Cybersecurity - SSC 200 Final Exam Study Guide

An attack where the hacker employs multiple computers to flood a targeted system with so many requests that server cannot keep up with the demand A. Denial of Service Attack B. Distributed Denial of Service Attack C. Botnet D. SQL Server Attack

B. Distributed Denial of Service Attack

Spyware

A program that secretly records what a user does, so that cybercriminals can make use of this information. For example, spyware could capture credit card details.

Virus

A self-replicating program that attaches itself to clean file and spreads throughout a computer system, infecting files with malicious code.

Adware

Advertising software which can be used to spread malware.

Brexit is the name of a malicious computer worm developed by the US and Israel to slow the progress of Iran in their efforts to build a nuclear bomb True or False

False

Ransomware

Malware which locks down a user's files and data, with the threat of erasing it unless a ransom is paid.

Hacker Tools Practically all Cyber Security Specialists operate on Linux kernels.

Netsparker is one of the easy-to-use website hacking tools, capable of automatically finding SQL Injection, XSS, and other vulnerabilities in any web service. other tools include SaferVPN, Acunetix, Burp Suite, Ettercap.

Password security

Strong passwords will: Be at least 8 characters long. Use a combination of upper and lower case letters, symbols and numbers. Substituting letters for numbers (e.g. 3 for E or 1 for I) is however a well-known practice and should be avoided.

Health Belief Model & Cybersecurity

The HBM suggests that a person's belief in a personal threat of an illness or disease together with a person's belief in the effectiveness of the recommended health behavior or action will predict the likelihood the person will adopt the behavior.

Experimental Design

a method of research in the social sciences (such as sociology or psychology) in which a controlled experimental factor is subjected to special treatment for purposes of comparison with a factor kept constant

Hypotheses

a supposition or proposed explanation made on the basis of limited evidence as a starting point for further investigation.

Encryption

attempts to make information unreadable by anyone who is not explicitly authorized to view that data. People or devices can be authorized to access encrypted data in many ways, but typically this access is granted via passwords or decryption keys.

Spear Phishing

the fraudulent practice of sending emails ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information.

Forming a Backup Strategy: 4 Steps to Follow

#1 Determine what data has to be backed up. #2 Determine how often data has to be backed up. #3 Identify and implement a suitable backup and recovery solution. #4 Test and Monitor your backup system.

Cialdini's principles of social influence

1. reciprocity: It's for this reason of reciprocity that waiters provide mints with the bill, that workshop facilitators might provide cookies as they ask for feedback and that leaders might provide a team day out just before issuing the annual engagement survey. All of these actions basically say, "I've scratched your back, now you scratch mine". 2. Scarcity: The less of something there is, the more people tend to want it. This holds true for experiences as well as for material products. There's not really much more to say about this one. From a persuasion and influence perspective this means that to increase interest in your product or service, you may benefit from reducing its availability (or at least creating a sense of scarcity). 3. Authority: Individuals who are authoritative, credible and knowledgeable experts in their fields are more influential and persuasive than those who are not. Part of the reason for this is that authority and credibility are some of the core building blocks of trust. When we trust people we are more likely to follow them. 4. Commitment and consistency: People like to be consistent with their identity or sense of self image. In other words, if I'm a person who thinks of myself as a "healthy" person, then I'm more likely to undertake actions that I consider to be "healthy" From a persuasion and influence perspective, this means that if I can convince you to act in a minor way in relation to something, then you'll think of yourself as that type of person and be more likely to act in that way again in the future. You'll also be more likely to increase your actions in that direction, if I suggest that you do so. 5. Liking: It might seem totally obvious, but people are much more likely to be influenced and persuaded by those that they like, than those that they don't. Given human nature, people are much more likely to like people who pay them compliments and who cooperate with them, than those who don't. And, unfortunately, given positive evidence in relation to certain benefits of diversity, people are also much more likely to like people who are similar to them, than those who are not. 6. Consensus (social proof): Humans are social by nature and generally feel that it's important to conform to the norms of a social group. This means that when it comes to decision making, we often look around us to see what others are doing, before making our mind up.

Trojans

A type of malware that is disguised as legitimate software. Cybercriminals trick users into uploading Trojans onto their computer where they cause damage or collect data.

A number of Internet-connected computers or other devices that can be controlled by a hacker. A. Botnet B. Malware Network C. Zero Day Attack D. A worm

A. Botnet

A cyber attack where the hacker tries to trick you into giving them your private information via a text or SMS message A. Smishing B. Vishing C. Whaling D. Baiting

A. Smishing

In the classical conditioning explanation of cell phone addiction or attraction, the cell phone is the A. conditioned stimulus B. unconditioned response C. unconditioned stimulus D. previously conditioned stimulus E. conditioned response

A. conditioned stimulus

The practice of sending fraudulent emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers is called A. phishing B. pretexting C. vishing D. business email compromise E. whaling

A. phishing

A targeted cyber attack strategy designed to steal sensitive information such as account credentials or financial information from a specific victim. A. Phishing B. Spear Phishing C. Watering Hole Attack D. Ransomware

A. spear phishing

A hacking technique where the cyber criminal intercepts communications between two parties either to secretly eavesdrop or modify traffic traveling between the two. A. Decryption B. Man in the Middle Attack C. Shoulder Surfing D. Network Invading

B. Man in the Middle Attack

A telephone-based social engineering attack that targets help or call center agents. The social engineer poses as a speech-impaired customer or as a person calling on behalf of the speech-impaired customer. The goal of this method is to make the victims; in this case call center agents feel awkward or embarrassed and release the desired information A. Smishing Attack B. Mumble Attack C. Phishing Attack D. Vishing Attack

B. Mumble Attack

Malicious software that prevents or limits users from accessing their system,either by locking the system's screen or by locking the users' files until a payoff is paid to the hacker. A. Malware B. Ransomware C. Scareware D. Keylogging

B. Ransomware

Identify the principle from the Health Belief Model that best corresponds with the statement "7% of the individuals victimized by identify theft reported feeling suicidal." A. susceptibility B. severity C. cues to action D. self-efficacy E. barriers

B. severity

Identify the principle from the Health Belief Model that best corresponds with the statement "15 million consumers experienced identity theft in 2020." A. cues to action B. susceptibility C. severity D. social proof E. self-efficacy

B. susceptibility

Using the telephone in an attempt to scam the user into surrendering private information that will be used for identity theft is called A. phishing B. vishing C. pretexting D. phonetics E. smishing

B. vishing

Text files that contain small pieces of data — like a username and password —that are used to identify your computer as you use a computer network A. Baiting B. Smishing C. Cookies D. Malware

C Cookies

An attack in which an unauthorized user gains access to a system or network and remains there for an extended period of time without being detected. A. Zero Day Vulnerability B. SQL Injection Attack C. Advanced Persistent Threat D. Ransomware

C. Advanced Persistent Threat

The practice of testing a computer system, network or web application to find security vulnerabilities. A. Social Engineering B. Cybersecurity C. Penetration Testing D. Network Interdiction

C. Penetration Testing

A cybersecurity attack that relies on human error, rather than vulnerabilities in software and operating systems. A. SQL Injection Attack B. DDoS Attack C. Social Engineering D. Advanced Persistent Attack

C. Social Engineering

Malware that appears to be legitimate software. The malware hides within a computer system and allows a hacker to gain access to the information on that computer - sometimes by using a backdoor and other times by simply sending the stolen information back to the hacker A. Scareware B. Spyware C. Trojan Horse D. Denial of Service Attack

C. Trojan Horse

The statement females are less susceptible to phishing attacks than males is an example of A. a null hypothesis B. a research question C. an active directional hypothesis D. an active non-directional hypothesis

C. an active directional hypothesis

Dropping malware infected USB drives is an example of which type of exploit? A. spyware B. zero-day attack C. baiting D. botnet E. hijacking

C. baiting

Research shows that when we concentrate on one stimuli, we are less able to see other stimuli. This is called A. cognitive response B. peripheral processing C. inattentional blindness D. inoculation E. multitasking

C. inattentional blindness

Bob clinks 50% of the links he gets in his email. A researcher devises a machine that will administer shocks to people if they click on links in their email messages. After training on the new machine, Bob clicks on links about 75% of the time. This means shocking Bob A. neither reinforced or punished his link clicking behavior B. punished his clicking behavior C. reinforced his clicking behavior

C. reinforced his clicking behavior

Psychological manipulation of people into performing actions or divulging confidential information - also known as a con or fraud scheme is a definition of A. coercion B. persuasion C. social engineering D. computer crime

C. social engineering

The role of context in communication

Context is critical, because it tells you, the receiver, what importance to place on something, what assumptions to draw (or not) about what is being communicated, and most importantly, it puts meaning into the message.

Identify the principle from the Health Belief Model that best corresponds with the statement "maintaining a unique password for all of your accounts reduces the risk of identity theft by 50%." A. cues to action B. susceptibility C. barrier D. benefit E. severity

D. Benefit

Ivan Pavlov noticed his dogs salivated when he showed them meat. Pavlov paired the meat with the ringing of a bell. After a time, the dogs would salivate at the sound of a bell. The meat is the A. Conditioned Stimulus B. Unconditioned Response C. Previously Conditioned Stimulus D. Unconditioned Stimulus

D. Unconditioned Stimulus

A computer-software vulnerability that is unknown to, or unaddressed by, those who should be interested in mitigating the vulnerability. A new - previously unknown security flaw in software A. Stuxnet Vulnerability B. Infected Software Vulnerability C. New Breach Vulnerability D. Zero Day Vulnerability

D. zero day vulnerability

Ivan Pavlov noticed his dogs salivated when he showed them meat. Pavlov paired the meat with the ringing of a bell. After a time, the dogs would salivate at the sound of a bell. The bell is the A. conditioned response B. Unconditioned Stimulus C. operant conditioning D. Previously Conditioned Stimulus E. Conditioned Stimulus

E. Conditioned Stimulus

A type of malicious software designed to deny access to a computer system or data until they pay to have their access restored A. vishing B. keylogging software C. phishing D. malware E. ransomware

E. Ransomware

Identify the principle from the Health Belief Model that best corresponds with the statement "it is more difficult to remember unique passwords for all of your accounts than it is to rely on a single password." A. susceptibility B. severity C. benefits D. cues to action E. barriers

E. barriers

In the baiting study conducted by researchers at the University of Illinois, theyexamined the impact of labeling USB drives on end user susceptibility to attack.They found that labeling makes a great deal of difference in the chancessomeone will insert a found USB drive in a computer True or False

False

Researchers adapting the health belief model to use in the realm of cybersecurity is an example of intension. True/False

False

The term "exhaustive categories" means that an object being coded can fit into one category but not in a second category True/False

False

The term "mutually exclusive categories" means that every object being coded can fit into one of the categories. True or False

False

The term self-efficacy means that a person believes a solution will be an effective remedy for a problem True/False

False

The variable that is changed in the experiment is called the independent variable. True or False

False

How hackers influence victims

Hijack your usernames and passwords. Steal your money and open credit card and bank accounts in your name. Ruin your credit. Request new account Personal Identification Numbers (PINs) or additional credit cards. Victims have reported hacking affected their sleep and made them more prone to anxiety attacks. Over half of victims even reported physical pain, such as headaches and migraines, due to hackers breaching personal data. Even on the scale of corporate cyberattacks, hackers have been able to cause physical harm.

Commitment & Consistency as tools for influence

It describes the way in which people want their beliefs and behaviours to be consistent with their values and self-image.

Botnets

Networks of malware infected computers which cybercriminals use to perform tasks online without the user's permission

Why people are susceptible to phishing attacks after training

Tried-and-tested attack vectors like the 419 scam have been adapted over the years and hackers are using more innovative measures and psychology against us. This adds another layer of difficulty to detection.

A hacker sent out Chinese postmarked envelopes that included a confusing letter along with a compact disc (CD) to several government agencies. The point was to pique recipients' curiosity so that they would load the CD and thereby inadvertently infect their computers with malware. This is an example of baiting. True or False

True

All experiments have a control group. True or False

True

Cookies are text files with small pieces of data — like a username and password — that are used to identify your computer as you use a computer network. True/False

True

Cyber-mindful training moves people from peripheral processing to central processing or carelessness to mindfulness. True/False

True

In an experiment the variable manipulated by the experimenter is called the independent variable. True or False

True

In the classical conditioning explanation of cell phone addiction or attraction, once the cellphone is associated with dopamine production (feeling good), people become anxious even their phones are not available. True/False

True

One major difference in worm and a virus is that a worm can propagate and spread with out human assistance and viruses are dependent on people to help them spread. True or False

True

Operant conditioning suggests that people become conditioned to click on links because when they have clicked on links in the past their behavior was reinforced. True/False

True

Penetration testing is done by white hat hackers - not black hat hackers. True or False

True

Phishing messages are sent to multiple recipients but spear phishing messages are targeted at a specific victim. True or False

True

Research on fear appeals suggests people are only motivated to change their behavior if they feel efficacious. True/False

True

The outcome variable in an experiment is called the dependent variable. True or False

True

The research by Ellen Langer (Xerox Machine Study) suggests that the size of the request influences how people process information. True/False

True

The research by Ellen Langer (Xerox Machine Study) suggests that when people are making decisions they use heuristics like the word because so they do not have to carefully process the information. True/False

True

The term bounded rationality means that people behave in ways that are consistent with their goals but they are limited or restricted by the information they have and their ability to process that information. True/False

True

The term cognitive response refers to those thoughts we have when we are exposed to information or messages of others. True/False

True

The term punishment means decrease the rate, likelihood or probability of a target behavior occurring. True/False

True

The term rationality refers to people behaving in ways that are consistent with their goals. True/False

True

The term reinforcement means increase the rate, likelihood or probability of a target behavior occurring. True/False

True

The term self-efficacy means that a person believes they can be successful at performing a particular behavior True/False

True

There is evidence that our thoughts or cognitive responses may impact our attitudes more than the actual message that prompted the cognitive response. True/False

True

Using fear to motivate cyber-security behavior increases the risk of making people cyber-fatigued. True/False

True

When hackers spoof an email address, that means they are using a phony email address True or False

True

Why people are susceptible to online romance scams

Victims can be both men and women. Many times, the criminal targets older people and those who may be struggling in a relationship and/or are emotionally vulnerable. Though most criminals aim for vulnerable targets, affluent and well-educated individuals have also fallen victim to these type of scams. In general, these scams have the potential to affect everyone. Criminals do extensive research on potential victims, looking through social media and dating sites for posts divulging information about their lives and personalities. They are expert manipulators and use these open, personal posts against the victim, cultivating them over a long period of time. Victims feel there is a real connection, romantic interest, and become invested in the online relationship. The internet provides anonymity, allowing criminals unlimited time trolling for potential victims hoping someone will take the bait.

Explain the three components (Explanans, Explanandum, & boundary conditions) of a theory?

explanans = causeexplanandum = effectconditions under which the theory is applicable

Why might a hacker use a baiting attack instead of a phishing attack?

if a computer is air gapped, hackers's can't phish their way on the network so they use baiting.

Operational security

includes the processes and decisions for handling and protecting data assets. The permissions users have when accessing a network and the procedures that determine how and where data may be stored or shared all fall under this umbrella.

Meta-data

is "data that provides information about other data", but not the content of the data, such as the text of a message or the image itself. There are many distinct types of metadata, including: Descriptive metadata — the descriptive information about a resource. It is used for discovery and identification.

Social Exchange theory

is a concept based on the notion that a relationship between two people is created through a process of cost-benefit analysis. In other words, it's a metric designed to determine the effort poured in by an individual in a person-to-person relationship. The measurement of the pluses and minuses of a relationship may produce data that can determine if someone is putting too much effort into a relationship.

Self-disclosure

is a process of communication by which one person reveals information about themself to another. The information can be descriptive or evaluative, and can include thoughts, feelings, aspirations, goals, failures, successes, fears, and dreams, as well as one's likes, dislikes, and favorites.

Inoculation theory

is a social psychological/communication theory that explains how an attitude or belief can be protected against persuasion or influence in much the same way a body can be protected against disease-for example, through pre-exposure to weakened versions of a stronger, future threat.

Password managers

is a software application that is used to store and manage the passwords that a user has for various online accounts and security features. Password managers store the passwords in an encrypted format and provide secure access to all the password information with the help of a master password. There are many types of password managers, differing in the way they encrypt the information, type of storage and the additional features provided.

Dumpster diving

is a technique used to retrieve information that could be used to carry out an attack on a computer network.

Communication Accommodation Theory

is a theory of communication developed by Howard Giles. This theory concerns " the behavioral changes that people make to attune their communication to their partner, the extent to which people perceive their partner as appropriately attuning to them."

Man-in-the-middle attack

is a type of cyber threat where a cybercriminal intercepts communication between two individuals in order to steal data. For example, on an unsecure WiFi network, an attacker could intercept data being passed from the victim's device and the network.

SQL injection

is a type of cyber-attack used to take control of and steal data from a database. Cybercriminals exploit vulnerabilities in data-driven applications to insert malicious code into a databased via a malicious SQL statement. This gives them access to the sensitive information contained in the database.

Self Perception Theory

is an account of attitude formation developed by psychologist Daryl Bem. It asserts that people develop their attitudes by observing their own behavior and concluding what attitudes must have caused it.

Pretexting

is an attack in which the attacker creates a scenario to try and convince the victim to give up valuable information, such as a password.

Reconnaissance

is the practice of covertly discovering and collecting information about a system. This method is often used in ethical hacking or penetration testing.

Phishing

is when cybercriminals target victims with emails that appear to be from a legitimate company asking for sensitive information. Phishing attacks are often used to dupe people into handing over credit card data and other personal information.

Denial-of-service attack

is where cybercriminals prevent a computer system from fulfilling legitimate requests by overwhelming the networks and servers with traffic. This renders the system unusable, preventing an organization from carrying out vital functions.

Homophilly

literally "love of sameness," is a sociological theory that similar individuals will move toward each other and act in a similar manner. Coined in 1954 by social scientists Paul Lazarsfeld and Robert Merton, the idea of homophily has been expanded by evolving media technologies, enabling demographically or politically similar individuals to seek out news sources that agree with their preconceived views.

Operational definition

means defining the variable as it exists in the present study.

Norm of Reciprocity

requires that we repay in kind what another has done for us. It can be understood as the expectation that people will respond favorably to each other by returning benefits for benefits, and responding with either indifference or hostility to harms.

Content analysis

the extensive analysis of texts of various types including writing, images, variations of social media, recordings and cultural artifacts. Content analysis can include both qualitative and quantitative methodologies.

Immediacy

the quality of bringing one into direct and instant involvement with something, giving rise to a sense of urgency or excitement.

QR code scams

this type of scam has been more common in recent months, with con artists distributing QR codes on social networking platforms or using UPI's request functionality to send phoney payment requests with texts like 'Enter your UPI PIN to receive money.

Romance scams occur

when a criminal adopts a fake online identity to gain a victim's affection and trust. The scammer then uses the illusion of a romantic or close relationship to manipulate and/or steal from the victim.