1. Joe Smith works in the IT department of a large industrial company. He is tasked with maintaining IT security for the company. He also teaches a night class at the local career tech center. He has overheard several of the students in the class talking about a software tool they downloaded that would allow them to launch automated software attacks. If the students were to use this software, what category of attacker would these students be considered? Cyberterrorists Brokers Insiders Cybercriminals Script Kiddies 2. Sally Wilson works for a small retail business and provides all IT support for the company. As part of her job, Sally has recently been tasked with ensuring that all IT systems are secured appropriately. To ensure company-wide IT security, Sally implemented a security awareness training program for all employees. After this training was completed, an employee informed Sally about the following situation: 1. The employee (Jim) mentioned that he was at a party and was befriended by a person that knew several of his other friends. This "new friend" began asking him about the company he worked for and was particularly interested in his company's marketing strategy for a new product being developing when Jim mentioned that he was the marketing manager. Jim was concerned and cautious as to any company information he provided. 2. As the party progressed, a drinking game was initiated which required players to provide information like: family member names, pet names, previous addresses, favorite colors and flowers, and a variety of other personal information. 3. A week for so after the party, Jim noticed that sporadically his email account would be locked out, and he would be required to reset his password to gain access. This occurred on several times and was continuing to occur. 4. Jim also received an email that indicated that his system password needed to be changed, and a URL was provided to access the web location for making the change. Sally was concerned that someone might be trying to hack into Jim's email and corporate access account. What security attack topic should she review with the company employees that was more than likely the beginning of this situation? Identity Theft Password Cracking Social Engineering Hoaxes Spear Phishing Dumpster Diving 3. George Mills works for a government agency in the IT security department. Upon arriving at work, he reviewed last night's network security logs and found indications that there was potential for a network security breach. Upon further inspection, it seems that an intruder from the Internet gained access to the internal network, accessed a server with enhanced privileges via a documented OS flaw, and installed a keylogger. Which of the following security defenses seem to be deficient in this situation? (Choose three) effective backup strategy implementation of least privilege regular operating system patching Up-to-date malware software proper firewall rules.