CSIN 105 - Chapter 1
According to the U.S. Bureau of Labor Statistics, what percentage of growth is the available job outlook supposed to reach by the end of the decade?
18
A new class of attack that uses innovative attack tools to infect a system and then silently extracts data over an extended period.
Advanced Persistent Threat (APT)
In information security, an example of a threat agent can be ____. a force of nature such as a tornado that could destroy computer equipment a virus that attacks a computer network A person attempting to break into a secure computer network All of the above
All of the above
Standards created to require accessibility of electronic media (websites, software applications, operating systems, video, etc).
Americans with Disabilities Act, Section 508
The security protection item that ensures that the individual is who they claim to be (the authentic or genuine person) and not an imposter is known as?
Authentication
Security actions that ensure that data is accessible to authorized users.
Availability
Card-not-present fraud occurs when a thief uses stolen card information in an online purchase and does not actually have the card in hand.
Card-not-present fraud
Threat actors that launch attack against an opponents' system to steal classified information.
Competitors
Created to improve the security and privacy of sensitive information and to create acceptable security practices.
Computer Security Act
Security actions that ensure that only authorized parties can view the information.
Confidentiality
Which of the three protections ensures that only authorized parties can view information?
Confidentiality
What term is used to describe a loose network of attackers, identity thieves, and financial fraudsters?
Cybercriminals
The Domain Name System converts IP addresses to names and names to IP addresses.
DNS
Script kiddies acquire which item below from other attackers to easily craft an attack:
Exploit kit
Created to protect the privacy of student records.
FERPA
File Transfer Protocol is a clear text protocol used to transfer files between systems.
FTP
Requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information.
Gramm-Leach-Bliley
Health care enterprises are required to guard protected health information and implement policies and procedures whether it be in paper or electronic format.
HIPAA
Identity theft involves stealing another person's personal information, such as a Social Security number, and then using the information to impersonate the victim, generally for financial gain.
Identity theft
What type of theft involves stealing another person's personal information, such as a Social Security number, and then using the information to impersonate the victim, generally for financial gain?
Identity theft
What country is now the number one source of attack traffic?
Indonesia
Security actions that ensure that the information is correct and no unauthorized person or malicious software has altered the data.
Integrity
Select below the information protection item that ensures that information is correct and that no unauthorized person or malicious software has altered that data.
Integrity
To date, the single most expensive malicious attack occurred in 2000, which cost an estimated $8.7 billion. What was the name of this attack?
Love Bug
Threat actors that are moving from traditional organized criminal activities to more rewarding and less risky online attacks
Organized crime
The process of sifting through network traffic and finding relevant artifacts.
Packet Analysis
Defines minimum requirements for merchants and service providers to protect cardholder data.
Payment Card Industry Data Security Standard (PCI DSS, or PCI)
Uses internet control message protocol to check for connectivity between two systems
Ping
Secure shell is used to securely transfer files between two systems.
SSH
Created for corporate governance and financial practice.
Sarbanes-Oxley
Individual who lacks advanced knowledge of computers and networks and so uses downloaded automated attack software to attack information systems.
Script kiddies
Select below the term that is used to describe individuals who want to attack computers yet lack the knowledge of computers and networks needed to do so:
Script kiddies
What kind of server connects a remote system through the Internet to local serial ports using TCP/IP?
Serial server
TELNET is a clear text protocol that is used to remotely administer a machine.
TELNET
An act created to help protect children under the age of 13 from exploitation by governing the online collection of the child's personal information.
The Children's Online Privacy Protection Act (COPPA)
Purpose is to strengthen domestic security and broaden the powers of law-enforcement agencies with regards to identifying and stopping terrorists.
US Patriot Act
A situation in which an attacker manipulates commonplace actions that are routinely performed; also called business process compromise.
Vulnerable business processes
A response to risk that acknowledges the risk but takes no steps to address it.
accept
Security controls for developing and ensuring that policies and procedures are carried out; regulating the human factors of security.
administrative controls
In information security, what constitutes a loss? theft of information a delay in transmitting information that results in a financial penalty the loss of good will or a reputation all of the above
all of the above
Deficiencies in software due to poor design.
architecture/design weaknesses
An item that has value.
asset
Characteristic features of different groups of threat actors.
attributes
A response to risk that identifies the risk and the decision is made to not engage in the risk-provoking activity.
avoid
Having different groups responsible for regulating access to a system.
control diversity
The out-of-the-box security configuration settings.
default configurations
Creating multiple layers of security defenses through which an attacker must penetrate; also called layered security.
defense-in-depth
In what kind of attack can attackers make use of hundreds of thousands of computers under their control in an attack against a single server or network?
distributed
System for which vendors have dropped all support for security updates due to the system's age.
end-of-life systems
Creating counterfeit debit and credit cards is called existing-card fraud
existing-card fraud
The location outside an enterprise in which some threat actors perform.
external
An attribute of threat actors that can vary widely.
funding and resources
A group of threat actors that is strongly motivated by ideology.
hactivists
Software that does not properly trap an error condition and provides an attacker with underlying access to the system.
improper error handling
Software that allows the user to enter data but does not validate or filter user input to prevent a malicious action.
improper input handling
Account set up for a user that might provide more access than is necessary.
improperly configured accounts
Frameworks/architectures that are specific to a particular industry or market sector.
industry-specific frameworks
"Supporting structures" for implementing security; also called reference architectures.
industry-standard frameworks
Which term below is frequently used to describe the tasks of securing information that is in a digital format?
information security
Employees, contractors, and business partners who can be responsible for an attack.
insiders
The reasoning behind attacks made by threat actors.
intent and motivation
The location within an enterprise in which some threat actors perform.
internal
When the company that made a device provides no support for the device.
lack of vendor support
Creating multiple layers of security defenses through which an attacker must penetrate; also called defense-in-depth.
layered security
What information security position reports to the CISO and supervises technicians, administrators, and security staff?
manager
An incorrectly configured device.
misconfiguration
Addressing risks by making risks less serious.
mitigate
State-sponsored attackers employed by a government for launching computer attacks against foes.
nation state actors
some of the framework/architectures are domestic while others are world wide
national vs. international
A threat that has not been previously identified.
new threat
new-account fraud occurs when new card accounts are opened in the name of the victim without their knowledge.
new-account fraud
Information security frameworks/architectures that are not required.
non-regulatory
Freely available automated attack software.
open-source intelligence
A software occurrence when two concurrent threads of execution access a shared resource simultaneously, resulting in unintended consequences.
race condition
"Supporting structures" for implementing security; also called industry-standard frameworks.
reference architectures
Information security frameworks/architectures that are required by
regulatory
A situation in which a hardware device with limited resources (CPU, memory, file system storage, etc.) is exploited by an attacker who intentionally tries to consume more resources than intended.
resource exhaustion
A situation that involves exposure to danger.
risk
Different options available when dealing with risks.
risk response techniques
obscuring to the outside world what is on the inside makes attacks that much more difficult.
security by obscurity
Which position below is considered an entry-level position for a person who has the necessary technical skills?
security technician
Threat actors that have developed a high degree of complexity.
sophisticated
The widespread proliferation of devices across an enterprise.
system sprawl
A type of action that has the potential to cause harm.
threat
A person or element that has the power to carry out a threat.
threat actor
A response to risk that allows a third party to assume the responsibility of the risk.
transfer
Devices that are not formally identified or documented in an enterprise.
undocumented assets
Users with little or no instruction in making security decisions.
untrained users
Instructing employees as to the security reasons behind security restrictions.
user training
Using security products provided by different manufacturers.
vendor diversity
A flaw or weakness that allows a threat agent to bypass security.
vulnerability
Configuration options that provide limited security choices.
weak configuration
An attack in which there are no days of warning.
zero day