IST-110 Cyberspace and Cybersecurity Chapter 1 Review
In _____ the U.S. Congress passed the USA Freedom Act ending the practice of collecting U.S. Citizens' phone records in bulk.
2015
Securely Provision
A. conceptualizing, designing, and building secure IT systems
Match traditional data type to their descriptions: Personnel information
A. Application materials, payroll, offer letters, employee agreements
Provides real-time network monitoring, early cyber threat warnings and advisories, vulnerability identification and mitigation and incident response.
A. MS-ISAC
What type of an attack can disable a computer by forcing it to use memory or by overworking its CPU?
Algorithm
The ISACA group track law enacted related to cyber security.
All of the Above
What is the term used to identify a unique arrangement of information used to identify an attacker's attempt to exploit a known vulnerability.
Attack signatures
Analyze
B. highly specialized review and evaluation of incoming cybersecurity information to determine if it is useful for intelligence
Maintains a list of common vulnerabilities and exposures used by prominent security organizations
B. Mitre Corporation
Intellectual property
B. Patents, trademarks and new product plans
Vulnerability ____ are usually grey hat hackers who attempt to discover exploits and report them to vendors, sometimes for prizes or rewards.
Broker
Protect and Defend
C. identification, analysis, and mitigation of threats to internal systems and networks
Financial data
C. Income statements, balance sheets, and cash flow statements
More than 1,200 award-winning, original research papers; also develops security courses
C. SysAdmin, Audit, Network, Security (SANS) Institute
With DNS spoofing the criminal introduces false data into a DNS resolver's _____
Cache
Internal attackers may have knowledge of security _____, policies, and high levels of administrative privileges.
Countermeasures
Collect and Operate
D. specialized denial and deception operations and the collection of cybersecurity information
Provide information security certifications including the Certified Information Systems Security Professional (CISSP)
D. International Information Systems Security Certification Consortium (ISC)2
Companies such as Google, Facebook, and LinkedIn, could be considered to be data _____ in our cyber world.
Domains
The Workforce Framework categorizes cybersecurity work into seven categories. Match their descriptions: Operate and Maintain
E. providing the support, administration, and maintenance required to ensure IT system performance and security
Network security organization that hosts a security news portal, providing the latest breaking news pertaining to alerts, exploits, and vulnerabilities.
E. Information Systems Security (InfoSysSec)
Security organization that brings together a variety of computer security incident response teams from government, commercial, and educational organizations to foster cooperation and coordination
F Forum of Incident Response and Security Teams (FIRST)
Oversight and Development
F. Leadership, management, and direction to conduct cybersecurity work effectively
According to the online content review (from netacad), the greatest motivation for most cyber criminals is political.
False
An advanced persistent attack (APA) is a continuous computer hack that occurs under the radar against a specific object.
False
Another term for DNS Spoofing is DNS record poisoning.
False
Gray hat hackers are individuals who commit crimes and do arguably unethical things for personal gain.
False
The Studnet attack targeted the Supervisory Control and Data Acquisition (SCADA) system used to control and monitor industrial processes.
False
The most common way to protect _____ identity is to tie login ability to an authorized device.
Federated
_____ identity management refers to multiple enterprises that let their users use the same identification credentials gaining access to the networks of all enterprises in the group.
Federated
Next generation 911 call centers are vulnerable to distributed-denial-of-service (DDoS) attacks that use many systems to _____ the resources of the target making the target unavailable to legitimate users.
Flood
Match the listed security organizations to purpose and initiatives: U.S. federally funded initiative chartered to work with the Internet community in detecting and resolving computer security incidents
G Computer Emergency Response Team (CERT)
Investigate
G. investigation of cyber events and/or cyber crimes involving IT resources
Someone who compromises a network without permission and then discloses the vulnerability publicly.
Gray Hat
The term _____ described individuals with advanced programming skills. They used these programming skills to test the limits and capabilities of early systems. These early individuals were also involved in the development of early computer games.
Hacker
______ Make political statements to create awareness to issues that are important to them.
Hacktivist
An employee may facilitate outside attacks by connecting _____ USB media into a corporate computer system.
Infected
The ISO 27000 series of standards have been specifically reserved by ISO for _____ matters.
Information Security
The _____ program is a partnership between the Federal Bureau of Investigation and the private sector. The participants are dedicated to sharing information and intelligence to prevent hostile cyberattacks.
Infragard
Packet _____ interferes with an established network communication by constructing packets to appear as if they are part of a communication. (one word answer)
Injection
The _____ (IoT) is the collection of technologies that enable the connection of various devices to the Internet. (3 word answer)
Internet of Things
One of the most infamous hacker groups goes by the name _____. (Three word answer)
Legion of Doom
What is an example of an internet data domain?
Hijacking an authorized connection or denying an individual's ability to use certain network services is often referred to as "man in the _____ " attack by Cyber professionals.
Middle
The term bring-your-own device is used to describe _____ devices such as iPhones, smartphones, tablets, and other devices.
Mobile
The _____ National Database was developed to provide a publicly available database of all known vulnerabilities.
National Common Vulnerability
In the U.S., the ______ created a framework for companies and organizations in need of cybersecurity professionals. (six word answer)
National Institute of Standards and Technologies
In the U>S>, the _____ is responsible for intelligence collection and surveillance activities.
National Security Agency
White hat hackers may perform network _____ tests in an attempt to compromise networks and systems by using their knowledge of computer secuirty systems to discover network vulnerabilities.
Penetration
A cybersecurity specialist's career is also highly _____. Jobs exist in almost every geographic location.
Portable
What name is given to a amateur hacker?
Script kiddie
Packet _____ works by monitoring and recording all information coming across a network.
Sniffing
Cybersecurity specialists provide a necessary service to their organizations, countries, and societies, very much like __[a]__ enforcement or _____[b]_____responders.
Specified Answer for: a law Specified Answer for: b emergency
Cybersecurity is the ongoing effort to protect networked systems and data from unauthorized access. On a _____[a]_____ level, everyone needs to safeguard his or her identity, data, and computing devices. At the _____[b]_____ level, it is the employees' responsibility to protect the organization's reputation, data, and customers. At the _____[c]_____ level, national security and the citizens' safety and well-being are at stake
Specified Answer for: a personal Specified Answer for: b corporate Specified Answer for: c state
Big data is the result of data sets that are large and complex, making traditional data processing applications inadequate. Big data poses both challenges and opportunities based on three dimensions: The ____ (A)____ amount of data The ____(B)____ or speed of data The variety or range of data ____(C)____ and sources
Specified Answer for: a volume Specified Answer for: b velocity Specified Answer for: c types
A _____ denial of service (TDoS) attack uses phone calls against a target telephone network tying up the system and preventing legitimate calls from getting through.
Telephony
An employee or contract partner can accidentally mishandle confidential data.
True
Cyber experts now have the technology to track the movement and behavior of people, animals, and objects in real time.
True
Governments and industries are introducing more regulations and mandates that require better data protection and security controls to help guard big data.
True
Hacktivist may perform distributed denial of service (DDoS) attacks.
True
Many countries have established cyber intelligence agencies to collaborate worldwide in combating major cyberattacks.
True
Some state-sponsored cyber criminals are members of their nations' armed forces.
True
Next generation 911 call centers are vulnerable to cyberattacks because they use _____ systems rather than traditional landlines.
Voice over IP infrastructure
Cyber criminals are hackers who are either self-employed or working for large _____ organizations.
cybercrime
Pick four types of records that cyber criminals would be interested in stealing from organizations (based upon your reading):
medical employment financial game
Cisco and Microsoft are examples of companies with certifications that test knowledge of their _____
products