Midterm
The average phishing site only exists for _____ days to prevent law enforcement agencies from tracking the attackers.
3.8
From January 2005 through July 2012, over ____ electronic data records in the United States were breached, exposing to attackers a range of personal electronic data, such as address, Social Security numbers, health records, and credit card numbers.
562 million
_____ ensures that data is accessible when needed to authorized users.
Availability
____ attacks are often the means by which an attacker will perform an arbitrary code execution.
Buffer overflow
In a well-run information security program, attacks will never get through security perimeters and local defenses.
False
Passwords are still considered a strong defense against attackers.
False
Protecting your personal computer has become a serious challenge unless you are an computer user.
False
There is a straightforward and easy solution to securing computers.
False
In the last year, over 600,000 Apple Macs were infected with a malicious software called _____.
Flashback
Under ____, healthcare enterprises must guard protected health information and implement policies and procedures to safeguard it, whether it be in paper or electronic format.
HIPAA
_____ involves stealing another person's personal information, such as a Social Security number, and then using the information to impersonate the victim, generally for financial gain.
Identity theft
_____ involves using someone's personal information, such as a Social Security number, to establish bank or credit card accounts that are then left unpaid, leaving the victim with the debts and ruining their credit rating.
Identity theft
___ ensures that information is correct and no unauthorized person or malicious software has altered that data.
Integrity
_____ is a general term that refers to a wide variety of damaging or annoying software programs.
Malware
_____ identify individuals within the organization who are in positions of authority.
Organizational charts
A security _____ is a general software security update intended to cover vulnerabilities that have been discovered since the program was released.
Patch
_____ is sending an email or displaying a Web announcement that falsely claims to be from a legitimate enterprise, in an attempt to trick the user into surrendering private information.
Phishing
_____ may reveal the true level of security within the organization.
Policy manuals
____ means an attacker who pretends to be from a legitimate research firm asks for personal information.
Pretexting
_____ is software that displays a fictitious warning to the user in the attempt to "scare" the user into an action, such as purchasing additional software online to fix a problem that in fact does not exist.
Scareware
_____ infection injects portions of the code throughout the program's executable code instead of only at the end of the file (any overwritten original code is transferred and stored inside the virus code for proper execution of the host program after the infection).
Swiss cheese
A computer _____ is a program advertised as performing one activity but actually does something else.
Trojan
Attack tools can initiate new attacks without any human participation, thus increasing the speed at which systems are attacked.
True
Financial cybercrime is often divided into two categories. The first category focuses on individuals and businesses.
True
To address the vulnerabilities in operating systems that are uncovered after the software has been released, software vendors usually deploy a software "fix" to address the vulnerabilities.
True
Today, many attack tools are freely available and do not require any technical knowledge to use.
True
Virtually anyone could type in a person's username and pretend to be that person.
True
When creating passwords, the most important principle is that length is more important than complexity.
True
Spyware usually performs one of the following functions on a user's computer: _____, collecting personal information, or changing computer configurations.
advertising
A ____ is created when hundreds, thousands, or even tens or thousands of zombie computers are manipulated under remote control.
botnet
Using a standard _____ form, attackers can divert all mail to their post office box so that the victim never sees any charges made.
change-of address
The FBI defines ____ as any "premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against non-combatant targets by sub-national groups or clandestine agents."
cyberterrorism
Terrorists who turn their attacks to the network and computer infrastructure to cause panic among citizens are known as ______.
cyberterrorists
One of the best defenses against attacks is to create ____ on a regular basis.
data backups
Botnets can flood a Web server with thousands or requests and overwhelm it to the point that it cannot respond to legitimate requests. This is know as _____.
denying services
A _____ attack begins with the attacker creating digests of common dictionary words, and then comparing those in a stolen password file.
dictionary
Social engineering _____ means to create a fictitious character and then play out the role of that person as a victim.
impersonation
The term ____ is frequently used to describe the tasks of securing information that is in a digital format.
information security
Security is ______ convenience.
inversely proportional
A ____ silently captures and stores each keystroke that a user types on the computer's keyboard.
keylogger
A _____ is a program that lets a user create and store multiple strong passwords in a single user database file that is protected by one strong master password.
password management application
The best approach to establishing strong security with passwords is to use a ____.
password management tool
Information (contained on the devices) is protected by three layers: products, _____, and policies and procedures.
people
Instead of asking the user to visit a fraudulent Web site, ______ automatically redirects the user to the fake site.
pharming
Attackers today use common Internet ____ and applications to perform attacks, making it difficult to distinguish an attack from legitimate traffic.
protocols
A ____ is a set of software tools used by an attacker to hide the actions or presence of other types of malicious software such as Trojans, viruses, or worms.
rootkit
AV software on a computer must have its ____ files regularly updated by downloads from the Internet.
signature
Grouping individuals and organizations into clusters or groups based on their likes and interests is called _____.
social networking
The Web sites that facilitate linking individuals with common interests and function as an online community of users are called ______.
social networking sites
Whereas phishing involves sending millions of generic email messages to users, _____ targets only specific users.
spear phishing
A computer ____ is a person who has been hired to break into a computer and steal information.
spy
A(n) ____ account is designed for everyday activities and allows for some setting to be modified.
standard.
On average it takes ____ days for a victim to recover from an attack.
ten
A(n) ____ is a type of action that has the potential to cause harm.
threat
A(n) ____ is a person or element that has the power to carry out a threat.
threat agent
The two types of malware that have the primary objective of infecting a computer system are ____.
viruses and worms
A(n) ____ is a flaw or weakness that allows a threat agent to bypass security.
vulnerability
A ____ is a program designed to take advantage of a vulnerability in an application or an operating system in order to enter a computer.
worm
A ______ self-replicates between computers (from one computer to another).
worm
An infected "robot" computer is known as a ____.
zombie