Cybersecurity 1B Midterm and Final Study guide

¡Supera tus tareas y exámenes ahora con Quizwiz!

Just as the hunters and gatherers of long ago knew how to read their landscape for danger, we too must observe our online surroundings with the same degree of caution and good judgment.

True

collision

a situation where two inputs have the same output

attack signature

a unique of digital information left behind, like a fingerprint

attack tree

a visual tree-like design illustrating the stages of an attack

internal threats

breaches coming from inside security perimeters

vectors

directions providing information about the profile of a system's vulnerabilities

black hats

hackers looking to crack a locked system and gain illegal entry

When the term ethics is applied to online behavior and etiquette, the correct or acceptable way of communicating is known as what?

netiquette

subnetworks

networks divided into two or more

attack vectors

paths by which a system can be threatened

The Ten Commandments of Computer Ethics was created by the Computer Ethics Institute, a forum dedicated to doing what?

providing a moral compass for information technology

Advanced training in the area of computer forensics is still not part of the core education for most police academies, which means the practice of collecting digital evidence is what?

still a work in progress

Why were protocols using cryptography like Transport Layer Security (TLS) and its predecessor Secure Sockets Layer (SSL) developed?

to keep web browsing safe when moving between websites

About how much money is lost in productivity each year due to the time people spend deleting unwanted spam emails?

$2 billion

When did security experts begin using red team/blue team simulation exercises as a way to test IT systems more effectively?

1990s

According to experts, what percentage of the online information stored on the internet is actually accessible through search engines serving the general public?

4%

The number of sexual predators and online offenses has more than doubled in the last three years, with more than what percentage of that crime originating from social networking sites?

82 percent

What feature found in most modern-day cars has the potential to allow hackers to remotely gain control of a person's car when they are driving it?

Bluetooth and other internet-connected features

What U.S. government agency is tasked with keeping the public safe through anti-terrorism measures, border security, immigration, disaster prevention, and cybersecurity?

Department of Homeland Security (DHS)

A serious breach in online security can have a major impact on all areas of life, but only online, not in the real world.

False

Artificial intelligence has made spotting potential insider threats much more difficult.

False

Authentication measures the number of times an attacker successfully proves their identity to a target in order to protect their vulnerabilities.

False

Black hats find vulnerabilities that someone with bad intentions might try to exploit, and they report these back to the company rather than stealing data right then and there.

False

Computer incidents are always intentional and are never the product of human error or natural disaster.

False

Even though technology and the internet are growing, it is unnecessary for us to sacrifice any of our personal information in order to partake in what's happening online.

False

Evidence of any special skills like writing, public speaking, or leadership are irrelevant and should be left out of your portfolio and should not be included on your resume.

False

Hackers and cybercriminals who commit crimes almost always wear masks and carry guns, very similar to an old-fashioned bandit.

False

Hacking for the purpose of leaking data found in private systems is harmless and incapable of creating chaos.

False

In order to work as an ethical hacker, you must receive a formal education like a Master's degree in Ethical Hacking.

False

It is not necessary to take a virtual look around and assess what you see when entering a new domain in cyberspace.

False

Now more than ever, laws have nothing to do with what you do online.

False

One infected computer, somewhere thousands of miles from your own, does not have the power to negatively affect everyone's shared digital ecosphere.

False

People may take out insurance for information systems in order to transfer risk to a third party, rather than bearing it entirely on their own which makes the risk a bit more significant.

False

Steganography methods are never used together with encryption because making a user find the well-hidden information and then try to figure out what it means would be far too complicated.

False

Steve Jobs allegedly dabbled in both black and white hat activities during his time behind the screen, which is ultimately why he was arrested in 2017 at an IT conference.

False

The initial step part of developing your cybersecurity plan involves tracking progress and accurately identifying the strengths and weaknesses of your plan.

False

The reason why Aaron's Law and many others have not yet been enacted is a clear sign of just how slowly the problem of cybercrime is growing.

False

Things like authentication, integrity, and access are just cyber ideas floating out in the virtual world; they are not legitimate tools for fighting back against cyberattacks.

False

Very few to no white hats live in fear that their contributions to cybersecurity's well-being might somehow be misinterpreted by authorities investigating any unrelated criminal activity.

False

When developing an IRP, it's not important to define exactly what different words mean when describing a breach in security.

False

While older people are usually motivated to behave out of a fear of punishment, younger kids must connect personally to the rewards of ethical behavior and grasp the importance of making good choices in a more authentic way.

False

With encrypted message sending, devices on both ends will always have very different public and private keys; these always change between messages.

False

You should always be very commercial and generic in your depiction of yourself on your resume.

False

Your actions as a user are happening inside of the OS in the real, tangible world, while the digital actions happening behind your screen are taking place outside the OS.

False

What do we call a standard that enables public key encryption to protect emails and enables the Standard Mail Transfer Protocol (SMTP) to accept non-plain text attachments, such as images or audio files in email messages?

Secure Multipurpose Internet Mail Extension (S/MIME)

Pamela works in InfoSec, detecting and preventing cyber threats for her organization by finding infrastructure weaknesses, including software, hardware, and networks, and then protecting them through a variety of security measures. Pamela is a highly valued expert who is also tasked with planning and implementing all security approaches, establishing clear protocols to protect data, maintaining secure access only, and performing vulnerability testing and risk analyses. What is Pamela's job title?

Security Analyst

Charlotte works in InfoSec as a senior level employee. She is responsible for building and caring for the entire computer and network security through the design of an effective infrastructure. Essentially, Charlotte works to form a picture of her organization's IT needs, so they can create the right structure to house and protect it. What is Charlotte's job title?

Security Architect

Michael works in a senior-level InfoSec position where he tries to enhance the security of his organization by overseeing how IT measures are put into place and handled, as well as directing the way various resources are designed, managed, and shared, making sure everyone involved has the appropriate level of understanding and ability. What is the title of Michael's position?

Security Director

Although the fundamental theory of exchange was first applied to crimes of humanity, its basic principles can also be applied to technology and the investigation of cybercrime.

True

Approximately 71 percent of cyberattacks these days come from outside forces.

True

By identifying up front which files are corrupted and which are not, the data pool is reduced considerably.

True

By placing a system - like a firewall, switch, network device, server, workstation, or application - under a microscope and looking at it in every possible way, including how it interacts with its digital environment, all attack vectors become clearer.

True

Cyberattacks have recently become so sophisticated, they often combine many traditional exploits to create newer, better ones.

True

Cybercriminals often send out spam emails to obtain passwords, credit card numbers, or bank account details through the information they receive in an email.

True

Emails, texts, instant messages, transactions, images, and internet histories are examples of information that can be gathered and used effectively as evidence.

True

Ethical hacking is most commonly seen in the federal government and in large companies where information security can mean the difference between peaceful operations and a full-blown crisis.

True

Everything you share online, even if it is just among "friends," can easily become public in some way or another.

True

Hackers use software, data, or special commands in the form of code to attack these security holes and gain control over a computer system, access private information, create a denial of service situation, or some other similarly-styled attack.

True

If you are not conscious of the information you are sharing day after day after day, you could very well be giving a complete stranger all the tools they need to engineer the perfect social exploit, tailor-made just for you.

True

Just like the days of old, when enemies were defeated through awareness and skill, concerned users must continue their search for new ways to protect themselves using the resources, expertise, and knowledge available in the digital world today.

True

Many bits of smaller data can be put together to craft a larger understanding of more important and valuable information.

True

Paired with a VPN, Tor provides anonymity for the user whose data is encrypted and cannot be monitored by an external observer.

True

Salting the password brings back the uniqueness, just like table salt brings back flavor.

True

Source code is a collection of computer instructions written in readable programming language.

True

The baiting method should serve as a reminder that security is always about knowing who and what to trust.

True

The practice of CF collects, analyzes, and safeguards digital data involved in a security breach, as well as reports on any evidence it finds.

True

The process of trail obfuscation seeks to confuse or divert a forensic examination, so it loses the trail of the criminal.

True

The truth is that "unbreakable" security gets broken all the time, so perhaps the term "security" really means "secure until it's not."

True

The values, ideals, virtues, and standards we uphold as people dictate a lot of who we are, what we do, and why we do it.

True

Today, we can drop bombs from thousands of feet in the air and launch attacks on whole nations through the use of a computer keyboard.

True

Secret Service

U.S. agency focuses on identifying and locating international cyber criminals connected to varous online attacks around the world

Department of Homeland Security (DHS)

U.S. government agency tasked with keeping the public safe through anti-terrorism measures, border security, immigration, disaster prevention, and cybersecurity

After being the victim of a smishing incident, Terrell has decided to take some mobile precautions. What type of mobile precautions might Terrell take in order to secure and encrypt any communications transmitted between his mobile device and the internet?

VPNs and Wi-Fi Privacy

Future Business Leaders of America (FBLA)

a U.S. student-run career organization that connects business ad education to nation programming

To protect from rainbow table attacks and other brute force techniques, passwords are often 'salted' after they are hashed; what is salt?

a bit of randomized data inserted into a password so that the password is more likely to create a unique hash

computer forensics (CF)

a branch of science relating to devices, such as computers

shareware

a brand or propriety software which is initially free to users

What happens when a hacker uses a computer program to systematically run through a list of potential passwords until it can log in?

a brute force attack

darknet

a computer network with restricted access used mainly for underground activity

scanner

a device for examining, reading, or monitoring something

U.S. Computer Emergency Readiness Team

a federal department specifically dedicated to analyzing and reducing cyber threats and weakness

smishing

a form a phishing that happens over a text message

birthday attacks

a function that allows hackers to work out just how many options they need in a set to find collision

incident

a malicious event caused by something a person has done, leading to a disruption of services

handle

a nickname

Jamal is working on tracking, capturing, and examining data as part of a forensic investigation. While Jamal works with this problematic data, he needs to use an approved forensic toolkit and work on this data in what kind of system?

a non-infected system

alert

a notification that a particular event, or series of events, has occurred

What type of attack happens when a system is monitored or scanned for vulnerabilities by sitting back and gathering information before launching an exploit and is often used to plan an upcoming active attack?

a passive attack

portfolio

a personalized collection of materials used to market professional capabilities and illustrate job readiness

packet sniffer

a program that detects passwords and other sensitive information

What must the sending device generate in order to send an encrypted message?

a random encryption key that can only be used once for that specific message

Once a threat is set up to exploit your vulnerability, what develops as a result?

a risk

When a breach of some kind is detected (or occurs), what will the operations department of the DHS create?

a specially-made product outlining the problem and a viable solution

Secure Multipurpose Internet Mail Extension (S/MIME)

a standard that enables public key encryption to protect emails

rainbow table

a table with a huge set of precomputed hash function inputs and corresponding outputs

botnet

a whole network of compromised computers under the control of malicious actors=

resume

a written document containing the summary of your educational background and relative work experience

Even though it may feel like every single thing in this world can be found on the internet, in reality, Google has only indexed how much data?

about 200 terabytes of data, which translates into a mere 0.004 percent of the total internet

Sharing your personal computer or other electronic device with someone else, even a friend, has risks; that person might be able to access or modify some of your personal data. When you decide to go ahead and loan them your device, what approach are you taking to the perceived risk?

accepting it

What does free software like Tor provide for users?

access to an open network that exists outside of the world wide web

What metric shows you how a vulnerability is exploited through physical proximity?

access vector

During pentesting, once automated tools have identified a target, the user can switch to manual assessment in order to do what?

actively exploit the vulnerability

Darryl is using an attack tree to illustrate an attack that he is formulating with the ultimate goal of the attack being breaking into a bank safe. He places this goal at the top of the attack tree and uses the rest of the tree to illustrate what?

all of the possible ways his goal might be achieved

What does electromagnetic shielding use to isolate and protect electrical devices from outside currents and waves?

alloy materials like sheet metal, screens, or metal foam

zero-day exploit

an attack facilitated by undiscovered flaw in computer software that can be exploited quickly before the user has a chance to apply a patch

remote exploit

an attack that connects to the machine through an off-site network

local exploit

an attack that requires prior access to the system

certification

an official document attesting to your level of study and achievement

incident response plan (IRP)

an organized and already established approach to handling the fallout of a security breach or attack

In February 2017, during a project on game theory, AI showed aggression when it came close to losing, showing that AI has the ability to get what?

angry

What term refers to "anti" efforts that attempt to ruin and negate any electronic evidence that may exist, making these the natural enemy of crime-solving CF?

anti-computer forensics

Law enforcement agencies around the country (and the world) do their part to safeguard cyberspace through investigating what?

any reported computer crimes

Before the incredible level of access and connectivity that we have today with the internet, how would people generally find information?

at the library

Jennifer is developing a preventative strategy to help protect her online assets. She is currently working on considering all of the paths by which her system could be threatened so that she can properly defend these paths. What term describes what Jennifer is currently considering?

attack vectors

programmable logic controllers (PLCs)

automated actions for systems like assembly lines or robotic devices

What type of testing does not need human expertise, can be overseen by a person with minimal knowledge of the field, and is faster, more efficient, and less reliable because it is conducted by a computer?

automatic pentesting

You want to download a game app that looks really fun, but it's not in the official App Store. When you start to click through the download process, you realize it is also asking you to accept to give it access to contact information and other potentially personal data on your phone. You decide against downloading the game. What response to risk is described in this situation?

avoiding it

Applications that allow for remote access to computers are particularly susceptible to what kind of attacks due to the fact that they enable hackers to leverage undiscovered or secret methods with the goal of bypassing normal authentication systems?

backdoor attacks

The United States rolled out a $25 million dollar grant to support increased educational efforts in cybersecurity in 2015. Why was this a pivotal moment for virtual crime-fighters?

because it acknowledged the government's commitment to fighting cyberattacks with solid financial investment

As the internet continued to evolve into Web 2.0, why did perpetrators begin to view web applications as high-priority targets?

because the complexity of their source codes made locating vulnerabilities easier

Why did researchers from the U.S. Naval Laboratory originally create Tor?

because they needed to find ways to communicate freely without fear of detection

Why are behaviors and responses, like when we act on impulse or out of instinct, considered "bugs" or weaknesses in the human system?

because we can't necessarily control them

What type of testing method investigates areas of the internal structure, design, and implementation that have not been clearly identified?

black box testing

What are people looking to exploit the system for personal gain referred to as?

black hats

Even if the application you are using to protect yourself is basically secure, poor or irresponsible stewardship of your information can lead to what?

breaches in the increased security you are trying to foster

When including work samples in your portfolio, you should make sure that each sample includes a what?

brief description

Toby has been working on collecting tidbits over the past year from a financial firm's trash in an effort to eventually break into their system. Even though the financial firm has strict restrictions on access to their trash, Toby has been able to bypass these restrictions. How has Toby most likely done this?

by posing as a waste management collector looking to fix the dumpster or collect the debris

How does Tor aim to protect users?

by separating identification and routing and randomly bouncing communications through from hub to hub

How might time during the initial step of developing your new cybersecurity routine feel?

chaotic and unclear

hierarchy

classification according to importance and effect

chain of evidence

clues gathered through the forensic process to be presented in a legal setting

source code

collection of computer instructions written in readable programming language

Given the potential for a real career, there are plenty of organizations who encourage young hackers to learn more through what?

competitions, special educational programs, and online challenges

cybersecurity bootcamps

comprehensive, practical programs for launching a career in the field

ethical hackers

computer experts who use their vast knowledge and skill to beat black hats at their own game

terms of use

conditions under which someone can utilize the aspects of a product or service

risk assessment

considering the methods available for breaching a system

Jannah is a member of a special cyber incident response team (CIRT). Her team is currently working on a step in incidence response that involves disconnecting all affected systems and devices, thereby minimizing the damage. What step is Jannah's team currently working on in incidence response?

containment

payload

contents of a communication

netiquette

core rules regarding acceptable online behavior

If the rules surrounding online privacy were strictly maintained and observed, there would be no need for what?

cybersecurity

bug bounty programs

cybersecurity competitions used to earn money and a reputation

automated penetration testing (pentesting)

data collection, vulnerability assessment, actual target exploit, and report preparation all performed by computers

manual pentesting

data collection, vulnerability assessment, actual target exploiting, and report preparation all performed by humans

What process tries to make information hard to find but easy to retrieve and is used as a method of concealment by people who are typically trying to bog down a forensic investigation?

data hiding

Michael is an experienced hacker who utilizes a variety of attack methods to target his cyber victims. One of his favorite methods of attack is to try and log in by using a computer program to run through lists of common words. What is this attack method called?

dictionary attack

active attack

directly threatening a computer through overt action

What cyberattack approach takes helpful tidbits from the real world like sticky notes, calendars, mail, or phone lists found in the garbage and uses them to create virtual threats?

dumpster diving

open relays

email server that allows third-party sending of messages

When applying for a cybersecurity position, what does it mean to tailor your resume to meet the requirements of a particular position, as your experience will appear more applicable that way?

emphasizing what cyber-related things you have done in each of your past positions

When an event occurs, it can refer to something as simple as a user clicking a mouse or pressing a key, and it is tracked by a routine known as a what?

event handler

What term refers to the final phase of an attack when hackers finally get their hands on the data they want and take it, and if they're skilled enough, backing quietly out of the exploit without leaving a trace?

exfiltration

flaming

expressing strong opinion online without holding back any emotion

National Security Agency (NSA)

federal agency responsible for monitoring, collecting, and processing all the information and data for foreign intelligence and counterintelligence to protect the digital security of the U.S. communications networks and IT systems

Remembering that bullies are typically people who are in great pain and are trying to bring others down with them, and that person who is bothering you is likely in need of some serious help, has to do with what method of dealing with cyberbullies?

finding compassion

Evan works in digital or cyber forensics, examining and analyzing digital evidence associated with various cases. What are some examples of evidence that would most likely be examined in digital or cyber forensics?

flash drives, smartphones, digital cameras, or hard drives

How long does a copyright last?

for the life of the creator plus an additional 70 years

open-source software

free software with an open source code

Pretty Good Privacy (PGP)

freeware that provides encrypted email services to store files and send undetectable communications

Where does a trade secret get its value from?

from being kept a secret

If two different message inputs generate the same hash, they collide, and this collision is where a hacker can do what?

gain entry into a system

mind sports

games and challenges for the mind

white hats

hackers who identify security flaws in order to help companies

gray hats

hackers who sometimes violate laws or ethical boundaries without malicious intent

external threats

hacking campaigns exploiting outside security measures

advanced persistent threat

hacking effort typically arranged by several people looking to target one specific organization, entity or business for personal or political reasons

Mathis is an accomplished hacker who up until recently, has always hacked as a hobby. However, he was recently hired by the U.S. Department of Justice to assess international threats, spy on foreign governments, and occasionally undermine "enemy" systems. What is the motivation behind Milan's current hacking?

hacking with political motive

What kind of markers does file carving use to identify parts of a file, in addition to special algorithms designed to improve file recovery?

headers and footers

Hackers can be arranged into a what in order to classify them according to their importance and effect?

hierarchy

Technology is neutral; it can bring about our oppression or our liberation - the outcome depends on what?

how we, as humans, use the technology

intellectual property

ideas or inventions that need legal protection

hackers

individuals who use computers to gain access to unauthorized data

reconnaissance

information gathering through passive active methods to identify where an attack vector can be established

Inventions, literary and artistic works, symbols, names, and images used in different realms of business that require legal protection are referred to collectively as what?

intellectual property

black box testing

investigations of a system's internal structure, design, and implementation that have not been clearly identified

When sending encrypted messages, what happens to the randomly generated key produced by the sending device?

it is thrown away once the message is decrypted

Shondra recently experienced something online that made her feel very uncomfortable and concerned. How might referring to the Ten Commandments of Computer Ethics help Shondra?

it may help her verbalize and understand exactly how her rights, her work, or her information has been violated

How does the National Institute of Standards and Technology (NIST) and the SANS Institute's investigatory process differ from that of CIRT's?

it tends to be far more extensive and focuses not just on recovery and learning but on establishing the exact method and identity of the perpetrator

Jaleel lives in San Francisco where he is using a VPN to go online. How will this impact his cyber identity?

it will be hidden and appear to be coming from any number of global gateway cities

While the constitutional right to free speech protects much of what you say online, committing acts of cyberbullying can lead to what kind of criminal penalties?

jail time and fines of up to $2,500, based on the severity of the situation

Authorities can learn a lot about a person's movements and locations by tracking down what information from their cell phone?

last known cell towers pinged by the phone

enumeration

laying out each finding one by one

baiting

leaving an infected physical device around so someone will pick it up and use it to infect their own computer

José is a paid employee at a very popular apparel brand. Unfortunately, José has recently displayed a lack of netiquette with his online activity and as a result, he has not only suffered ethical and professional consequences, but because his company is pressing charges, he has also suffered from what other kind of consequences?

legal

What type of exploit requires prior access to the system meaning that it's usually performed by a hacker who has privileged information or existing access?

local exploit

When it comes to cybersecurity, what does the first step in self-protection involve?

looking critically at your own behavior and lifestyle

shoulder surfing

looking over someone's shoulder to find data for online exploits

dumpster diving

looking through someone's trash to find data for online exploits

optimize

making something (in this case, software) better and more effective

file carving

method to recover digital information without using the help of metadata or other guidance

damages

money paid in apology for some violation

When we assume particular privileges, or enjoy the benefits of certain things, what are examples of the price that we must (sometimes) pay for that convenience and pleasure, both online and offline?

money, time, effort, or privacy

Social media platforms can be powerful vehicles for what positive things?

news, education, and human connections

Black-box testing assumes that you have what kind of knowledge about the application you are testing?

no knowledge

In a recent 2017 survey of young internet users (ages 10-17), how many reported receiving unwanted sexual solicitations while online, ranging anywhere from lewd comments to requests for nude images to invitations for face-to-face meetings?

one in five

What are some of the skills taught at cybersecurity boot camps to create, express, and interpret different information and ideas, all of which can enhance any work environment?

oral and written communications

system description

part of the computer forensics process in which a step-by-step illustration of what the breach system does and how it factors into the overall organization is drawn up

media and artifact analysis

part of the computer forensics process where investigators identify which data has direct bearing on a case

collision domain

part of the network connected by a shared medium, where data packers might run into one another

What term refers to a grant from the government that gives exclusive rights to the person who created the invention and provides protection for a certain amount of time, during which no one can copy, sell, or use the product in any way?

patents

The primary goal of what phase in ethical hacking is to own the network, or at least to own it in as many different ways as possible with the intent of highlighting system flaws?

penetration testing

The Department of Defense (DOD), Central Intelligence Agency (CIA), National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) all have a high demand for what type of people?

people with technical skills and cybersecurity experience

defense posture

position of readiness protection

Information Security (infosec)

professional realm using electronic strategies to protect data from unauthorized use or attack

A great way to envision the notion of intellectual property is to consider the role of what in computing?

proprietary software

What allows an attacker to gather information through passive and active methods to identify where security penetration is possible, like how some traffic gets through the firewall, what hosts are on the network, and what services they have running?

reconnaissance

In order to protect yourself from the theft of valuable online assets, you must consider the methods available for breaching a system, otherwise known as what?

risk assessment

What term describes the act of deliberately destroying, damaging, or obstructing something?

sabotage

Faraday bag

safe storage for devices involved in a digital investigation because it blocks remote access and makes in impossible for hackers to destroy evidence

When an attack, exploit, or general incident occurs on a device, specific tests or techniques must be used to unravel the crime through a combination of what?

science, technology, and investigation

What type of things does the international non-profit organization WikiLeaks publish?

secret information, news leaks, and classified media from anonymous sources

web application security

security measures addressing the safety of websites and systems

Lominda is currently studying computer science in college and really wants to participate in a cybersecurity boot camp, but after doing some research, she has learned that they are very expensive, and she simply can't afford any of them. What would be the best option for Lominda to explore in order to attend a cybersecurity boot camp?

she could ask her college because many colleges offer free or affordable boot camps geared towards students

What term refers to a security breach that happens the old-fashioned way - by looking over someone's shoulder using keen observational skills and the right surroundings?

shoulder surfing

The way that people feel emboldened to curse at others or make obscene gestures while driving in a car is an example of how it feels more "doable" to act inappropriately in what situations?

situations when you're not physically close to your target

What is a form of phishing that is sent over a text message and has gained strength by being somewhat unexpected because most people tend to trust a text more than an email?

smishing

web application security scanners

software programs performs automatic testing on a web application to identify its weak points

propriety software

software with its own intellectual property rights

freeware

software with no available source code

phreak

someone who breaks into telephone networks illegally to tap phone lines or make free calls

event

something happening in the normal behavior of a system, process, or environment

What products can be copyrighted?

songs, photos, paintings, writings, sculptures, or even a performance of some kind

What email security method blocks spam by scanning messages for patterns or word sequences that come up again and again but is only partly effective and can result in some spammy leakage and "false positives" of valid messages being erroneously marked as unwanted?

spam filtering software

Even though a computer incident is defined a little differently based on the rules of an organization, what will it always warrant?

special attention and a timely response

cybersecurity framework

standards, guidelines, and best practices to manage inherent cyber-related risk

During step one of the investigatory process, verification, a step-by-step illustration of what the breached system does and how it factors into the overall organization must be written. What is this illustration called?

system description

pretexting

taking advantage of a user's trust through lying and misrepresentation

STEM education

teaching science, technology, engineering, and mathematics as an interdisciplinary approach to learning

social media

technology with the ability to share information, ideas, and interests with others via virtual communities

We know a vulnerability is just a weakness, and a threat is the exploitation of what?

that weakness

The DHS has many important branches that allow them to combat cybercrime in a united, effective way. What are two examples of these important branches that help fight cybercrime?

the US Secret Service and US Immigration and Customs Enforcement (ICE)

artificial intelligence (AI)

the ability of machines to make smart choices normally reserved for humans

hacktivism

the act of breaking into a computer system for politically or socially motivated reasons

sabotage

the act of deliberately destroying damaging, or obstructing something

anti-computer forensics

the attempt to ruin and negate any electronic evidence that may exist

What type of attack involves a function that allows hackers to work out just how many options they need in a set to find a match?

the birthday attack

What type of system provides a way to store and access thousands of past communications and pictures, allowing digital evidence to provide considerable scope and sequence to any investigation?

the cloud system

When a message first arrives at its destination, the encryption keeps it from being read, so what does the device do to read the message?

the device must detach the coded key from the payload, decrypt the key using its own private one, and then decipher the communication using the newly minted key

chain of custody

the documentation of a process to certify that evidence under investigation has not been tampered

What makes the internet a great equalizer, capable of bringing people together under the guise of information and communication?

the fact that no one is judged by the color of their skin, their age, their weight, or how much money they have

Federal Bureau of Investigation (FBI)

the federal agency that takes the lead on the investigation of cybercrimes and their offenders, both domestically and abroad

exfiltration

the final phase of the attack used to achieve the intended objective and back out of the exploit without leaving any trace

Security awareness training

the formal educational process of digital protection

When you think about a smartphone (or any device) as a closed container, it is easier to understand what?

the legal boundaries surrounding it

Computer Fraud and Abuse Act(CFAA)

the main law currently in place to criminalize computer-related actions

electromagnetic shielding

the method of reducing EMFs by putting up barriers made of magnetic or conductive material

ethics

the moral principles that govern human behavior

While the typical security analyst has a bachelor's degree in fields like computer science, programming, or engineering, what may cause this educational requirement to be reduced, making it possible for people without a bachelor's degree to nab a job in the field simply with the right amount of training and experience?

the new demand for cyber specialists

deep web

the part of the internet where data cannot be accessed by a search engine

When a computer alert occurs, who is the message sent to?

the party responsible for starting the action or to the user who will benefit from the information

After a sending device generates a random encryption key, it will then encipher the contents of that communication, otherwise known as what?

the payload

In terms of internal threats, who has the power to breach the computing system?

the president and CEO of the company

What does our level of ethical thinking primarily rely on?

the principles we have learned from the people and events around us

The need for highly trained and competent experts has become so fierce that the government often finds itself competing with who in order to find and keep qualified employees?

the private sector

trail obfuscation

the process of confusing or diverting a forensic examination so it loses the trail of the criminal

steganography

the process of hiding encrypted information or files within another file to keep them out of plain sight

data hiding

the process of making information hard to find but easy to achieve

remediation

the process of making something better

butterfly effect

the scientific theory asserting that a single occurrence-no matter how small or seemingly insignificant-can change the course of the universe forever

In a digital scenario, the red team takes on the role of someone like a former employee or black hat who is challenging what?

the security posture of the system

rules of engagement (ROE)

the set of guidelines and limitations by which an ethical hacker will conduct their testing

neuroscience

the study of the brain

Stephen recently discovered a security hole in his system and worked quickly to get it patched up, though it took several days before the security hole was fully patched. What is the time between when Stephen found the security hole and fully patched it called?

the window of vulnerability

Tyrone is posting pictures from his recent birthday party to all of his various social media accounts. Several of his good friends are in the pictures as well as several people that he doesn't know that well. If Tyrone is making good ethical decisions, he will get what from the people in his pictures before posting them?

their consent

While netiquette doesn't forbid flaming, it does ask users to think about what?

their motivations and how to best control their outburst

By stepping into the criminal's shoes, adopting their mindset, and considering all the different ways they might attack, you will be able to better model what?

threats against computer systems

Bug bounty programs are offered by many websites and software developers who want to offer individuals a way to what?

to be recognized and paid for reporting bugs they find in other systems

What is the goal of an effective incidence response plan (IRP)?

to handle troubling situations in a way that limits overall damage and reduces recovery time and costs

What do commandments such as thou shalt not use a computer to harm other people, thou shalt not interfere with other people's computer work, or thou shalt not snoop around in other people's computer files, in addition to the other seven commandments, seek to do for everyone on the internet?

to keep everyone on the internet safe, happy, and on their best behavior

The CFAA creates a private right of action for individuals and companies to do what to anyone who acts in violation of the Act?

to sue and/or recover damages

The things that criminals leave behind or take away from a crime scene through physical contact like DNA, body fluids, fibers, skin cells, and more, are often referred to as what?

trace evidence

brute force attack

trail and error method used to access information

If you have incredibly strong Wi-Fi, what can you do so the signal doesn't reach areas outside the house where it's not needed?

turn down the Transmit Power Control

Meredith has been working at a technology company for several years and has always been satisfied with her job. However, after a serious internal security breach, the company has moved to a "zero trust" atmosphere. While this change has been positive in terms of security, how has it likely impacted the employees and their progress?

unhappy employees, frustrated users, and hampered progress

spam

unwanted and unsolicited email messages

While packet sniffers can help network managers predict and solve problems, they can also provide a hacker with a lot of what?

useful information about user traffic

cyberbullying

using electronic communication to send intimidating, threatening, or harmful messages to someone else

What term refers to a weakness or gap in the effort to protect ourselves and is also exactly what hackers are looking to exploit?

vulnerability

Gabe is an ethical hacker who is just starting a new hacking endeavor. He is currently in the initial phase where he is looking for weaknesses within the boundaries provided. What is this phase called?

vulnerability assessment

Assessing your what will give you the tools to construct a personal cybersecurity framework?

web connectivity

infiltration

when a hacker gains control of a host on the target's network

dictionary attacks

when a hacker tries to log in by using a computer program to tun through lists of common words

buffer overflow

when a program tries to put more data in the physical memory storage than it is able to hold, the overflowing data might overwrite values in memory that is adjacent to the storage instead

backdoor attacks

when hackers leverage undiscovered or secret methods to bypass normal authentication systems and launch attacks

passive attacks

when hackers monitor and/or scan a system for vulnerabilities to be used in an upcoming active attack

public domain

when protective rights can expire or be forfeited over time and fall to public use

independent contracting

where work is established and run under special terms

Serena logged into several of her social media accounts from a school computer even though she wasn't supposed to. And unfortunately, after she was done, she forgot to log out. What negative thing might happen due to Serena's forgetfulness?

whoever jumps on the computer next has full access to her profile and can post and communicate with her friends

threat modeling

working through various digital scenarios as a way to tighten security

The amount of technology that you're exposed to at school has a lot to do with what?

your district's financial ability and its willingness to adopt new technologies

When answering online questionnaires or entering free giveaway contests, you should never enter more personal information than what?

your name and email address

What type of exploit is described as an attack facilitated by an undiscovered flaw in computer software that can be exploited quickly before the user has a chance to apply a patch?

zero-day exploit


Conjuntos de estudio relacionados

Chapter 20: Nursing Management: Patients With Hematologic Disorders

View Set

Chapter: Taxes, Retirement, and Other Insurance Concepts

View Set