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
51) What is polite tailgating?
A) Unauthorized users are aware that there is a tailgater.
B) The authorized user is aware of the other person and blocks entry to the tailgater.
C) Authorized users are unaware that there is a tailgater.
D) The authorized user is aware of the other person but may politely hold the door for the tailgater.
Diff: 1
Learning Objective: 16.3 Compare and contrast physical and logical access attacks
Section Reference: Physical Access Attacks
AACSB: None
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
52) Logical access attacks
A) result in access to either hardware or people.
B) seek unauthorized access to a system by either exploiting a network vulnerability or attempting to use force to get through network security.
C) result in access to customers or vendors.
D) seek unauthorized access to employee records on the network.
Diff: 1
Learning Objective: 16.3 Compare and contrast physical and logical access attacks
Section Reference: Logical Access Attacks
AACSB: None
Bloom's: Comprehension
AICPA: AC: Risk Assessment, Analysis, and Management
53) An attacker force access to the network by attempting many passwords or phrases until finding the correct one. What type of attack is being described?
A) Brute-force attack
B) On-path attack
C) IP spoofing
D) Tailgating
Diff: 1
Learning Objective: 16.3 Compare and contrast physical and logical access attacks
Section Reference: Logical Access Attacks
AACSB: None
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
54) Which of the following logical access attacks is a brute-force attack?
A) An attacker forces access to the network by attempting many passwords or phrases until finding the correct one.
B) An attacker attempts to gain access to an on-going communication between two endpoints by pretending to be each of the parties.
C) An attacker disguises their identity and impersonates a legitimate computer on the network.
D) An attacker follows an authorized user into the system.
Diff: 1
Learning Objective: 16.3 Compare and contrast physical and logical access attacks
Section Reference: Logical Access Attacks
AACSB: None
Bloom's: Comprehension
AICPA: AC: Risk Assessment, Analysis, and Management
55) What type of logical access attack attempts to gain access to an on-going communication between two endpoints by pretending to be each of the parties?
A) Brute-force attack
B) On-path attack
C) IP spoofing
D) Tailgating
Diff: 1
Learning Objective: 16.3 Compare and contrast physical and logical access attacks
Section Reference: Logical Access Attacks
AACSB: None
Bloom's: Comprehension
AICPA: AC: Risk Assessment, Analysis, and Management
56) Which of the following describes an on-path attack?
A) An on-path attack is when the attacker forces access to the network by attempting many passwords or phrases until finding the correct one.
B) An on-path attack is when the attacker attempts to gain access to an on-going communication between two endpoints by pretending to be each of the parties.
C) An on-path attack is when the attacker disguises their identity and impersonates a legitimate computer on the network.
D) An on-path attack is when the attacker follows an authorized user into the system.
Diff: 1
Learning Objective: 16.3 Compare and contrast physical and logical access attacks
Section Reference: Logical Access Attacks
AACSB: None
Bloom's: Comprehension
AICPA: AC: Risk Assessment, Analysis, and Management
57) What type of logical access attack disguises the source identity and impersonates a legitimate computer on the network?
A) Brute-force attack
B) On-path attack
C) IP spoofing
D) Tailgating
Diff: 1
Learning Objective: 16.3 Compare and contrast physical and logical access attacks
Section Reference: Logical Access Attacks
AACSB: None
Bloom's: Comprehension
AICPA: AC: Risk Assessment, Analysis, and Management
58) Which of the following logical access attacks describes IP spoofing?
A) IP spoofing is when the attacker forces access to the network by attempting many passwords or phrases until finding the correct one.
B) IP spoofing is when the attacker attempts to gain access to an on-going communication between two endpoints by pretending to be each of the parties.
C) IP spoofing is when the attacker disguises their identity and impersonates a legitimate computer on the network.
D) IP spoofing is when the attacker follows an authorized user into the system.
Diff: 1
Learning Objective: 16.3 Compare and contrast physical and logical access attacks
Section Reference: Logical Access Attacks
AACSB: None
Bloom's: Comprehension
AICPA: AC: Risk Assessment, Analysis, and Management
59) NIST provides explicit guidelines that companies can require for password strength. What is the NIST recommended length?
A) 2 — 6 characters
B) 18 — 32 characters
C) 4 — 8 characters
D) 8 — 64 characters
Diff: 1
Learning Objective: 16.3 Compare and contrast physical and logical access attacks
Section Reference: Logical Access Attacks
AACSB: None
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
60) NIST provides explicit guidelines that companies can require for password strength. What does NIST recommend for character types?
A) Mixture of letters, numbers, and special characters
B) Numbers only
C) Mixture of numbers and letters
D) Letters only
Diff: 1
Learning Objective: 16.3 Compare and contrast physical and logical access attacks
Section Reference: Logical Access Attacks
AACSB: None
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
61) NIST provides explicit guidelines that companies can require for password strength. What is the NIST recommendation for resetting a password?
A) Reset your password every month.
B) Only reset your password if you know it has been compromised.
C) Reset your password every six months.
D) Never reset your password.
Diff: 1
Learning Objective: 16.3 Compare and contrast physical and logical access attacks
Section Reference: Logical Access Attacks
AACSB: None
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
62) NIST provides explicit guidelines that companies can require for password strength. What does NIST recommend for password construction?
A) Combine multiple common words in a password.
B) Reuse previous passwords so you remember them.
C) Avoid dictionary words.
D) Use your name as the password.
Diff: 1
Learning Objective: 16.3 Compare and contrast physical and logical access attacks
Section Reference: Logical Access Attacks
AACSB: None
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
63) On-path attacks, which were once known as man-in-the-middle attacks, attempt to gain access to an ongoing communication between two endpoints. Which of the following is the definition of eavesdropping?
A) The hacker is actively communicating with the server.
B) The hacker is passively injected into the connection.
C) The hacker is actively injected into the connection.
D) The hacker is only listening to or intercepting the communication.
Diff: 1
Learning Objective: 16.3 Compare and contrast physical and logical access attacks
Section Reference: Logical Access Attacks
AACSB: None
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
64) Match the cybersecurity threat to the following control activity: Ensure that the information system enforces minimum password complexity of specified case sensitivity, character numbers, and mix of uppercase and lowercase letters, including minimum requirements for each type.
A) Brute-force attack
B) On-path attack
C) IP spoofing
D) Tailgating
Diff: 2
Learning Objective: 16.3 Compare and contrast physical and logical access attacks
Section Reference: Logical Access Attacks
AACSB: None
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
65) Match the cybersecurity threat to the following control activity: Enforce a specified number of changed characters when new passwords are created.
A) Brute-force attack
B) On-path attack
C) IP spoofing
D) Tailgating
Diff: 2
Learning Objective: 16.3 Compare and contrast physical and logical access attacks
Section Reference: Logical Access Attacks
AACSB: None
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
66) Match the cybersecurity threat to the following control activity: Prohibit password reuse for a specified number of generations.
A) Brute-force attack
B) On-path attack
C) IP spoofing
D) Tailgating
Diff: 2
Learning Objective: 16.3 Compare and contrast physical and logical access attacks
Section Reference: Logical Access Attacks
AACSB: None
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
67) Match the cybersecurity threat to the following control activity: Review and update the baseline configuration of the information system using a company-defined frequency.
A) Brute-force attack
B) On-path attack
C) IP spoofing
D) Tailgating
Diff: 2
Learning Objective: 16.3 Compare and contrast physical and logical access attacks
Section Reference: Logical Access Attacks
AACSB: None
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
68) Match the cybersecurity threat to the following control activity: Review and update the baseline configuration of the information system as an integral part of information system component installations and upgrades.
A) Brute-force attack
B) On-path attack
C) IP spoofing
D) Tailgating
Diff: 2
Learning Objective: 16.3 Compare and contrast physical and logical access attacks
Section Reference: Logical Access Attacks
AACSB: None
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
69) Match the cybersecurity threat to the following control activity: Ensure that the information system uniquely identifies and authenticates devices before establishing a connection.
A) Brute-force attack
B) On-path attack
C) IP spoofing
D) Tailgating
Diff: 2
Learning Objective: 16.3 Compare and contrast physical and logical access attacks
Section Reference: Logical Access Attacks
AACSB: None
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
70) What is an attack that prohibits users from using resources such as computers, websites, servers, or an entire network called?
A) Denial-of-service attack
B) Malware attack
C) Virus attack
D) Logic bomb attack
Diff: 1
Learning Objective: 16.4 Explain how hackers perform disruptive attacks.
Section Reference: Denial-of-Service Attacks
AACSB: None
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
71) What is a Denial-of-service attack?
A) An attack that prohibits users from using resources such as computers, websites, servers, or an entire network
B) An attack that uses destructive programs to take down a system
C) An attack that is disguised as benign software but carries malicious code that may be activated via a logic bomb
D) An attack that is a piece of malicious code that is programmed into a system and remains dormant until certain conditions are met
Diff: 1
Learning Objective: 16.4 Explain how hackers perform disruptive attacks.
Section Reference: Denial-of-Service Attacks
AACSB: None
Bloom's: Comprehension
AICPA: AC: Risk Assessment, Analysis, and Management
72) What is a Botnet attack?
A) An attack that creates a virus that cause a variety of problems
B) An attack that is disguised as benign software but carries malicious code that may be activated via a logic bomb
C) An attack that uses computers infected with malware that function like robots
D) An attack that uses multiple machines or IP addresses to force the target to shut down
Diff: 1
Learning Objective: 16.4 Explain how hackers perform disruptive attacks.
Section Reference: Denial-of-Service Attacks
AACSB: None
Bloom's: Comprehension
AICPA: AC: Risk Assessment, Analysis, and Management
73) What is a Distributed Denial-of-Service attack?
A) An attack that creates a virus that cause a variety of problems
B) An attack that is disguised as benign software but carries malicious code that may be activated via a logic bomb
C) An attack that uses computers infected with malware that function like robots
D) An attack that uses multiple machines or IP addresses to force the target to shut down
Diff: 1
Learning Objective: 16.4 Explain how hackers perform disruptive attacks.
Section Reference: Denial-of-Service Attacks
AACSB: None
Bloom's: Comprehension
AICPA: AC: Risk Assessment, Analysis, and Management
74) A business can protect itself from DoS and DDoS attacks by ensuring that ________, routers, and intrusion detection systems are up-to-date, are properly configured, and will automatically block the ports where fake requests enter the system.
A) firewalls
B) servers
C) websites
D) ecommerce sites
Diff: 1
Learning Objective: 16.4 Explain how hackers perform disruptive attacks.
Section Reference: Denial-of-Service Attacks
AACSB: None
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
75) A business can protect itself from DoS and DDoS attacks by ensuring that firewalls, ________, and intrusion detection systems are up-to-date, are properly configured, and will automatically block the ports where fake requests enter the system.
A) servers
B) routers
C) websites
D) ecommerce sites
Diff: 1
Learning Objective: 16.4 Explain how hackers perform disruptive attacks.
Section Reference: Denial-of-Service Attacks
AACSB: None
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
76) A business can protect itself from DoS and DDoS attacks by ensuring that firewalls, routers, and ________ are up-to-date, are properly configured, and will automatically block the ports where fake requests enter the system.
A) servers
B) websites
C) intrusion detection systems
D) ecommerce sites
Diff: 1
Learning Objective: 16.4 Explain how hackers perform disruptive attacks.
Section Reference: Denial-of-Service Attacks
AACSB: None
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
77) Which of the following is an example of a Denial-of-Service internal control?
A) Manage capacity, bandwidth, or other redundancy to limit the effects of an attack.
B) Employ malicious code protection mechanisms at information system entry and exit points.
C) Configure malicious code detection to perform periodic scans of the information system, block malicious code, quarantine malicious code, and notify the administrator.
D) Monitor the information systems to detect attacks and indicators of potential attacks, including unauthorized local, network, and remote connections.
Diff: 1
Learning Objective: 16.4 Explain how hackers perform disruptive attacks.
Section Reference: Denial-of-Service Attacks
AACSB: None
Bloom's: Comprehension
AICPA: AC: Risk Assessment, Analysis, and Management
78) Which of the following is an example of a Denial-of-Service internal control?
A) Employ malicious code protection mechanisms at information system entry and exit points.
B) Employ monitoring tools to detect indicators of attacks against, or launched from, the system.
C) Configure malicious code detection to perform periodic scans of the information system, block malicious code, quarantine malicious code, and notify the administrator.
D) Monitor the information systems to detect attacks and indicators of potential attacks, including unauthorized local, network, and remote connections.
Diff: 1
Learning Objective: 16.4 Explain how hackers perform disruptive attacks.
Section Reference: Denial-of-Service Attacks
AACSB: None
Bloom's: Comprehension
AICPA: AC: Risk Assessment, Analysis, and Management
79) Which of the following is an example of a Denial-of-Service internal control?
A) Employ malicious code protection mechanisms at information system entry and exit points.
B) Configure malicious code detection to perform periodic scans of the information system, block malicious code, quarantine malicious code, and notify the administrator.
C) Monitor system resources to determine if sufficient resources exist to prevent effective attacks.
D) Monitor the information systems to detect attacks and indicators of potential attacks, including unauthorized local, network, and remote connections.
Diff: 1
Learning Objective: 16.4 Explain how hackers perform disruptive attacks.
Section Reference: Denial-of-Service Attacks
AACSB: None
Bloom's: Comprehension
AICPA: AC: Risk Assessment, Analysis, and Management
80) What is an attack that uses destructive programs to take down a system called?
A) Denial-of-service attack
B) Malware attack
C) Virus attack
D) Logic bomb attack
Diff: 1
Learning Objective: 16.4 Explain how hackers perform disruptive attacks.
Section Reference: Malware Attacks
AACSB: None
Bloom's: Comprehension
AICPA: AC: Risk Assessment, Analysis, and Management
81) What is a Malware attack?
A) An attack that prohibits users from using resources such as computers, websites, servers, or an entire network
B) An attack that uses destructive programs to take down a system
C) An attack that is programmed to do whatever the attacker wants
D) An attack that uses multiple machines or IP addresses to force the target to shut down
Diff: 1
Learning Objective: 16.4 Explain how hackers perform disruptive attacks.
Section Reference: Malware Attacks
AACSB: None
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
82) Which of the following is an example of Malware internal controls?
A) Employ malicious code protection mechanisms at information system entry and exit points.
B) Employ monitoring to detect indicators of attacks launched from the system.
C) Manage capacity, bandwidth, or other redundancy to limit the effects of an attack.
D) Increase system resources to prevent an effective attack.
Diff: 1
Learning Objective: 16.4 Explain how hackers perform disruptive attacks.
Section Reference: Malware Attacks
AACSB: None
Bloom's: Comprehension
AICPA: AC: Risk Assessment, Analysis, and Management
83) Which of the following is an example of Malware internal controls?
A) Employ monitoring to detect indicators of attacks against, or launched from, the system.
B) Configure malicious code detection to perform periodic scans of the information system, block malicious code, quarantine malicious code, and notify the administrator.
C) Manage capacity, bandwidth, or other redundancy to limit the effects of an attack.
D) Monitor system resources to determine if sufficient resources exist to prevent effective attacks.
Diff: 1
Learning Objective: 16.4 Explain how hackers perform disruptive attacks.
Section Reference: Malware Attacks
AACSB: None
Bloom's: Comprehension
AICPA: AC: Risk Assessment, Analysis, and Management
84) Which of the following is an example of Malware internal controls?
A) Employ monitoring to detect indicators of attacks against, or launched from, the system.
B) Manage capacity, bandwidth, or other redundancy to limit the effects of an attack.
C) Monitor the information system to detect attacks and indicators of potential attacks, including unauthorized local, network, and remote connections.
D) Monitor system resources to determine if sufficient resources exist to prevent effective attacks.
Diff: 1
Learning Objective: 16.4 Explain how hackers perform disruptive attacks.
Section Reference: Malware Attacks
AACSB: None
Bloom's: Comprehension
AICPA: AC: Risk Assessment, Analysis, and Management
85) What is a type of malware used by hackers that replicates itself in a system and spreads quickly, causing damage to core system functions?
A) Virus
B) Worms
C) Logic bombs
D) Trojan horse
Diff: 1
Learning Objective: 16.4 Explain how hackers perform disruptive attacks.
Section Reference: Malware Attacks
AACSB: None
Bloom's: Comprehension
AICPA: AC: Risk Assessment, Analysis, and Management
86) What is a type of malware used by hackers that replicates without the assistance of human interaction?
A) Virus
B) Worms
C) Logic bombs
D) Trojan horses
Diff: 1
Learning Objective: 16.4 Explain how hackers perform disruptive attacks.
Section Reference: Malware Attacks
AACSB: None
Bloom's: Comprehension
AICPA: AC: Risk Assessment, Analysis, and Management
87) What is a type of malicious code used by hackers that is programmed into a system and remains dormant until certain conditions are met?
A) Virus
B) Worms
C) Logic bombs
D) Trojan horses
Diff: 1
Learning Objective: 16.4 Explain how hackers perform disruptive attacks.
Section Reference: Malware Attacks
AACSB: None
Bloom's: Comprehension
AICPA: AC: Risk Assessment, Analysis, and Management
88) What is code used by hackers that is disguised as benign software but carries malicious code that may be activated via a logic bomb?
A) Virus
B) Worms
C) Logic bombs
D) Trojan horses
Diff: 1
Learning Objective: 16.4 Explain how hackers perform disruptive attacks.
Section Reference: Malware Attacks
AACSB: None
Bloom's: Comprehension
AICPA: AC: Risk Assessment, Analysis, and Management
89) RAM Manufacturing LLC is a rapidly growing manufacturer of parts for the automotive industry. Maeve, the VP of Internal Audit is working with the chief technology officer, Justin, to propose an enterprise-wide data strategy project to the audit committee. Maeve suggests that the Internal Audit department perform a review of the company's data management and privacy procedures. This review will involve interviewing various departments throughout RAM Manufacturing to ask questions such as:
• What guidelines are in place for data privacy?
• How is data being shared?
• Are communications masked or encrypted securely?
• What are the differences between internal communications and communications with third parties?
• Where is data being stored?
• What procedures are in place for data retention?
• Do these procedures meet regulatory standards?
Maeve and Justin must decide which framework(s) to use as guidance for proposing recommendations for this project to the audit committee. What framework would you recommend? Justify your answer.
Diff: 3
Learning Objective: 16.1 Describe the relationship between cybersecurity risks and the accounting profession
Section Reference: Governance and Policies
AACSB: Analytic
Bloom's: Synthesis
AICPA: AC: Risk Assessment, Analysis, and Management
90) Cybersecurity programs are subject to different resource constraints and business needs depending on the size of the company. Who might be responsible for leading the cybersecurity program in a larger organization?
Diff: 2
Learning Objective: 16.1 Describe the relationship between cybersecurity risks and the accounting profession
Section Reference: Governance and Policies
AACSB: Analytic
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
91) RAM Manufacturing LLC is a rapidly growing manufacturer of parts for the automotive industry. Maeve, an accountant at RAM Manufacturing recently received an email from Justin, the VP of Human Resources, asking her to click on a link and re-enter her login credentials and social security number. Suspicious of the email, Maeve forwarded the email to the Cybersecurity department. After talking with the cybersecurity department, Maeve decided to review her inbox to check for any other suspicious emails. Below is a list of what Maeve found:
a. An email reminder from the Human Resources department to enter her time for the month.
b. An email addressed to "Dear Accountant at RAM Manufacturing".
c. An email from a plant manager to escalate payment of an invoice, as the vendor won't ship needed steel until this invoice is paid.
d. A request from the CFO to transfer a large sum of money to an account that Maeve hadn't worked with before.
e. A request from a product manager to run a report on the costs involved in launching a new product the prior year.
Required: Do you think any of the emails are suspicious and why? Justify your answer by identifying the nature of the red flag or why it can be dismissed as suspicious.
Diff: 3
Learning Objective: 16.2 Describe the characteristics of reconnaissance attacks
Section Reference: Logical Reconnaissance Attacks
AACSB: Analytic
Bloom's: Evaluation
AICPA: AC: Risk Assessment, Analysis, and Management
92) RAM Manufacturing LLC is a rapidly growing manufacturer of parts for the automotive industry. Maeve, an Internal Auditor, started with RAM Manufacturing a month ago. Maeve arrives at work, parks her car and walks to a side entrance. There she finds Justin waiting. Justin tells her that he works for an equipment repair company, has been called out to RAM Manufacturing to make repairs on a piece of equipment and forgot his ID in his work truck. He asks if Maeve could let him enter the side entrance. Maeve has never met Justin before. What should Maeve do?
• Insist that he get his ID from his truck.
• Insist that he enter through the front entrance.
• Allow him entry, but escort him to the security checkpoint.
Diff: 3
Learning Objective: 16.3 Compare and contrast physical and logical access attacks
Section Reference: Physical Access Attacks
AACSB: Analytic
Bloom's: Synthesis
AICPA: AC: Risk Assessment, Analysis, and Management
93) RAM Manufacturing LLC is a rapidly growing manufacturer of parts for the automotive industry. Justin, a newly hired Network Administrator, arrives at one of RAM Manufacturing's remote manufacturing facilities to perform a network upgrade. Justin approaches the main entrance and encounters Alison, a courier delivery person, waiting. Alison tells Justin that she delivers to the facility often and knows where the package goes. She asks if she could follow Justin in because she is behind schedule on her deliveries. Justin has never met Alison before. What should Justin do?
• Insist that Alison follow normal security procedures
• Escort Alison to the security checkpoint
Diff: 3
Learning Objective: 16.3 Compare and contrast physical and logical access attacks
Section Reference: Physical Access Attacks
AACSB: Analytic
Bloom's: Evaluation
AICPA: AC: Risk Assessment, Analysis, and Management
94) What are some of the things that attackers may do once they have broken into a network?
• Attackers can steal data.
• They can hold information hostage and demand a ransom.
• They can crash systems or even permanently damage the network.
Diff: 3
Learning Objective: 16.4 Explain how hackers perform disruptive attacks.
Section Reference: Introduction
AACSB: Analytic
Bloom's: Synthesis
AICPA: AC: Risk Assessment, Analysis, and Management
95) RAM Manufacturing LLC is a rapidly growing manufacturer of parts for the automotive industry. Maeve is an IT auditor at RAM Manufacturing, working on a project for the Cybersecurity department. Maeve has prioritized the following cyberattack categories:
• Denial-of-service attacks
• Viruses
• Worms
• Logic bombs
• Trojan horses
Match the following attack description to one of these cyberattack categories.
On Saturday, June 2nd, at exactly 12:00 noon, a program stopped allowing users to log in.
Diff: 3
Learning Objective: 16.4 Explain how hackers perform disruptive attacks.
Section Reference: Malware Attacks
AACSB: Analytic
Bloom's: Synthesis
AICPA: AC: Risk Assessment, Analysis, and Management
96) RAM Manufacturing LLC is a rapidly growing manufacturer of parts for the automotive industry. Maeve is an IT auditor at RAM Manufacturing, working on a project for the Cybersecurity department. Maeve has prioritized the following cyberattack categories:
• Denial-of-service attacks
• Viruses
• Worms
• Logic bombs
• Trojan horses
Match the following attack description to one of these cyberattack categories.
Many RAM Manufacturing employees received an email from prompting them to install a new expense reporting system. Employees who downloaded the software experienced no disruption and the attack did not replicate itself.
Diff: 3
Learning Objective: 16.4 Explain how hackers perform disruptive attacks.
Section Reference: Malware Attacks
AACSB: Analytic
Bloom's: Synthesis
AICPA: AC: Risk Assessment, Analysis, and Management
97) RAM Manufacturing LLC is a rapidly growing manufacturer of parts for the automotive industry. Maeve is an IT auditor at RAM Manufacturing, working on a project for the Cybersecurity department. Maeve has prioritized the following cyberattack categories:
• Denial-of-service attacks
• Viruses
• Worms
• Logic bombs
• Trojan horses
Match the following attack description to one of these cyberattack categories.
Mobile app orders experienced an unprecedented increase at an unusual time of day that resulted in the order system crashing.
Diff: 3
Learning Objective: 16.4 Explain how hackers perform disruptive attacks.
Section Reference: Malware Attacks
AACSB: Analytic
Bloom's: Synthesis
AICPA: AC: Risk Assessment, Analysis, and Management
98) RAM Manufacturing LLC is a rapidly growing manufacturer of parts for the automotive industry. Maeve is an IT auditor at RAM Manufacturing, working on a project for the Cybersecurity department. Maeve has prioritized the following cyberattack categories:
• Denial-of-service attacks
• Viruses
• Worms
• Logic bombs
• Trojan horses
Match the following attack description to one of these cyberattack categories.
An employee was granted a large increase in memory on his laptop and then requested an additional increase one week later. Upon investigation, highly replicative malicious code was found on is computer.
Diff: 3
Learning Objective: 16.4 Explain how hackers perform disruptive attacks.
Section Reference: Malware Attacks
AACSB: Analytic
Bloom's: Synthesis
AICPA: AC: Risk Assessment, Analysis, and Management
99) RAM Manufacturing LLC is a rapidly growing manufacturer of parts for the automotive industry. Maeve is an IT auditor at RAM Manufacturing, working on a project for the Cybersecurity department. Maeve has prioritized the following cyberattack categories:
• Denial-of-service attacks
• Viruses
• Worms
• Logic bombs
• Trojan horses
Match the following attack description to one of these cyberattack categories.
Employees received an email with a funny meme that was forwarded throughout the company. The email contained a link that employees clicked on to view the meme. Users who clicked on the link in the email experienced unexpected pop-ups on their computers.
Diff: 3
Learning Objective: 16.4 Explain how hackers perform disruptive attacks.
Section Reference: Malware Attacks
AACSB: Analytic
Bloom's: Synthesis
AICPA: AC: Risk Assessment, Analysis, and Management
© 2022 John Wiley & Sons, Inc. All rights reserved. Instructors who are authorized users of this course are permitted to download these materials and use them in connection with the course. Except as permitted herein or by law, no part of these materials should be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise.