CPT 282 Information System Security Final
A unique hexadecimal number that identifies your network card is called what?
A MAC address
What will law enforcement officials usually require of the victim in order to pursue harassment allegations?
A credible threat of harm
What is a cookie?
A small file made that contains data and then is stored on your computer
What class would the IP address of 193.44.34.12 be?
C
A document that defines how an organization deals with some aspect of security is a(n) __________.
Security policy
The IP address of 127.0.0.1 always refers to what?
Self
Which type of hacking occurs when the attacker monitors an authenticated session between the client and the server and takes over that session?
Session Hijacking
What can you do on your local computer to protect your privacy?.
Set your browser's security settings.
A seller bidding on her own item to drive up the price is referred to as what?
Shill bidding
The virus that infected Iranian nuclear facilities was exploiting vulnerability in SCADA systems.
Stuxnet
Vince Cerf invented what?
TCP
What protocol is used for remotely logging on to a computer?
Telnet
A file that stays in memory after it executes is a(n) _____________.
Terminate and Stay Resident program
The most common Internet investment fraud is known as what?
The Nigerian fraud
Tim Berners-Lee invented what?
The World Wide Web
What is the most likely problem with unsolicited investment advice?
The advice might not be truly unbiased.
How big is a TCP packet header?
The size is always 20 bytes
Identity theft is most often attempted in order to accomplish what goal?
To make illicit purchases
The TCP protocol operates at what layer of the OSI model?
Transport
Confidentiality, integrity, and availability are three pillars of the CIA triangle.
True
Malware is a generic term for software that has a malicious purpose.
True
Someone who breaks into a system legally to assess security deficiencies is a sneaker
True
The Domain Name Service is what translates human-readable domain names into IP addresses that computers and routers understand
True
The SANS Institute website is a vast repository of security-related documentation.
True
Internet addresses of the form www.unomaha.edu are called what?
Uniform resource locators
The cable used in networks is also referred to as what?
Unshielded twisted-pair
Passwords, Internet use, email attachments, software installation, instant messaging, and desktop configuration are areas of ______.
User policies
Your company is instituting a new security awareness program. You are responsible for educating end users on a variety of threats, including social engineering. Which of the following best defines social engineering?
Using people skills to obtain proprietary information
VI (value of information) = C (cost to produce) + ___________.
VG (value gained)
Which type of hacking occurs due to user interaction with a website?
Web Attack
Someone who finds a flaw in a system and reports that flaw to the vendor of the system is called a __________.
White Hat Hacker
Typically, when you update virus definitions _____________.
You are updating the virus definition file on your computer
A list of virus definitions is generally in a file with a ________ extension.
dat
A _________ involves setting up two firewalls: an outer and an inner firewall.
DMZ (demilitarized zone)
A protocol that translates web addresses into IP addresses is called what and Operates on port 53?
DNS
The plan to return a business to full normal operations is ____________.
DRP
Which layer of the OSI model is divided into two sublayers?
Data link
Data stored in computer systems has a high value because there is a great deal of time and effort that goes into creating an analyzing it and ________________.
Data often has intrinsic value.
In which type of hacking does the user block access from legitimate users without actually accessing the attacked system?
Denial of Service
Which of the following is NOT an example of industrial espionage?
Denial-of-service attack
A(n) ________attack on data can include stealing or destroying data.
Economic
According to the U.S. Department of Justice, identity theft is generally motivated by what?
Economic gain
__________ is the most obvious reason for organizations to provide their users with Internet access.
______________ is the process to scramble a message or other information so that it cannot be easily read.
Encryption
In May 2007, government offices of _________ were subjected to a mass denial-of-service attack because some people opposed the government's removal of a Russian WWII memorial.
Estonia
Which of these is a repository for detailed information on virus outbreaks? (Information includes how a virus spreads, ways to recognize the virus, and, frequently, specific tools for cleaning an infected system.)
F-Secure
Auditing is the process to determine if a user's credentials are authorized to access a network resource.
False
Software that lays dormant until some specific condition is met is a Trojan horse
False
The Health Insurance Portability and Accountability Act of 1996 requires government agencies to identify sensitive systems, conduct computer security training, and develop computer security plans.
False
The technique for breaching a system's security by exploiting human nature rather than technology is war-driving
False
The type of hacking that involves breaking into telephone systems is called sneaking.
False
A(n) __________ is a basic security device that filters traffic and is a barrier between a network and the outside world or between a system and other systems.
Firewall
Which of these is NOT one of the two basic types of cryptography?
Forward
What protocol is used for web pages, and what port does it work on?
HTTP, port 80
The process to make a system as secure as it can be without adding on specialized software or equipment is _______________. a. Securitizing b. Hardening c. Routing d. None of the above
Hardening
The virus scanning technique that uses rules to determine if a program behaves like a virus is _________ scanning.
Heuristic
The simplest device for connecting computers is called what? Connects many computers and sends packets out every port.
Hub
Which utility gives you information about your machine's network configuration?
IPConfig
Why is it useful to have a separate credit card dedicated to online purchases?
If the credit card number is used illegally, you will limit your financial liability.
______________ is the use of spying techniques to find out key information that is of economic value.
Industrial espionage
Why is cyber stalking a serious crime?
It can be a prelude to a violent crime.
If you are a victim of cyber stalking, what should you do to assist the police?
Keep electronic and hard copies of all harassing ommunications.
With asymmetric cryptography a different ______ is used to encrypt the message and to decrypt the message.
Key
You would set a ___________ to prevent users from immediately changing their password several times in one day to return to the current password. This is particularly important if your password policy has a history depth of five.
Minimum password age
On a server, you should create your own accounts with ________ that do not reflect their level of permission. a. Names b. Numbers c. Passwords d. None of the above
Names
The point where the backbones of the Internet connect is called what?
Network access points
What is a NIC?
Network interface Card
What is the first step in protecting yourself from identity theft?
Never provide personal data about yourself unless absolutely necessary.
The top rule for chat room safety is what?
Never use your real name or any real personally identifying characteristics.
For an individual machine that is not running firewall software, you do not directly close ports. You shut down the _________ using that port. a. Patch b. Router c. Probe d. None of the above
None of the above
Probing your network for security flaws should occur once a quarter, and a complete audit of your security should be completed ________ per year. a. Once b. Twice c. Three times d. None of the above
Once
Which of the following is an activity that falls into a gray area and might be acceptable Internet use in some organizations but not others?
Online shopping during a break time
The first rule of computer security is to check ___________.
Patches
Someone who legally breaks into a system to assess security deficiencies is a __________.
Penetration tester
Any _________ you do not explicitly need, should be shut down.
Ports
If you are posting anonymously in a chat room and another anonymous poster threatens you with assault or even death, is this person's post harassment?
Probably not because both parties are anonymous, so the threat is not credible.
A(n) __________ hides the internal network's IP address and presents a single IP address to the outside world.
Proxy server
Artificially inflating a stock in order to sell it at a higher value is referred to as what?
Pump and dump
The connect used with network cables is called what?
RJ-45
A device used to connect two or more networks is a what?
Router
Which of these is a repository of security-related documentation and also sponsors a number of security research projects?
SANS Institute
What protocol is used to send email, and on what port does it work?
SMTP, port 25
The virus scanning technique that means you have a separate area isolated from the operating system in which a file is run, so it won't infect the system is ________.
Sandbox
A T1 line sends data at what speed?
1.54Mbps
Which of the following is not a valid IP address?
295.253.254.01
A good password has at least ______ characters.
8
What percentage of cyber stalking cases escalate to real-world violence?
About 19%
Which U.S. government agency created the distributed network that formed the basis for the Internet?
Advanced Research Projects Agency (ARPA)
A password policy for a 90- or 180-day replacement schedule is called password ________.
Age
What is cyber stalking?
Any use of electronic communications to stalk a person
Which of these is the process to determine if the credentials given by a user or another system are authorized to access the network resource in question?
Authentication
Which of the following was one of the three universities involved in the original distributed network setup by a government agency?
Berkeley
Someone who gains access to a system and causes harm is a __________?
Black hat hacker
Using the __________ cipher you choose some number by which to shift each letter of a text.
Caesar
Unshielded twisted-pair cable capable with a specification of 100 MHz/100 Mbps is also called Category ________. Which is used by most networks.
Category 5 cable
Chinese hackers whose stated goal is to infiltrate Western computer systems are called the ___________.
China Eagle Union
Which of these was the first computer incident-response team?
Computer Emergency Response Team (CERT)
A black hat hacker is also called a __________.
Cracker
__________ is the art to write in or decipher secret code.
Cryptography
___________ is the premeditated, politically motivated attack against information computer systems, computer programs, and data that results in violence against noncombatant targets by subnational groups or clandestine agents.
Cyberterrorism
