54. The major reason for the inability to calculate the risk resulting from computer crime is due to:
a. Known misbehavior of unknown perpetrators
b. Unknown misbehavior of unknown perpetrators
c. Unknown misbehavior of known perpetrators
d. Known misbehavior of known perpetrators
54. b. It is difficult to assess or predict the future of unknown misbehavior of unknown perpetrators.
55. The white-collar criminal tends to be:
a. System-motivated
b. Greed-motivated
c. Technology-motivated
d. Situation-motivated
55. d. The white-collar criminal tends to be situation-motivated, meaning that a change in his personal lifestyle and job status can make him commit crime.
System-motivated and technology-motivated actions are suitable for a career criminal, not for a white-collar criminal. Greed-motivated is the underlying and lower-level need for all criminals whether it is white-collar, blue-collar, or career criminals, but situation-motivated is a higher-level need suitable to the white-collar criminals.
56. Which of the following is a key to a successful computer crime?
a. System complexity
b. System users
c. Human skills
d. System predictability
56. d. Predictability is a key to successful crime as hackers know how the system works. System complexity is a deterrent to crime to a certain extent; system users, and people in general, are unpredictable. Human skills vary from person to person. Computers perform functions the same way all the time given the same input. This consistency opens the door to computer crime.
57. Computer crimes can be minimized with which of the following situations?
a. Static controls and variable features
b. Dynamic controls and variable features
c. Static controls and static features
d. Dynamic controls and static features
57. b. Both controls and features of a system can be manual and/or automated. The key is to vary both of them to prevent predictability of the nature of their operation. The degree of variation depends on the criticality of the system in that the greater the criticality the higher the variation.
58. Which of the following should be subject to confidentiality controls?
a. Copyrights
b. Patents
c. Trade secrets
d. Trademarks
58. c. Because trade secrets are the targets for employees and industrial espionage alike, they should be subject to confidentiality controls, whereas copyrights, patents, and trademarks require integrity, authenticity, and availability controls.
59. A person threatening another person through electronic mail is related to which of the following computer-security incident types?
a. Denial-of-service
b. Malicious code
c. Unauthorized access
d. Inappropriate usage
59. d. An inappropriate usage incident occurs when a user performs actions that violate acceptable computing-use policies. E-mail harassing messages to coworkers and others are an example of inappropriate usage actions.
A denial-of-service (DoS) attack prevents or impairs the authorized use of networks, systems, or applications by exhausting resources. Malicious code includes a virus, worm, Trojan horse, or other code-based malicious entity that infects a host. Unauthorized access is where a person gains logical or physical access without permission to a network, operating system, application system, data, or device.
60. A compliance auditor’s working papers should:
a. Provide the principal support for the auditor’s report
b. Not contain critical comments about information security management
c. Not contain IT management’s comments and concerns
d. Be considered a substitute for computer system logs and reports
60. a. The purpose of audit working papers is to document the audit work performed and the results thereof. The other three choices are incorrect because the auditor’s working papers can contain comments about information security management as well as IT management responses to the recommendations. The audit working papers are not a substitute for computer system logs and reports because it is the auditor’s own work product supporting the auditor’s report.
61. Which of the following produces the best results when data is recent; although, it is less comprehensive in identifying infected hosts?
a. Forensic identification
b. Active identification
c. Manual identification
d. Multiple identification
61. a. If forensic identification data is recent, it might be a good source of readily available information; although, the information might not be comprehensive in identifying infected hosts for legal evidence. The other three choices do not produce legal evidence.
62. Which of the following is preferred when other methods are insufficient in identifying infected hosts?
a. Forensic identification
b. Active identification
c. Manual identification
d. Multiple identification
62. c. Manual identification methods are generally not feasible for comprehensive enterprisewide identification, but they are a necessary part of identification when other methods are not available and can fill in gaps when other methods are insufficient.
63. From a log management perspective, logon attempts to an application are recorded in which of the following logs?
1. Audit log
2. Authentication log
3. Event log
4. Error log
a. 1 only
b. 2 only
c. 1 and 2
d. 3 and 4
63. c. Audit log entries, also known as security log entries, contain information pertaining to audited activities, such as successful and failed logon attempts, security policy changes, file access, and process execution. Some applications record logon attempts to a separate authentication log. Applications may use audit capabilities built into the operating system or provide their own auditing capabilities.
Event log entries typically list all actions that were performed, the date and time each action occurred, and the result of each action. Error logs record information regarding application errors, typically with timestamps. Error logs are helpful in troubleshooting both operational issues and attacks. Error messages can be helpful in determining when an event of interest occurred and identifying important characteristics of the event.
64. From a log management perspective, which of the following provides more information on the results of each action recorded into an application event log?
a. Date each action occurred
b. What status code was returned?