Module 1.
The major role of ______ is to confirm that a suer is who he or she claims to be. Confidentiality Availability Integrity Authenticity
Authenticity
______ is the assurance that the systems responsible for delivering, storing, and processing information are accessible when required by authorized users. Confidentiality Availability Integrity Authenticity
Availability
______ are individuals who use their extraordinary computing skills for illegal or malicious purposes. Hacktivist Black hats White hats Gray hats
Black hats
_____ is the assurance that the information is accessible only to those authorized to have access. Availability Confidentiality Integrity Authenticity
Confidentiality
______ is the assurance that the information is accessible only to those authorized to have access. Confidentiality Availability Authenticity Integrity
Confidentiality
______ are individuals with a wide range of skills, motivated by religious or political beliefs to create fear of large-scale disruption of computer networks. Script Kiddies Hacktivists Cyber Terrorists Black Hats
Cyber Terrorists
Which of the following attacks occur when attackers tamper with hardware or software prior to installation? Close-in attacks Passive attacks Insider attacks Distribution attacks
Distribution attacks
All hacking is done w malicious intent True False
False
An ethical hacker does not need to know the penalties of unauthorized hacking activities associated with a network pen test because the ethical hacker has permission to hack the network. True False
False
Effective management of information security is not an ongoing process; updates should be made periodically. True False
False
Ethical hacking is not necessary because organizations can counter attacks from malicious hackers through other means that assist in anticipating methods used by them to break into a system. True False
False
Incident management only involves responding to incidents. True False
False
Information is not the critical asset that organizations need to secure. True False
False
Information security relies on four major elements: confidentiality, integrity, availability, and authenticity. False True
False
Measures to maintain data availability do not include redundant systems' disk array and clustered machines, antivirus software to stop works from destroying networks, and DDoS prevention systems. True False
False
Script Kiddies are skilled hackers who compromise systems by running scripts, tools, and software developed by real hackers. True False
False
The basic security concepts critical to information on the internet are authentication, authorization, and non-repudiation; those related to the persons accessing information are confidentiality, integrity, and availability. True False
False
Today's information security management programs are primarily concerned with firewalls and passwords. True False
False
There are _______phases of hacking four five six three
Five
Which of the following is NOT a hacking phase? Gathering Reconnaissance Scanning Gaining access
Gathering
For attackers, motives are the same as: ideas values ethics goals
Goals
______ are the individuals who work both offensively and defensively at various times. Hacktivists Script Kiddies Gray Hats White Hats
Gray Hats
Which of the following is NOT a hacker category? Green hats Hacktivist Black hats White hats
Green hats
______ is he greatest asset to an organization. Policy Technology Information Personnel
Information
______ is the trustworthiness of data or resources in the prevention of improper and unauthorized changes--the assurance that information is sufficiently accurate for it's purpose. Confidentiality Availability Integrity Authenticity
Integrity
______ is a way to guarantee that the sender of a message cannot later deny having sent the message, and that the recipient cannot deny having received the message. Confidentiality Non-repudiation Integrity Authenticity
Non-repudiation
Which term is a category of cyber threat intelligence? Operational Adversarial Logical Kinetic
Operational
Which attack type typically involves the monitoring of data flow between systems w/out modifying the data? Distribution Passive Insider Close-in
Passive
____ is the part of malware or an exploit that performs the intended malicious actions, which can include creating backdoor access to a victim's machine, damaging or deleting files, and data theft. Payload Hack value Vulnerability Exploit
Payload
White Hats are also known as ______, who use their hacking for defensive purposes. Criminals Penetration Testers Hacktivists Script Kiddies
Penetration Testers
Identify the category of information warfare that uses various techniques such as propaganda and terror, to demoralize one's adversary in an attempt to succeed in battle. Economic warfare Hacker warfare Psychological warfare Electronic warfare
Psychological warfare
Information warfare is divided into _____ categories. four five six seven
Seven
Because attackers break into systems for various reasons, it is important for information security professionals to understand how malicious hackers exploit systems and the probably reasons behind the attacks. True Falst
True
Confidentiality controls include data classification, data encryption, and proper equipment disposal. True False
True
Controls suck as biometrics, smart cards, and digital certificates ensure the authenticity of data, transactions, communications, or documents. True False
True
Defense in Depth is a security strategy in which security professionals use several protection layers throughout an information system. True False
True
Defense in Depth uses the military principle that it is more difficult for an enemy to defeat a complex and multi-layered defense system than to penetrate a single barrier. True False
True
Defensive information warfare refers to all strategies and actions to defend against attacks on ICT assets. True False
True
Each category of information warfare consists of both offensive and defensive strategies. True False
True
Ethical hackers perform hacking with the permission of the network or system owner and without the intention to cause harm. True False
True
Ethical hacking highlights the remedial actions and also reduces information and communications technology (ICT) costs by resolving those vulnerabilities. True False
True
Hackers are intelligent individuals with excellent computer skills- with the ability to create and explore the computer's software and hardware. True False
True
Hacking is defined as the exploitation of vulnerabilities of computer systems and networks. True Falth
True
Hacktivists use hacking to increate awareness of their social or political agendas, as well as themselves, in both the online and offline arenas. True False
True
IA refers to the assurance of the integrity, availability, confidentiality, and authenticity of information and information systems during usage, processing, storage, and transmission of information assurance with the help of physical, technical, and administrative controls. True False
True
Individuals and organizations use digital signatures to ensure non-repudiation True False
True
Information Assurance and Information Risk Management (IRM) ensure that only authorized personnel access and use information. True False
True
Information security controls prevent unwanted events from occurring and reduce risk to the organization's information assets. True False
True
Information security is defined as a "state of well-being of information and infrastructure in which the possibility of theft, tampering, and disruption of information and services is kept low and tolerable. True False
True
Measures to maintain data integrity may include a checksum and access control. True False
True
Offensive information warfare refers to warfare against the assets of an opponent. True Flase
True
State-sponsored hackers are govt. agents who are tasked with trying to penetrate and gain top-secret information - and to damage information systems of other govts. True False
True
Suicide hackers are similar to suicide bombers, who sacrifice their life for an attack and are thus not concerned with the consequences of their actions. True False
True
The term information warfare of InfoWar refers to the use of information and communications technologies (ICT) for competitive advantages over an opponent. True False
True
Defense in Depth helps to prevent ______ against an information system and it's data because a break in one layer only leads to the attacker to gain access to a single system. indirect attacks direct attacks hacking attacks internal attacks
direct attacks
_________ techniques include creating viruses and worms, performing denial-of-service (Dos) attacks as well as establishing unauthorized remote access connections to a device using trojans/backdoors, creating botnets packet sniffing, phishing, and password cracking. intelligence-hacking server-hacking network-hacking personal-hacking
network-hacking
Information security refers to the _____ or ____ information and information systems that use, store, and transmit information from unauthorized access, disclosure, alteration, and destruction. compiling/securing imaging/shielding protecting/safeguarding duplicating/saving
protecting/safeguarding
A______ is a "document established by consensus and approved by a recognized body that provides, for a common and repeated use, rules, guidelines, or characteristics for activities or their results, aimed at the achievement of the optimum degree of order in a given context." law regulation data file standard
standard
The threat model consists of ____ major building blocks two four three one
three
A______ works together to perform a full-scale test covering all aspects of the network, as well as physical and system intrusion. tiger team recovery team blue team red team
tiger team
Security experts categorize computer crimes into _____ categories. four three two five
two
In a ____, the attacker exploits vulnerabilities in a computer application before the software developer can release a patch for them. vulnerability zero-day attack hack value payload
zero-data attack