ITF Certification Chapter 7 Quiz Review

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

Internet cache

A local storage area that holds the files saved by a web browser to decrease the time it takes to reload a web page

Bluesnarfing

A method in which attackers gain access to unauthorized information on a wireless device by using a Bluetooth connection within the 30-foot Bluetooth transmission limit

Bluejacking

A method used by attackers to send out unwanted Bluetooth signals from mobile phones and laptops to other Bluetooth-enabled devices

User authentication

A network security measure in which a computer user or some other network component proves its identity in order to gain access to network resources

Whaling

A form of phishing that targets individuals who are known to possess a good deal of wealth

White hat

A hacker who discovers and exposes security flaws in applications and operating systems so that manufacturers can fix them before they become widespread problems

Impersonation

A human-based attack where an attacker pretends to be someone he is not

Vishing

A human-based attack where the goal is to extract personal, financial, or confidential information from the victim by using services such as the telephone system and IP-based voice messaging services (Voice over Internet Protocol [VoIP]) as the communication medium

Shoulder Surfing

A human-based attack where the goal is to look over the shoulder of an individual as he or she enters password information or a PIN

Spoofing

A human-based or software-based attack where the goal is to pretend to be someone else for the purpose of identity concealment

Stealing attack

A password attack that involves sniffing network communications, reading handwritten password notes, or observing a user in the act of entering the password

Logic bomb

A piece of code that sits dormant on a target computer until it is triggered by a specific event, such as a specific date

Virus

A piece of code that spreads from one computer to another by attaching itself to other files

Worm

A piece of code that spreads from one computer to another on its own, not by attaching itself to another file

Attacker

A term that always represents a malicious system intruder

Cookie

A text file that is created by a website and placed on a computer's hard drive to store information that is used to identify users and, possibly, to prepare customized web pages for them; for secure web browsing, delete these

Standard user

Access to use most of the computing software on the computer; higher permission is required to uninstall or install software and hardware.

Extensions

Add additional features to the browser and become part of the browser application

Temporary cookies

Also refered to as session cookies, are stored on a computer only for the duration of the web session

Spim

An Internet messaging (IM)-based attack similar to spam that is propagated through IM instead of through email

Single Sign-On (SSO)

An access control property that you can use to provide users with one-time authentication to multiple resources, servers, or sites

Hijacked email

An account that has been accessed by an attacker and is being used by the attacker to send and receive emails

Digital certificate

An electronic document that provides for the secure exchange of information over a network; if not accepted, you probably won't get access to the file or service

Hoax

An email-based or web-based attack that is intended to trick the user into performing undesired actions, such as deleting important system files in an attempt to remove a virus

Spam

An email-based threat that presents various advertising materials, promotional content, or get-rich-quick schemes to users

Cracker

An individual who breaks encryption codes, defeats software copy protections, or specializes in breaking into systems

Trojan horse

An insidious type of malware that is itself a software attack and can pave the way for a number of other types of attacks; the user has to be fooled into executing it

Multi-factor authentication

Any authentication scheme that requires validation of two or more authentication factors

Personal identifying information (PII)

Any information that can be used to determine who a person is; This information includes a person's Social Security number, financial account information, or driver's license number

Password attack

Any type of attack in which the attacker attempts to obtain and make use of passwords illegitimately; it can show up in audit logs as repeatedly failed logons and then a successful logon, or it can show as several successful logon attempts at unusual times or locations

Malware

Any unwanted software that has the potential to damage a system, impede performance, or create a nuisance condition

Persistent cookies

Are saved on the hard drive and remain there even after the browsing session ends

Social engineering attacks

Attack that use deception and trickery to convince unsuspecting users to provide sensitive data or to violate security guidelines

Dictionary attack

Automates password guessing by comparing encrypted passwords against a predetermined list of possible password values

Rootkit

Code that is intended to take full or partial control of a system at the lowest levels

Administrator

Complete administrative access to a computer; the most powerful account on a computer that should be protected with a strong password

Plug-ins

Enable the browser to process specific types of content

Stateless packet filtering

Inspecting each packet individually

Dumpster diving

Jumping into a Dumpster or large recycling location in an attempt to obtain information they can use or sell

Guest

Limited computer access to individuals without a user account; disabled by default when you install the operating system

Ransomware

Malicious software that prevents you from using your computer

Stateful inspection

Monitoring of an entire session of Transmission Control Protocol (TCP), from handshake to teardown, or User Datagram Protocol (UDP), through requested and opened ports.

Hacker

Originally, a neutral term for a user who excelled at computer programming and computer system administration

Third-party cookies

Originate on, or are sent to, a website other than the one currently being viewed, such as an advertising or a marketing site

First-party cookies

Originate on, or are sent to, the website that is currently being viewed

Content filtering

Permit or block specified attachment and payload types, keywords, and file formats

Proxying

Placing the client session on hold while retrieving content on behalf of the client and caching the content for later use

Adware

Software that automatically displays or downloads advertisements when it is used

Authentication factors

Something you know, something you have, and something you are

Packet filtering

Stateless inspection of each packet against a predefined rule set

Spyware

Surreptitiously installed malicious software that is intended to track and report the usage of a target system, or to collect other data the author wishes to obtain

Authorization

The action taken as a result of verifying the claim of identity

Phishing

The attacker sends an email that seems to come from a respected bank or other financial institution; the email claims that the recipient needs to provide an account number, Social Security number, or other private information to the sender in order to verify an account

Brute force attack

The attacker uses password-cracking software to attempt every possible alphanumeric password combination

Identification

The claim of identity made by the user when entering a user name and password

Encryption

The process of converting data into a form that is not easily recognized or understood by anyone who is not authorized to access the data

Guessing attack

The simplest type of password attack; it involves an individual making repeated attempts to guess a password by entering different common password values, such as the user's name, a spouse's name, or a significant date

Authentication

The verification of the claim of identity

Internal, External, Natural, Man-made

These are areas that physical security threats can come from

Fire, hurricanes and tornadoes, flood, extreme temperature, and extreme humidity

Types of environmental threats and vulnerabilities

Firewalls

Use administrator-defined rules to inspect traffic flowing in and out of a device

Hybrid password attack

Utilizes multiple attack vectors including dictionary, brute-force, and other attack methodologies when trying to crack a password

Stateful packet filtering

Watching whole conversations between the device and some other node on the network

Ethical hacks

What white hat hackers do

Always

You should ________ change any default passwords to strong passwords to protect your computer and data

Timeouts and lockouts, software firewalls, anti-malware, disable Bluetooth and NFC, and encryption

__________ are device hardening techniques

Black hat

a hacker who discovers and exposes security vulnerabilities for financial gain or for some malicious purpose


Kaugnay na mga set ng pag-aaral

01 Field Underwriting Procedures

View Set

Level 13: Valuation and Pricing - Chapter 2: Supply and Demand

View Set

Ch.4 Adjustments, Financial Statement, and Financial Results

View Set

khan academy programming unit test

View Set

Central Ideas and Context: Utopia Assignment

View Set

Questions, language help, repeat, meaning?

View Set

Productivity- Principles of Economics

View Set

Code, Standards, and Practices 1 - LESSON 4

View Set

Accounting 202 Homework 19 Chapter 12

View Set