Cybersecurity Principles T/F and Quizzes Part 1
•Distributed denial-of-service (DDoS):
A coordinated stream of requests is launched against a target from many locations simultaneously.
•Spoofing:
A technique used to gain unauthorized access; an intruder assumes a trusted IP address.
•Denial-of-service (DoS):
An attacker sends a large number of connection or information requests to a target. •The target system becomes overloaded and cannot respond to legitimate requests for service. •It may result in a system crash or inability to perform ordinary functions.
What is security? Freedom from fear Protection from loss Keeping secrets Being secure and free from danger
Being secure and free from danger
Which group in the organization is appointed by data owners to oversee the management of a particular set of information and to coordinate with data custodians for its storage, protection, and use? a.Data owners b.Data custodian c.Data trustee d.Data user
Data Trustee
Virus: It consists of code segments that attach to existing program and take control of access to the targeted computer.
It consists of code segments that attach to existing program and take control of access to the targeted computer.
Malware (malicious code)
It includes the execution of viruses, worms, Trojan horses, and active Web scripts with the intent to destroy or steal information.
•Packet sniffer:
It monitors data traveling over a network; it can be used both for legitimate management purposes and for stealing information from a network.
Communications interception attacks include all of the following EXCEPT _____. a.sniffers b.spoofing c.pharming d.ransomware e.man-in-the-middle
RANSOMWARE
A short-term decrease in electrical power availability is known as a _____. a.surge b.spike c.sag swell
Sag
Worms:
They replicate themselves until they completely fill available resources such as memory and hard drive space
Match Term and Threat Attack Exploit Vulnerability Definition An intentional or unintentional act that can damage or otherwise compromise information and the systems that support it. A potential weakness in an asset or its defensive control system(s). A potential risk to an asset's loss of value. A technique used to compromise a system.
Threat: A potential risk to an asset's loss of value. Attack: An intentional or unintentional act that can damage or otherwise compromise information and the systems that support it. Exploit: A technique used to compromise a system. Vulnerability:A potential weakness in an asset or its defensive control system(s).
Polymorphic threat
actually evolves to elude detection
Phishing:
attempt to gain personal/confidential information; apparent legitimate communication hides embedded code that redirects user to third-party site
What title is given to the person with primary responsibility for assessment, management, and implementation of InfoSec in the organization? a.CIO b.CISO c.CEO CFO
b. CISO
Back door
gaining access to system or network using known or previously unknown/newly discovered access mechanism
•Advance-fee fraud:
indicates recipient is due money and small advance fee or personal banking information required to facilitate transfer
Virus and worm hoaxes
nonexistent malware that employees waste time spreading awareness about
Social engineering
uses social skills to convince people to reveal access credentials or other valuable information to an attacker.