CSIA 105
the user's identity with his public key
A digital certificate associates ____________.
to verify the authenticity of the registration authorizer
Digital certificates can be used for each of the following except __________. A. to verify the authenticity of the Registration Authorizer B. to verify the identity of clients and servers on the Web C. to encrypt messages for secure e-mail communications D. to encrypt channels to provide secure communication between clients and servers
perfect forward secrecy
Public key systems that generate random public keys that are different for each session.
exploit kit
Script kiddies acquire which item below from other attackers to easily craft an attack:
script kiddies
Select below the term that is used to describe individuals who want to attack computers yet lack the knowledge of computers and networks needed to do so
risk loss
Which of these is NOT a basic security protection for information that cryptography can provide? a. risk loss b. integrity c. confidentiality d. authenticity
security technician
Which position below is considered an entry-level position for a person who has the necessary technical skills?
information security
Which term below is frequently used to describe the tasks of securing information that is in a digital format?
digest
a______is not decrypted but is only used for comparison purposes
certificate repository
a centralized directory of digital certificates is called
a smaller group of specific users
a watering hole attack is directed against
18
according to the US bureau of labor statistics, what percentage of growth is the available job outlook supposed to reach by the end of the decade
security and convenience are inversely proportional
adone is attempting to explain to his friend the relationship between security and convenience. which of the following statements would he use
HIPAA
healthcare enterprises are required to guard protected health information and implement policies and procedures whether it be in paper or electronic format
rsa
illya was asked to recommend the most secure asymmetric cryptographic algorithm to his supervisor. which of the following did he choose
certificate authority
in entity that issues digital certificates is a
all all of the above
in information security, what constitutes a loss?
distributed
in what kind of attack can attackers make use of hundreds of thousands of computers under their control in an attack against a single server or Network
tailgating
is following an authorized person through a secure door
intimidation
lykke receives a call while working at the help desk from someone who needs his account reset immediately when lykke questions the collar, he says if you don't reset my account immediately I will call your supervisor what psychological approach is the collar attention to use
online certificate status protocol
performs a real-time lookup of a digital certificate status
Non-repudiation
proving that a user sent an email message is known as
is the management of digital certificates
public key infrastructure
us Patriot act
purpose is to strengthen domestic security and broaden the powers of law enforcement agencies with regards to identifying and stopping terrorists
Gramm-Leach-Bliley Act
requires Banks and financial institutions to alert customers of their policies and practices in disclosing customer information
integrity
select below the information protection item that ensures that information is correct and that no unauthorized person or malicious software has altered that data
whaling
sends fishing messages only to wealthy individuals
obscurity
signe wants to improve the security of the small business where she serves as a security manager. she determines that the business needs to do a better job of not revealing the type of computer, operating system, software, and network connections they use. what security principle does signe want to use
Americans with disabilities
standards created to require accessibility of electronic media websites software applications, operating systems, video, etc.
in encrypt the key and the message
the hash message authentication code HMAC
authentication
the security protection item that ensures that the individual is who they claim to be the authentic or genuine person and not and an imposter is known as
digital certificate
the strongest technology that would assure Alice that Bob is the sender of the message is a
love bug
to date, the single most expensive malicious attack occurred in 2000, which cost an estimated 8.7 billion dollars. what was the name of the attack?
regulatory
what are industry-standard frameworks and reference architectures that are required by external agencies known as
difficulties: human error, contamination, not knowing policy, live operations
what are some key things people need to know about how to handle evidence related to different types of disputes civil, criminal, private? what makes this difficult at times
Indonesia
what country is now the number one source of attack traffic?
crypto service provider
what entity calls in crypto modules to perform cryptographic task
manager
what information security position reports to the ciso and supervises technicians, administrators, and security staff?
when two concurrent threads of execution access a shared resource simultaneously resulting in unintended consequences
what is a race condition
salt
what is a value that can be used to ensure that hashed plaintext will not consistent sleep result in the same digest
plain text
what is data called that is to be encrypted by inputting it into a cryptographic algorithm
brokers
what is the category of threat actors that sell their knowledge of vulnerabilities to other attackers or governments
command and control server
what is the name of the threat actors computer that gives instructions to an infected computer
bot herder
what is the term used for a threat actor who controls multiple bots in a botnet
identity theft
what type of theft involves stealing another person's personal information, such as a social security number, and then using the information to impersonate the victim, generally for financial gain?
Gramm-Leach-Bliley Act (GLBA)
which act requires Banks and financial institutions to alert their customers of their policies in disclosing customer information
extended validation
which did a digital certificate displays the name of the entity behind the website
cipher block chaining
which of the following block ciphers XO RS each block of plain text with the previous block of ciphertechs before being encrypted
confidentiality
which of the following ensures that only authorized parties can view protected information
information
which of the following is an Enterprise critical asset
a route kit is always the payload of a Trojan
which of the following is not a correct about a rootkit
variability
which of the following is not a method for strengthening a key
diffusion
which of the following is not a primary trait of malware
greater sophistication of defense tools
which of the following is not a reason why it is difficult to defend against today's attacks
purposes
which of the following is not a successive layer in which information security is achieved
security is a war that must be won at all cost
which of the following is not true regarding security
Diffe Helman
which of the following key exchanges uses the same keys each time
confidentiality
which of the three protections ensures that only authorized parties can view information
send spam email to moa's inbox on Tuesday.
which of these could not be defined as a logic bomb
hardware security module
which of these has an on-board key generator and key storage facility, as well as accelerated symmetric and asymmetric encryption and can back up system material in encrypted form
spyware
which of these is a general term used for describing software that gathers information without the user's consent
TLS v 1.2
which of these is considered the strongest cryptographic transport protocol
collision should be rare
which of these is not a characteristic of a secure hash algorithm
advanced encryption standard
which of these is the strongest symmetric cryptographic algorithm
books
which of these items retrieved through the dumpster diving would not provide useful information
it is designed for use on larger scale
which statement is not true regarding hierarchical trust models
software keyloggers are generally easy to detect
which statement regarding a keylogger is not true
advanced persistent threat
which tool is most commonly associated with nation-state threat actors
bridge
which trust model has multiple cas one of which acts as a facilitator
virus
which type of malware requires a user to transport it from one computer to another
metamorphic
which type of mutation completely changes a virus from its original form by rewriting its own code whenever it is executed
they can cause significant disruption by destroying only a few targets
why do cyber terrorists Target power plants, air traffic control centers, and water systems
session keys
AR symmetric keys to encrypt and decrypt information exchanged during the session in to verify its integrity
0
Abram was asked to explain to one of his coworkers the xor cipher. he showed his co-worker in the example of adding two bits, 1 + 1. what is the result of the sum
ROT13 cipher
Alexi was given a key to a substitution cipher the key show that the entire alphabet was rotated 13 steps. what type of cipher is used
crypto malware
Astrid's computer screen suddenly says that all files are now locked until money is transferred to a specific account, at which time she will receive amen means to unlock the files what type of malware has infected her computer
it displays the attackers programming skills
Each of the following is the reason adware is scorned except __________..
RAT
Ebba received a message from one of her tech support employees. in violation of company policy, a user had downloaded a free program to receive weather reports, but the program had also installed malware on the computer that gave the thread actor unrestricted access to the computer. what type of malware had been downloaded
verify the receiver
Edgar wanted to use a digital signature which of the following benefits will the digital signature not provide
extinguish risk
Gunner is creating a document that explains risk response techniques which of the following would he not list and explain in his document
security administrator
Ian recently earned his security certification and has been offered a promotion to a position that requires him to analyze and design security solutions as well as identifying users knees. which of these generally recognized security positions has in been offered
Alice's public key
If Bob wants to send a secure message to Alice using an asymmetric cryptographic algorithm, which key does he use to encrypt the message?
blocking ransomware
Linneafather called her to say that a message suddenly appeared on his screen that says his software license has expired and he must immediately pay $500 to have it renewed before control of the computer will be returned to him. what type of flower is this
vulnerable business processes
Tatiana is discussing with her supervisor potential reasons why a recent attack was successful against one of their systems. which of the following configuration issues would not covered
in the directory structure of the file system
The areas of a file in which steganography can hide data include all of the following EXCEPT ___
it provides cryptographic services in hardware instead of software
What is a characteristic of the Trusted Platform Module (TPM)?
to spy on citizens
What is an objective of state-sponsored attackers?
SHA-3
What is the latest version of the Secure Hash Algorithm?
serial server
What kind of server connects a remote system through the Internet to local serial ports using TCP/IP?
Cybercriminals
What term is used to describe a loose network of attackers, identity thieves, and financial fraudsters?
Misconfiguration
alyona has been asked by her supervisor to give a presentation regarding reasons why security attacks continue to be successful. she has decided to focus on the issue of widespread vulnerabilities. which of the following would a alyona not include in her presentation
confusion
alyosha was explaining to a friend the importance of protecting a cryptographic key from crypto analysis. he said that the key should not relate in a simple way to the ciphertext which protection is he describing
the children's online act
an act created to help protected children under the age of 13 from exploitation by governing the online collection of the child's personal information
diversity
an organization that practices purchasing products from different vendors is demonstrating which security principle
it would be a essentially impossible to keep its location a secret from everyone
at a staff meeting one of the technicians suggested that the Enterprise for tactics new web server by hiding it and not telling anyone where it is located why is security through obscurity a poor idea
through products, people, and procedures on the devices that store, manipulate, and transmit the information
complete this definition of information security. that which protects the integrity confidentiality and availability of information
computer security act
created 2 improve the security and privacy of sensitive information and to create acceptable security practices
Sarbanes-Oxley Act
created for corporate governance and financial practice
FERPA
created to protect the privacy of student records
payment-card industry act
defines minimum requirements for merchants and service providers to protect cardholder data