IST 110 Test 1

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

U.S. federally funded initiative chartered to work with the Internet community in detecting and resolving computer security incidents

Computer Emergency Response Team

At the __________ level, it is the employees' responsibility to protect the organization's reputation, data, and customers.

corporate

Internal attackers may have knowledge of security ______________________________, policies, and higher levels of administrative privileges.

countermeasures

income statements, balance sheets, and cash flow statements

financial data

Many countries have established cyber intelligence agencies to collaborate worldwide in combating major cyberattacks.

True

application materials, payroll, offer letters, employee agreements

personnel data

What name is given to an amateur hacker?

script kiddie

Big data poses both challenges and opportunities based on three dimensions: The ________or amount of data The ________ or speed of data The ________ or range of data ________ and sources

volume, velocity, variety, type

____________________ are usually grey hat hackers who attempt to discover exploits and report them to vendors, sometimes for prizes or rewards.

vulnerability brokers

Gray hat hackers are individuals who commit crimes and do arguably unethical things for personal gain.

False

An advanced persistent attack (APA) is a continuous computer hack that occurs under the radar against a specific object.

False, Advanced Persistent Attack

The Studnet attack targeted the Supervisory Control and Data Acquisition (SCADA) system used to control and monitor industrial processes

False, Stuxnet

According to the online content review (from netacad), the greatest motivation for most cyber criminals is political.

False, financial

In the U.S., the ______________________________________________________________________ created a framework for companies and organizations in need of cybersecurity professionals.

National Institute of Standards and Technologies

A ______________________ denial of service (TDoS) attack uses phone calls against a target telephone network tying up the system and preventing legitimate calls from getting through.

Telephony

With DNS spoofing the criminal introduces false data into a DNS resolver's _____________.

cache

Cyber criminals are hackers who are either self-employed or working for large _________________ organizations.

cybercrime

____________ is the ongoing effort to protect networked systems and data from unauthorized access.

cybersecurity

Next generation 911 call centers are vulnerable to ________ attacks that use many systems to __________ the resources of the target making the target unavailable to legitimate users.

distributed-denial-of-service (DDoS), flood

Companies such as Google, Facebook, and LinkedIn, could be considered to be data _____________ in our cyber world

domains

Pick four types of records that cyber criminals would be interested in stealing from organizations

education, employment, financial, medical

Another term for DNS Spoofing is DNS record poisoning

false, cache poisoning

The most common way to protect _______________ identity is to tie login ability to an authorized device.

federated

___________________ identity management refers to multiple enterprises that let their users use the same identification credentials gaining access to the networks of all enterprises in the group.

federated

The term _______________ described individuals with advanced programming skills. They used these programming skills to test the limits and capabilities of early systems. These early individuals were also involved in the development of early computer games.

hackers

_____________________ make political statements to create awareness to issues that are important to them.

hacktivists

The ISO 27000 series of standards have been specifically reserved by ISO for _______________ matters.

information security

Packet ______________interferes with an established network communication by constructing packets to appear as if they are part of a communication.

injection

patents, trademarks and new product plans

intellectual information

Cybersecurity specialists provide a necessary service to their organizations, countries, and societies, very much like ____ enforcement or __________responders.

law, emergency

Hijacking an authorized connection or denying an individual's ability to use certain network services is often referred to as "man in the ___________" attack by Cyber professionals.

middle

The term bring-your-own-device is used to describe _____________ devices such as iPhones, smartphones, tablets, and other devices.

mobile

In the U.S., the ___________________________________________ is responsible for intelligence collection and surveillance activities.

national security agency

White hat hackers may perform network __________________ tests in an attempt to compromise networks and systems by using their knowledge of computer security systems to discover network vulnerabilities.

penetration

On a __________ level, everyone needs to safeguard his or her identity, data, and computing devices.

personal

A cybersecurity specialist's career is also highly _____________. Jobs exist in almost every geographic location.

portable

The __________________________________________ National Database was developed to provide a publicly available database of all know vulnerabilities.

Common Vulnerabilities and Exposures (CVE)

Packet ______________ works by monitoring and recording all information coming across a network.

sniffing

At the __________ level, national security and the citizens' safety and well-being are at stake

state

Governments and industries are introducing more regulations and mandates that require better data protection and security controls to help guard big data.

True

Hacktivists may perform distributed denial of service (DDoS) attacks.

True

Some state-sponsored cyber criminals are members of their nations' armed forces.

True

specialized denial and deception operations and the collection of cybersecurity information

Collect and Operate

In __________ the U.S. Congress passed the USA Freedom Act ending the practice of collecting U.S. Citizens' phone records in bulk.

2015

highly specialized review and evaluation of incoming cybersecurity information to determine if it is useful for intelligence

Analyze

What is the term used to identify a unique arrangement of information used to identify an attacker's attempt to exploit a known vulnerability?

Attack signature

______ is the result of data sets that are large and complex, making traditional data processing applications inadequate.

Big data

This individual transferred $1 million to their bank account after recording victims account numbers and PINs

Black Hat

The ISACA group track law enacted related to cyber security. Examples of these laws include:

Cybersecurity Act, Federal Exchange Data Breach Notification Act, and the Data Accountability and Trust Act

Security organization that brings together a variety of computer security incident response teams from government, commercial, and educational organizations to foster cooperation and coordination

Forum of Incident Response and Security Teams (FIRST)

After Hacking into an ATM, this individual worked with the ATM manufactures to resolve vulnerabilities.

Gray Hat

Someone who compromises a network without permission and then discloses the vulnerability publicly.

Gray Hat

Maintains a list of common vulnerabilities and exposures used by prominent security organizations

Mitre Corporation

Cyber experts now have the technology to track the movement and behavior of people, animals and objects in real time.

True

An employee may facilitate outside attacks by connecting _____________ USB media into a corporate computer system.

Infected

Network security organization that hosts a security news portal, providing the latest breaking news pertaining to alerts, exploits, and vulnerabilities.

Information Systems Security (InfoSysSec)

Provide information security certifications including the Certified Information Systems Security Professional (CISSP)

International Information Systems Security Certification Consortium (ISC)2

The __________________________________ is the collection of technologies that enable the connection of various devices to the Internet.

Internet of Things

investigation of cyber events and/or cyber crimes involving IT resources

Investigate

One of the most infamous hacker groups goes by the name _____________________.

Legion of Doom

What is an example of an Internet data domain?

LinkedIn

Provides real-time network monitoring, early cyber threat warnings and advisories, vulnerability identification and mitigation and incident response.

MS-ISAC

providing the support, administration, and maintenance required to ensure IT system performance and security

Operate and Maintain

leadership, management, and direction to conduct cybersecurity work effectively

Oversight and Development

Cisco and Microsoft are examples of companies with certifications that test knowledge of their ________________.

Products

identification, analysis, and mitigation of threats to internal systems and networks

Protect and Defend

conceptualizing, designing, and building secure IT systems

Securely Provision

More than 1,200 award-winning, original research papers; also develops security courses

SysAdmin, Audit, Network, Security (SANS) Institute

An employee or contract partner can accidentally mishandle confidential data.

True

Next generation 911 call centers are vulnerable because they use ____________ systems rather than traditional landlines.

Voice-over-IP (VoIP)

This individual was contracted by a technology company to fix flaws with Web Services

White Hat

This individual was hired to identify vulnerabilities in computer systems at their company

White Hat

What type of an attack can disable a computer by forcing it to use memory or by overworking its CPU?

algorithm


Ensembles d'études connexes

cellular and molecular biology exam 4

View Set

Videbeck Chapter 10 - Grief and Loss

View Set