Computer security quiz

18. Trojan Horse

A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program.

3. Cipher

A cryptographic algorithm for encryption and decryption

Spoofing

A fraudulent or malicious practice in which communication is sent from an unknown source disguised as a source known to the receiver.

9. Firewall

A logical or physical discontinuity in a network to prevent unauthorized access to data or resources.

Clickjacking

A malicious technique in which an attacker tricks a user into clicking on a button or link on another webpage while the user intended to click on the top level page. This is done using multiple transparent or opaque layers.

4. Client

A system entity that requests and uses a service provided by another system entity, called a "server." In some cases, the server may itself be a client of some other server.

7. Exposure

A threat action whereby sensitive data is directly released to an unauthorized entity.

1. Access Control

Access Control ensures that resources are only granted to those users who are entitled to them.

12. Activity monitors

Aim to prevent virus infection by monitoring for malicious activity on a system, and blocking that activity when possible.

8. Flooding

An attack that attempts to cause a failure in (especially, in the security of) a computer system or other data processing entity by providing more input than the entity can process properly.

Direct-access attack

An unauthorized user gaining physical access to a computer is most likely able to directly copy data from it. They may also compromise security by making operating system modifications, installing software worms, keyloggers, covert listening devices or using wireless mice.

Backdoor

Any secret method of bypassing normal authentication or security controls.

2. Basic Authentication

Basic Authentication is the simplest web-based authentication scheme that works by sending the username and password with each request.

Firewalls

By far the most common prevention systems from a network security perspective as they can (if properly configured) shield access to internal network services, and block certain kinds of attacks through packet filtering. Can be both hardware- or software-based.

5. Data Mining

Data Mining is a technique used to analyze existing information, usually with the intention of pursuing new avenues to pursue business.

Privilege escalation

Describes a situation where an attacker with some level of restricted access is able to, without authorization, elevate their privileges or access level.

Denial-of-service attack

Designed to make a machine or network resource unavailable to its intended users. Attackers can deny service to individual victims, such as by deliberately entering a wrong password enough consecutive times to cause the victim account to be locked, or they may overload the capabilities of a machine or network and block all users at once.

19. Trust

Determines which permissions and what actions other systems or users can perform on remote machines.

6. Dumpster Diving

Dumpster Diving is obtaining passwords and corporate directories by searching through discarded media.

16. Overload

Hindrance of system operation by placing excess burden on the performance capabilities of a system component.

10. Integrity

Integrity is the need to ensure that information has not been changed accidentally or deliberately, and that it is accurate and complete.

Eavesdropping

The act of surreptitiously listening to a private conversation, typically between hosts on a network.

Phishing

The attempt to acquire sensitive information such as usernames, passwords, and credit card details directly from users. Typically carried out by email spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.

15. Information Warfare

The competition between offensive and defensive players over information resources.

17. Threat Assessment

The identification of types of threats that an organization might be exposed to.

14. Encapsulation

The inclusion of one data structure within another structure so that the first data structure is hidden for the time being.

13. Auditing

The information gathering and analysis of assets to ensure such things as policy compliance and security from vulnerabilities.

Social engineering

To convince a user to disclose secrets such as passwords, card numbers, etc. by, for example, impersonating a bank, a contractor, or a customer.

11. Access Matrix

Uses rows to represent subjects and columns to represent objects with privileges listed in each cell.

20. False Rejects

When an authentication system fails to recognize a valid user.