CIS133 - Chapter 2 Quiz, Review Chapter 2 NE, Security Awareness ch 1 quiz, Security Chapter 1 Questions, IT 301 Chp 2, CIS133 - Chapter 1 Quiz
Credit score reports cost about ____.
$10
FACTA grants consumers the right to request one free credit report from each of the three national credit-reporting firms every ____.
12 months
The average phishing site only exists for ____ days to prevent law enforcement agencies from tracking the attackers.
3.8
If a consumer finds a problem on her credit report, she must first send a letter to the credit-reporting agency. Under federal law, the agency has ____ days to investigate and respond to the alleged inaccuracy and issue a corrected report.
30
From January 2005 through July 2012, over ____ electronic data records in the United States were breached, exposing to attackers a range of personal electronic data, such as address, Social Security numbers, health records, and credit card numbers.
562 million
From January 2005 through July 2015, approximately how many electronic data records in the United States were breached, exposing to attackers a range of personal electronic data, such as address, Social Security numbers, health records, and credit card numbers?
853 million
Dictionary
A_____ attack begins with the attacker creating digests of common dictionary words, and then comparing those in a stolen password file.
The ability that provides tracking of events.
Accounting
Password
Any secret combination of letters, numbers, and or symbols that serves to validate or authenticate a user by what she knows.
The steps to ensure that the individual is who he or she claims to be; the process of providing proof of genuineness.
Authentication
Using which Social engineering principle might an attacker impersonate a CEO of a company?
Authority
The act of providing permission or approval to technology resources.
Authorization
Where are you most likely to find a PKES system?
Automobile
____ ensures that data is accessible when needed to authorized users.
Availability
Attacker who sells knowledge of a vulnerability to other attackers or governments.
Brokers
"____" involves breaking into a car's electronic system.
Car hacking
Individual who participates in a network of attackers, identity thieves, spammers, and financial fraudsters.
Cybercriminal
A premeditated, politically motivated attack against information, computer systems, computer programs, and data, which often results in violence.
Cyberterrorism
Attacker whose motivation may be defined as ideological, or attacking for the sake of principles or beliefs.
Cyberterrorist
Which technique might an attacker employ to find documents that may reveal the true level of security within an organization?
Dumpster diving
Which of the following is NOT a factor that contributes to difficulties faced in defending against attacks?
Enhanced encryption algorithms
Automated attack package that can be used without an advanced knowledge of computers.
Exploit Kit
12 months.
FACTA grants consumers that right to request one free credit report from each of the three national credit-reporting firms every
FACTA grants consumers free access to their credit score.
FALSE
The ____ of 2003 contains rules regarding consumer privacy.
Fair and Accurate Credit Transactions Act
What law contains rules regarding consumer privacy?
Fair and Accurate Credit Transactions Act
FACTA grants consumers free access to their credit score.
False
In a well-run information security program, attacks will never get through security perimeters and local defenses.
False
Passwords are still considered a strong defense against attackers.
False
Script kiddies typically have advanced knowledge of computers and networks.
False
There is a straightforward and easy solution to securing computers.
False
In the last year, over 600,000 Apple Macs were infected with a malicious software called ____.
Flashback
Which law requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information?
GLBA
____ requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information.
GLBA
A US law that requires banks and financial institutions to alert customer of their policies and practices in disclosing customer information.
Gramm-Leach-Bliley Act (GLBA)
Social networking.
Grouping Individuals and organizations into clusters or groups based on their likes and interests is called.
Under____, healthcare enterprises must guard protected health information and implement policies and procedures to safeguard it, whether it be in paper or electronic format.
HIPAA
Attacker who attacks for ideological reasons that are generally not as well defined as a cyberterrorist's motivation.
Hactivists
What type of attack is a false warning, often contained in an email message claiming to come from the information technology (IT) department?
Hoaxes
How do attackers today make it difficult to distinguish an attack from legitimate traffic?
How do attackers today make it difficult to distinguish an attack from legitimate traffic?
Which of the following involves stealing another person's personal information, such as a Social Security number, and then using the information to impersonate the victim, generally for financial gain?
Identity theft
____ involves stealing another person's personal information, such as a Social Security number, and then using the information to impersonate the victim, generally for financial gain.
Identity theft
____ involves using someone's personal information, such as a Social Security number, to establish bank or credit card accounts that are then left unpaid, leaving the victim with the debts and ruining their credit rating.
Identity theft
What type of attacker is most likely to use information you have posted about yourself on a social networking site?
Identity thief
What term is frequently used to describe the tasks of securing information that is in a digital format?
Information Security
Employees, contractors, and business partners who can be responsible for an attack.
Insiders
Pharming
Instead of asking the user to visit a fraudulent web site, ______ atomically redirects the user of the fake site.
Security actions that ensure that the information is correct and no unauthorized person or malicious software has altered the data.
Integrity
Which of the following ensures that information is correct and no unauthorized person or malicious software has altered it?
Integrity
____ ensures that information is correct and no unauthorized person or malicious software has altered that data.
Integrity
Which document identifies individuals within the organization who are in positions of authority?
Organizational charts
____ identify individuals within the organization who are in positions of authority.
Organizational charts
True
Passwords are not considered a strong defense against attackers.
____ is sending an e-mail or displaying a Web announcement that falsely claims to be from a legitimate enterprise, in an attempt to trick the user into surrendering private information.
Phishing
____ may reveal the true level of security within the organization.
Policy manuals
Which of the following is described as an attacker who pretends to be from a legitimate research firm who asks for personal information?
Pretexting
____ means an attacker who pretends to be from a legitimate research firm asks for personal information.
Pretexting
A US law designed to fight corporate corruption.
Sarbanes-Oxley Act (Sarbox)
Individual who lacks advanced knowledge of computers and networks and so uses downloaded automated attack software to attack information systems.
Script Kiddies
____ are individuals who want to attack computers yet they lack the knowledge of computers and networks needed to do so.
Script kiddies
impersonation
Social engineering_____means to create a fictitious character and then play out the role of that person on a victim.
Social networking sites
The Web sites that facilitate linking individuals with common interests and function as an online community of users are called.
Fair and Accurate Credit Transactions act.
The ____ of 2003 contains rules regarding consumer privacy.
Password management tool.
The best approach to establishing strong security with passwords is to use a
True
The weakness of passwords centers on human memory
A type of action that has the potential to cause harm.
Threat
A person or element that has the power to carry out a threat.
Threat Agent
The means by which an attack could occur.
Threat Vector
Attack tools can initiate new attacks without any human participation, thus increasing the speed at which systems are attacked.
True
Financial cybercrime is often divided into two categories. The first category focuses on individuals and businesses.
True
The weakness of passwords centers on human memory.
True
Today, many attack tools are freely available and do not require any technical knowledge to use.
True
Virtually anyone could type in a person's username and pretend to be that person.
True
When creating passwords, the most important principle is that length is more important than complexity.
True
What is the best approach to establishing strong security with passwords?
Use technology for managing passwords
Change of address.
Using standard ______form, attackers can divert all mail to their post office so that the victims never see any charges mades.
True
Virtually anyone could type in person's username and pretend to be that person.
A flaw or weakness that allows a threat agent to bypass security.
Vulnerability
Identity theft.
____ Involves using someone's personal information, such as Social Security number, to establish bank credit card accounts that are then left unpaid, leaving the victims with the debts and ruining their credit rating.
Organizational Charts.
_____ Identify individuals within the organization who are in positions of authority.
Pretexting.
_____ Means an attacker who pretends to be from a legitimate research firm asks for personal information.
Phishing
_______is sending an e mail or displaying a Web announcement that falsely claims to be from a legitimate enterprise, in an attempt to trick the user into surrendering private information.
process that confirms a user's identity
authenication
trying to guess a password through combining a systematic combination of characters
bruce force attack
Using a standard ____ form, attackers can divert all mail to their post office box so that the victim never sees any charges made.
change-of-address
What can an attacker use to divert all mail to their post office box so that the victim is never aware that personal information has been stolen?
change-of-address form
A ____ is a numerical measurement used by lenders to assess a consumer's creditworthiness.
credit score
Which of the following is a numerical measurement used by lenders to assess a consumer's creditworthiness?
credit score
Targeted attacks against financial networks, unauthorized access to information, and the theft of personal information are sometimes known as ____________________.
cybercrime
The FBI defines ____ as any "premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against non-combatant targets by sub-national groups or clandestine agents."
cyberterrorism
What does the FBI define as any "premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against non-combatant targets by sub-national groups or clandestine agents?"
cyberterrorism
Terrorists who turn their attacks to the network and computer infrastructure to cause panic among citizens are known as ____.
cyberterrorists
Terrorists who turn their attacks to the network and computer infrastructure to cause panic among citizens are known as which of the following?
cyberterrorists
A ____ attack begins with the attacker creating digests of common dictionary words, and then comparing those in a stolen password file.
dictionary
What type of attack begins with the attacker creating digests of common dictionary words, and then comparing those in a stolen password file?
dictionary
Technically speaking, the process for creating a password digital representation is based on a hash algorithm, which creates a(n) ____________________.
digest
How often does FACTA grants consumers the right to request one free credit report from each of the three national credit-reporting firms?
every 12 months
In the past, the term ____ was commonly used to refer to a person who uses advanced computer skills to attack computers.
hacker
____ involves using someone's personal information, such as a Social Security number, to establish bank or credit card accounts that are then left unpaid, leaving the victim with the debts and ruining their credit rating.
identity theft
Social engineering ____ means to create a fictitious character and then play out the role of that person on a victim.
impersonation
Shoulder Surfing
information entered is observed by another person
The term ____ is frequently used to describe the tasks of securing information that is in a digital format.
information security
Security is ____ convenience.
inversely proportional to
Security ____ convenience.
is inversely proportional to
It is vital to have ____________________ security on all of the personal computers to defend against any attack that breaches the perimeter.
local
Whaling
one type of spear phishing
any secret combination of letters, numbers, and/or symbols that serves to validate or authenticate a user by what she knows
password
A ____ is a program that lets a user create and store multiple strong passwords in a single user database file that is protected by one strong master password.
password management application
What type of program lets a user create and store multiple strong passwords in a single user database file that is protected by one strong master password?
password management application
The best approach to establishing strong security with passwords is to use a ____.
password management tool
Information (contained on the devices) is protected by three layers: products, ____, and policies and procedures.
people
Instead of asking the user to visit a fraudulent Web site, ____ automatically redirects the user to the fake site.
pharming
With which type of social engineering attack are users asked to respond to an email or are directed to a website where they are requested to update personal information, such as passwords or credit card numbers?
phishing
Information contained on devices is protected by three layers: Two of the layers are products and policies and procedures. What is the third
products, people, & policy and procedures
Attackers today use common Internet ____ and applications to perform attacks, making it difficult to distinguish an attack from legitimate traffic.
protocols
information entered is observed by another person
shoulder surfing
Grouping individuals and organizations into clusters or groups based on their likes and interests is called ____.
social networking
What popular online activity involves grouping individuals and organizations into clusters or groups based on their likes and interests?
social networking
The Web sites that facilitate linking individuals with common interests and function as an online community of users are called ____.
social networking sites
means of gathering information for an attack by relying on the weaknesses of individuals
soical engineering
Whereas phishing involves sending millions of generic e-mail messages to users, ____ targets only specific users.
spear phishing
Whereas phishing involves sending millions of generic e-mail messages to users, which type of similar attack targets only specific users?
spear phishing
A computer ____ is a person who has been hired to break into a computer and steal information.
spy
Stolen wallets and purses contain personal information that can be used in identity theft. This is known as ____.
stealing
WUuAxB2aWBndTf7MfEtm is an example of this
strong passwords
once an authorized person opens the door then virtually any number of individuals can follow behind and also enter the building or area
tailgating
On average it takes ____ days for a victim to recover from an attack.
ten
Which phrase best describes security?
the goal to be free from danger as well as the process that achieves that freedom
A(n) ____ is a type of action that has the potential to cause harm.
threat
Which of the following is a type of action that has the potential to cause harm?
threat
A(n) ____ is a person or element that has the power to carry out a threat.
threat agent
the goal to be free from danger as well as the process that achieves that freedom
threat agent
Passwords are still considered a strong defense against attackers.
true
Which type of social engineering attack depends on the user incorrectly entering a URL?
typo squatting
Social engineering
use of a telephone call instead of email to contact a potential victim
Which of the following is a characteristic of a weak password?
used on multiple accounts
use of a telephone call instead of e-mail to contact a potential victim
vishing
A(n) ____ is a flaw or weakness that allows a threat agent to bypass security.
vulnerability
What is a flaw or weakness that allows a threat agent to bypass security?
vulnerability
one type of spear phishing
whaling