Midterm

¡Supera tus tareas y exámenes ahora con Quizwiz!

The average phishing site only exists for _____ days to prevent law enforcement agencies from tracking the attackers.

3.8

From January 2005 through July 2012, over ____ electronic data records in the United States were breached, exposing to attackers a range of personal electronic data, such as address, Social Security numbers, health records, and credit card numbers.

562 million

_____ ensures that data is accessible when needed to authorized users.

Availability

____ attacks are often the means by which an attacker will perform an arbitrary code execution.

Buffer overflow

In a well-run information security program, attacks will never get through security perimeters and local defenses.

False

Passwords are still considered a strong defense against attackers.

False

Protecting your personal computer has become a serious challenge unless you are an computer user.

False

There is a straightforward and easy solution to securing computers.

False

In the last year, over 600,000 Apple Macs were infected with a malicious software called _____.

Flashback

Under ____, healthcare enterprises must guard protected health information and implement policies and procedures to safeguard it, whether it be in paper or electronic format.

HIPAA

_____ involves stealing another person's personal information, such as a Social Security number, and then using the information to impersonate the victim, generally for financial gain.

Identity theft

_____ involves using someone's personal information, such as a Social Security number, to establish bank or credit card accounts that are then left unpaid, leaving the victim with the debts and ruining their credit rating.

Identity theft

___ ensures that information is correct and no unauthorized person or malicious software has altered that data.

Integrity

_____ is a general term that refers to a wide variety of damaging or annoying software programs.

Malware

_____ identify individuals within the organization who are in positions of authority.

Organizational charts

A security _____ is a general software security update intended to cover vulnerabilities that have been discovered since the program was released.

Patch

_____ is sending an email or displaying a Web announcement that falsely claims to be from a legitimate enterprise, in an attempt to trick the user into surrendering private information.

Phishing

_____ may reveal the true level of security within the organization.

Policy manuals

____ means an attacker who pretends to be from a legitimate research firm asks for personal information.

Pretexting

_____ is software that displays a fictitious warning to the user in the attempt to "scare" the user into an action, such as purchasing additional software online to fix a problem that in fact does not exist.

Scareware

_____ infection injects portions of the code throughout the program's executable code instead of only at the end of the file (any overwritten original code is transferred and stored inside the virus code for proper execution of the host program after the infection).

Swiss cheese

A computer _____ is a program advertised as performing one activity but actually does something else.

Trojan

Attack tools can initiate new attacks without any human participation, thus increasing the speed at which systems are attacked.

True

Financial cybercrime is often divided into two categories. The first category focuses on individuals and businesses.

True

To address the vulnerabilities in operating systems that are uncovered after the software has been released, software vendors usually deploy a software "fix" to address the vulnerabilities.

True

Today, many attack tools are freely available and do not require any technical knowledge to use.

True

Virtually anyone could type in a person's username and pretend to be that person.

True

When creating passwords, the most important principle is that length is more important than complexity.

True

Spyware usually performs one of the following functions on a user's computer: _____, collecting personal information, or changing computer configurations.

advertising

A ____ is created when hundreds, thousands, or even tens or thousands of zombie computers are manipulated under remote control.

botnet

Using a standard _____ form, attackers can divert all mail to their post office box so that the victim never sees any charges made.

change-of address

The FBI defines ____ as any "premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against non-combatant targets by sub-national groups or clandestine agents."

cyberterrorism

Terrorists who turn their attacks to the network and computer infrastructure to cause panic among citizens are known as ______.

cyberterrorists

One of the best defenses against attacks is to create ____ on a regular basis.

data backups

Botnets can flood a Web server with thousands or requests and overwhelm it to the point that it cannot respond to legitimate requests. This is know as _____.

denying services

A _____ attack begins with the attacker creating digests of common dictionary words, and then comparing those in a stolen password file.

dictionary

Social engineering _____ means to create a fictitious character and then play out the role of that person as a victim.

impersonation

The term ____ is frequently used to describe the tasks of securing information that is in a digital format.

information security

Security is ______ convenience.

inversely proportional

A ____ silently captures and stores each keystroke that a user types on the computer's keyboard.

keylogger

A _____ is a program that lets a user create and store multiple strong passwords in a single user database file that is protected by one strong master password.

password management application

The best approach to establishing strong security with passwords is to use a ____.

password management tool

Information (contained on the devices) is protected by three layers: products, _____, and policies and procedures.

people

Instead of asking the user to visit a fraudulent Web site, ______ automatically redirects the user to the fake site.

pharming

Attackers today use common Internet ____ and applications to perform attacks, making it difficult to distinguish an attack from legitimate traffic.

protocols

A ____ is a set of software tools used by an attacker to hide the actions or presence of other types of malicious software such as Trojans, viruses, or worms.

rootkit

AV software on a computer must have its ____ files regularly updated by downloads from the Internet.

signature

Grouping individuals and organizations into clusters or groups based on their likes and interests is called _____.

social networking

The Web sites that facilitate linking individuals with common interests and function as an online community of users are called ______.

social networking sites

Whereas phishing involves sending millions of generic email messages to users, _____ targets only specific users.

spear phishing

A computer ____ is a person who has been hired to break into a computer and steal information.

spy

A(n) ____ account is designed for everyday activities and allows for some setting to be modified.

standard.

On average it takes ____ days for a victim to recover from an attack.

ten

A(n) ____ is a type of action that has the potential to cause harm.

threat

A(n) ____ is a person or element that has the power to carry out a threat.

threat agent

The two types of malware that have the primary objective of infecting a computer system are ____.

viruses and worms

A(n) ____ is a flaw or weakness that allows a threat agent to bypass security.

vulnerability

A ____ is a program designed to take advantage of a vulnerability in an application or an operating system in order to enter a computer.

worm

A ______ self-replicates between computers (from one computer to another).

worm

An infected "robot" computer is known as a ____.

zombie


Conjuntos de estudio relacionados

CISSP | Test Questions | Domain 8 | Business Continuity & Disaster Recovery Planning

View Set

identify the role responsible for the following preoperative responsibilities

View Set

IC3 - Lesson 13: Looking at the Internet

View Set

N126 HESI - Elsevier Adaptive Quizzing #4

View Set

Unit 2 Assuming most crimes involve violence because the media generally reports stories on sexual assault, robberies and homicide is an example of the _____ heuristic. vividness matching Correct! availability Assessment

View Set