ITF Certification Chapter 7 Quiz Review
Internet cache
A local storage area that holds the files saved by a web browser to decrease the time it takes to reload a web page
Bluesnarfing
A method in which attackers gain access to unauthorized information on a wireless device by using a Bluetooth connection within the 30-foot Bluetooth transmission limit
Bluejacking
A method used by attackers to send out unwanted Bluetooth signals from mobile phones and laptops to other Bluetooth-enabled devices
User authentication
A network security measure in which a computer user or some other network component proves its identity in order to gain access to network resources
Whaling
A form of phishing that targets individuals who are known to possess a good deal of wealth
White hat
A hacker who discovers and exposes security flaws in applications and operating systems so that manufacturers can fix them before they become widespread problems
Impersonation
A human-based attack where an attacker pretends to be someone he is not
Vishing
A human-based attack where the goal is to extract personal, financial, or confidential information from the victim by using services such as the telephone system and IP-based voice messaging services (Voice over Internet Protocol [VoIP]) as the communication medium
Shoulder Surfing
A human-based attack where the goal is to look over the shoulder of an individual as he or she enters password information or a PIN
Spoofing
A human-based or software-based attack where the goal is to pretend to be someone else for the purpose of identity concealment
Stealing attack
A password attack that involves sniffing network communications, reading handwritten password notes, or observing a user in the act of entering the password
Logic bomb
A piece of code that sits dormant on a target computer until it is triggered by a specific event, such as a specific date
Virus
A piece of code that spreads from one computer to another by attaching itself to other files
Worm
A piece of code that spreads from one computer to another on its own, not by attaching itself to another file
Attacker
A term that always represents a malicious system intruder
Cookie
A text file that is created by a website and placed on a computer's hard drive to store information that is used to identify users and, possibly, to prepare customized web pages for them; for secure web browsing, delete these
Standard user
Access to use most of the computing software on the computer; higher permission is required to uninstall or install software and hardware.
Extensions
Add additional features to the browser and become part of the browser application
Temporary cookies
Also refered to as session cookies, are stored on a computer only for the duration of the web session
Spim
An Internet messaging (IM)-based attack similar to spam that is propagated through IM instead of through email
Single Sign-On (SSO)
An access control property that you can use to provide users with one-time authentication to multiple resources, servers, or sites
Hijacked email
An account that has been accessed by an attacker and is being used by the attacker to send and receive emails
Digital certificate
An electronic document that provides for the secure exchange of information over a network; if not accepted, you probably won't get access to the file or service
Hoax
An email-based or web-based attack that is intended to trick the user into performing undesired actions, such as deleting important system files in an attempt to remove a virus
Spam
An email-based threat that presents various advertising materials, promotional content, or get-rich-quick schemes to users
Cracker
An individual who breaks encryption codes, defeats software copy protections, or specializes in breaking into systems
Trojan horse
An insidious type of malware that is itself a software attack and can pave the way for a number of other types of attacks; the user has to be fooled into executing it
Multi-factor authentication
Any authentication scheme that requires validation of two or more authentication factors
Personal identifying information (PII)
Any information that can be used to determine who a person is; This information includes a person's Social Security number, financial account information, or driver's license number
Password attack
Any type of attack in which the attacker attempts to obtain and make use of passwords illegitimately; it can show up in audit logs as repeatedly failed logons and then a successful logon, or it can show as several successful logon attempts at unusual times or locations
Malware
Any unwanted software that has the potential to damage a system, impede performance, or create a nuisance condition
Persistent cookies
Are saved on the hard drive and remain there even after the browsing session ends
Social engineering attacks
Attack that use deception and trickery to convince unsuspecting users to provide sensitive data or to violate security guidelines
Dictionary attack
Automates password guessing by comparing encrypted passwords against a predetermined list of possible password values
Rootkit
Code that is intended to take full or partial control of a system at the lowest levels
Administrator
Complete administrative access to a computer; the most powerful account on a computer that should be protected with a strong password
Plug-ins
Enable the browser to process specific types of content
Stateless packet filtering
Inspecting each packet individually
Dumpster diving
Jumping into a Dumpster or large recycling location in an attempt to obtain information they can use or sell
Guest
Limited computer access to individuals without a user account; disabled by default when you install the operating system
Ransomware
Malicious software that prevents you from using your computer
Stateful inspection
Monitoring of an entire session of Transmission Control Protocol (TCP), from handshake to teardown, or User Datagram Protocol (UDP), through requested and opened ports.
Hacker
Originally, a neutral term for a user who excelled at computer programming and computer system administration
Third-party cookies
Originate on, or are sent to, a website other than the one currently being viewed, such as an advertising or a marketing site
First-party cookies
Originate on, or are sent to, the website that is currently being viewed
Content filtering
Permit or block specified attachment and payload types, keywords, and file formats
Proxying
Placing the client session on hold while retrieving content on behalf of the client and caching the content for later use
Adware
Software that automatically displays or downloads advertisements when it is used
Authentication factors
Something you know, something you have, and something you are
Packet filtering
Stateless inspection of each packet against a predefined rule set
Spyware
Surreptitiously installed malicious software that is intended to track and report the usage of a target system, or to collect other data the author wishes to obtain
Authorization
The action taken as a result of verifying the claim of identity
Phishing
The attacker sends an email that seems to come from a respected bank or other financial institution; the email claims that the recipient needs to provide an account number, Social Security number, or other private information to the sender in order to verify an account
Brute force attack
The attacker uses password-cracking software to attempt every possible alphanumeric password combination
Identification
The claim of identity made by the user when entering a user name and password
Encryption
The process of converting data into a form that is not easily recognized or understood by anyone who is not authorized to access the data
Guessing attack
The simplest type of password attack; it involves an individual making repeated attempts to guess a password by entering different common password values, such as the user's name, a spouse's name, or a significant date
Authentication
The verification of the claim of identity
Internal, External, Natural, Man-made
These are areas that physical security threats can come from
Fire, hurricanes and tornadoes, flood, extreme temperature, and extreme humidity
Types of environmental threats and vulnerabilities
Firewalls
Use administrator-defined rules to inspect traffic flowing in and out of a device
Hybrid password attack
Utilizes multiple attack vectors including dictionary, brute-force, and other attack methodologies when trying to crack a password
Stateful packet filtering
Watching whole conversations between the device and some other node on the network
Ethical hacks
What white hat hackers do
Always
You should ________ change any default passwords to strong passwords to protect your computer and data
Timeouts and lockouts, software firewalls, anti-malware, disable Bluetooth and NFC, and encryption
__________ are device hardening techniques
Black hat
a hacker who discovers and exposes security vulnerabilities for financial gain or for some malicious purpose
