CSIN 105 - Chapter 1

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

According to the U.S. Bureau of Labor Statistics, what percentage of growth is the available job outlook supposed to reach by the end of the decade?

18

A new class of attack that uses innovative attack tools to infect a system and then silently extracts data over an extended period.

Advanced Persistent Threat (APT)

In information security, an example of a threat agent can be ____. a force of nature such as a tornado that could destroy computer equipment a virus that attacks a computer network A person attempting to break into a secure computer network All of the above

All of the above

Standards created to require accessibility of electronic media (websites, software applications, operating systems, video, etc).

Americans with Disabilities Act, Section 508

The security protection item that ensures that the individual is who they claim to be (the authentic or genuine person) and not an imposter is known as?

Authentication

Security actions that ensure that data is accessible to authorized users.

Availability

Card-not-present fraud occurs when a thief uses stolen card information in an online purchase and does not actually have the card in hand.

Card-not-present fraud

Threat actors that launch attack against an opponents' system to steal classified information.

Competitors

Created to improve the security and privacy of sensitive information and to create acceptable security practices.

Computer Security Act

Security actions that ensure that only authorized parties can view the information.

Confidentiality

Which of the three protections ensures that only authorized parties can view information?

Confidentiality

What term is used to describe a loose network of attackers, identity thieves, and financial fraudsters?

Cybercriminals

The Domain Name System converts IP addresses to names and names to IP addresses.

DNS

Script kiddies acquire which item below from other attackers to easily craft an attack:

Exploit kit

Created to protect the privacy of student records.

FERPA

File Transfer Protocol is a clear text protocol used to transfer files between systems.

FTP

Requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information.

Gramm-Leach-Bliley

Health care enterprises are required to guard protected health information and implement policies and procedures whether it be in paper or electronic format.

HIPAA

Identity theft involves stealing another person's personal information, such as a Social Security number, and then using the information to impersonate the victim, generally for financial gain.

Identity theft

What type of theft involves stealing another person's personal information, such as a Social Security number, and then using the information to impersonate the victim, generally for financial gain?

Identity theft

What country is now the number one source of attack traffic?

Indonesia

Security actions that ensure that the information is correct and no unauthorized person or malicious software has altered the data.

Integrity

Select below the information protection item that ensures that information is correct and that no unauthorized person or malicious software has altered that data.

Integrity

To date, the single most expensive malicious attack occurred in 2000, which cost an estimated $8.7 billion. What was the name of this attack?

Love Bug

Threat actors that are moving from traditional organized criminal activities to more rewarding and less risky online attacks

Organized crime

The process of sifting through network traffic and finding relevant artifacts.

Packet Analysis

Defines minimum requirements for merchants and service providers to protect cardholder data.

Payment Card Industry Data Security Standard (PCI DSS, or PCI)

Uses internet control message protocol to check for connectivity between two systems

Ping

Secure shell is used to securely transfer files between two systems.

SSH

Created for corporate governance and financial practice.

Sarbanes-Oxley

Individual who lacks advanced knowledge of computers and networks and so uses downloaded automated attack software to attack information systems.

Script kiddies

Select below the term that is used to describe individuals who want to attack computers yet lack the knowledge of computers and networks needed to do so:

Script kiddies

What kind of server connects a remote system through the Internet to local serial ports using TCP/IP?

Serial server

TELNET is a clear text protocol that is used to remotely administer a machine.

TELNET

An act created to help protect children under the age of 13 from exploitation by governing the online collection of the child's personal information.

The Children's Online Privacy Protection Act (COPPA)

Purpose is to strengthen domestic security and broaden the powers of law-enforcement agencies with regards to identifying and stopping terrorists.

US Patriot Act

A situation in which an attacker manipulates commonplace actions that are routinely performed; also called business process compromise.

Vulnerable business processes

A response to risk that acknowledges the risk but takes no steps to address it.

accept

Security controls for developing and ensuring that policies and procedures are carried out; regulating the human factors of security.

administrative controls

In information security, what constitutes a loss? theft of information a delay in transmitting information that results in a financial penalty the loss of good will or a reputation all of the above

all of the above

Deficiencies in software due to poor design.

architecture/design weaknesses

An item that has value.

asset

Characteristic features of different groups of threat actors.

attributes

A response to risk that identifies the risk and the decision is made to not engage in the risk-provoking activity.

avoid

Having different groups responsible for regulating access to a system.

control diversity

The out-of-the-box security configuration settings.

default configurations

Creating multiple layers of security defenses through which an attacker must penetrate; also called layered security.

defense-in-depth

In what kind of attack can attackers make use of hundreds of thousands of computers under their control in an attack against a single server or network?

distributed

System for which vendors have dropped all support for security updates due to the system's age.

end-of-life systems

Creating counterfeit debit and credit cards is called existing-card fraud

existing-card fraud

The location outside an enterprise in which some threat actors perform.

external

An attribute of threat actors that can vary widely.

funding and resources

A group of threat actors that is strongly motivated by ideology.

hactivists

Software that does not properly trap an error condition and provides an attacker with underlying access to the system.

improper error handling

Software that allows the user to enter data but does not validate or filter user input to prevent a malicious action.

improper input handling

Account set up for a user that might provide more access than is necessary.

improperly configured accounts

Frameworks/architectures that are specific to a particular industry or market sector.

industry-specific frameworks

"Supporting structures" for implementing security; also called reference architectures.

industry-standard frameworks

Which term below is frequently used to describe the tasks of securing information that is in a digital format?

information security

Employees, contractors, and business partners who can be responsible for an attack.

insiders

The reasoning behind attacks made by threat actors.

intent and motivation

The location within an enterprise in which some threat actors perform.

internal

When the company that made a device provides no support for the device.

lack of vendor support

Creating multiple layers of security defenses through which an attacker must penetrate; also called defense-in-depth.

layered security

What information security position reports to the CISO and supervises technicians, administrators, and security staff?

manager

An incorrectly configured device.

misconfiguration

Addressing risks by making risks less serious.

mitigate

State-sponsored attackers employed by a government for launching computer attacks against foes.

nation state actors

some of the framework/architectures are domestic while others are world wide

national vs. international

A threat that has not been previously identified.

new threat

new-account fraud occurs when new card accounts are opened in the name of the victim without their knowledge.

new-account fraud

Information security frameworks/architectures that are not required.

non-regulatory

Freely available automated attack software.

open-source intelligence

A software occurrence when two concurrent threads of execution access a shared resource simultaneously, resulting in unintended consequences.

race condition

"Supporting structures" for implementing security; also called industry-standard frameworks.

reference architectures

Information security frameworks/architectures that are required by

regulatory

A situation in which a hardware device with limited resources (CPU, memory, file system storage, etc.) is exploited by an attacker who intentionally tries to consume more resources than intended.

resource exhaustion

A situation that involves exposure to danger.

risk

Different options available when dealing with risks.

risk response techniques

obscuring to the outside world what is on the inside makes attacks that much more difficult.

security by obscurity

Which position below is considered an entry-level position for a person who has the necessary technical skills?

security technician

Threat actors that have developed a high degree of complexity.

sophisticated

The widespread proliferation of devices across an enterprise.

system sprawl

A type of action that has the potential to cause harm.

threat

A person or element that has the power to carry out a threat.

threat actor

A response to risk that allows a third party to assume the responsibility of the risk.

transfer

Devices that are not formally identified or documented in an enterprise.

undocumented assets

Users with little or no instruction in making security decisions.

untrained users

Instructing employees as to the security reasons behind security restrictions.

user training

Using security products provided by different manufacturers.

vendor diversity

A flaw or weakness that allows a threat agent to bypass security.

vulnerability

Configuration options that provide limited security choices.

weak configuration

An attack in which there are no days of warning.

zero day


Ensembles d'études connexes

Metamorphic Processes and products

View Set

Chapter 4: Formation of the Solar System (Textbook Notes)

View Set

Marketing Chapter 17 Test- 12/11/15

View Set

N 204 ch 12 Collaborative practice and care coordination accross settings (final)

View Set

prep u 140 infection and inflammation

View Set

Chemical Reactions and Reaction Stoichiometry

View Set

Chapter 6: Appendicular Skeletal System

View Set

Benjamin Franklin "Poor Richard's Almanac"

View Set