cts 120 final
a computer is presenting a user with a screen requesting payment before the user data is allowed to be accessed by the same user. what type of malware is this?
a type of ransomware
what does the term vulnerability mean?
a weakness that makes a target susceptible to an attack
an attacker is sitting in front of a store and wirelessly copies emails and contact lists from nearby unsuspecting user devices. what type of attack is this?
bluesnarfing
What does the term BYOD represent?
bring your own device
what occurs on a computer when data goes beyond the limits of a buffer
buffer overflow
What name is given to any changes to the original data such as users manually modifying data, programs processing and changing data, and equipment failures?
modification
what does a rootkit modify?
operating system
What is the method of sending information from one device to another using removable media?
sneaker net
What is the term used to describe an email that is targeting a specific person employed at a financial institution
spear phishing
a criminal is using software to obtain information about the computer of a user. What is the name of this type of software
spyware
What are the three states of data?
- at rest - in-transit - in-process
what are three types of sensitive information?
- business - PII - classified
which two methods help to ensure data integrity?
- data consistency checks - hashing
what three design principles help to ensure high availability?
- detect failures as they occur - eliminate single points of failure - provide for reliable crossover
What are two methods that ensure confidentiality?
- encryption - authentication
What three methods help to ensure system availability?
- equipment maintenance - up-to-date operating systems - system backups
what are the three foundation principles of the cybersecurity domain?
- integrity - confidentiality - availability
Pick three types of records that cyber criminals would be interested in stealing from organizations
- medical - employment - education
what three tasks are accomplished by a comprehensive security policy?
- set rules for expected behavior - defines legal consequences of violations - gives security staff the backing of management
For the purpose of authentication, what three methods are used to verify identity?
- something you know - something you have - something you are
What are two common indicators of spam mail?
- the email has no subject line - the email has misspelled words or punctuation errors or both
what are two of the tactics used by a social engineer to obtain personal information from an unsuspecting target?
- urgency - integrity
What are two ways to protect a computer from malware?
- use antivirus software - keep the software up to date
Thwarting cyber criminals includes which of the following?
-Sharing cyber intelligence information -establishing early warning systems
What type of an attack can disable a computer by forcing it to use memory or by overworking its CPU?
Algorithm
What is the workforce framework category that includes highly specialized review and evaluation of incoming cybersecurity information to determine if it is useful for intelligence?
Analyze
What type of attack uses many systems to flood the resources of a target, thus making the target unavailable?
DDoS
what is the secure virtual network called that uses the public netowrk?
VPN
What is the meaning of the term logic bomb?
a malicious program that uses a trigger to awaken the malicious code
What are three access control security services?
- accounting - authorization - authentication
what are two common hash functions?
- MD5 - SHA
which two reasons describe why WEP is a weak protocol?
- The key is static and repeats on a congested network - The key is transmitted in clear text
What does the acronym IoE represent?
Internet of Everything
What is an example of an Internet data domain?
what name is given to a storage device connected to a network?
NAS
what type of attack targets an SQL database using the input field of a user?
SQL injection
What is the name for the type of software that generates revenue by generating annoying pop-ups?
adware
What encryption algorithm uses one key to encrypt data and a different key to decrypt data?
asymmetric
what service determines which resources a user can access along with the operations that a user can perform ?
authorization
What is the name given to a program or program code that bypasses normal authentication
backdoor
what principle prevents the disclosure of information to unauthorized people, resources, and processes?
confidentiality
what is a vulnerability that allows criminals to inject scripts into a webpage viewed by users?
cross-site scripting
what is identified by the first dimension of the cybersecurity cube?
goals
What name is given to hackers who hack for a cause?
hactivist
What is the term used when a malicious part sends a fraudulent email disguised as being from a legitimare, trusted source?
phishing
what type of cybersecurity laws protect you from an organization that might want to share your sensitive data?
privacy
What name is given to an amateur hacker?
script kiddie
Which term describes the sending of short deceptive SMS messages used to trick a target into visiting a website?
smishing
What mechanism can organizations use to prevent accidental changes by authorized users?
version control
what is the difference between a virus and a worm
worms self replicate but viruses do not