65. Question 65 Which feature of this email is a red flag, indicating that it may...

65.

Question 65

Which feature of this email is a red flag, indicating that it may be a phishing attack and not a legitimate account warning from PayPal?

<<insert Paypal phishing email graphic>>

1 point

Poor quality layout.

Suspicious attachments.

There is a hyperlink in the body of the email.

Generic greetings and signature.

66.

Question 66

Which three (3) of these are PCI-DSS requirements for any company handling, processing or transmitting credit card data? (Select 3)

1 point

Assign a unique ID to each person with computer access.

Restrict access to cardholder data by business need-to-know.

Restrict physical access to cardholder data.

All employees with direct access to cardholder data must change their passwords monthly.

67.

Question 67

Stolen credit card numbers are sold to brokers who resell them to carders who use them to buy prepaid credit cards that are then used to buy gift cards that will be used to buy merchandise that is shipped to a reshipper who sends it on to its final destination before it is sold for profit.

Why is such a complex process used instead of simply using the stolen numbers to buy the products that are desired?

1 point

If done quickly, there is a multiplying effect in play. The stolen credit card can be used to buy 3 or 4 prepaid cards each valued at the credit limit of the original card. The same is true for using each prepaid card to buy multiple gift cards and each gift card to buy more merchandise than its face value.

It is easier to get approval to use a credit card to purchase a prepaid credit card than to it is to purchase merchandise.

Because stolen cards can rarely be used directly to purchase merchandise.

To make the end-to-end transaction very difficult to follow.

68.

Question 68

According to a 2018 Ponemon study third party risk management, which three (3) of these were identified as best practices? (Select 3)

1 point

Frequent review of third-party management policies and programs.

An inventory of all third parties with whom you share information.

Requirement that all third-parties are bonded against data loss in the event of a breach.

Evaluation of the security and privacy practices of all third parties.

69.

Question 69

You get a phone call from a technician at the "Windows company" who tells you that they have detected a problem with your system and would like to help you resolve it. In order to help, they need you to go to a web site and download a simple utility that will allow them to fix the settings on your computer. Since you only own an Apple Mac, you are suspicious of this caller and hang up. What would the attack vector have been if you had downloaded the "simple utility" as asked?

1 point

Phishing

Remote Desktop Protocol (RDP)

Malicious Links

Software Vulnerabilities

70.

Question 70

Very provocative articles that come up in news feeds or Google searches are sometimes called "click-bait". These articles often tempt you to link to other sites that can be infected with malware. What attack vector is used by these click-bait sites to get you to go to the really bad sites?

1 point

Remote Desktop Protocol (RDP)

Malicious Links

Software Vulnerabilities

Phishing