Test Bank Answers Ch.8 Cybersecurity and Homeland

Chapter 8: Test Bank

Multiple Choice

1. _________________ refers to the study of cybercrime from a criminological perspective.
   1. Digital forensics
   2. Criminology
   3. Cybercriminology
   4. Cybersecurity
2. The CISA is organized into three divisions centered on particular areas of focus within critical infrastructure protection—cyber protection, infrastructure resilience, and _____________________.
   1. due diligence
   2. emergency communications
   3. infrastructure security
   4. technology development
3. __________________ is defined as efforts to protect the confidentiality, integrity, and availability of information technology infrastructure.
   1. Digital forensics
   2. Hacktivist
   3. Cybercriminology
   4. Cybersecurity
4. Which of the following is not one of the five pillars identified in the DHS cybersecurity strategy?
   1. Risk identification
   2. Vulnerability reduction
   3. Threat reduction
   4. Continuing education
5. ________________ refers to the scope of electronic targets that are vulnerable to potential malicious action.
   1. Attack Surface
   2. Dark Web
   3. Risk Plane
   4. Zero Days
6. Which one of the following threats would NOT be considered to be a category of cybersecurity threats?
   1. Hacktivists
   2. Malicious insiders
   3. Spies
   4. Transportation

True/False

1. The scope of cybersecurity threats that exists today is vast.
   1. True
   2. False
2. Every federal agency has employees working on cybersecurity initiatives.
   1. True
   2. False
3. DHS is responsible for protecting the web servers of all non-military federal agencies.
   1. True
   2. False
4. There are no jurisdictional challenges to investigating and prosecuting cybercriminals.
   1. True
   2. False
5. The primary difference between cybercriminals and other types of criminals is their specific motivations.
   1. True
   2. False
6. Hacktivists are hackers who use their skills for the purposes of political and social activism.
   1. True
   2. False
7. There is virtually no criminal action today that does not have at least some link to online activity.
   1. True
   2. False

Short Answer

1. Describe the different classifications of hackers.
   1. Hackers can be generally classified into three types: black hat hackers, who knowingly engage in illegal activities; white hat hackers, who carry out legal system penetration work within strict legal and ethical guidelines; and gray hat hackers, who engage in a mixture of legal and illegal activity.
2. Explain some of the PPP arrangements that can exist in the realm of cybersecurity.
   1. Student answer may vary but should include information about several of the following PPPs - legal contracts, information sharing partnerships, civic switchboard partnerships, and/or supply chains.
3. Summarize how anonymous browsers work.
   1. Anonymous browsers employ a combination of proxy servers—that is, they leverage intermediate computer servers used to communicate data requests—and blockers that eliminate or substantially limit the possibility of an Internet user being tracked and identified. The browser itself routes Internet data requests through a series of global proxy servers, or hops. This technology can make it appear that one who is browsing the web from a cafe in New Mexico is in fact located in a home in the Netherlands, for instance
4. What lessons can be learned from studying the Stuxnet virus?
   1. There are at least three broad lessons to be drawn from our understanding of the Stuxnet virus. First, in the absence of robust international laws and norms about cyber warfare, offensive cyber warfare capabilities—rather than defensive capabilities—may offer states the greatest strategic advantage. Second, the ability to strike first using previously unknown system vulnerabilities called zero days creates asymmetric benefits in cyber conflicts that are difficult to counter. It is worth noting that the United States government once held a near monopoly in developing offensive cyber warfare capabilities. And third, while offensive cyber warfare capabilities hold promise for the United States and its allies, governments must also take care in deploying offensive cyber weapons, since they can be re-used against the organizations that developed them.
5. Discuss the advances have been made to manage the growing interconnections among computer networks and critical infrastructure.
   1. In 2018 Congress established the Cybersecurity and Infrastructure Security Agency (CISA) as a component agency within DHS (superseding the national Programs and Protection Directorate). The agency’s mission is to protect national critical infrastructure by leveraging its partnerships with government agencies and private businesses. The CISA is organized into three divisions centered on particular areas of focus within critical infrastructure protection—cyber protection, infrastructure resilience, and emergency communications.

Short Essay

1. Cybercriminolgy is a relatively new academic discipline, where do you see the field moving in the next few years? Why?
2. Why is it important to treat cybersecurity and critical infrastructure protection in an integrated fashion?