IST 110 Test 1
U.S. federally funded initiative chartered to work with the Internet community in detecting and resolving computer security incidents
Computer Emergency Response Team
At the __________ level, it is the employees' responsibility to protect the organization's reputation, data, and customers.
corporate
Internal attackers may have knowledge of security ______________________________, policies, and higher levels of administrative privileges.
countermeasures
income statements, balance sheets, and cash flow statements
financial data
Many countries have established cyber intelligence agencies to collaborate worldwide in combating major cyberattacks.
True
application materials, payroll, offer letters, employee agreements
personnel data
What name is given to an amateur hacker?
script kiddie
Big data poses both challenges and opportunities based on three dimensions: The ________or amount of data The ________ or speed of data The ________ or range of data ________ and sources
volume, velocity, variety, type
____________________ are usually grey hat hackers who attempt to discover exploits and report them to vendors, sometimes for prizes or rewards.
vulnerability brokers
Gray hat hackers are individuals who commit crimes and do arguably unethical things for personal gain.
False
An advanced persistent attack (APA) is a continuous computer hack that occurs under the radar against a specific object.
False, Advanced Persistent Attack
The Studnet attack targeted the Supervisory Control and Data Acquisition (SCADA) system used to control and monitor industrial processes
False, Stuxnet
According to the online content review (from netacad), the greatest motivation for most cyber criminals is political.
False, financial
In the U.S., the ______________________________________________________________________ created a framework for companies and organizations in need of cybersecurity professionals.
National Institute of Standards and Technologies
A ______________________ denial of service (TDoS) attack uses phone calls against a target telephone network tying up the system and preventing legitimate calls from getting through.
Telephony
With DNS spoofing the criminal introduces false data into a DNS resolver's _____________.
cache
Cyber criminals are hackers who are either self-employed or working for large _________________ organizations.
cybercrime
____________ is the ongoing effort to protect networked systems and data from unauthorized access.
cybersecurity
Next generation 911 call centers are vulnerable to ________ attacks that use many systems to __________ the resources of the target making the target unavailable to legitimate users.
distributed-denial-of-service (DDoS), flood
Companies such as Google, Facebook, and LinkedIn, could be considered to be data _____________ in our cyber world
domains
Pick four types of records that cyber criminals would be interested in stealing from organizations
education, employment, financial, medical
Another term for DNS Spoofing is DNS record poisoning
false, cache poisoning
The most common way to protect _______________ identity is to tie login ability to an authorized device.
federated
___________________ identity management refers to multiple enterprises that let their users use the same identification credentials gaining access to the networks of all enterprises in the group.
federated
The term _______________ described individuals with advanced programming skills. They used these programming skills to test the limits and capabilities of early systems. These early individuals were also involved in the development of early computer games.
hackers
_____________________ make political statements to create awareness to issues that are important to them.
hacktivists
The ISO 27000 series of standards have been specifically reserved by ISO for _______________ matters.
information security
Packet ______________interferes with an established network communication by constructing packets to appear as if they are part of a communication.
injection
patents, trademarks and new product plans
intellectual information
Cybersecurity specialists provide a necessary service to their organizations, countries, and societies, very much like ____ enforcement or __________responders.
law, emergency
Hijacking an authorized connection or denying an individual's ability to use certain network services is often referred to as "man in the ___________" attack by Cyber professionals.
middle
The term bring-your-own-device is used to describe _____________ devices such as iPhones, smartphones, tablets, and other devices.
mobile
In the U.S., the ___________________________________________ is responsible for intelligence collection and surveillance activities.
national security agency
White hat hackers may perform network __________________ tests in an attempt to compromise networks and systems by using their knowledge of computer security systems to discover network vulnerabilities.
penetration
On a __________ level, everyone needs to safeguard his or her identity, data, and computing devices.
personal
A cybersecurity specialist's career is also highly _____________. Jobs exist in almost every geographic location.
portable
The __________________________________________ National Database was developed to provide a publicly available database of all know vulnerabilities.
Common Vulnerabilities and Exposures (CVE)
Packet ______________ works by monitoring and recording all information coming across a network.
sniffing
At the __________ level, national security and the citizens' safety and well-being are at stake
state
Governments and industries are introducing more regulations and mandates that require better data protection and security controls to help guard big data.
True
Hacktivists may perform distributed denial of service (DDoS) attacks.
True
Some state-sponsored cyber criminals are members of their nations' armed forces.
True
specialized denial and deception operations and the collection of cybersecurity information
Collect and Operate
In __________ the U.S. Congress passed the USA Freedom Act ending the practice of collecting U.S. Citizens' phone records in bulk.
2015
highly specialized review and evaluation of incoming cybersecurity information to determine if it is useful for intelligence
Analyze
What is the term used to identify a unique arrangement of information used to identify an attacker's attempt to exploit a known vulnerability?
Attack signature
______ is the result of data sets that are large and complex, making traditional data processing applications inadequate.
Big data
This individual transferred $1 million to their bank account after recording victims account numbers and PINs
Black Hat
The ISACA group track law enacted related to cyber security. Examples of these laws include:
Cybersecurity Act, Federal Exchange Data Breach Notification Act, and the Data Accountability and Trust Act
Security organization that brings together a variety of computer security incident response teams from government, commercial, and educational organizations to foster cooperation and coordination
Forum of Incident Response and Security Teams (FIRST)
After Hacking into an ATM, this individual worked with the ATM manufactures to resolve vulnerabilities.
Gray Hat
Someone who compromises a network without permission and then discloses the vulnerability publicly.
Gray Hat
Maintains a list of common vulnerabilities and exposures used by prominent security organizations
Mitre Corporation
Cyber experts now have the technology to track the movement and behavior of people, animals and objects in real time.
True
An employee may facilitate outside attacks by connecting _____________ USB media into a corporate computer system.
Infected
Network security organization that hosts a security news portal, providing the latest breaking news pertaining to alerts, exploits, and vulnerabilities.
Information Systems Security (InfoSysSec)
Provide information security certifications including the Certified Information Systems Security Professional (CISSP)
International Information Systems Security Certification Consortium (ISC)2
The __________________________________ is the collection of technologies that enable the connection of various devices to the Internet.
Internet of Things
investigation of cyber events and/or cyber crimes involving IT resources
Investigate
One of the most infamous hacker groups goes by the name _____________________.
Legion of Doom
What is an example of an Internet data domain?
Provides real-time network monitoring, early cyber threat warnings and advisories, vulnerability identification and mitigation and incident response.
MS-ISAC
providing the support, administration, and maintenance required to ensure IT system performance and security
Operate and Maintain
leadership, management, and direction to conduct cybersecurity work effectively
Oversight and Development
Cisco and Microsoft are examples of companies with certifications that test knowledge of their ________________.
Products
identification, analysis, and mitigation of threats to internal systems and networks
Protect and Defend
conceptualizing, designing, and building secure IT systems
Securely Provision
More than 1,200 award-winning, original research papers; also develops security courses
SysAdmin, Audit, Network, Security (SANS) Institute
An employee or contract partner can accidentally mishandle confidential data.
True
Next generation 911 call centers are vulnerable because they use ____________ systems rather than traditional landlines.
Voice-over-IP (VoIP)
This individual was contracted by a technology company to fix flaws with Web Services
White Hat
This individual was hired to identify vulnerabilities in computer systems at their company
White Hat
What type of an attack can disable a computer by forcing it to use memory or by overworking its CPU?
algorithm