Cyber Security Midterm

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Please distinguish between vulnerability, threat, and control.

A threat is a potential to do harm. A vulnerability is a means by which a threat agent can cause harm. A control is a protective measure that prevents a threat agent from exercising a vulnerability.

____________________ ensures authorized users — persons or computer systems — can access (or use) information without interference or obstruction, and in the required format.

Availability

The investigation phase of the Security Systems Development Life cycle (SecSDLC) begins with a directive from upper management. (true or false)

True

Distinguish between vulnerability, threat, and control

Vulnerability- there is a flaw within the company that can be compromised by attackers Threat- attackers initiate an attack by making use of a company's vulnerability Control- a company maintains in power of their assets

List and describe the three ways of control.

Technical- passwords, firewalls, encryption Educational- people are the weakest link in information security Procedural- policies, contracts, regulations

____________________ is initiated by upper management with issue policy, procedures, and processes.

Top-down approach

Threats are always malicious

False

Threats are always targeted

False

Confidentiality ensures that only those with the rights and privileges to modify information are able to do so

False (integrity is correct)

Which group is the most likely target of a social engineering attack? a. Receptionists and administrative assistants b. Information security response team c. Internal auditors d. Independent contractors

a. receptionists and administrative assistants

The CEO of Kelly's company recently fell victim to an attack. The attackers sent the CEO an email informing him that his company was being sued and he needed to view a subpoena at a court website. When visiting the website, malicious code was downloaded onto the CEO's computer. What type of attack took place? 5 a. Spear phishing b. Pharming c. Adware d. Command injection

a. spear fishing

Of the following malware types, which one is MOST likely to monitor a user's computer? a. Trojan b. Spyware c. Ransomwares d. Adware

b. spyware

After Tom turned on his computer, he saw a message indicating that unless he made a payment, his hard drive would be formatted. What does this indicate? a. Armored virus b. Backdoor c. Ransomwares d. Trojan

c. ransomwares

Users in your organization have reported receiving a similar email from the same sender. The email included a link, but after recent training on emerging threats, all the users chose not to click the link. Security investigators determined the link was malicious and was designed to download ransomeware. Which of the following BEST describes the email? a. Phishing b. Spam c. Spear phishing d. Vishing

c. spear fishing

What type of malicious software masquerades as legitimate software to entice the user to run it? a. Virus b. Worm c. Trojan horse d. Rootkit

c. trojan horse

Which of the following functions does information security perform for an organization? a. Protects the organization's ability to function. b. Enables the safe operation of applications implemented on the organization's IT systems. c. Protects the data the organization collects and uses. d. All of the above.

d. all of the above

You are reviewing security controls and their usefulness. You notice that account lockout policies are in place. Which of the following attacks will these policies thwart? (choose two) a. DNS poisoning b. Replay c. Buffer overflow d. Brute force e. Dictionary

d. brute force e. dictionary

Which term describes an action that can damage or compromise an asset? a. Risk b. Vulnerability c. Countermeasure d. Threat

d. threat

A phishing email is a fake or bogus email intended to trick the recipient into clicking on an embedded URL link or opening an email attachment. (true or false)

true

Attacks against confidentiality and privacy, data integrity, and availability of services are always malicious code can threaten businesses. (true or false)

true

Hypertext Transfer Protocol (HTTP) is the communications protocol between web browsers and websites with data in clear text. (true or false)

true

Unlike viruses, worms do NOT require a host program in order to survive and replicate. (true or false)

true

A phishing attack "poisons" a domain name on a domain name server. (true or false)

false

A worm is a self-contained program that has to trick users into running it. (true or flase)

false

The main difference between a virus and a worm is that a virus does not need a host program to infect. (true or false)

false

Within the context of information security, ____________________ is the process of using interpersonal skills to convince people to reveal access credentials or other valuable information to the attacker.

social engineering

____________________ is a technique used to gain unauthorized access to computers, wherein the intruder sends messages to a computer that has an IP address that indicates that the messages are coming from a trusted host and not the actual source computer.

spoofing


Ensembles d'études connexes

WEEK 4 :: PYTHON CRASH COURSE :: STRING/LISTS/DICTIONARIES

View Set

PBS Activity 2.1.1 - Activity 2.1.3

View Set

Unit 6 - Renal - Unit 20 - Kidney Disorders and Therapeutic Management

View Set

DECA Business Management & Administration Career Cluster Exam: BLTDM

View Set

Multiple Choice Questions for Final Exam

View Set

Statistics Ch. 7 Clarifying the Concepts

View Set

Chapters 1-10 Practice Exam Questions Final

View Set