Methods of Securing Information Smartbook

Social engineering hacks are designed to get a victim to divulge which of the following types of information? - Address information - Phone number - Account information - Passwords

- Account information - Passwords

As reported by Andrei Ene, Tiny Banker ___(TBT) is one of the worst malware attacks in the last 10 years.

Trojan

A group of computers under the control of a hacker is referred to as a ___.

botnet, botnets, or bot net

Sharing infected files and opening an infected email attachment are ways that a computer ___ can infect a digital device.

virus

Computer experts that attempt to hack into a network to ensure that it is protected against intrusions are called _ -hat hackers.

white

Many organizations hire computer experts who test the security measures of an organization's information systems to ensure they are protected against intrusions. These experts use a variety of techniques including hacking, penetration testing, and vulnerability testing. These types of experts are known as _____ hackers.

white-hat

Rootkits are typically used to allow hackers to do which of the following? - Create a backdoor into a computer - Install drivers - Remotely control the operations of a computer. - Encrypt files

- Create a backdoor into a computer - Remotely control the operations of a computer.

A deliberate misuse of computers and networks, _____ use malicious code to modify the normal operations of a computer or network.

cyberattacks

Personal software ___ are typically included with the operating system and can be configured based on user preference.

firewall

Malware is short for ___ software.

malicious

Select the true statements about keystroke loggers. - Can be hardware devices and software applications - Software based keystroke loggers are often a Trojan that is installed without the user's knowledge - Keystroke loggers cannot be used to monitor employees - Keystroke loggers can record passwords and confidential information

- Can be hardware devices and software applications - Software based keystroke loggers are often a Trojan that is installed without the user's knowledge - Keystroke loggers can record passwords and confidential information

Select the reasons a government may choose to get involved in state-sponsored cyberwarfare. - Cyberwarfare does not require an organized group to execute attacks. - Cyberwarfare is relatively inexpensive when compared to traditional warfare. - Cyberwarfare can cause widespread damage to IT infrastructure. - Cyberwarfare is often difficult to trace and identify.

- Cyberwarfare is relatively inexpensive when compared to traditional warfare. - Cyberwarfare can cause widespread damage to IT infrastructure. - Cyberwarfare is often difficult to trace and identify.

Which of the following are examples of cyberattacks? - Hardware theft - DDoS attacks - Information theft - DoS attacks

- DDoS attacks - Information theft - DoS attacks

Select what's true about how a Trojan infects a computer system. - Trojans are easily detected by most antivirus software programs. - Hackers use Trojans to create a backdoor into a user's system which allows them to spy on the computer's activities. - Trojans are designed using some sort of social engineering tactic. - Trojans are commonly used by hackers to gain access to systems and devices.

- Hackers use Trojans to create a backdoor into a user's system which allows them to spy on the computer's activities. - Trojans are designed using some sort of social engineering tactic. - Trojans are commonly used by hackers to gain access to systems and devices.

One method organizations are using to deal with the increase in cybersecurity threats and the decrease in the effectiveness of traditional security means is through the use of behavior science in their data and network security policies. One of these methods is called UEBA. Select the true statements about UEBA. - It is a type of cybersecurity that observes and records the conduct of computer and network users - UEBA stands for user and entity behavior analytics - UEBA uses a variety of different tactics to create a map of pattern behavior including machine learning, statistical analysis, and artificial intelligence (AI) - UEBA is in development and is not currently used to secure networks and systems.

- It is a type of cybersecurity that observes and records the conduct of computer and network users - UEBA stands for user and entity behavior analytics - UEBA uses a variety of different tactics to create a map of pattern behavior including machine learning, statistical analysis, and artificial intelligence (AI)

There are multiple ways ransomware attacks can be launched. Which of the following are methods a ransomware attack can be launched? - Keystroke logger - DDoS attacks - Phishing - Trojan Horse

- Phishing - Trojan Horse

What percentage of malicious attachments are masked as Microsoft Office files?

38%

What percentage of cyberattacks are aimed at small business?

43%

What percentage of cyberattacks are launched with a phishing email?

91%

Malware is designed to do which of the following? - Incapacitate networks and computers - Destroy data - Collect information for IT personnel - Steal information

- Incapacitate networks and computers - Destroy data - Steal information

Developed by Cisco and used by firewalls, routers, and computers that are part of a network and are connected to the Internet, Network ___ Translation provides a type of firewall protection by hiding internal IP addresses.

address

Security risk can be calculated using the following calculation: Risk = Threat x Vulnerability x ___

asset

One method organizations are using to deal with the increase in cybersecurity threats and the decrease in the effectiveness of traditional security means is through the use of science in their data and network security ___ policies.

behavioral

A _ hat hacker breaks into computer systems with the intent of causing damage or stealing data.

black

A crime in which a computer is the object of the crime or is used to commit a criminal offense is called _____.

cybercrime

Cyberattacks that originate and are executed by foreign governments is called state-sponsored ___. These attacks can be directly launched by a foreign government or by a group or individual who has been paid by to execute the attack.

cyberwarfare

Businesses need to take steps to protect computer systems, data, and information from ___ disasters

natural

Unlike phishing which does not have a specific target and is designed to reach the maximum amount of people, ___ phishing is a precise type of attack.

spear

According to National Institute for Standards ___, once a cybersecurity risk assessment has been conducted and the various questions in the risk assessment have been answered, an organization will be able to decide what to protect.

technology

Recently, TechJury compiled a list of cybersecurity statistics that show the impact of different malware and network attacks. What percentage of cyberattacks are aimed at small businesses? - 22% - 29% - 37% - 43%

43%

What percentage of daily email attachments are harmful for their intended recipient?

85%

What type of hacker breaks into computer systems with the intent of causing damage or stealing data?

black-hat hacker

A ___ denial-of-service (DDoS) attack takes place when a hacker gains unauthorized access and control of a network of computers that are connected to the Internet.

distributed

The illegitimate use of an email message that appears to be from an established organization such as a bank, financial institution, or insurance company is referred to as ___. In order to appear legitimate, the message often contains the company's logo and identifying information.

phishing

One version of this type of malware encrypts a victims data until a payment is made. Another version threatens to make public a victim's personal data unless a payment is made. This type of malware is called ___.

ransomewear

A crime in which a computer is the object of the crime or is used to commit a criminal offense is called ___.

cybercrime

A form of spyware that records all actions typed on a keyboard is called a ___ logger.

keystroke

The use of computers and digital technology to manipulate people so they divulge confidential information such as usernames, passwords, account information is called ___ engineering.

social

Which of the following statements about computer viruses are true? - Mac computers are less susceptible to computer viruses - Viruses can destroy programs or alter the operations of a computer or network. - A computer virus is software that infects computers and is created using computer code. - Computer viruses are relatively easy to detect

- Viruses can destroy programs or alter the operations of a computer or network. - A computer virus is software that infects computers and is created using computer code.

Often accompanying downloaded music or apps, programs that appear to be legitimate, but executes an unwanted activity when activated is called a _____.

Trojan

Malware is short for malicious software and is designed to steal information, destroy data, impact the operations of a computer or network, or frustrate the user. Common types of malware include: - Trojans - Worms - Spam - Viruses

Trojans Worms Viruses

Mohammed is experiencing issues with his work computer. He speaks to the IT department and they identify various symptoms of a computer virus. Symptoms of a computer virus include: - The operating system may not launch properly - Poor battery performance - Critical files may be automatically deleted - Unexpected error messages

- The operating system may not launch properly - Critical files may be automatically deleted - Unexpected error messages

Select the true statements about packet sniffers. - Legitimate sniffers are used for routine examination and problem detection - Packet sniffers use viruses to capture data packets. - Packet sniffers are relatively easy to detect. - Unauthorized sniffers are used to steal information

- Legitimate sniffers are used for routine examination and problem detection - Unauthorized sniffers are used to steal information

Malware that encrypts a computer's data, forcing the victim to purchase a decryption code, is called ___ .

Ransomware Reason: Correct. Ransomware is malware that makes a computer's data inaccessible until a ransom is paid.

Specialized hardware or software that capture packets transmitted over a network are called packet ___.

sniffers

A hacker launches an attack on a network that is designed to interrupt or stop network traffic by flooding it with too many requests. This would be considered a _____ attack. - worm - virus - DoS - Zombie

DoS Reason: Correct. A distributed denial-of-service (DoS) attack takes place when a hacker gains unauthorized access and control of a network of computers that are connected to the Internet.

The technology that provides a type of firewall protection by hiding internal IP addresses is called _____. - CPU - DOS - IPX - NAT

NAT Reason: Correct. Network Address Translation (NAT) is used to protect data. It was developed by Cisco and is used by firewalls, routers, and computers that are part of a network and are connected to the Internet.

Hardware or software used to keep a computer secure from outside threats such as hackers and viruses by allowing or blocking Internet traffic is called a ____. - switch - NAT - firewall - router

firewall Reason: Correct. A firewall is hardware or software used to keep a computer secure from outside threats such as hackers and viruses. Firewalls allow or block Internet traffic in and out of a network or computer. The most ideal firewall configuration consists of both hardware and software.

According to Norton, which of the following steps should be taken to defend against rootkits? - Be aware of phishing emails - Don't ignore software updates - Purchase a Mac computer - Watch out for drive-by-downloads

- Be aware of phishing emails - Don't ignore software updates - Watch out for drive-by-downloads

According to the National Institute of Standards Technology (NIST), cybersecurity personnel can take steps to ensure data and systems are protected. The first thing an organization should conduct is a cybersecurity risk assessment. The cybersecurity risk assessment is concerned with answering which of the following questions? - What are the internal and external vulnerabilities? - What are our organization's most important information technology assets? - What are the relevant threats and the threat sources to our organization? - How much money does the organization have to spend on security breaches.

- What are the internal and external vulnerabilities? - What are our organization's most important information technology assets? - What are the relevant threats and the threat sources to our organization?

A DDoS attack is when computers that have been infected by a virus act as "zombies" and work together to send out illegitimate messages creating huge volumes of network traffic. The acronym DDoS stands for ___ . - Developed Denial of Security - Developed Denial of Service - Distributed Denial of Service - Distributed Denial of Security

Distributed Denial of Service

An attack on a network that is designed to interrupt or stop network traffic by flooding it with too many requests is called a ___ attack.

DoS or denial of service

Select what's true about Trojan malware. - Often used to find passwords, destroy data, or to bypass firewalls - Often found attached to free downloads and apps - Trojan malware is the same as a macro virus - Similar to viruses, but do not replicate themselves

- Often used to find passwords, destroy data, or to bypass firewalls - Often found attached to free downloads and apps - Similar to viruses, but do not replicate themselves

Select the true statements about ransomware attacks. - Ransomware is malware that makes a computer's data inaccessible until a ransom is paid. - Businesses never pay to have their data released from a ransomware attack. - Ransomware attacks invade computers via Trojan Horse viruses, worms, or by a user opening a legitimate looking email. - One of the most popular methods used in ransomware attacks is through phishing

- Ransomware is malware that makes a computer's data inaccessible until a ransom is paid. - Ransomware attacks invade computers via Trojan Horse viruses, worms, or by a user opening a legitimate looking email. - One of the most popular methods used in ransomware attacks is through phishing

According to the Federal Emergency Management Agency (FEMA), which of the following are steps businesses can take to help protect systems, data, and information from natural disasters? - Store data in different areas across the United States (geographic data redundancy) - Utilize off-site cloud storage - Create a business continuity plan - Only locate data storage locations in areas that do not experience natural disasters

- Store data in different areas across the United States (geographic data redundancy) - Utilize off-site cloud storage - Create a business continuity plan

Select the true statements about white hat hackers. - The goal of white hat hackers is to find gaps in network security and to test security defenses. - Use the same techniques and tools that are used by illegitimate hackers. - White hat hacking is illegal and can be prosecuted. - Breach and attack simulation technologies are used to automate hacking and threat/infiltration analysis.

- The goal of white hat hackers is to find gaps in network security and to test security defenses. - Use the same techniques and tools that are used by illegitimate hackers

Before data security strategies are created, which questions must be answered? - What is the risk I am reducing? - Is this the highest priority security risk? - What IT personnel will be involved? - Am I reducing the risk in the most cost-effective way?

- What is the risk I am reducing? - Is this the highest priority security risk? - Am I reducing the risk in the most cost-effective way?

Put the steps for how a virus infects a digital device in the correct order

1. The virus arrives via email attachment, file download, or by visiting a website that has been infected 2. An action such as running or opening a file activates the virus 3. The infection spreads to other computers via infected email, files, or contact with infected web sites 4. The payload or the component of a virus that executes the malicious activity hits the computer and other infected devices

You are speaking with a friend about how to protect yourself from phishing scams. Your friend (who works in cybersecurity) gives you some advice about what to do if you receive a phishing message. Which of the following statements would be considered good advice? - Open the message and any attachments to check their validity. - Banks and credit card companies will never ask you to provide personal information via email messages. - If you receive a suspicious message, contact the institution that the message was allegedly sent from. - Contact US-CERT.

- Banks and credit card companies will never ask you to provide personal information via email messages. - If you receive a suspicious message, contact the institution that the message was allegedly sent from. - Contact US-CERT.

Which of the following statements correctly describes phishing? - Phishing scam are relatively easy to spot. - Phishing scams use legitimate looking email messages to con a user into giving up private information. - Phishing is the illegitimate use of an email message that appears to be from an established organization such as a bank. - Phishing scams use viruses to attack computers and steal information.

- Phishing scams use legitimate looking email messages to con a user into giving up private information. - Phishing is the illegitimate use of an email message that appears to be from an established organization such as a bank.

White hat hackers use the same techniques and tools that are used by illegitimate hackers. These tools include which of the following? - Social engineering - Rootkits - Pop-up ads - Back door programs

- Social engineering - Rootkits - Back door programs

Select what's true about spear phishing attacks. - Spear phishing attacks are designed to steal data and some attacks may also be designed to install malicious software on a device. - Most spear fishing attacks are very complex. - Most antivirus programs will catch spear phishing attacks before they can impact a victim. - Spear phishing is a type of email scam that is directed toward a specific person or organization.

- Spear phishing attacks are designed to steal data and some attacks may also be designed to install malicious software on a device. - Spear phishing is a type of email scam that is directed toward a specific person or organization.