Cybersecurity and network security fundamenals CIW review

Botnet

A collection of software robots, or 'bots', that creates an army of infected computers (known as 'zombies') that are remotely controlled by the originator. They can: Send spam emails with viruses attached. Spread all types of malware. Can use your computer as part of a denial of service attack against other systems.

Distributed Denial-of-Service attack (DDos)

A distributed denial-of-service (DDoS) attack — or DDoS attack — is when a malicious user gets a network of zombie computers to sabotage a specific website or server. The attack happens when the malicious user tells all the zombie computers to contact a specific website or server over and over again The most common and obvious type of DDoS attack occurs when an attacker "floods" a network with useless information,The flood of incoming messages to the target system essentially forces it to shut down, thereby denying access to legitimate users.

The computer has been infected with an illicit server

A friend has called you about a possible computer problem because her computer is acting strangely. Sounds play unexpectedly, the monitor turns off suddenly, the hard-drive light flashes constantly, the computer sometimes reboots itself without warning. When you inspect your friend's system, you notice that several ports are open. Which of the following is most likely the cause of these symptoms?

Pharming

A means to point you to a malicious and illegitimate website by redirecting the legitimate URL.It can convince you that the site is real and legitimate by spoofing or looking almost identical to the actual site down to the smallest details. You may enter your personal information and unknowingly give it to someone with malicious intent.

Location systems solution

ABC Company develops its own database applications. ABC is considering migrating to cloud services to accommodate the company's growth. What strategy should ABC use to ensure continuous data protection if it begins using cloud services?

Cloud-only solution

Acme Corp. is a small manufacturing company. To reduce IT infrastructure costs, it uses cloud- based services extensively and strives to have the least amount of IT equipment onsite. Last year, Acme suffered a failure that resulted in significant down time and data loss. Management has decided to implement a continuous data protection (CDP) solution. Which type of CDP solution best fits Acme's situation?

Man in the middle

An attack in which the attacker places him- or herself physically in the middle of a connection in order to obtain information. Includes packet sniffing and replay attacks.

Spam

Annoy you with unwanted junk mail. Create a burden for communications service providers and businesses to filter electronic messages. Phish for your information by tricking you into following links or entering details with too-good-to-be-true offers and promotions. Provide a vehicle for malware, scams, fraud and threats to your privacy.

Create a policy that specifies acceptable use, ensuring security measures are in place for mobile devices

Carlos is the Information Technology (IT) administrator for a small company. Over the past year, employees have been using their personal mobile devices and smartphones for business use. This has reduced costs of purchasing new devices for employees. Carlos is now considering whether he should stop supplying employees with company phones and instead require all employees to use their personal smartphones for work. How can Carlos address the most significant security vulnerability?

chkdsk command

Carol is experiencing read/write errors when trying to save files on her Windows based laptop. To correct the issue, she could consider performing which of the following maintenance tasks?

Mobile devices cannot accommodate large database installations or applications

Cloud-computing enables mobile devices to provide users with access to a wide variety of applications and services. Which of the following is a disadvantage of mobile devices?

Spyware

Collect information about you without you knowing about it and give it to third parties. Send your usernames, passwords, surfing habits, list of applications you've downloaded, settings, and even the version of your operating system to third parties. Change the way your computer runs without your knowledge. Take you to unwanted sites or inundate you with uncontrollable pop-up ads

Configure the wireless AP's SSID, encryption level and shared key

Configuring a wireless network involves several steps. Which of the following is a task that should be performed to configure and connect to a wireless network?

Trojan horse

Delete your files. Use your computer to hack other computers. Watch you through your web cam. Log your keystrokes (such as a credit card number you entered in an online purchase). Record usernames, passwords and other personal information.

Service-level agreement with a cloud-provider

Disaster recovery planning is considered a best practice for all organizations. It is even more important when cloud-computing services are used. Which of the following should be included as part of a disaster recovery plan for companies that use cloud-based services?

Phishing

Fake emails, text messages and websites created to look like they're from authentic companies. Trick you into giving them information by asking you to update, validate or confirm your account. It is often presented in a manner than seems official and intimidating, to encourage you to take action. Provides cyber criminals with your username and passwords so that they can access your accounts

She can contract with a cloud service provider to host the CRM that her company's employees can access

Gwen works for a small company where she has been asked to find a cost-effective option for providing comprehensive customer service. The finance, technical support, sales and customer service departments all need to share information about their customers. Gwen is considering adoption of a customer relationship management (CRM) application. Which of the following would be the most cost-effective solution?

Hacking

Hacking is a term used to describe actions taken by someone to gain unauthorized access to a computer Find weaknesses (or pre-existing bugs) in your security settings and exploit them in order to access your information. Install a Trojan horse, providing a back door for hackers to enter and search for your information.

Cloud-based services are typically more limited in offerings and configurations than the company currently supports in-house

Henry is the network manager at XYY Corporation, a large manufacturing company that competes in the global market. The company's computing environment is extremely complex and includes several proprietary software systems, all of which require custom configuration of network devices to operate correctly. The company's executive management team believes that they can benefit by switching the company over to any cloud-based service. Henry disagrees. What is a disadvantage of cloud-based services that Henry can cite to support his position?

Default gateway

Jenny recently switched from broadband cable Internet to ADSL service with her local phone company. To economize, she chose the self-installation option. It appears that her ADSL modem is not allowing her to connect to the Internet. Which setting should she check first?

Elimination of equipment purchase and maintenance

John is the network administrator for a small company. The company's network equipment has become outdated, and John has been asked to recommend a plan to update the company's infrastructure. John has read extensively about the many advantages of using cloud-based services. Which of the following is an advantage of cloud-based services that John could cite to support his recommendation?

Use the Windows Disk Cleanup utility

Jose is experiencing performance problems with his notebook computer that he purchased a year ago. Upon discussing this issue with him, you learn that he has never deleted any temporary files since owning the device. What can Jose do to fix this problem most efficiently?

She can use a 4G mobile hotspot device with her phone to connect her laptop to Wi-Fi.

Lisa is traveling on company business. She has a company-issued smartphone with 4G access. Her hotel does not provide Internet access. What advantage does 4G provide to help her access the Internet?

Malware

Malicious software that infects your computer, such as computer viruses, worms, Trojan horses, spyware, and adware. Intimidate you with scareware, which is usually a pop-up message that tells you your computer has a security problem or other false information. Reformat the hard drive of your computer causing you to lose all your information. Alter or delete files. Steal sensitive information. Send emails on your behalf. Take control of your computer and all the software running on it.

The Web site can be interpreted by any HTML5-compliant browser, including mobile devices

Marsha has been hired by XYZ, Inc., to update the company Web site. Marsha discovers that the existing Web pages were structured using tables. Marsha needs to explain to XYZ why the Web site needs to be recoded in HTML5 with CSS controlling the structure of the document. What is the most important reason for using HTML5 and CSS?

Terminating Melanie's employment for copyright and trademark violation, with a cease-and- desist letter asking for control of the account

Melanie works in the sales department at XYZ Company. She decides that her company's marketing team has done a poor job representing the company's brand. Without direction or permission, she starts her own social networking account to help. This account's name is called XYZ Professional. To customize her page, she uses company logos and verbiage from the company Web site. She then begins communicating with customers and individuals interested in XYZ via this service. Which of the following would be the most appropriate response to Melanie's actions by the company?

Tablet

Mobile computing has become a common necessity for both personal and business transactions. Which device has features similar to a smartphone but usually does not have telephone capabilities?

Backup and Restore

On your Windows laptop, you store all your vacation photos and your entire digital music library. Concerned about data loss, you perform frequent backups. Your laptop has recently been stolen and you need to restore your files to a desktop computer. Which Windows tool would you use to recover and set up the saved copies of your files onto your desktop computer?

He should explain to his daughter that she is participating in the bullying by accepting others' posts, texts and c-mails.

Patrick visits his teenage daughter's social media page and discovers several offensive posts about one of her classmates. After speaking with his daughter, Patrick learns that several other girls in her class are upset with the classmate and have been posting, texting and e-mailing others about the girl. What is the best way for Patrick to help his daughter understand cyberbullying?

WI-FI eavesdropping

Potentially access your computer with the right equipment. Steal your personal information including logins and passwords

Ransomware

Ransomware is a type of malware that restricts access to your computer or your files and displays a message that demands payment in order for the restriction to be removed. Lockscreen ransomware: displays an image that prevents you from accessing your computer Encryption ransomware: encrypts files on your system's hard drive and sometimes on shared network drives, USB drives, external hard drives, and even some cloud storage drives, preventing you from opening them

Disk defragmentation

Ron has an older computer to which he frequently downloads and saves company files. He recently noticed that he was running low on disk space and decided to delete many old files that he no longer needed. He now notices that it takes a long time to open or save documents to his hard drive. Which maintenance task can help?

Default gateway

Sally is a network technician at Acme Corporation. She has been directed to configure the network adapter for a company laptop so that it can be used to connect to the company network and the Internet. What is one of the required TCP/IP settings that she will need to configure?

Student devices sending unsecured data

Sam is a professor at a small college. Due to a scheduling conflict, he was unable to obtain access to the computer lab to give the final exam. As an alternative, he asked students to bring their own devices (BYOD) and connect to the college's Wi-Fi for network access. What security risk is associated with this implementation?

Spoofing

Security attacks can vary greatly. Which type of attack is characterized as an attempt to trick an individual into reveling confidential or private information?

Service Set Identifier (SSID)

Selena has decided to change a 32-character unique wireless network name on her wireless router to improve network security after a break-in. She is following advice from CERT to make this change in order to avoid attacks from botnets. Which of the following settings would she modify?

The files become unavailable whenever Internet connectivity is lost

Selena has run out of memory on her phone's SD card. She has decided to store the files she has accumulated on a third-party cloud service provider's drives. Which of the following is a typical issue that she may encounter?

Viruses

Send spam. Provide criminals with access to your computer and contact lists. Scan and find personal information like passwords on your computer. Hijack your web browser. Disable your security settings. Display unwanted ads.

Three network clients connecting to a file server

Server-based networks typically contain centralized network resources, which are usually not available on peer-to-peer (P2P) networks. Which of the following examples describes a server-based network?

Spoofing

Spends spam using your email address, or a variation of your email address, to your contact list. Recreates websites that closely resemble the authentic site. This could be a financial institution or other site that requires login or other personal information.

worms

Spread to everyone in your contact list. Cause a tremendous amount of damage by shutting down parts of the Internet, wreaking havoc on an internal network and costing companies enormous amounts of lost revenue.

Change a resource assignment

The Windows Device Manager is a tool that enables you to perform a variety of tasks, including:

Provide fast transmission rates equivalent to DSL or broadband cable

The capabilities of cellular networks have improved greatly since their original development for analog voice phone calls. Most recently, fourth-generation (4G) wireless supports a variety of data-intensive needs. A benefit of 4G networks is that they:

Provide fast transmission rates equivalent to DSL or broadband-cable

The capabilities of cellular networks have improved greatly since their original development for analog voice phone calls. Most recently, fourth-generation (4G) wireless supports a variety of data-intensive needs. A benefit of 4G networks is that they:

The alt attribute

To insert a graphic in a Web page and successfully validate the page as HTNL5, the <img> element must include:

Use technologies that will control access and password-protect files

To reduce the costs of maintaining servers with FTP access; your company is using P2P to facilitate sharing of information. Which strategy should your company use to protect the company's sensitive information while capitalizing on the benefits of P2P power?

Hard disk and USB devices

Virtualization software transforms the hardware resources of a physical computer to create a fully functional virtual computer that can run its own operating systems and applications. In addition to the CPU and RAM, which hardware resources are used by virtualization software?

The router on the network

What does the Default Gateway identify?

An IPv6 address

What does the following represent? 2E22:4F00:000E:00D0:A267:97FF:FE6B:FE34

Wireless encryption algorithms must be implemented

What is the biggest security concern with wireless networks

Ping local devices using their IP addresses

What should be your first step when troubleshooting a network connection that uses a cable modem?

IRQ

When a PC computer device wants to communicate with the processor, the system resource that it uses is:

Larger Address Space

When comparing IPv4 to IPv6, which of the following is an advantage of the IPv6 network addressing scheme?

Copying some code from another Web site

When developing a Web site, which of the following actions would be considered unethical?

Mobile Web sites

When establishing a mobile presence, which of the following offers mobile-friendly content to the widest possible audience?

creating redundancy and using multiple cloud service providers

When using cloud-based services to host company data, a company's disaster recovery plan should include strategies for:

<th>

Which HTML element aligns content both horizontally and vertically to the center of the table cell by default?

Defragment the drive using the following command: defrag c: -w

Which of the following computer system maintenance tasks can help improve file access performance?

Defragment the drive using the following command: defrag c: -w

Which of the following computer system maintenance tasks can help improve file access performance?

Inability to control access to company data if the device is lost or stolen

Which of the following is a disadvantage of implementing a Bring Your Own Device (BYOD) policy in a company?

Symmetric-key encryption is susceptible to cracking

Which of the following is a drawback to using Wired Equivalent Privacy (WEP)?

Hypervisor Vulnerabilities

Which of the following is a security threat commonly associated with cloud-based services?

scope of control

Which of the following is generally a component of a BYOD policy?

Virtualization enables you to run multiple operating systems and applications on a single computer.

Which of the following statements about virtualization is true?

Use nouns instead of verbs for keywords

Which of the following strategies is recommended when conducting keyword searches?

Tablet

Which term describes a compact personal computer that relies on a touch screen for input, generally uses a solid-state drive instead of a traditional hard disk, and relies on wireless or mobile networks for connectivity?

War driving

Which term describes the practice of actively collecting wireless networking data from companies and individuals?

Pharming

Which type of attack involves the installation of malicious code on personal computers or servers that redirects Internet traffic from a legitimate Web site to an identical-looking but malicious imposter Web site?

Trade Secrets

Which type of intellectual property includes business plans, proprietary code and sales contracts?

WPA2

Wireless networks are subject to more security issues than standard wired networks. Which wireless security protocol can you implement to prevent unauthorized devices from connecting to the wireless network?

Acceptable use policy

You are a small-business owner and would like to encourage employees to bring their own devices (BYOD) to work. Which of the following can help reduce the security risks associated with a BYOD implementation?

Peer to Peer (P2P) network

You are distributing a large video game file using BitTorrent. First, he uploads the initial file and makes it available via a central server called a tracker. Other users can then connect to the tracker and download the file. Each user who downloads the file makes it available to other users to download. Using BitTorrent significantly reduces Jimmy's hardware and bandwidth resource costs. BitTorrent is an example of a:

<area shape="rect" coords="78, 0, 156. 75" href="http://www.xyz.com" alt="xyz" />

You are modifying an existing Web page that needs to validate as HTML5 code. To create a rectangular hotspot in an image map that links to www.xyz.com, which code would you nest inside the <map> </map> container tags?

Wide area network (WAN)

You have just been hired by a large company, and the IT manager is giving you an overview of the corporate network. He tells you that the corporation is spread out over several cities, and various departments are divided into subnetworks that are connected using routers. What type of network are you being shown?

Service Set Identifier (SSID)

You have recently purchased a new wireless router. You want to configure a name for his wireless network so that he can easily identify it when scanning available wireless networks. Which term describes this wireless network device name?

Warn children to never provide personal information over the Internet

You have volunteered to give a presentation to the parents at your child's school about the dangers of the Internet. Which of the following would you include in your recommendations to parents?

Log in to the access point and configure features, such as changing the SSID.

You want to restrict host access to the wireless access point. What is the best way for him to do this?

If your company's Internet service is interrupted for any reason at any time, you will not have access to the CRM.

Your company is investigating the possibility of moving its customer service management system to a cloud service provider. The sales rep for the cloud service provider has presented many advantages that would benefit your company. What would be a potential drawback of moving the CRM from your current in-house solution?

Buffer overflow

a condition that occurs when a legitimate application (or part of one) exceeds the memory buffer allocated to it by the operating system. Buffer overflows can occur due to inadvertent flaws written into program code. All applications must use a memory buffer. Sometimes, however, applications can place too much information into a buffer, resulting in a buffer overflow. Applications that do not carefully check the size of information before processing it are especially vulnerable to overflows.

Illicit server

an application that installs hidden services on systems. Many illicit servers, such as NetBus and Back Orifice (a play on Microsoft's Back Office), are remote control or remote access programs. it can: Creating custom startup messages. Editing the Windows registry files. Sending messages. Changing the Desktop display. Playing sounds. Switching off the display screen. Disabling keyboard keys. Hiding the mouse cursor. Hiding the taskbar. Stealing passwords. Monitoring keystrokes. Restarting the computer. Locking up the computer. Executing applications. Viewing the contents of files. Transferring files to and from the computer.

Back door

an attack involves code inserted secretly into an application or operating system by developers; the code opens a networking port that allows illicit access into the system. Usually, only the developers know the password, but in many cases these passwords become publicly known

brute force

attack involves repeated guessing of passwords or other encrypted data, one character at a time, usually at random. It can also involve physical attacks, such as forcing open a server room door or opening false ceilings.

Dictionary

attacks involve repeated attempts to guess a password. They are a type of brute force attack, but use a file, called a dictionary program, containing a long list of words (instead of random values) to repeatedly guess user names and passwords.

WPA2 handshake vulnerabilities

can affect both personal (home users, and small businesses) and enterprise networks. Any devices that are connected to the network, such as laptops, smartphones, smart devices, even an installed USB key, can be read by the attacker. A malicious actor could use this vulnerability to steal sensitive information, and also insert malware or ransomware that would make a website unsafe to visit.

Social engineering

involves attempts to trick legitimate employees or individuals into revealing company information or changing system settings so the attacker can gain access to a network. Social engineering attacks include phishing and pharming, which you will learn about later in this lesson.