lab 3 quiz

QUESTION 1

  1. In the lab case study, the organization that was hacked was a(n):
    individual merchant that accepted hundreds of thousands of credit card transactions.
    government agency that provided assistance to small and medium-sized businesses.
    IT firm that offered security solutions to merchants that accepted credit card transactions.
    third-party payment processor that collected thousands of transactions of businesses.

10 points

QUESTION 2

  1. PCI DSS enforcement and penalties for instances of noncompliance are dealt with by the:
    PCI Council.
    individual merchants.
    individual credit card companies.
    Better Business Bureau.

10 points

QUESTION 3

  1. The hacker who performed the attack on CardSystems Solutions used a __________ to place a snippet of code into the application and gain access through a Web application that customers used to access their data.
    Structured Query Language (SQL) injection
    Trojan
    brute-force attack
    worm-style attack

10 points

QUESTION 4

  1. The PCI Security Standards Council (PCI Council) that drafted and approved the PCI DSS standard is a(n):
    agency of the state government.
    agency of the federal government.
    group of credit card companies.
    alliance of merchants that accept credit cards.

10 points

QUESTION 5

  1. In June 2004, an external auditor:
    determined that CardSystems Solutions was in violation of several federal and state laws.
    found CardSystems Solutions to be noncompliant with PCI DSS.
    certified that CardSystems Solutions was PCI DSS-compliant.
    indicated that CardSystems Solutions was vulnerable to a security breach.

10 points

QUESTION 6

  1. PCI DSS consists of:
    6 security recommendations.
    12 security requirements.
    dozens of merchant best practices.
    hundreds of individual laws.

10 points

QUESTION 7

  1. The implementation of PCI DSS controls will:
    prevent even the most determined hacker from performing a successful attacking.
    provide a calculated level of due diligence to close virtually all attack channels.
    avoid unnecessary and expensive lawsuits that stem from company liability.
    ensure a stable and secure work environment for employees.

10 points

QUESTION 8

  1. PCI DSS standards require companies to:
    make privacy data available to government agencies.
    disclose privacy data to the PCI Council.
    not maintain or store any individual privacy data.
    use encryption methods to store privacy data.

10 points

QUESTION 9

  1. Ultimately, it was found that CardSystems:
    unnecessarily restricted access to cardholder data and improperly assigned IDs for persons with computer access.
    stored unencrypted data, failed to use proper security firewalls, and failed to maintain its antivirus definitions.
    was in violation of several federal criminal and civil statutes and should no longer be permitted to conduct business.
    had a history of compliance but that the attack had circumvented the company’s adequate security measures.

10 points

QUESTION 10

  1. The FTC found CardSystems Solutions and its predecessors __________ the FTC Act 15, U.S.C. §§ 41-58.
    compliant with
    criminally liable for circumventing
    negligent and in violation of
    guilty of fraud as outlined in

10 points

QUESTION 11

  1. In the lab case study, the breach by external hackers resulted in the:
    loss of vital company information.
    exposure of intellectual property.
    theft of privacy information.
    theft of medical health records.

10 points

QUESTION 12

  1. The attack on CardSystems Solutions could have been mitigated by:
    applying industry best practices for protecting the Workstation Domain.
    quality Web site design, secure coding, and internal firewalls.
    maintaining a security policy that does not permit remote access.
    effective and ongoing security training for employees.

10 points

QUESTION 13

  1. The “Prioritized Approach v2.0” document found in the PCI DSS supporting documents repository details the PCI DSS requirements and:
    prioritizes them in a to-do list resembling a Gantt chart.
    provides a letter grade for each one in terms of importance.
    indicates which individual in the firm is ultimately responsible for each task.
    lists them in alphabetical order for easy reference.

10 points

QUESTION 14

  1. PCI DSS is a compliance standard that helps __________ in companies.
    detect data breaches that have occurred
    prevent private data breaches
    assess the risk of data breaches
    determine the extent of data breach damage

10 points

QUESTION 15

  1. After the security breach at CardSystems Solutions, a security assessment of the security measures used at the company proved that the company:
    was fully PCI DSS-compliant.
    was not PCI DSS-compliant.
    had not followed industry best practices.
    was guilty of fraud.

10 points

QUESTION 16

  1. Data security compliance is not optional for companies like CardSystems Solutions because they collect and process:
    important technical data and statistics.
    private information and financial data.
    corporate and individual intellectual property.
    information that requires high-security clearance.

10 points

QUESTION 17

  1. Before PCI DSS was drafted:
    each credit card company had its own security requirements.
    each merchant had its own security requirements.
    the credit card industry maintained a standard set of security requirements.
    no credit card transactions could occur.

10 points

QUESTION 18

  1. PCI DSS standards include:
    installing a firewall and antivirus software and updating virus definitions on a consistent schedule.
    securing company information that could be used by other firms to gain an unfair trade advantage.
    documenting security breaches that affect the records of more than 100 individuals.
    maintaining an open line of communication with government agencies regarding security issues.

10 points

QUESTION 19

  1. The ultimate settlement in the case study required CardSystems and its successor to:
    do virtually nothing in terms of additional security measures, making the entire incident and its follow-up a failure.
    implement a comprehensive information security program and obtain audits by an independent third-party security professional every other year for 20 years.
    perform an annual internal security assessment that would determine the firm’s risks, threats, and vulnerabilities that could possibly be exploited.
    hire additional IT and security personnel to prevent similar attacks, as well as establish a procedure of performing annual internal audits.

10 points

QUESTION 20

  1. PCI DSS is actually a(n):
    payment method.
    merchant custom.
    federal law.
    industry standard.
 
Do you need a similar assignment done for you from scratch? We have qualified writers to help you. We assure you an A+ quality paper that is free from plagiarism. Order now for an Amazing Discount!
Use Discount Code "Newclient" for a 15% Discount!

NB: We do not resell papers. Upon ordering, we do an original paper exclusively for you.