MISY 3310_ Ch 12 - Methods of Securing Information (ALA)
Personal software ( ) are typically included with the operating system and can be configured based on user preference.
firewalls or firewall
Select all that apply Before data security strategies are created, which questions must be answered?
Am I reducing the risk in the most cost-effective way? What is the risk I am reducing? Is this the highest priority security risk?
Select all that apply Tips to avoid falling victim to a social engineering attack includes which of the following?
Make sure to research the facts contained in an email message. Slow down and think about the scenario. Be mindful of web searches to make sure you are landing on legitimate sites.
Select all that apply There are multiple ways ransomware attacks can be launched. Which of the following are methods a ransomware attack can be launched?
Phishing Trojan Horse
Select all that apply Malware is designed to do which of the following?
Steal information Incapacitate networks and computers Destroy data
Unlike phishing which does not have a specific target and is designed to reach the maximum amount of people, ( ) phishing is a precise type of attack.
spear
According to National Institute for Standards , once a cybersecurity risk assessment has been conducted and the various questions in the risk assessment have been answered, an organization will be able to decide what to protect.
Technology or technology
A deliberate misuse of computers and networks via the Internet that uses malicious code to modify the normal operations of a computer or network is called a ( ).
cyberattack, cyber attack, or cybercrime
Select all that apply Social engineering hacks are designed to get a victim to divulge which of the following types of information?
Account information Passwords
Select all that apply Select what's true about spear phishing attacks.
Spear phishing attacks are designed to steal data and some attacks may also be designed to install malicious software on a device. Spear phishing is a type of email scam that is directed toward a specific person or organization.
One version of this type of malware encrypts a victims data until a payment is made. Another version threatens to make public a victim's personal data unless a payment is made. This type of malware is called ___>
Ransomware
TechJury compiled a list of cybersecurity statistics that show the impact of different malware and network attacks. Match the correct percentage to the correct statement.
What percentage of cyberattacks are aimed at small business? 43% What percentage of cyberattacks are launched with a phishing email? 91% What percentage of daily email attachments are harmful for their intended recipient? 85% What percentage of malicious attachments are masked as Microsoft Office files? 38%
Security risk can be calculated using the following calculation: Risk = Threat x Vulnerability x ( ).
asset
Select all that apply Select the true statements about state-sponsored cyberwarfare.
Attacks can be directly launched by a foreign government or by a group or individual who has been paid by to execute the attack Originate and are executed by foreign governments. Can be used to send warnings or to create conflict between countries.
Malware is short for ( ) software.
malicious or malicious software
Businesses need to take steps to protect computer systems, data, and information from ( ) disasters.
natural
Select all that apply According to the Federal Emergency Management Agency (FEMA), which of the following are steps businesses can take to help protect systems, data, and information from natural disasters?
Store data in different areas across the United States (geographic data redundancy) Create a business continuity plan Utilize off-site cloud storage
Specialized hardware or software that capture packets transmitted over a network are called packet ( )_.
sniffers
Select all that apply Mohammed is experiencing issues with his work computer. He speaks to the IT department and they identify various symptoms of a computer virus. Symptoms of a computer virus include:
Unexpected error messages Critical files may be automatically deleted The operating system may not launch properly
Select all that apply Which of the following statements about computer viruses are true?
Viruses can destroy programs or alter the operations of a computer or network. A computer virus is software that infects computers and is created using computer code.
A group of computers under the control of a hacker is referred to as a ( ).
botnet, botnets, or bot net
A crime in which a computer is the object of the crime or is used to commit a criminal offense is called _____.
cybercrime
A crime in which a computer is the object of the crime or is used to commit a criminal offense is called ( ).
cybercrime, cybercrimes, or cyber crime
Hardware or software used to keep a computer secure from outside threats such as hackers and viruses by allowing or blocking Internet traffic is called a ____.
firewall
A form of spyware that records all actions typed on a keyboard is called a ( )_ logger.
keystroke or key
Select all that apply One method organizations are using to deal with the increase in cybersecurity threats and the decrease in the effectiveness of traditional security means is through the use of behavior science in their data and network security policies. One of these methods is called UEBA. Select the true statements about UEBA.
UEBA uses a variety of different tactics to create a map of pattern behavior including machine learning, statistical analysis, and artificial intelligence (AI) UEBA stands for user and entity behavior analytics It is a type of cybersecurity that observes and records the conduct of computer and network users
Select all that apply According to the National Institute of Standards Technology (NIST), cybersecurity personnel can take steps to ensure data and systems are protected. The first thing an organization should conduct is a cybersecurity risk assessment. The cybersecurity risk assessment is concerned with answering which of the following questions?
What are the relevant threats and the threat sources to our organization? What are the internal and external vulnerabilities? What are our organization's most important information technology assets?
Developed by Cisco and used by firewalls, routers, and computers that are part of a network and are connected to the Internet, Network ( ) _ Translation provides a type of firewall protection by hiding internal IP addresses.
address or addresses
One method organizations are using to deal with the increase in cybersecurity threats and the decrease in the effectiveness of traditional security means is through the use of ( ) science in their data and network security policies.
behavior or behavioral
A _ hat hacker breaks into computer systems with the intent of causing damage or stealing data.
black
Cyberattacks that originate and are executed by foreign governments is called state-sponsored ( ). These attacks can be directly launched by a foreign government or by a group or individual who has been paid by to execute the attack.
cyberwarfare or cyber warfare
Activities where white-hat hackers are paid to hack into private networks and applications is referred to as ( ) testing.
penetration
The illegitimate use of an email message that appears to be from an established organization such as a bank, financial institution, or insurance company is referred to as ( ) . In order to appear legitimate, the message often contains the company's logo and identifying information.
phishing
Specialized hardware or software that capture packets transmitted over a network are called packet _____.
sniffers
Put the steps for how a virus infects a digital device in the correct order.
1. The virus arrives via email attachment, file downloaded, or by visiting a website that has been infected. 2. An action such as running or opening a file activates the virus. Once activated, the virus copies itself into files and other locations on your computer. 3. The infection spreads to the other computers via infected email, files, or contact with infected web sites. 4. The payload, the component of a virus that executes the malicious activity, hits the computer and other infected devices. These actions are repeated over and over, resulting in a full-blown virus attack. Due to the nature of our always connected world, it is very easy for viruses to spread.
Malware that encrypts a computer's data, forcing the victim to purchase a decryption code, is called ___ .
Ransomware
Select all that apply You are speaking with a friend about how to protect yourself from phishing scams. Your friend (who works in cybersecurity) gives you some advice about what to do if you receive a phishing message. Which of the following statements would be considered good advice?
Banks and credit card companies will never ask you to provide personal information via email messages. Contact US-CERT. If you receive a suspicious message, contact the institution that the message was allegedly sent from.
What type of hacker breaks into computer systems with the intent of causing damage or stealing data?
Black hat hackers
Select all that apply Select the true statements about keystroke loggers.
Can be hardware devices and software applications Software based keystroke loggers are often a Trojan that is installed without the user's knowledge Keystroke loggers can record passwords and confidential information
A denial-of-service (DDoS) attack takes place when a hacker gains unauthorized access and control of a network of computers that are connected to the Internet.
Distributed
A DDoS attack is when computers that have been infected by a virus act as "zombies" and work together to send out illegitimate messages creating huge volumes of network traffic. The acronym DDoS stands for ___ .
Distributed Denial of Service
Match each statement to the correct term related to DoS attacks.
Distributed Denial of Service (DDoS) Attack - When a hacker gains unauthorized access and control of a network of computers that are connected to the Internet. Bot - A hacker uses software to infect computers, including laptops, desktops, tablets, and Internet of Things (IoT) devices, turning each computer into a zombie Botnet - A group of computers under the control of a hacker.
Select all that apply Which of the following are examples of cyberattacks?
DoS attacks DDoS attacks Information theft
An attack on a network that is designed to interrupt or stop network traffic by flooding it with too many requests is called a ( )_ attack.
DoS, DOS, dos, or denial of service
Select all that apply Select what's true about how a Trojan infects a computer system.
Hackers use Trojans to create a backdoor into a user's system which allows them to spy on the computer's activities. Trojans are commonly used by hackers to gain access to systems and devices. Trojans are designed using some sort of social engineering tactic.
Select all that apply Select the true statements about packet sniffers.
Legitimate sniffers are used for routine examination and problem detection Unauthorized sniffers are used to steal information
The technology that provides a type of firewall protection by hiding internal IP addresses is called _____.
NAT
Select all that apply Select the true statements about ransomware attacks.
Ransomware attacks invade computers via Trojan Horse viruses, worms, or by a user opening a legitimate looking email. One of the most popular methods used in ransomware attacks is through phishing. Ransomware is malware that makes a computer's data inaccessible until a ransom is paid.
Select all that apply Rootkits are typically used to allow hackers to do which of the following
Remotely control the operations of a computer. Create a backdoor into a computer
Select all that apply White hat hackers use the same techniques and tools that are used by illegitimate hackers. These tools include which of the following?
Rootkits Social engineering Back door programs
Often accompanying downloaded music or apps, programs that appear to be legitimate, but executes an unwanted activity when activated is called a _____.
Trojan
A program that appears legitimate, but executes an unwanted activity when activated is called a ( ) horse virus.
Trojan, trojan, or trojans
As reported by Andrei Ene, Tiny Banker ( )(TBT) is one of the worst malware attacks in the last 10 years
trojan or Trojan
Sharing infected files and opening an infected email attachment are ways that a computer _ can infect a digital device.
virus
Computer experts that attempt to hack into a network to ensure that it is protected against intrusions are called ( _ )-hat hackers.
white
Many organizations hire computer experts who test the security measures of an organization's information systems to ensure they are protected against intrusions. These experts use a variety of techniques including hacking, penetration testing, and vulnerability testing. These types of experts are known as _____ hackers.
white-hat
Select all that apply Which of the following statements correctly describes phishing?
Phishing is the illegitimate use of an email message that appears to be from an established organization such as a bank. Phishing scams use legitimate looking email messages to con a user into giving up private information.
Select all that apply According to Norton, which of the following steps should be taken to defend against rootkits?
Don't ignore software updates Be aware of phishing emails Watch out for drive-by-downloads
A deliberate misuse of computers and networks, _____ use malicious code to modify the normal operations of a computer or network.
cyberattacks
Recently, TechJury compiled a list of cybersecurity statistics that show the impact of different malware and network attacks. What percentage of cyberattacks are aimed at small businesses?
43%
Select all that apply Select the reasons a government may choose to get involved in state-sponsored cyberwarfare.
Cyberwarfare is often difficult to trace and identify. Cyberwarfare can cause widespread damage to IT infrastructure. Cyberwarfare is relatively inexpensive when compared to traditional warfare.