CTI 120 Final Exam
a. authentication (1) b. authorization (2) c. confidentiality (3) d. cybercrime (4) e. exploit kit (5) f. identity theft (6) g. insiders (7) h. integrity (8) i. threat vector (9)
(matching questions chapter 1) 1. steps that ensure that the individual is who he or she claims to be 2. the process of providing proof of genuineness 3. the act of providing permission or approval to technology resources 4. targeted attacks against financial networks, unauthorized access to information, and the theft of personal information 5. automated attack package that can be used without an advanced knowledge of computers 6. stealing another person's personal information, such as a Social Security number, and then using the information to impersonate the victim, generally for financial gain 7. employees, contractors, and business partners who can be responsible for an attack 8. security actions that ensure that the information is correct and no unauthorized person or malicious software has altered the data 9. the means by which an attack could occur a. authentication b. authorization c. confidentiality d. cybercrime e. exploit kit f. identity theft g. insiders h. integrity i. threat vector
a. adware b. bot herder c. botnet d. feature update e. firewall f. logic bomb g. signature file h. worm i. zombie
(matching questions chapter 3) 1. A software program that delivers advertising content in a manner that is unexpected and unwanted by the user 2. An attacker who controls a botnet 3. A logical computer network of zombies under the control of an attacker 4. Enhancements to the software to provide new or expanded functionality, but do not address security vulnerability 5. Hardware or software designed to limit the spread of malware 6. Computer code that lies dormant until it is triggered by a specific logical event 7. A database of viruses that is used to identify an infected file 8. A malicious program designed to enter a computer via a network 9. An infected computer that is under the remote control of an attacker a. adware b. bot herder c. botnet d. feature update e. firewall f. logic bomb g. signature file h. worm i. zombie
false
Data backups only protect data against computer attacks. true or false
true
Virtually anyone could type in a person's username and pretend to be that person. true or false
b. dumpster diving
Which technique might an attacker employ to find documents that may reveal the true level of security within an organization? a. Pretexting b. Dumpster diving c. Vishing d. Shoulder surfing
d. denying services
Botnets can flood a Web server with thousands of requests and overwhelm it to the point that it cannot respond to legitimate requests. What is this called? a. spamming b. spreading malware c. manipulating online polls d. denying services
c. 853 million
From January 2005 through July 2015, approximately how many electronic data records in the United States were breached, exposing to attackers a range of personal electronic data, such as address, Social Security numbers, health records, and credit card numbers? a. 456,000 b. 22 million c. 853 million d. 660 billion
b. TCP/IP
HTTP is based on which larger set of standards for Internet communication? a. IEEE 802.11 b. TCP/IP c. IPX/SPX d. NetBEUI
b. by using a common Internet protocol
How do attackers today make it difficult to distinguish an attack from legitimate traffic? a. by using simple scripting b. by using common Internet protocols c. by using diverse interfaces d. by using a common language
c. 30
In the U.S., if a consumer finds a problem on her credit report, she must first send a letter to the credit-reporting agency. Under federal law, how many days does the agency have to investigate and respond to the alleged inaccuracy and issue a corrected report? a. 15 b. 45 c. 30 d. 60
d. hacker
In the past, which term was commonly used to refer to a person who uses advanced computer skills to attack computers? a. slacker b. black-hat c. white-hat d. hacker
true
It is recommended that a copy of a data backup be stored at an off-site location. true or false
false
Malware usually enters a computer system with the user's knowledge. true or false
false
There is a straightforward and easy solution to securing computers. true or false
true
Today, many attack tools are freely available and do not require any technical knowledge to use. true or false
c. HIPPA
Under which law must healthcare enterprises guard protected health information and implement policies and procedures to safeguard it, whether it be in paper or electronic format? a. Sarbox b. GLBA c. HIPAA d. COPPA
true
Web servers distribute HTML documents based on a set of standards, or protocols, known as the Hypertext Transport Protocol (HTTP). true or false
c. HTML
What do Web authors use to combine text, graphic images, audio, video, and hyperlinks into a single document? a. IPL b. XSLT c. HTML d. SGML
c. HTML5
What standardizes sounds and video format so plug-ins like Flash are no longer needed? a. IMAP4 b. JavaScript c. HTML5 d. SMTP
true
With blocked top-level domain lists, email from entire countries or regions can be blocked and treated as spam. true or false
a. Authentication (1) b. Brute force attack (2) c. Dictionary attack (3) d. Password (4) e. Shoulder surfing (5) f. Social engineering (6) g. Typo squatting (7) h. Vishing (8) i. Whaling (9)
(matching questions chapter 2) 1. The steps that ensure that the individual is who he or she claims to be 2. A password attack in which every possible combination of letters, numbers, and characters is used to match passwords in a stolen password file 3. A password attack that compares common dictionary words against those in a stolen password file. 4. A secret combination of letters, numbers, and/or symbols that serves to authenticate a user by what he or she knows 5. Viewing information that is entered by another person 6. Grouping individuals and organizations into clusters based on an affiliation 7. Redirecting a user to a fictitious website based on a misspelling of the URL 8. A phishing attack in which the attacker calls the victim on the telephone 9. A phishing attack that targets wealthy individuals
a. add-on b. attachment c. blacklist d. cookie e. extension f. image spam g. malvertising h. spam i. whitelist
(matching questions chapter 4) 1. Web browser addition that adds functionality to the entire web browser 2. File, such as a word processing document, spreadsheet, or picture, that is attached to an email message 3. A list of senders from whom the user does not want to receive any email 4. A file created by a web server and stored on the local computer that contains the user's preferences and other information 5. Web browser addition that expands the normal capabilities of a web browser for a specific webpage 6. Spam that uses graphical images of text in order to circumvent text-based filters 7. Attacks that are based on malicious code sent through third-party advertising networks so that malware is distributed through ads sent to users' web browsers 8. Unsolicited email 9. A list of senders from whom the user will accept email
c. LSO
A(n) ____________ is also called a Flash cookie, named after Adobe Flash. a. image spam b. Third-party cookie c. LSO d. First-party cookie
d. signature
AV software on a computer must have its ____ files regularly updated by downloads from the Internet. a. control b. program c. behavior d. signature
b. zombie
An infected robot computer is known as a ____. a. beachhead b. zombie c. bottle d. Trojan horse
c. every 12 months
How often does FACTA grants consumers the right to request one free credit report from each of the three national credit-reporting firms? a. every 18 months b. every 2 months c. every 12 months d. every 6 months
c. people
Information contained on devices is protected by three layers: Two of the layers are products and policies and procedures. What is the third layer? a. tools b. systems c. people d. applications
b. reading pane
Most email clients contain a ____ that allows the user to read an email message without actually opening it. a. safety pane b. reading pane c. sandbox pane d. preview pane
true
Most users actually receive only a small amount of spam in their local email inbox. The majority is blocked before it even reaches the user. true or false
false
Passwords are still considered a strong defense against attackers. true or false
false
Script kiddies typically have advanced knowledge of computers and networks. true or false
c. inversely proportional to
Security is ____ convenience. a. less important than b. more important than c. inversely proportional to d. proportional to
c. cyberterrorist
Terrorists who turn their attacks to the network and computer infrastructure to cause panic among citizens are known as which of the following? a. spies b. hackers c. cyberterrorists d. hacktivists
b. internet
The ____ is a worldwide set of interconnected computers, servers, and networks. a. Globalnet b. Internet c. Interweb d. NSFNet
b. World Wide Web
The ____ is composed of Internet server computers on networks that provide online information in a specific format. a. Internet Web b. World Wide Web c. Global Web d. World Web
c. IMAP
Using what email protocol can mail be organized into folders on the mail server and read from any device? a. POP3 b. HTML c. IMAP d. SMTP
d. private browsing
Using which Internet security best practice is information not saved by the browser, such as pages that are visited will not be recorded to history or the address bar? a. controlling cookies b. clearing the cache c. downloading files d. private browsing
c. authority
Using which Social engineering principle might an attacker impersonate a CEO of a company? a. Trust b. Urgency c. Authority d. Scarcity
a. viruses, trojans, and worms
What are the three types of malware that have the primary traits of circulation and/or infection? a. viruses, Trojans, and worms b. viruses, spyware, and Trojans c. worms, viruses and spyware d. Trojans, spyware, and adware
a. backdoor
What can an attacker use that gives them access to a computer program or service that circumvents normal security protections? a. backdoor b. botnet c. bot herder d. adware
d. change-of-address form
What can an attacker use to divert all mail to their post office box so that the victim is never aware that personal information has been stolen? a. mail redirect b. automatic forwarding c. mail bouncing d. change-of-address form
b. sandboxing
What can be used to run JavaScript in a restricted environment and limit what resources it can access? a. retaining wall b. sandboxing c. same origin d. firewall
d. cookies
What do web servers use to track whether a user has previously visited a web site? a. keylogger b. scripting language c. plug-ins d. cookies
a. cyberterrorism
What does the FBI define as any "premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against non-combatant targets by sub-national groups or clandestine agents?" a. cyberterrorism b. information warfare c. eTerrorism d. cyberware
c. vulnerability
What is a flaw or weakness that allows a threat agent to bypass security? a. risk b. threat c. vulnerability d. asset
d. embedded hyperlink
What is contained within the body of an email message as a shortcut to a website? a. spam filter b. attachment c. attached image d. embedded hyperlink
d. drive-by-download
What is it called when unsuspecting users visit an infected website and their browsers download code that targets a vulnerability in the user's browser? a. targeted spamming b. poison add-on c. corrupt plug-in d. drive-by-download
d. use technology for managing passwords
What is the best approach to establishing strong security with passwords? a. Keep a written log of your passwords b. Keep passwords short so you can remember them c. Use the same password for many sites d. Use technology for managing passwords
d. fair and accurate credit transactions act
What law contains rules regarding consumer privacy? a. Fair Credit Reporting Act b. Accurate Transactions Act c. Credit and Transactions Act d. Fair and Accurate Credit Transactions Act
b. social networking
What popular online activity involves grouping individuals and organizations into clusters or groups based on their likes and interests? a. social marketing b. social networking c. affiliate marketing d. affiliate networking
b. information security
What term is frequently used to describe the tasks of securing information that is in a digital format? a. network security b. information security c. information warfare d. information assurance
b. dictionary
What type of attack begins with the attacker creating digests of common dictionary words, and then comparing those in a stolen password file? a. brute force b. dictionary c. man in the middle d. hash
c. hoaxes
What type of attack is a false warning, often contained in an email message claiming to come from the information technology (IT) department? a. pretexting b. dumpster diving c. hoaxes d. vishing
c. identity thief
What type of attacker is most likely to use information you have posted about yourself on a social networking site? a. Dumpster diver b. Hoaxer c. Identity thief d. Phisher
b. Continuous backup
What type of backup is performed continually without any intervention by the user? a. Scheduled backup b. Continuous backup c. One-time backup d. 3-2-1 backup
c. keylogger
What type of device is inserted between the computer keyboard connection and USB port for the purposes of stealing information? a. backdoor b. rootkit c. keylogger d. zombie
b. ransomware
What type of malware can, for example, locks up a user's computer and then display a message that purports to come from a law enforcement agency that states the user must pay a fine for illegal activity? a. logic bomb b. ransomware c. zombie d. adware
a. logic bomb
What type of malware is typically added to a legitimate program but lies dormant until it is triggered by a specific event? a. logic bomb b. spam c. zombie d. ransomware
d. passwords management application
What type of program lets a user create and store multiple strong passwords in a single user database file that is protected by one strong master password? a. password fault program b. password vault program c. password generation program d. password management application
a. service pack
What type of software update is a cumulative package of all patches and feature updates? a. service pack b. patch group c. bulletin d. exploit
a. keylogger
What type of spyware silently captures and stores each keystroke that a user types on the computer's keyboard? a. keylogger b. worm c. backdoor d. rootkit
true
When creating passwords, the most important principle is that length is more important than complexity. true or false
d. An automobile
Where are you most likely to find a PKES system? a. A railroad car b. A government building c. An airplane d. An automobile
d. spear phishing
Whereas phishing involves sending millions of generic e-mail messages to users, which type of similar attack targets only specific users? a. vishing b. pharming c. whaling d. spear phishing
d. same origin
Which JavaScript defense restricts a JavaScript downloaded from Site A from accessing data that came from Site B? a. Destination filter b. Sandboxing c. Limit capabilities d. Same origin
a. User Account Control
Which Windows feature provides information to users and obtains their approval before a program can make a change to the computer's settings? a. User Account Control b. Application Modification Control c. System Settings Authorization d. Access Based Enumeration
a. insider
Which attacker category might have the objective of retaliation against an employer? a. insider b. state-sponsored attacker c. hactivist d. cybercriminal
b. organizational charts
Which document identifies individuals within the organization who are in positions of authority? a. System manuals b. Organizational charts c. Policy manuals d. Phone directories
c. GLBA
Which law requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information? a. Sarbox b. COPPA c. GLBA d. HIPAA
c. malvertising
Which of the following can be described as a poisoned ad attack? a. drive-by download b. script attack c. malvertising d. cookies
a. Availability
Which of the following ensures that data is accessible when needed to authorized users? a. Availability b. Integrity c. Non-repudiation d. Confidentiality
c. Integrity
Which of the following ensures that information is correct and no unauthorized person or malicious software has altered it? a. Protection b. Availability c. Integrity d. Confidentiality
b. extensions
Which of the following expands the normal capabilities of a web broswer for a specific webpage? a. Updates b. Extensions c. Plug-ins d. Add-ons
b. identity theft
Which of the following involves stealing another person's personal information, such as a Social Security number, and then using the information to impersonate the victim, generally for financial gain? a. Cyberterrorism b. Identity theft c. White hat hacking d. Digital fraud
a. identity theft
Which of the following involves using someone's personal information, such as a Social Security number, to fraudulently establish bank or credit card accounts? a. Identity theft b. Information theft c. Identity borrowing d. Property theft
c. Enhanced encryption algorithms
Which of the following is NOT a factor that contributes to difficulties faced in defending against attacks? a. Universally connected devices b. Faster detection of vulnerabilities c. Enhanced encryption algorithms d. Greater sophistication of attacks
b. disk drive formatting software
Which of the following is NOT a technology typically used by spyware? a. Tracking software b. Disk drive formatting software c. System modifying software d. Automatically download software
d. used on multiple accounts
Which of the following is a characteristic of a weak password? a. managed with a password manaqer b. uses a long string of characters c. cannot be easily memorized d. used on multiple accounts
d. Malware
Which of the following is a general term that refers to a wide variety of damaging or annoying software programs? a. Harmware b. Trashware c. Bloatware d. Malware
c. credit score
Which of the following is a numerical measurement used by lenders to assess a consumer's creditworthiness? a. credit level b. credit rank c. credit score d. credit report
a. trojan
Which of the following is a program advertised as performing one activity but actually does something else? a. Trojan b. virus c. worm d. rootkit
b. threat
Which of the following is a type of action that has the potential to cause harm? a. asset b. threat c. vulnerability d. threat agent
d. pretexting
Which of the following is described as an attacker who pretends to be from a legitimate research firm who asks for personal information? a. Dumpster diving b. Stealing c. Phishing d. Pretexting
b. Image spam
Which of the following uses graphical images of text in order to circumvent text-based filters? a. Java spam b. Image spam c. Flash spam d. PDF spam
a. the goal to be free from danger as well as the process that achieves that freedom
Which phrase best describes security? a. the goal to be free from danger as well as the process that achieves that freedom b. the protection of data from harm c. the procedures used to protect data d. the process of hiding sensitive data with the goal of maintaining privacy
c. patch
Which term can be described as a publicly released software security update intended to repair a vulnerability? a. control b. hole c. patch d. repair
d. threat agent
Which term is best described as a person or element that has the power to carry out a threat? a. risk b. attack agent c. vulnerability d. threat agent
c. Script kiddies
Which term is best described as individuals who want to attack computers yet who lack the knowledge of computers and networks needed to do so? a. Crackers b. Hackers c. Script kiddies d. Elites
a. phishing
Which type of attacks might send an e-mail or display a Web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information? a. Phishing b. Flashing c. Polling d. Pharming
c. worm
Which type of malware exploits a vulnerability on one system and then immediately searches for another computer on the network that has the same vulnerability? a. Trojan horse b. mass-mailer c. worm d. virus
c. rootkit
Which type of malware is a set of software tools used by an attacker to hide the actions or presence of other types of malicious software, such as Trojans, viruses, or worms? a. virus b. hacking kit c. rootkit d. worm
c. worm
Which type of malware self-replicates between computers (from one computer to another)? a. Trojan b. virus c. worm d. rootkit
b. rootkit
Which type of malware will hide or remove all traces of evidence that may reveal the malware, such as log entries? a. Adware b. Rootkit c. Trojan d. Virus
b. typo squatting
Which type of social engineering attack depends on the user incorrectly entering a URL? a. whaling b. typo squatting c. spear phishing d. vishing
b. add-ons
Which type of web browser enhancement can change browser menus or create additional toolbars? a. Plug-ins b. Add-ons c. Extensions d. Updates
b. code emulation
Which virus detection method creates a virtual environment that simulates the central processing unit (CPU) and memory of the computer? a. static analysis b. code emulation c. string scanning d. dynamic scanning
d. phishing
With which type of social engineering attack are users asked to respond to an email or are directed to a website where they are requested to update personal information, such as passwords or credit card numbers? a. pharming b. pretexting c. typo squatting d. phishing
a. Java
____ is a complete programming language that can be used to create stand-alone applications. a. Java b. Shell script c. WScript d. JavaScript
c. JavaScript
____ is a scripting language that does not create standalone applications. a. WebScript b. C# c. JavaScript d. Java
c. Spam filters
____ look for specific words and block email messages containing those words. a. Network filters b. Ad filters c. Spam filters d. Virus filters