Module 1.

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

The major role of ______ is to confirm that a suer is who he or she claims to be. Confidentiality Availability Integrity Authenticity

Authenticity

______ is the assurance that the systems responsible for delivering, storing, and processing information are accessible when required by authorized users. Confidentiality Availability Integrity Authenticity

Availability

______ are individuals who use their extraordinary computing skills for illegal or malicious purposes. Hacktivist Black hats White hats Gray hats

Black hats

_____ is the assurance that the information is accessible only to those authorized to have access. Availability Confidentiality Integrity Authenticity

Confidentiality

______ is the assurance that the information is accessible only to those authorized to have access. Confidentiality Availability Authenticity Integrity

Confidentiality

______ are individuals with a wide range of skills, motivated by religious or political beliefs to create fear of large-scale disruption of computer networks. Script Kiddies Hacktivists Cyber Terrorists Black Hats

Cyber Terrorists

Which of the following attacks occur when attackers tamper with hardware or software prior to installation? Close-in attacks Passive attacks Insider attacks Distribution attacks

Distribution attacks

All hacking is done w malicious intent True False

False

An ethical hacker does not need to know the penalties of unauthorized hacking activities associated with a network pen test because the ethical hacker has permission to hack the network. True False

False

Effective management of information security is not an ongoing process; updates should be made periodically. True False

False

Ethical hacking is not necessary because organizations can counter attacks from malicious hackers through other means that assist in anticipating methods used by them to break into a system. True False

False

Incident management only involves responding to incidents. True False

False

Information is not the critical asset that organizations need to secure. True False

False

Information security relies on four major elements: confidentiality, integrity, availability, and authenticity. False True

False

Measures to maintain data availability do not include redundant systems' disk array and clustered machines, antivirus software to stop works from destroying networks, and DDoS prevention systems. True False

False

Script Kiddies are skilled hackers who compromise systems by running scripts, tools, and software developed by real hackers. True False

False

The basic security concepts critical to information on the internet are authentication, authorization, and non-repudiation; those related to the persons accessing information are confidentiality, integrity, and availability. True False

False

Today's information security management programs are primarily concerned with firewalls and passwords. True False

False

There are _______phases of hacking four five six three

Five

Which of the following is NOT a hacking phase? Gathering Reconnaissance Scanning Gaining access

Gathering

For attackers, motives are the same as: ideas values ethics goals

Goals

______ are the individuals who work both offensively and defensively at various times. Hacktivists Script Kiddies Gray Hats White Hats

Gray Hats

Which of the following is NOT a hacker category? Green hats Hacktivist Black hats White hats

Green hats

______ is he greatest asset to an organization. Policy Technology Information Personnel

Information

______ is the trustworthiness of data or resources in the prevention of improper and unauthorized changes--the assurance that information is sufficiently accurate for it's purpose. Confidentiality Availability Integrity Authenticity

Integrity

______ is a way to guarantee that the sender of a message cannot later deny having sent the message, and that the recipient cannot deny having received the message. Confidentiality Non-repudiation Integrity Authenticity

Non-repudiation

Which term is a category of cyber threat intelligence? Operational Adversarial Logical Kinetic

Operational

Which attack type typically involves the monitoring of data flow between systems w/out modifying the data? Distribution Passive Insider Close-in

Passive

____ is the part of malware or an exploit that performs the intended malicious actions, which can include creating backdoor access to a victim's machine, damaging or deleting files, and data theft. Payload Hack value Vulnerability Exploit

Payload

White Hats are also known as ______, who use their hacking for defensive purposes. Criminals Penetration Testers Hacktivists Script Kiddies

Penetration Testers

Identify the category of information warfare that uses various techniques such as propaganda and terror, to demoralize one's adversary in an attempt to succeed in battle. Economic warfare Hacker warfare Psychological warfare Electronic warfare

Psychological warfare

Information warfare is divided into _____ categories. four five six seven

Seven

Because attackers break into systems for various reasons, it is important for information security professionals to understand how malicious hackers exploit systems and the probably reasons behind the attacks. True Falst

True

Confidentiality controls include data classification, data encryption, and proper equipment disposal. True False

True

Controls suck as biometrics, smart cards, and digital certificates ensure the authenticity of data, transactions, communications, or documents. True False

True

Defense in Depth is a security strategy in which security professionals use several protection layers throughout an information system. True False

True

Defense in Depth uses the military principle that it is more difficult for an enemy to defeat a complex and multi-layered defense system than to penetrate a single barrier. True False

True

Defensive information warfare refers to all strategies and actions to defend against attacks on ICT assets. True False

True

Each category of information warfare consists of both offensive and defensive strategies. True False

True

Ethical hackers perform hacking with the permission of the network or system owner and without the intention to cause harm. True False

True

Ethical hacking highlights the remedial actions and also reduces information and communications technology (ICT) costs by resolving those vulnerabilities. True False

True

Hackers are intelligent individuals with excellent computer skills- with the ability to create and explore the computer's software and hardware. True False

True

Hacking is defined as the exploitation of vulnerabilities of computer systems and networks. True Falth

True

Hacktivists use hacking to increate awareness of their social or political agendas, as well as themselves, in both the online and offline arenas. True False

True

IA refers to the assurance of the integrity, availability, confidentiality, and authenticity of information and information systems during usage, processing, storage, and transmission of information assurance with the help of physical, technical, and administrative controls. True False

True

Individuals and organizations use digital signatures to ensure non-repudiation True False

True

Information Assurance and Information Risk Management (IRM) ensure that only authorized personnel access and use information. True False

True

Information security controls prevent unwanted events from occurring and reduce risk to the organization's information assets. True False

True

Information security is defined as a "state of well-being of information and infrastructure in which the possibility of theft, tampering, and disruption of information and services is kept low and tolerable. True False

True

Measures to maintain data integrity may include a checksum and access control. True False

True

Offensive information warfare refers to warfare against the assets of an opponent. True Flase

True

State-sponsored hackers are govt. agents who are tasked with trying to penetrate and gain top-secret information - and to damage information systems of other govts. True False

True

Suicide hackers are similar to suicide bombers, who sacrifice their life for an attack and are thus not concerned with the consequences of their actions. True False

True

The term information warfare of InfoWar refers to the use of information and communications technologies (ICT) for competitive advantages over an opponent. True False

True

Defense in Depth helps to prevent ______ against an information system and it's data because a break in one layer only leads to the attacker to gain access to a single system. indirect attacks direct attacks hacking attacks internal attacks

direct attacks

_________ techniques include creating viruses and worms, performing denial-of-service (Dos) attacks as well as establishing unauthorized remote access connections to a device using trojans/backdoors, creating botnets packet sniffing, phishing, and password cracking. intelligence-hacking server-hacking network-hacking personal-hacking

network-hacking

Information security refers to the _____ or ____ information and information systems that use, store, and transmit information from unauthorized access, disclosure, alteration, and destruction. compiling/securing imaging/shielding protecting/safeguarding duplicating/saving

protecting/safeguarding

A______ is a "document established by consensus and approved by a recognized body that provides, for a common and repeated use, rules, guidelines, or characteristics for activities or their results, aimed at the achievement of the optimum degree of order in a given context." law regulation data file standard

standard

The threat model consists of ____ major building blocks two four three one

three

A______ works together to perform a full-scale test covering all aspects of the network, as well as physical and system intrusion. tiger team recovery team blue team red team

tiger team

Security experts categorize computer crimes into _____ categories. four three two five

two

In a ____, the attacker exploits vulnerabilities in a computer application before the software developer can release a patch for them. vulnerability zero-day attack hack value payload

zero-data attack


Ensembles d'études connexes

Certification Exam | Chapters 7, 10, 13, 14 ,15

View Set

Chapter 18 Aseptic Techniques (SABURI)

View Set

Nur 236 chapters 31 and 32 muscle skeletal

View Set

Chapter 4 - Physical Development in Infants and Toddlers

View Set

Trigonometry Chapter 3~ Properties of Trigonometric Functions

View Set

AZ - 204 : Azure Developer Associate

View Set

j driving 5.9, j driving 5.11, jdriving mod 5, j driving 5.12, j driving 5.8, j driving 5.3, j driving 5.4, j driving 5.5, j driving 5.6, j driving 5.2, j driving 5.10, j driving 5.7

View Set