Module 1 Practice Quiz
docx
keyboard_arrow_up
School
Centennial College *
*We aren’t endorsed by this school
Course
221
Subject
Information Systems
Date
Dec 6, 2023
Type
docx
Pages
3
Uploaded by ChefSnow21562
Module
1
Practice
Quiz
®
Question
1
-
Unsecure
protocols
are
classified
as
which
type
of
vulnerability?
Third-party
vulnerability
Patching
vulnerability
Platform
vulnerability
v
Configuration
vulnerability
Feedback:
Correct.
Unsecure
protocols
are
caused
by
devices
with
weak
protocol
configurations.
®
Question
2
-
MegaCorp
is
a
multinational
enterprise.
Their
customer
payment
files
were
recently
stolen
and
sold on
the
black
market.
Customers
have
reported
that
their
credit
cards
are
being
charged
for
fraudulent
purchases
made
in
countries
where
they
do
not
live
and
have
never
been.
What
is
the
most
likely
impact
on
MegaCorp
from
this
attack?
v
Reputation
loss
Identity
theft
Availability
loss
Data
loss
Feedback:
Correct.
The
breach
at
MegaCorp
will
most
likely
cause
the
enterprise
reputation
loss.
Their
customers
will
feel
that
the
enterprise
does
not
value
the
security
of
personal
payment
information
and
does
not
want
to
risk
another
breach.
€
Question
3
-
A
weakest
link
vulnerability
can
be
caused
by
mismanagement
of
which
of
the
following?
v
Vendor
management
Patching
firmware
X
Outsourced
code
development
Data
storage
Feedback:
Incorrect.
Mismanagement
of
outsourced
code
development
does
not
cause
weakest
link
vulnerabilities.
©
Question
4
-
Your
company's
Accounts
Payable
department
reports
that
an
invoice
was
marked
as
paid,
but the
vendor
has
shown
proof they
never
received
any
of
the
$783,296
payment.
Accounts
Payable
confirms
that
the
amount
was
deducted
from
the
company's
accounts,
but the
recipient
account
number
does
not
match
the
vendor's.
After
an
investigation,
you
discover
that the
invoice
was
paid
by the
Chief
Financial
Officer.
He
says
he
paid
the
invoice
after
receiving
an
after-hours,
past-due
invoice
from
the
vendor
claiming
that
they
would
be
filing
a
civil
action
in
court
the
next
morning.
Rather
than
wait
for
Accounts
Payable
to
come
in
the
next
day
and
verify
the
invoice
date,
the
CFO
immediately
paid
the
full
amount.
Which
type
of
social
engineering
attack
was
your
company
most
likely
the
victim
of?
Phishing
v
"
Whaling
Hoax
Credential
harvesting
Feedback:
Incorrect.
Hoax
attacks
are
used
to
convince
people
to
change
security
configurations
or
delete
essential
files.
®
Question
5
-
What
is
it
called
when
a
threat
actor
takes
information
for
the
purpose
of
impersonating
someone?
Data
exfiltration
Data
breach
v
Identity
theft
Data
loss
Feedback:
Correct.
Identity
theft
occurs
when
a
threat
actor
steals
personally
identifiable
information
to
impersonate
someone
else.
®
Question
6
-
Recently,
a
computerized
electrical
power
supply
unit
failed
due
to
a
cyberattack.
This
resulted
in
a
power
grid
disruption
for
an
entire
region
of
the
country.
In
your
study
on
the
attack,
how
should
you
categorize
the
threat
actor(s)?
Grey
hat
hacker
v
Cyberterrorist
Shadow
IT
Hacktivist
Feedback:
Correct.
Cyberterrorists
attack
a
nation's
network
and
computer
infrastructure
to
cause
disruption
and
panic
among
citizens.
©
Question
7
-
A
threat
actor
employed
by
the
victimized
organization
is
referred
to
as
which
of
the
following?
X
Broker
v
Shadow
IT
Cyberterrorist
Competitor
Feedback:
Incorrect.
Brokers
sell
their
knowledge
of
a
weakness
to
other
attackers
or
governments.
®
Question
8
Over
the
last
few
years,
an
organization
has
brought
up
the
need
to
replace
old
systems.
While
the
organization
has
made
these
old
systems
function
with
various
workarounds,
custom
middleware
applications,
and
other
methods
to
make
up
for
their
shortcomings,
it
has
become
increasingly
apparent
that
they
need
to
be
replaced
soon.
Which
of
the
following
security
concerns
does
the
company
face
if
they
continue
to
use
the
outdated
systems?
The
age
of
the
systems
means
they
use
insufficient
hardware,
making
it
impossible
to
secure
communications
between
them
and
more
modern
devices.
The
age
of
the
systems
means
they
are
accessible
from
virtually
anywhere,
making
them
vulnerable
to
security
breaches
from
outside
actors.
The
age
of
the
systems
means
they
need
numerous
entry
points
from
the
outside,
making
the
platforms'
security
impossible
to
configure.
v
The
age
of
the
systems
means
they
run on
outdated
OSs
that
are
no
longer
supported,
making
security
updates
impossible
to
install.
Feedback:
Correct.
Legacy
platforms
often
run on
outdated
and
unsupported
operating
systems.
Outdated
OSs
are
less
likely
to
receive
security
updates
because
there
is
limited
hardware
capacity,
an
application
that
only
operates
on
the
outdated
version,
or
organizational
neglect.
Unsupported
OSs
don't
receive
updates
because
developers
no
longer
spends
resources
on
creating
them.
®
Question
9
Which
of
the
following
describes
state
actors using
advanced
tools
to
infect
a
system
to
silently
and
slowly
extract
data?
v
Advanced
persistent
threat
(APT)
Social
engineering
System
integration
Outsourced
code
Feedback:
Correct.
Advanced
persistent
threats
(ATP)
are
state
actors
often
involved
in
multiyear
intrusion
campaigns
targeting
highly
sensitive
economic,
proprietary,
or
national
security
information.
®
Question
10
Which
of
the
following
is
a
social
engineering
attack
that
uses
social
media
and
other
sources
to
achieve
its
goal?
v
Hybrid
warfare
influence
campaign
Cyberterrorism
Dumpster
diving
Vishing
Feedback:
Correct.
A
combination
of
influence
campaign
types
designed
to
sway
attention
and
sympathy
in
a
particular
direction.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help