ISIN 121 - Final Exam Study Guide
What are the three benefits of a digital signature?
- It can verify the sender to confirm their identity. - It prevents the sender from later denying their signature or disowning the message. - It proves the integrity of the message, confirming that it has not been altered in any way.
Because a wireless signal can only be transmitted for several hundred feet, multiple APs are used to provide "cells" or areas of coverage.
True
What is the best approach to establishing strong security with passwords?
Use technology for managing passwords
Removing the built-in limitations and protections on Google Android devices
rooting
Which of the following is a type of action that has the potential to cause harm?
threat
A new class of mobile technology consisting of devices that can be worn by the user instead of carried
wearable technology
Which type of malware exploits a vulnerability on one system and then immediately searches for another computer on the network that has the same vulnerability?
worm
List the two TCP/IP protocols used by earlier email systems to send and receive messages.
- SMTP (Simple Mail Transfer Protocol) - Outgoing mail - POP (Post Office Protocol) - Incoming mail
What are some of the characteristics of weak passwords?
- Short in length - Use common dictionary words - Use repeated characters or common sequences - Use personal information that can be linked back to you - No complexity (E.g., a mix of numbers, letters, symbols, uppercase, lowercase, etc.) - Easily memorized - Repeated on multiple accounts
What is Bluetooth's rate of transmission?
1 Mbps
Where are you most likely to find a PKES system?
An automobile
Which of the following is an attack that sends unsolicited messages to Bluetooth-enabled devices?
Bluejacking
How can cryptography protect confidentiality of information?
Cryptography can protect the confidentiality of information by safeguarding it and making sure that only authorized parties have access to the key needed to read it.
What serves as the network name identifier in a Wi-Fi network?
SSID
What do web servers use to track whether a user has previously visited a web site?
cookies
In the past, which term was commonly used to refer to a person who uses advanced computer skills to attack computers?
hacker
Which of the following is a place where steganography can hide data?
in the metadata of a file
The process of proving that a user performed an action
nonrepudiation
An asymmetric encryption key that does not have to be protected
public key
Text-based messages that include words such as Viagra or investments can easily be trapped by ____ filters that look for these words and block the email.
spam
Whereas phishing involves sending millions of generic e-mail messages to users, which type of similar attack targets only specific users?
spear phishing
Which term is best described as a person or element that has the power to carry out a threat?
threat agent
A worm is designed to enter a computer through the network and then take advantage of a vulnerability in an application or an operating system on the host computer.
true
Almost all viruses infect a system by inserting themselves into a computer file.
true
Redirecting a user to a fictitious website based on a misspelling of the URL
typo squatting
Which type of social engineering attack depends on the user incorrectly entering a URL?
typo squatting
What are the three types of malware that have the primary traits of circulation and/or infection?
viruses, Trojans, and worms
____ is searching for wireless signals from an automobile or on foot using a portable computing device.
war driving
A phishing attack that targets wealthy individuals
whaling
The ____ acts as the "base station" for the wireless devices, sending and receiving wireless signals between all devices as well as providing the "gateway" to the external Internet.
wireless router
A malicious program designed to enter a computer via a network
worm
What are some recommendations for defending against social networking attacks?
- Be careful what you post on social networks. If you don't want somebody to know something about you, then you probably shouldn't post it. - Don't click on any links or ads that look suspicious. - Confirm with the person in real-time before accepting their friend request - Adjust privacy settings to the most secure option in order to best protect your identity - Restrict people from adding to your "wall" or "timeline" that could possibly be revealing - Limit who can view certain aspects of your profile
What are general recommendations for creating passwords?
- Long character strings - Different password for each account - Not easily memorized - Mix of different characters including capital letters, lower-case letters, numbers, and symbols
List and briefly describe four ways you can better protect your privacy and security.
1. Do not keep confidential documents on you or in an unsecured location. Keep documents such as birth certificates, banking documents, etc. in a secure location like a safe in your home. 2. Use strong passwords on all accounts containing personal information. Strong passwords include: A. Long character stings. B. A mix of capital letters, lowercase letters, numbers, and symbols. C. Not using the same password for different accounts. D. Not using words like names or dates that are easily identified about you. 3. Be aware of what you are posting on social media. If you don't want somebody to know something about you or use it against you, it is probably in your best interest to keep it to yourself. 4. Encrypt any important/sensitive documents and data you think should be kept confidential (E.g. SSN, driver's license, bank account details, etc.).
List the three basic types of password manager.
1. Password generators 2. online vaults 3. password management application
List the features of password management applications. What are some of the recommendations for creating strong passwords?
1. Password generators: websites that generate passwords. Usually a long-complex string of letters, numbers, and symbols. 2. Online vaults: Also a website that retrieves passwords from a central repository 3. Password management application: An installed program that creates strong passwords for different accounts and stores them using one "master" password. - Long in length - Mix of different characters (letters, numbers, symbols) - Not easily memoizable - Different for each account
What are the two functions performed by digital certificates?
1. They can ensure the authenticity of the web server. 2. They can ensure the authenticity of the cryptographic connection to the web server.
List the four characteristics a hash algorithm should have if it is to be considered secure.
1. Uniqueness - No 2 different sets of data can produce the same digest. 2. Security - The hash should not be able to be reversed to decrypt the original plaintext. 3. Originality - There should be no desired or predefined hash for any set of data. 4. A Fixed Size - Every hash should be the same character length no matter the size of the data.
In the U.S., if a consumer finds a problem on her credit report, she must first send a letter to the credit-reporting agency. Under federal law, how many days does the agency have to investigate and respond to the alleged inaccuracy and issue a corrected report?
30
From January 2005 through July 2015, approximately how many electronic data records in the United States were breached, exposing to attackers a range of personal electronic data, such as address, Social Security numbers, health records, and credit card numbers?
853 million
How does a VPN work?
A VPN uses a public network that lacks security as if it were a private network. All data transmitted between the device and the network are encrypted so that the data is unreadable.
What are some of the similarities between biological and computer viruses?
A computer virus is, essentially, a biological virus that happens on a computer. It is malicious code that reproduces itself on the same computer, thus taking it over.
What is a first-party cookie?
A first-party cookie is a type of cookie that is created from the website a user is currently viewing
How does a hardware keylogger work?
A hardware keylogger is a USB device that is plugged in between a keyboard connection and a computer USB port. This device essentially records every keystroke and stores it for the attacker to view later. This can be done by physically removing the device or some can even wirelessly send over the data.
What is the difference between a security patch, a feature update, and a service pack?
A security patch is intended to repair a vulnerability, whereas a feature update provides new functionality to the software, but usually does not address any security features. A service pack is a package of both security patches and feature updates.
What is a split infection?
A split infection is a type of virus that divides its malicious code into multiple different parts, being randomly arranged at different positions within the code in order to make it harder to detect.
What are the differences between a standard USB flash drive and one protected with hardware encryption?
A standard USB flash drive can simply be plugged into any compatible device with a USB port by anyone and instantly gain access to all the data stored on it whereas one protected with hardware encryption will not connect to a computer when plugged in until the correct password that was set has been entered.
Which type of web browser enhancement can change browser menus or create additional toolbars?
Add-ons
Which of the following is NOT a privacy best practice?
Always carry your Social Security number with you
____ provides proof of the genuineness of the user.
Authentication
Using which Social engineering principle might an attacker impersonate a CEO of a company?
Authority
Which of the following ensures that data is accessible when needed to authorized users?
Availability
Which type of BlueTooth attack accesses unauthorized information from a wireless device through a Bluetooth connection, often between cell phones and laptop computers?
Bluesnarfing
There are two major types of wireless networks that are popular today among users. One of these networks is Wi-Fi; what is the other?
Bluetooth
What type of backup is performed continually without any intervention by the user?
Continuous backup
Which of the following is NOT a technology typically used by spyware?
Disk drive formatting software
Which technique might an attacker employ to find documents that may reveal the true level of security within an organization?
Dumpster diving
____ involves digging through trash receptacles to find information that can be useful in an attack.
Dumpster diving
With respect to the web, what is dynamic content?
Dynamic content is changeable content like moving images and customized information that basic HTML code cannot support.
Which of the following is NOT a factor that contributes to difficulties faced in defending against attacks?
Enhanced encryption algorithms
Which of the following expands the normal capabilities of a web broswer for a specific webpage?
Extensions
What law contains rules regarding consumer privacy?
Fair and Accurate Credit Transactions Act
Online data is collected for a number of activities, but not for online purchases.
False
Steganography can only utilize image files to hide data.
False
Wi-Fi networks operate in basically the same way as cellular telephony networks that are designed, installed, and maintained by the wireless telephone carriers.
False
Which law requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information?
GLBA
Under which law must healthcare enterprises guard protected health information and implement policies and procedures to safeguard it, whether it be in paper or electronic format?
HIPAA
What do Web authors use to combine text, graphic images, audio, video, and hyperlinks into a single document?
HTML
What standarizes sounds and video format so plug-ins like Flash are no longer needed?
HTML5
Which of the following is an advantage of hardware encryption over software encryption?
Hardware encryption is not subject to attacks like software encryption.
____ allow users to jump from one area on the Web to another with a click of the mouse button.
Hyperlinks
In the field of computer networking and wireless communications, what is the most widely known and influential organization?
IEEE
Using what email protocol can mail be organized into folders on the mail server and read from any device?
IMAP
Which of the following involves stealing another person's personal information, such as a Social Security number, and then using the information to impersonate the victim, generally for financial gain?
Identity theft
Which of the following involves using someone's personal information, such as a Social Security number, to fraudulently establish bank or credit card accounts?
Identity theft
Which of the following uses graphical images of text in order to circumvent text-based filters?
Image spam
Briefly describe how to configure WPA2 Personal to be used on a wireless network.
In the router's wireless configuration settings, find the WPA2 personal security option that is usually labeled WPA2-PSK [AES] and click the appropriate button to turn it on. Next, enter the PSK (preshared key) passphrase to authorize the configuration.
Which of the following ensures that information is correct and no unauthorized person or malicious software has altered it?
Integrity
What is important to disable unused features on a mobile device?
It is important to disable unused features on mobile devices for many reasons. Not only can it potentially save battery life on the device, but protect from possible attacks. Turn off location services to prevent an attacker from being able to track the location of the device. Turn off Bluetooth to prevent bluejacking and bluesnarfing.
____ is a complete programming language that can be used to create stand-alone applications.
Java
____ is a scripting language that does not create standalone applications.
JavaScript
A(n) ____ is also called a Flash cookie, named after Adobe Flash.
LSO
Which of the following is a legitimate responsibility of an organization regarding user private data?
Limit administrative access to personal information.
Which of the following is a general term that refers to a wide variety of damaging or annoying software programs?
Malware
____ is data that is used to describe the content or structure of the actual data in a file.
Metadata
What are some concerns for using a public Wi-Fi network in a coffee shop, airport, or school campus, for example?
Most of the time, public Wi-Fi networks are not configured using proper security. When this is the case, attackers can watch data transmissions to see what is being sent to and from devices connected to the public network.
Explain one way rootkits operate.
One way a rootkit operates is by replacing a system file with a modified version that disregards all antiviral features.
Which document identifies individuals within the organization who are in positions of authority?
Organizational charts
Describe phishing.
Phishing is a type of social engineering where the attacker sends an email to the victim that contains false announcements. This is an attempt to trick the victim into clicking malicious links or providing confidential information.
What is pretexting? Provide an example.
Pretexting is another word for social engineering where the attacker creates a scenario trying to persuade the victim to reveal confidential information. For example, one may persuade you to reveal information about your password using friendly communication tactics. We learned this in the "What is Your Password" video.
Which of the following is NOT true about privacy?
Privacy of any level that you desire is easily achievable today.
What is another name for asymmetric cryptography?
Public key cryptography
What is ransomware? Give an example.
Ransomware is a type of malware that prevents a device from properly functioning until the user pays a fee. An example of this can be a popup message that poses as a law enforcement agency intending to look valid. This usually states something like how the user has committed a crime on the device, thus forcing them to enter their credit card details and pay the "ransom." The message will not go away until the fee is paid.
What is remote code execution?
Remote code execution is when malware virtually executes any code or command remotely from one computer to another.
Which type of malware will hide or remove all traces of evidence that may reveal the malware, such as log entries?
Rootkit
Which term is best described as individuals who want to attack computers yet who lack the knowledge of computers and networks needed to do so?
Script kiddies
What are the security risks of cookies?
Security risks of cookies can include them being stolen and used against the user like impersonating them. They can also be used to track browsing patterns in order to try and scam the target by sending them ads for their interests based on these cookies.
Describe spam filtering settings often found on email clients.
Spam filtering traps text-based email messages while looking for specific words within the text to block the email automatically.
____ look for specific words and block email messages containing those words.
Spam filters
Describe the steps for a user named Mike to send a digitally signed message to a user named Sophie.
Step 1: User Mike writes a message for user Sophie, creating a digest. Step 2: User Mike encrypts his digest using a private key becoming his digital signature. Step 3: User Mike sends the message and digital signature to user Sophie Step 4: User Sophie receives them and proceeds to decrypt user Mike's digital signature using his public key. If the public key does not decrypt the digital signature, this indicates that the message was not actually sent by user Mike since only his public key is able to decrypt the digest he created using his private key. Step 5: User Sophie must then hash the message and compare it with the same algorithm user Mike used. If the hashes match, she will know that the integrity of user Mike's message is still valid
Why is symmetric encryption also called private key cryptography?
Symmetric encryption is also called private key cryptography because this form of encryption uses the same key to both encrypt and decrypt a document called a private key (Hence "private key cryptography"). It is important that this key is kept private because anyone who gets their hands on it may access all confidential encrypted documents.
HTTP is based on which larger set of standards for Internet communication?
TCP/IP
Briefly describe the first step in securing a Wi-Fi wireless broadband router.
The first step in securing a Wi-Fi router should always be to lock down the device by changing the router's default password. This can most commonly be done by typing the router's IP address into a browser to access its admin login and settings.
What are the primary traits that are used to classify malware?
The primary traits that are used to classify malware are infection, concealment, circulation, and payload.
What is the purpose of a URL expander?
The purpose of a URL expander is to allow the user to hover over a reduced URL in order to view the full format. This can be helpful by allowing the user to see if the URL is safe to visit.
What is the security advantage of turning on guest access?
The security advantage of turning on guest access is that it separates the devices connected to it from the devices connected to the main network.
Which of the following is NOT true regarding how individuals are concerned how their private data is being used?
Their personal information is no more at risk today than it was 10 years ago.
Why should you disable Bluetooth on smartphones and tablets?
To prevent bluejacking (sending unwanted messages to Bluetooth devices) and bluesnarfing (accessing unauthorized information through a Bluetooth connection) attacks.
Which of the following is a program advertised as performing one activity but actually does something else?
Trojan
Briefly describe Trojan horse malware and give an example.
Trojan horses are a type of malware that pretends to act as a functioning file but also performs a malicious action in the background. Trojans spread when the user transfers the file from one computer to another. An example of this could be installing a file from a legit-looking email through the use of social engineering. This file may look like an official document or process but can contain malicious code that, when executed, can compromise their system.
If the URL of a web site begins with https, the server is using a digital certificate to verify the existence and identity of the organization.
True
It is recommended that a copy of a data backup be stored at an off-site location.
True
Most Bluetooth devices have a range of only about 10 meters.
True
Most users actually receive only a small amount of spam in their local email inbox. The majority is blocked before it even reaches the user.
True
The Likes indicated by Facebook users can statistically reveal their sexual orientation, drug use, and political beliefs.
True
Unless remote management is essential, it is recommended that this feature be disabled with a wireless router.
True
When creating passwords, the most important principle is that length is more important than complexity.
True
Which of these is a characteristic of a secure hash algorithm?
Two different sets of data cannot produce the same digest
Describe typo squatting.
Typo squatting is a type of password attack where attackers take very common URLs such as google.com and use possibly common typo mistakes to create a URL that looks similar to the original site. They might use malware or try to persuade users to click on links within the fake website with the use of promising offers.
Briefly explain how IMAP works.
Unlike SMTP/POP, IMAP emails remain on the email server instead of being downloaded to the user's computer. These emails can also be moved to separate folders which can be accessed on any device with connection to the email server.
Which Windows feature provides information to users and obtains their approval before a program can make a change to the computer's settings?
User Account Control
The technical name for a Wi-Fi network
WLAN
Which Wi-Fi security protocol provides the optimum level of wireless security?
WPA2
A security setting that provides the optimum level of wireless security
WPA2 Personal
What is Wi-Fi Protected Setup (WPS)?
WPS is an optional type of wireless security that configures WPA2 through either a PIN or a physical button depending on the router's hardware.
Briefly explain how a biological virus works.
When a cell is infected by a "virus," it takes over the cell and makes copies of itself to infect an entire system of cells.
Which of the following is an optional means of configuring WPA2 Personal security using a PIN?
Wi-Fi Protected Setup (WPS)
Briefly describe Wi-Fi.
Wi-Fi is a wireless local area network technology that provides high-speed network connections to mobile devices like laptops, smartphones, tablets, etc. Wi-Fi replaces wired LAN connections for devices that use a wireless network access card.
The ____ is composed of Internet server computers on networks that provide online information in a specific format.
World Wide Web
Why should you clear the cache when the browser is closed?
You should clear the cache when the browser is closed because over time, the cache may fill up your hard drive storage, ultimately causing the browser to run slower. Clearing the cache can also add extra privacy protection by deleting stored content such as cookies from sites that you visited.
A more sophisticated device used in an office setting instead of a wireless router
access point
Some attackers might create a peer-to-peer network that connects a wireless device directly to another wireless device, such as the victim's laptop directly to the attacker's laptop. What is this type of network called?
ad hoc
A software program that delivers advertising content in a manner that is unexpected and unwanted by the user
adware
Procedures based on a mathematical formula used to encrypt and decrypt the data
algorithm
A(n) ____ infection is when the virus first attaches itself to the end of the infected file. It then inserts at the beginning of the file a "jump" instruction that points to the end of the file.
appender
When the malware payload allows an attacker to execute virtually any command on the victim's computer this is called ____ .
arbitrary code execution
Cryptography that uses two mathematically related keys
asymmetric cryptography
The steps that ensure that the individual is who he or she claims to be
authentication
A ____ that is installed on a computer allows the attacker to return at a later time and bypass security settings.
backdoor
What can an attacker use that gives them access to a computer program or service that circumvents normal security protections?
backdoor
An attack that sends unsolicited messages to Bluetooth-enabled devices
bluejacking
An attack that accesses unauthorized information from a wireless device through a Bluetooth connection
bluesnarfing
An attacker who controls a botnet
bot herder
A logical computer network of zombies under the control of an attacker
botnet
A password attack in which every possible combination of letters, numbers, and characters is used to match passwords in a stolen password file
brute force attack
How do attackers today make it difficult to distinguish an attack from legitimate traffic?
by using common Internet protocols
Unencrypted data
cleartext
Which virus detection method creates a virtual environment that simulates the central processing unit (CPU) and memory of the computer?
code emulation
Which of the following is a numerical measurement used by lenders to assess a consumer's creditworthiness?
credit score
What does the FBI define as any "premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against non-combatant targets by sub-national groups or clandestine agents?"
cyberterrorism
Terrorists who turn their attacks to the network and computer infrastructure to cause panic among citizens are known as which of the following?
cyberterrorists
A digital signature can provide which of the following benefits?
data integrity
Botnets can flood a Web server with thousands of requests and overwhelm it to the point that it cannot respond to legitimate requests. What is this called?
denying services
What type of attack begins with the attacker creating digests of common dictionary words, and then comparing those in a stolen password file?
dictionary
A password attack that compares common dictionary words against those in a stolen password file.
dictionary attack
The unique digital fingerprint created by a one-way hash algorithm
digest
What is it called when unsuspecting users visit an infected website and their browsers download code that targets a vulnerability in the user's browser?
drive-by-download
What is contained within the body of an email message as a shortcut to a website?
embedded hyperlink
Changing the original text into a secret message using cryptography is known as ____ .
encryption
How often does FACTA grants consumers the right to request one free credit report from each of the three national credit-reporting firms?
every 12 months
An AP or another computer that is set up by an attacker designed to mimic the authorized Wi-Fi device
evil twin
An attacker sets up a look-alike Wi-Fi network, tempting unsuspecting users to connect with the attacker's Wi-Fi network instead. What is this called?
evil twin
Data backups only protect data against computer attacks.
false
Malware usually enters a computer system with the user's knowledge.
false
Passwords are still considered a strong defense against attackers.
false
Enhancements to the software to provide new or expanded functionality, but do not address security vulnerability
feature update
Hardware or software designed to limit the spread of malware
firewall
How is offline password cracking accomplished?
guessing
One password attack technique that is not used is online ____ in which the attacker attempts to enter the password by typing different variations at the password login prompt.
guessing
What type of attack is a false warning, often contained in an email message claiming to come from the information technology (IT) department?
hoaxes
What term is frequently used to describe the tasks of securing information that is in a digital format?
information security
Which attacker category might have the objective of retaliation against an employer?
insider
Security is ____ convenience.
inversely proportional to
What is it called if a user disables the built-in limitations on their Apple iOS device to provide additional functionality?
jailbreaking
A mathematical value entered into a cryptographic algorithm to produce encrypted data
key
A unique mathematical ____ is input into the encryption algorithm to lock down the data by creating the ciphertext.
key
What type of device is inserted between the computer keyboard connection and USB port for the purposes of stealing information?
keylogger
What type of spyware silently captures and stores each keystroke that a user types on the computer's keyboard?
keylogger
What security feature on a smartphone prevents the device from being used until a passcode is entered?
lock screen
Computer code that lies dormant until it is triggered by a specific logical event
logic bomb
What type of malware is typically added to a legitimate program but lies dormant until it is triggered by a specific event?
logic bomb
A(n) ____ is a series of instructions that can be grouped together as a single command.
macro
Which of the following can be described as a poisoned ad attack?
malvertising
Proving that a document was created by a particular user is referred to as which of the following?
nonrepudiation
How many keys are used in symmetric cryptography?
one
A secret combination of letters, numbers, and/or symbols that serves to authenticate a user by what he or she knows
password
What type of program lets a user create and store multiple strong passwords in a single user database file that is protected by one strong master password?
password management application
Which term can be described as a publicly released software security update intended to repair a vulnerability?
patch
Information contained on devices is protected by three layers: Two of the layers are products and policies and procedures. What is the third layer?
people
What is data called that is input into a cryptographic algorithm for the purpose of producing encrypted data?
plaintext
Using which Internet security best practice is information not saved by the browser, such as pages that are visited will not be recorded to history or the address bar?
private browsing
An asymmetric encryption key that must be protected
private key
What type of malware can, for example, locks up a user's computer and then display a message that purports to come from a law enforcement agency that states the user must pay a fine for illegal activity?
ransomware
Most email clients contain a ____ that allows the user to read an email message without actually opening it.
reading pane
Which of the following is NOT a protection for information that cryptography can provide?
redundancy
Which type of malware is a set of software tools used by an attacker to hide the actions or presence of other types of malicious software, such as Trojans, viruses, or worms?
rootkit
What can be used to run JavaScript in a restricted environment and limit what resources it can access?
sandboxing
What type of software update is a cumulative package of all patches and feature updates?
service pack
With arbitrary code execution, the ____ launches ("spawns") a command shell from which instructions can then be issued to the computer.
shellcode
Viewing information that is entered by another person
shoulder surfing
Downloading an app from an unofficial third-party website
sideloading
AV software on a computer must have its ____ files regularly updated by downloads from the Internet.
signature
A database of viruses that is used to identify an infected file
signature file
Grouping individuals and organizations into clusters based on an affiliation
social engineering
What popular online activity involves grouping individuals and organizations into clusters or groups based on their likes and interests?
social networking
What is the most secure option for the type of passcode that can be entered to access a mobile device?
strong alphanumeric password
Encryption that uses a single key to encrypt and decrypt a message
symmetric cryptography
Which phrase best describes security?
the goal to be free from danger as well as the process that achieves that freedom
A(n) ____ is a unique name used for identification.
username
What type of network uses an unsecured public network, such as the Internet, as if it were a secure private network?
virtual private network
A phishing attack in which the attacker calls the victim on the telephone
vishing
What is a flaw or weakness that allows a threat agent to bypass security?
vulnerability
Which type of malware self-replicates between computers (from one computer to another)?
worm
An infected computer that is under the remote control of an attacker
zombie
An infected robot computer is known as a ____ .
zombie