Unit 4, Module 11 (Network Security and Business Implications)
Which of the following describes a denial of service (DOS) attack? 1. An attacker floods the server with so many messages that the server cannot function properly. 2. Hackers break into a database and send false information to users. 3. A virus takes over the computer or system and prevents users from logging on.
1. An attacker floods the server with so many messages that the server cannot function properly. The DOS attack attempts to flood a server with so many incoming messages that the server is unable to handle.
There are two common approaches to promote redundancy. What are they?
1. Backups of the file system 2. Redundant storage, particularly RAID
Mary works for a large school district. Her responsibility is to monitor the site containing student attendance records. Mary has created an elaborate security system with unique identification numbers for each student. She has built in a number of security controls and is continually monitoring for unauthorized users. Each day, Mary takes two 10-minute breaks at exactly 10 a.m. and 3 p.m. Since she is gone such a short time she leaves whatever project she is working on up on on her computer screen for anyone to see. Which security goal is at risk? 1. Confidentiality 2. Integrity 3. Availability
1. Confidentiality Confidentiality is at risk because Mary is leaving the project up on her computer screen
What part of information assurance and security (IAS) requires that data be kept secure so that they are not accidentally provided to unauthorized individuals and cannot be obtained by unauthorized individuals? 1. Confidentiality 2. Integrity 3. Availability
1. Confidentiality Confidentiality requires that data be kept secure.
What prevents certain traffic from coming into and out of the network? 1. Firewalls 2. Anti-viral software 3. Encryption 4. Certificate authority
1. Firewalls Firewalls prevent certain traffic from coming into or out of the network.
Two types of threats arise when communicating secure information over the Internet when filling out a web form or sending information by e-mail. What are they?
1. First, Internet communications may be handled with regular text. If someone can intercept the messages, the unsecure information is open to read 2. Second, the sender must be assured that the recipient is who he or she claims to be, so they are authenticated.
Place the following steps followed in a strategic risk analysis in order > Prioritize risks > Develop and enact policies as necessary > Determine threats based on vulnerabilities > Identify information assets > Identify vulnerabilities of assets
1. Identify information assets 2. Identify vulnerabilities of assets 3. Determine threats based on vulnerabilities 4. Prioritize risks 5. Develop and enact policies as necessary
SQL injection is a method used for: 1. Inserting malicious commands into a system 2. updating a network 3. introducing new software
1. Inserting malicious commands into a system In a SQL injection, an attacker issues an SQL command to a web server. The web server might pass the SQL command onto the database, and the command could delete and change records.
Scenario #3: A Target employee is expecting word about her yearly holiday bonus. She receives an e-mail letting her know that before she can receive any bonus she must download a .pdf form which contains important information about the bonus. When she downloads the file a malware program is placed on her computer and begins to infect the company network. Which type of attack is described in the scenario above? 1. Phishing 2. Buffer overflow 3. SQL injection 4. Trojan horse Part 2: Describe mitigation strategies that can be used to prevent this type of attack.
1. Phishing Phishing involves e-mails to people to redirect them to a website to perform some operation. Part 2: (my response) --- Awareness (authentication) of who the sender is before opening or downloading any files. Acknowledgement between management and employees ahead of time, that public-key encryption will be used for any work related bonuses, possibly could have avoided the attack. (Explanation given by the module) --- The best way to help to reduce phishing attempts is to train employees to recognize fictitious e-mails, looking for grammar mistakes, typos and unusual URLs. It is also important to let them know that your company would never ask them for any personal information via e-mail.
In strategic risk analysis, which is the last step among the ones listed here? 1. Prioritize risks 2. Identify vulnerabilities 3. Determine threats 4. Identify information assets
1. Prioritize risks Prioritizing risks is the last step in strategic risk analysis among those listed here.
What will ensure proper storage so that data are available even when storage devices are damaged or offline? 1. Redundancy 2. Malware 3. Encryption
1. Redundancy Redundancy will ensure proper storage.
Label each of the examples below according to the type of security practice that they illustrate. Dana has recently hired several temporary employees to assist with data entry for updating paper patient records to digital patient records at a medical center. Although, through necessity, the temporary employees will need access to the patient database in order to add records, Dana creates a special user type for the temporary employees so that they can add records to the patient database, but cannot access, modify, or view patient records already stored in the database. 1. Role-based Access Control 2. Education 3. Authentication
1. Role-based Access Control By creating a type of user account that has limited access for the temporary employees, Dana is using role-based access control to protect her patient database.
There are various methods for encryption. (1)____________-_______ encryption uses the same key for performing the encryption and decryption. (2)________-_____ encryption, on the other hand, uses two keys, a public and private key.
1. Symmetric-key 2. Public-key
How does a wide area network (WAN) enhance the business ecosystem? Select two that apply. 1. Team members can review files on the shared drive synchronously. 2. The network provides greater security. 3. Employees in different locations can share software. 4. The network ensures privacy of customer information.
1. Team members can review files on the shared drive synchronously. 3. Employees in different locations can share software. Both of these enhance the business ecosystem.
What are the 3 different types of hackers?
1. White-hat 2. Black-hat 3. Grey-hat
A local area network (LAN) 1. allows hardware sharing within one office. 2. allows hardware sharing between two offices. 3. allows software sharing between two offices.
1. allows hardware sharing within one office. A LAN allows hardware and software sharing within one office.
For each statement about encryption, select the correct answer. Symmetric key encryption: 1. requires that both parties in the communication have the same key 2. requires only one person to have the encryption key 3. has a key that is public knowledge
1. requires that both parties in the communication have the same key Symmetric key encryption requires both parties in the communication have the same key.
Scenario #2: The computer memory set aside for accepting sales orders from Target's website is large enough for orders up to 9,999 units. However, an unscrupulous hacker wishing to crash the system enters a quantity of 999,999. Which type of attack is described in the scenario above? 1. Phishing 2. Buffer overflow 3. SQL injection 4. Trojan Horse Part 2: Describe mitigation strategies that can be used to prevent this type of attack.
2. Buffer overflow Buffer overflow will overflow a buffer with malicious code and perform operations by the attacker. Part 2: (my response) --- The website is large enough for orders up to 9,999 units, but there is no limit set. Setting a limit on the number of units would prevent a hacker from crashing the system by ordering a number larger than the memory is able to withstand at one time. (explanation given by the module) --- When developing software, the type of data being accepted as input needs to be tested to ensure it is of the type and size expected.
What is required to verify authenticity of the recipient? Select three that apply. 1. Anti-viral software 2. Certificates 3. Digital signatures 4. Encryption
2. Certificates 3. Digital signatures 4. Encryption All three of these will verify authenticity of the recipient. Encryption will indirectly verify authenticity of a private key exchange if the private key has not been compromised. Certificates can be used to verify digital signatures among other functions.
Label each of the examples below according to the type of security practice that they illustrate. Lynda, who leads a technical support team for a moderately sized corporation, reads a report on a forum about the increase in phishing scams related to the local lottery which currently has a large, unclaimed jackpot. As a preventative measure, Lynda sends a resource to company employees reminding them how to identify phishing scams and protect their personal information. 1. Role-based Access Control 2. Education 3. Authentication
2. Education Lynda is providing and educational resource to help inform employees and prevent social engineering threats.
Maria is staring intently at the computer screen in front of her, her mind racing. She types in a few lines of code and sits back to see what happens. Yes! It is just as she thought! She has discovered a way to circumvent the security system of her company and gain access to all records without anyone knowing. Maria can also see an easy fix to this security glitch and she is surprised it hadn't already been implemented. Maria will receive a hefty bonus for finding this hole in security. That's her job! While Maria is in there, however, she decides to copy some personal information from the files of upper management. You just never know when it might come in handy! What type of hacking is described in this scenario? 1. White-hat 2. Gray-hat 3. Black-hat
2. Gray-hat Maria is a white-hat hacker when she sees an easy fix to the security glitch, but she is a black-hat hacker when she decides to copy some personal files. Being both a white-hat and black-hat hacker makes her a grey-hat hacker.
Randy runs a small consulting firm and keeps all of his business contacts in a computer database. When Randy turns on his computer on Monday morning, he gets a weird error message. He calls in his IT specialist who determines their system has been infected with a virus. After hours of work, they think they have the customer database cleaned up, but occasionally, over the next few weeks, small errors still are being found. Which security goal is at risk? 1. Confidentiality 2. Integrity 3. Availability
2. Integrity Integrity is at risk because the virus could easily lead to corrupt data.
What part of information assurance and security (IAS) requires that data is correct, data gathering ensures the accuracy of the data, data must be entered into the system accurately, and data modification must be tracked. 1. Confidentiality 2. Integrity 3. Availability
2. Integrity Integrity requires data is correct.
What information is not public and will not be considered a threat to a person's privacy if others learned of it? 1. Public 2. Sensitive 3. Private 4. Confidential
2. Sensitive Sensitive information will not be considered a threat to a person's privacy.
Which of the following types of information present a threat to someone's privacy? 1. Secret business plans 2. Student ID and credit card numbers 3. Names and addresses in the phone book 4. Phone numbers and e-mail addresses
2. Student ID and credit card numbers Student IDs and credit card numbers are private information.
All of the following are true about access rights except: 1. They include files that the user can access. 2. They are part of the risk management plan. 3. They are part of the IT policy. (the text associated with this question is controversial with the answer that was given, so keep that in mind)
2. They are part of the risk management plan. Access rights are not a part of the risk management plan.
Which of the following will find vulnerabilities and fix or protect against them? 1. Social engineering 2. White-hat hacking 3. Packet sniffing 4. Phishing
2. White-hat hacking White hats use techniques of black hats in order to detect and test against vulnerabilities.
Buffer overflow, a technique used to attack computer systems is 1. an attempt to steal passwords 2. easily preventable 3. a type of phishing
2. easily preventable Software engineers can ensure that insertions into the buffer are limited to its size.
Learning about social engineering and how to protect passwords is an example of __________. 1. authentication 2. education 3. access control
2. education Users must be educated on how to protect passwords.
Which statement best completes the sentence: Black-hat hackers ______________ 1. hack for good purposes to find vulnerabilities and fix them. 2. hack with malicious intent to commit crime or terrorism. 3. hack both for good purposes and with malicious intent.
2. hack with malicious intent to commit crime or terrorism. Black-hat hackers hack with malicious intent.
Complete the sentence: Public key encryption uses __________. 1. one public key 2. one public key & one private key 3. two public keys 4. one private key
2. one public key & one private key Public key encryption uses one public key and one private key.
The practice of packet sniffing involves 1. identifying unauthorized users 2. stealing unencrypted information 3. keeping different data sets separated into packets for security purposes
2. stealing unencrypted information Packet sniffing will obtain passwords if the data being transmitted is sent without encryption.
For each statement about encryption, select the correct answer. The process of encryption involves: 1. providing unique passwords to all network users 2. transforming text into a scrambled, undecipherable message 3. installing firewalls on a network
2. transforming text into a scrambled, undecipherable message Encryption will convert plain text to scrambled encrypted information.
Label each of the examples below according to the type of security practice that they illustrate. Wes manages an online subscription service that gives users access to a variety of media to stream over their computer system. Based on data analysis of the service usage, Wes suspects that people in addition to the account holder are accessing accounts. Thus, he implements password policies into the subscription service that requires users to create stronger passwords and change them every 60 days. 1. Role-based Access Control 2. Education 3. Authentication
3. Authentication Password policies such as the ones that Wes has implemented makes it more difficult for unauthorized users to get into the system. However, password policies such as these will not prevent threats such as social engineering.
Label each of the examples below according to the type of security practice that they illustrate. Evan has recently purchased new laptops for employees at his company to take with them when they travel for business. Since confidential company information may need to be stored on the laptops for use while traveling, Evan installs a biometrics program that requires users to provide a fingerprint in order to login to the laptop. 1. Role-based Access Control 2. Education 3. Authentication
3. Authentication The Biometrics systems that Evan has implemented helps ensure that people logging in to company laptops are authorized employees of the company.
First City Bank is preparing to roll out a new online banking system for its customers. Installing the new hardware and software has taken longer than expected, but the manager is confident customers will be thrilled with the new service. On the day of the launch, a seemingly minor programming error causes the system to shutdown and reboot each time the clock reaches a new hour. It takes about ten minutes for it to be up and running again. Which security goal is at risk? 1. Confidentiality 2. Integrity 3. Availability
3. Availability Availability is at risk because the system will shut down each time the clock reaches a new hour.
When one user is accessing some data and others are shut out of accessing that data, this is a problem for? 1. Confidentiality 2. Integrity 3. Availability
3. Availability Availability requires that information is available when needed.
In strategic risk analysis, what is the first step? 1. Identify vulnerabilities 2. Determine threats 3. Identify information assets 4. Prioritize risks
3. Identify information assets Identifying information assets are the first step.
What type of information can present a threat if disclosed such as social security numbers? 1. Public 2. Sensitive 3. Private 4. Confidential
3. Private Social security numbers are private information and could be a threat to privacy.
Scenario #4: In order to access the corporate website, Target employees have to log-in with a username and password. However, unscrupulous hackers instead type in database commands in an effort to retrieve the company's password file. Which type of attack is described in the scenario above? 1. Phishing 2. Buffer overflow 3. SQL injection 4. Trojan horse Part 2: Describe mitigation strategies that can be used to prevent this type of attack.
3. SQL injection With a SQL injection, an attacker issues a SQL command to a web server as part of the URL or as input to a form on a company's website. Part 2: When developing database applications, the application needs to test and escape input data to ensure expected data and not SQL commands are being accepted as input.
Amazing Games is doing very well and they have customers around the world that want to buy their computer games. The sales force will need to collect the appropriate information from the customers and then share the information with others within the company. Which of the following DOES NOT describe how the network improves the process of the sales force at Amazing Games in this task? 1. The network provides one database that stores all customer information reducing redundancy. 2. The network allows any sales team member to access customer information. 3. The network prevents hackers accessing secure information. 4. The network provides up to date information on inventory and stock. Hint: The network supports vendor relationships as orders can be tracked and inventory levels made available to vendors.
3. The network prevents hackers accessing secure information. The network cannot prevent hacking
All of the following are true about biometrics except: 1. They can be a fingerprint. 2. They can be a voice identification match. 3. They can be a unique identifier like a social security number.
3. They can be a unique identifier like a social security number. Biometrics pertains to a personal physical characteristic such as a fingerprint.
Ensuring that data is accessible and information is available when needed is an example of 1. confidentiality. 2. integrity. 3. availability.
3. availability. Availability is ensuring that data is accessible and information is available when needed.
The requirement that data be kept secure so that they cannot be obtained by unauthorized users is an example of 1. availability. 2. integrity. 3. confidentiality.
3. confidentiality. Confidentiality puts measures in place to ensure sensitive data should not be accessible to unauthorized individuals.
For each statement about encryption, select the correct answer. A certificate authority: 1. provides permission to conduct online commerce 2. verifies that an organization's malware software is up-to-date 3. contains both the authentication proof and the encryption information needed to send secure information
3. contains both the authentication proof and the encryption information needed to send secure information
Entering data into the system accurately is an example of 1. availability. 2. confidentiality. 3. integrity.
3. integrity. Integrity will ensure accuracy of the data, and enter the data into the system accurately. Integrity in terms of the CIA triad is ensuring that data has not been tampered with. An example would be running a hash against an original file to verify that it is identical.
All of the following are authentication except 1. key card. 2. fingerprint. 3. phishing. 4. password.
3. phishing. Phishing is a suspicious e-mail asking for personal information.
In __________, roles are defined that include a list of access methods. 1. education 2. authentication 3. role-based access control
3. role-based access control In a role-based access control, specific roles will have specific access rights.
Access rights 1. may be provided by biometrics. 2. will prove who you are. 3. will include files that the user can access. 4. are a password to log in.
3. will include files that the user can access. Access rights will include files that the user can access and will not include files that the user should not access.
A business ecosystem consists of its 1. interacting and interconnecting divisions or departments and partners of the company. 2. retailers, manufacturers, and customers. 3. hardware, software, and human resources. 4. All of the above.
4. All of the above. A business consists of interacting and interconnecting, retailers, manufacturers, customers, hardware, software, and human resources.
A computer network supports a business's ecosystem by 1. improving efficiency. 2. reducing costs. 3. improving communication. 4. All of the above.
4. All of the above. A network supports a business by improving efficiency, reducing costs, and improving communication.
What is a method of obtaining a password when the data is sent over a network and the data is sent without encryption? 1. SQL injections 2. Buffer overflow 3. Phishing 4. Packet sniffing
4. Packet sniffing Packet sniffing is a means of obtaining a password if the data is sent without encryption.
There are many ways that the hackers could have gotten into the Target system and stolen the information. Read each of the possible scenarios of how the hackers potentially may have gotten into the Target system, and answer the questions that follow. Scenario #1: Wanting to listen to some motivational music while preparing the monthly board meeting report, Tom, a Target employee, downloads a music file from http://freemusic.com. Unbeknownst to him the music file actually contains malware to log the employee's keystrokes, thereby obtaining their employee username and password and access to secure information. Which type of attack is described in the scenario above? 1. Phishing 2. Buffer overflow 3. SQL injection 4. Trojan horse Part 2: Describe mitigation strategies that can be used to prevent this type of attack.
4. Trojan horse One type of virus is a Trojan Horse. This type of virus completely replaces an existing application and takes the name of the taken over file. The Trojan horse pretends to be one piece of software, but is in fact another. Part 2: (my response) --- Anti-viral software. Tom could have scanned the music file with anti-viral software to see if it had any malware related properties (explanation given by the module) --- An organization needs to have up-to-date virus and malware scanning system that might detect trojan horse or other virus software. Education and training on what is acceptable to download could help to eliminate the downloading of malware including a trojan horse.
Which of the following is not malware? 1. Viruses 2. Worms 3. Trojan horse 4. Unix
4. Unix Unix is an operating system.
Challenges of using a computer network as a framework for the business ecosystem include 1. cost, time to market, staying connected with customers. 2. cost, software updates, increased access to data. 3. need for specialized system, security breaches, communication with suppliers. 4. cost and security.
4. cost and security. Network security is a major concern among companies.
________-_________ software attempts to identify if a file contains a virus or, more generally, some form of malware. ___________ software can be run on demand, or you can set it up so that all incoming messages are scanned. Unfortunately, __________ software will not necessarily catch every piece of malware. As programmers become more ingenious in how to attack an unsuspecting user, __________ software must become more sophisticated. However, the __________ software always lags behind the innovations of the attackers. Furthermore, you must be diligent in updating your ___________ software often (new releases may come out daily or weekly). (All blanks are the same word)
Anti-viral
___________ hackers are individuals with malicious intent who violate security in order to commit crimes or acts of terrorism.
Black-hat
For each information asset listed below, indicate its security classification (Public, Sensitive, Private, or Confidential). Project plan for new IT rollout
Confidential The project plan for the new IT rollout is confidential information that the organization would prefer not to make public.
What does CIA stand for?
Confidentiality, Integrity, Availability
One final form of attack that is common today, particularly to websites, is the ________ _____ _________ attack. In the ________ ______ __________ attack, one or more attackers attempts to flood a server with so many incoming messages that the server is unable to handle legitimate business.
Denial of Service (DOS)
_____________ is the idea of obfuscating the information that resides on a computer or is sent over a network so that if it is intercepted the hacker will be unable to use the information. ____________ uses a mathematical algorithm for converting the plain-text information to the ____________ form. This algorithm requires two forms of input: the plain text and a key. The algorithm processes both and the resulting output is the _____________ information. (All blanks are the same word)
Encryption
Indicate whether each of the following statements are true or false. IT personnel need to avoid redundancy when setting up security.
False Information security will ensure CIA of information when it is stored, and redundancy will ensure proper storage.
___________ prevent certain types of messages from coming into or out of the network and anti-viral software seeks out malware. A ___________ can either be software or hardware (in the latter case, it is a dedicated server that runs ___________ software). The _________ software contains a list of rules that describe the types of messages that should either be permitted to make it through the __________ and to your computer, or those that should be blocked. (All blanks are the same word_
Firewalls
Two of the most common network security software are __________ and _______-_______ _________
Firewalls Anti-viral software
There are also __________ hackers who engage in both types of hacking activities.
Grey-hat
Intrusion and other forms of active attacks commonly revolve around first gaining unauthorized access into the computer system. This is also referred to as __________. __________is when an individual obtains unauthorized access to a host.
Hacking
What does IAS stand for?
Information Assurance and Security
What does IAS stand for?
Internet Authentication Service
____________ is the term given to "malicious" software. There are different types of ____________ , but usually this refers to two types: viruses or worms.
Malware
As mentioned previously, Amazing Games works with multiple contractors throughout the world. Indicate whether or not each of the following would be aspects of the network that would help to improve or facilitate the interaction between Amazing Games employees and their contractors. (Yes or No) Amazing Games LAN network can be used to share hardware among the employees in the PA office and the contractors. Hint: A local area network (LAN) allows employees in the same facility to share hardware and software.
No Networks can share hardware only within an office.
As mentioned previously, Amazing Games works with multiple contractors throughout the world. Indicate whether or not each of the following would be aspects of the network that would help to improve or facilitate the interaction between Amazing Games employees and their contractors. (Yes or No) Networks can be used to organize and analyze data. Hint: Networks connect computer systems providing local and remote access to hardware and software.
No Networks share files but cannot analyze data.
Indicate whether the following are likely examples of social engineering Margo is afraid she will forget her work login and password, so she keeps them on a sticky note in her top desk drawer. Is this an example of social engineering?
No This is a security risk, but it is through Margo's own poor choices, not influenced by anyone else.
Another means of obtaining a password is through ___________ _________. In reality, in addition to passwords, this allows you to obtain anything being sent over the network if the data being transmitted is sent without encryption.
Packet Sniffing
__________ is the process of targeting a specific individual, usually via email, under the guise of a reputable or trustworthy entity to reveal private or personal details such as usernames or password.
Phishing
___________ information is information that could be a threat if disclosed to others such as social security and credit card numbers, or health and education information. This information is often protected from disclosure by federal legislation.
Private
For each information asset listed below, indicate its security classification (Public, Sensitive, Private, or Confidential). Student ID number
Private The Student ID number is private information.
___________ information might include names and addresses (since this information is available through the phone book).
Public
For each information asset listed below, indicate its security classification (Public, Sensitive, Private, or Confidential). Online list of company Board of Directors
Public The online list of company Board of Directors is public information.
_____________ provides a means so that data are available even when storage devices are damaged or offline.
Redundancy
_____________ information might include e-mail addresses. Although this is not public information, it is information that will not be considered a threat to a person's privacy if others were to learn of it.
Sensitive
_________ _________ is a threat that targets users
Social engineering
What does SQL stand for when we talk about SQL injections?
Structured Query Language It is the standard language for relational database management systems
Eric, the CEO located in the North Carolina office, and Alison, the Chief Business Manager located in the Pennsylvania office, are working together to prepare the quarterly financial report for Amazing Games. The two have been working together on the report for about a week and it is close to being done. It is due in 24 hours, and Eric has a meeting with the board to present the report. What aspects of the network can facilitate the CEO and Business Manager completing the report?
The network can share files so that Eric and Alison can review files on the shared drive asynchronously or synchronously. The network allows Eric and Alison to work together on the report regardless of location.
One type of virus is a __________ __________: this type of virus completely replaces an existing application and takes the name of the taken over file. The ___________ ___________ pretends to be one piece of software but is, in fact, another. Imagine that you download an application that you think will be very useful to you. However, the software, while pretending to be that application, actually performs malicious operations on your file system.
Trojan Horse
Indicate whether each of the following statements are true or false. Anti-viral software should be updated frequently.
True New releases of anti-viral software may come out daily or weekly.
Indicate whether each of the following statements are true or false. The firewall software contains a list of rules that describe the types of incoming messages that should either be permitted or blocked from a computer.
True The firewall software contains a list of rules that types of messages should either be permitted or blocked to make it through the firewall.
___________ hackers are security professionals and hack for "good purposes" to find vulnerabilities and fix or protect against them. They inform companies of potential problems with software so companies can fix and send out patches, etc.
White-hat
___________, on the other hand, are self-contained programs and do not need other programs to propagate across computers and computer networks.
Worms
Indicate whether the following are likely examples of social engineering. Angelo is at a cocktail party. He gets in a conversation with an attractive woman who is very interested in his career. She asks detailed questions and expresses amazement at the importance of his position. She particularly focuses on how the company is able to keep their information secure. In his desire to impress the lady, Angelo is a little too free with his information. The next day, when he arrives at work, his file on a major account has been hacked. Is this an example of social engineering?
Yes In the social setting, Angelo is giving information that a clever hacker could use to break his password.
As mentioned previously, Amazing Games works with multiple contractors throughout the world. Indicate whether or not each of the following would be aspects of the network that would help to improve or facilitate the interaction between Amazing Games employees and their contractors. (Yes or No) Networks allow employees and contractors to share applications such as e-mail systems. Hint: A wide area network can provide remote users access to shared hardware and software.
Yes Networks can share e-mail between the employees and the contractors.
Indicate whether the following are likely examples of social engineering. Felix receives an email on his work account indicating that he can get a large discount on a one-month pass at a new local gym - a deal said to be only available to a few select company employees. The email has been sent by the gym and does not include the company logo. If he is interested, he has 24 hours to purchase the deal. All he needs to do is send his name, address, and credit card information. Is this an example of social engineering?
Yes Phishing is an example of social engineering.
As mentioned previously, Amazing Games works with multiple contractors throughout the world. Indicate whether or not each of the following would be aspects of the network that would help to improve or facilitate the interaction between Amazing Games employees and their contractors. (Yes or No) Networks can be used to share files that relate to the work being done by the contractors. Hint: A wide area network (WAN) allows those in different locations to share software.
Yes Team members can review files on the shared drive.
As mentioned previously, Amazing Games works with multiple contractors throughout the world. Indicate whether or not each of the following would be aspects of the network that would help to improve or facilitate the interaction between Amazing Games employees and their contractors. (Yes or No) Network communication applications, such as e-mail, can be used to improve communication. Hint: Using the network, employees can connect via instant messaging, e-mail, or use the sharing account.
Yes Using a network, employees can connect via e-mail and customers can send an e-mail to customer service.
Finally, ____________ information consists of information that an organization will keep secret, such as patentable information and business plans.
confidential
Another category of malware is ___________. It is often downloaded unknown to the user when accessing websites. The __________ might spy on your browsing behavior at a minimum, or report back to a website sensitive information such as a credit card number that you entered into a web form.
spyware
IAS is concerned primarily with the protection of IT. IAS combines a number of practices that define an organization's information assets, the vulnerabilities of those assets, the threats that can damage those assets, and the policies to protect the assets. The result of this analysis, known as __________ _________ _________, is that security policies are translated into mechanisms which support information security.
strategic risk analysis
A __________ is software that attaches itself to another legitimate (or seemingly legitimate) software application
virus
