Security Chapter 1 Questions, IT 301 Chp 2, CIS133 - Chapter 1 Quiz

Attackers today use common Internet ____ and applications to perform attacks, making it difficult to distinguish an attack from legitimate traffic.

protocols

A(n) ____ is a type of action that has the potential to cause harm.

threat

FACTA grants consumers the right to request one free credit report from each of the three national credit-reporting firms every ____.

12 months

The average phishing site only exists for ____ days to prevent law enforcement agencies from tracking the attackers.

3.8

From January 2005 through July 2012, over ____ electronic data records in the United States were breached, exposing to attackers a range of personal electronic data, such as address, Social Security numbers, health records, and credit card numbers.

562 million

The ability that provides tracking of events.

Accounting

The steps to ensure that the individual is who he or she claims to be; the process of providing proof of genuineness.

Authentication

Using which Social engineering principle might an attacker impersonate a CEO of a company?

Authority

The act of providing permission or approval to technology resources.

Authorization

____ ensures that data is accessible when needed to authorized users.

Availability

Attacker who sells knowledge of a vulnerability to other attackers or governments.

Brokers

Individual who participates in a network of attackers, identity thieves, spammers, and financial fraudsters.

Cybercriminal

A premeditated, politically motivated attack against information, computer systems, computer programs, and data, which often results in violence.

Cyberterrorism

Attacker whose motivation may be defined as ideological, or attacking for the sake of principles or beliefs.

Cyberterrorist

Which technique might an attacker employ to find documents that may reveal the true level of security within an organization?

Dumpster diving

Automated attack package that can be used without an advanced knowledge of computers.

Exploit Kit

FACTA grants consumers free access to their credit score.

FALSE

The ____ of 2003 contains rules regarding consumer privacy.

Fair and Accurate Credit Transactions Act

What law contains rules regarding consumer privacy?

Fair and Accurate Credit Transactions Act

In a well-run information security program, attacks will never get through security perimeters and local defenses.

False

There is a straightforward and easy solution to securing computers.

False

In the last year, over 600,000 Apple Macs were infected with a malicious software called ____.

Flashback

____ requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information.

GLBA

A US law that requires banks and financial institutions to alert customer of their policies and practices in disclosing customer information.

Gramm-Leach-Bliley Act (GLBA)

Under____, healthcare enterprises must guard protected health information and implement policies and procedures to safeguard it, whether it be in paper or electronic format.

HIPAA

Attacker who attacks for ideological reasons that are generally not as well defined as a cyberterrorist's motivation.

Hactivists

What type of attack is a false warning, often contained in an email message claiming to come from the information technology (IT) department?

Hoaxes

____ involves stealing another person's personal information, such as a Social Security number, and then using the information to impersonate the victim, generally for financial gain.

Identity theft

What type of attacker is most likely to use information you have posted about yourself on a social networking site?

Identity thief

Employees, contractors, and business partners who can be responsible for an attack.

Insiders

Security actions that ensure that the information is correct and no unauthorized person or malicious software has altered the data.

Integrity

____ ensures that information is correct and no unauthorized person or malicious software has altered that data.

Integrity

Which document identifies individuals within the organization who are in positions of authority?

Organizational charts

Which of the following is described as an attacker who pretends to be from a legitimate research firm who asks for personal information?

Pretexting

A US law designed to fight corporate corruption.

Sarbanes-Oxley Act (Sarbox)

Individual who lacks advanced knowledge of computers and networks and so uses downloaded automated attack software to attack information systems.

Script Kiddies

____ are individuals who want to attack computers yet they lack the knowledge of computers and networks needed to do so.

Script kiddies

A type of action that has the potential to cause harm.

Threat

A person or element that has the power to carry out a threat.

Threat Agent

The means by which an attack could occur.

Threat Vector

Attack tools can initiate new attacks without any human participation, thus increasing the speed at which systems are attacked.

True

Financial cybercrime is often divided into two categories. The first category focuses on individuals and businesses.

True

The weakness of passwords centers on human memory.

True

Today, many attack tools are freely available and do not require any technical knowledge to use.

True

When creating passwords, the most important principle is that length is more important than complexity.

True

What is the best approach to establishing strong security with passwords?

Use technology for managing passwords

A flaw or weakness that allows a threat agent to bypass security.

Vulnerability

process that confirms a user's identity

authenication

trying to guess a password through combining a systematic combination of characters

bruce force attack

What can an attacker use to divert all mail to their post office box so that the victim is never aware that personal information has been stolen?

change-of-address form

A ____ is a numerical measurement used by lenders to assess a consumer's creditworthiness.

credit score

Which of the following is a numerical measurement used by lenders to assess a consumer's creditworthiness?

credit score

The FBI defines ____ as any "premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against non-combatant targets by sub-national groups or clandestine agents."

cyberterrorism

Terrorists who turn their attacks to the network and computer infrastructure to cause panic among citizens are known as ____.

cyberterrorists

What type of attack begins with the attacker creating digests of common dictionary words, and then comparing those in a stolen password file?

dictionary

Technically speaking, the process for creating a password digital representation is based on a hash algorithm, which creates a(n) ____________________.

digest

How often does FACTA grants consumers the right to request one free credit report from each of the three national credit-reporting firms?

every 12 months

In the past, the term ____ was commonly used to refer to a person who uses advanced computer skills to attack computers.

hacker

____ involves using someone's personal information, such as a Social Security number, to establish bank or credit card accounts that are then left unpaid, leaving the victim with the debts and ruining their credit rating.

identity theft

Social engineering ____ means to create a fictitious character and then play out the role of that person on a victim.

impersonation

The term ____ is frequently used to describe the tasks of securing information that is in a digital format.

information security

Security ____ convenience.

is inversely proportional to

any secret combination of letters, numbers, and/or symbols that serves to validate or authenticate a user by what she knows

password

A ____ is a program that lets a user create and store multiple strong passwords in a single user database file that is protected by one strong master password.

password management application

What type of program lets a user create and store multiple strong passwords in a single user database file that is protected by one strong master password?

password management application

The best approach to establishing strong security with passwords is to use a ____.

password management tool

Information (contained on the devices) is protected by three layers: products, ____, and policies and procedures.

people

Instead of asking the user to visit a fraudulent Web site, ____ automatically redirects the user to the fake site.

pharming

With which type of social engineering attack are users asked to respond to an email or are directed to a website where they are requested to update personal information, such as passwords or credit card numbers?

phishing

information entered is observed by another person

shoulder surfing

Grouping individuals and organizations into clusters or groups based on their likes and interests is called ____.

social networking

What popular online activity involves grouping individuals and organizations into clusters or groups based on their likes and interests?

social networking

The Web sites that facilitate linking individuals with common interests and function as an online community of users are called ____.

social networking sites

means of gathering information for an attack by relying on the weaknesses of individuals

soical engineering

Whereas phishing involves sending millions of generic e-mail messages to users, ____ targets only specific users.

spear phishing

Whereas phishing involves sending millions of generic e-mail messages to users, which type of similar attack targets only specific users?

spear phishing

WUuAxB2aWBndTf7MfEtm is an example of this

strong passwords

once an authorized person opens the door then virtually any number of individuals can follow behind and also enter the building or area

tailgating

On average it takes ____ days for a victim to recover from an attack.

ten

A(n) ____ is a person or element that has the power to carry out a threat.

threat agent

Passwords are still considered a strong defense against attackers.

true

Which type of social engineering attack depends on the user incorrectly entering a URL?

typo squatting

Which of the following is a characteristic of a weak password?

used on multiple accounts

use of a telephone call instead of e-mail to contact a potential victim

vishing

A(n) ____ is a flaw or weakness that allows a threat agent to bypass security.

vulnerability

one type of spear phishing

whaling

"____" involves breaking into a car's electronic system.

Car hacking

A computer ____ is a person who has been hired to break into a computer and steal information.

spy