ISIN 121 Final Exam Review
signature file
A database of viruses that is used to identify an infected file
firewall
Hardware or software designed to limit the spread of malware
A list of senders from whom the user will accept email
Whitelist
Unsolicited email
spam
Which type of malware exploits a vulnerability on one system and then immediately searches for another computer on the network that has the same vulnerability? worm virus trojan horse mass-mailer
worm
In the U.S., if a consumer finds a problem on her credit report, she must first send a letter to the credit-reporting agency. Under federal law, how many days does the agency have to investigate and respond to the alleged inaccuracy and issue a corrected report? 15 30 45 50
30
From January 2005 through July 2015, approximately how many electronic data records in the United States were breached, exposing to attackers a range of personal electronic data, such as address, Social Security numbers, health records, and credit card numbers? 456,000 22 million 853 million 660 billion (please dont pick this one you braindead 💀)
853 million
Which Windows feature provides information to users and obtains their approval before a program can make a change to the computer's settings? System Settings Authorization Application Modification Control User Account Control Access Based Enumeration Briefly describe Trojan horse malware and give an example.
A Trojan horse malware is a virus that is supposed to look like something innocent. For example, if you use an android and download "Cooking Frenzy Unlimited" and download it without checking if it's a safe game manufacturer or if it's been reviewed by trusted sources, there is a good chance that the program is secretly a virus that grabs your bank information, credit card information, etc. On the bright side though, it is a very good cooking game 👍
Why should you disable Bluetooth on smartphones and tablets?
A hacker could easily connect your phone to a malicious device if they have access to it.
bot net
A logical computer network of zombies under the control of an attacker
worm
A malicious program designed to enter a computer via a network
Brute Force Attack
A password attack in which every possible combination of letters, numbers, and characters is used to match passwords in a stolen password file
Dictionary Attack
A password attack that compares common dictionary words against those in a stolen password file.
Vishing
A phishing attack in which the attacker calls the victim on the telephone
Whaling
A phishing attack that targets wealthy individuals
Password
A secret combination of letters, numbers, and/or symbols that serves to authenticate a user by what he or she knows
What is the difference between a security patch, a feature update, and a service pack?
A security patch is something that updates a software's security patching an existing vulnerability. A feature update is usually some sort of quality-of-life improvement for the user using the software. A service pack is a cumulative package of all patches and feature updates.
Adware
A software program that delivers advertising content in a manner that is unexpected and unwanted by the user.
What are the primary traits that are used to classify malware?
A software, or script, file, etc, that is able to take over your computer and steal your information, as well as multiply itself.
What is a split infection?
A split infection is when the virus first attaches itself to the end of the infected file. It then inserts at the beginning of the file a "jump" instruction that points to the end of the file.
What are some recommendations for defending against social networking attacks?
Add more security guards Educate employees regarding security policies Enable a policy that states that the IT department should supply information over the phone only to managers Deploy well-designed firewall appliances Resist the urge to click on enticing web links Do not provide password resets in a chat window
Which type of web browser enhancement can change browser menus or create additional toolbars? Plug-ins Extensions Add-ons Updates
Add-ons
bot herder
An attacker who controls a botnet
Zombie
An infected computer that is under the remote control of an attacker
Using which Social engineering principle might an attacker impersonate a CEO of a company? Scarcity Authority Urgency Trust
Authority
Where are you most likely to find a PKES system? Automobile Airplane Railroad car Government building
Automobile
Which of the following ensures that data is accessible when needed to authorized users? Confidentiality Non-repudiation Integrity Availability
Availability
Which of the following is an attack that sends unsolicited messages to Bluetooth-enabled devices? Bluesurfing Bluejacking Bluephishing Bluesnarfing
Bluejacking
There are two major types of wireless networks that are popular today among users. One of these networks is Wi-Fi; what is the other? 4G LTE Bluetooth 3G GSM
Bluetooth
logic bomb
Computer code that lies dormant until it is triggered by a specific logical event
What type of backup is performed continually without any intervention by the user? Continuous backup 3-2-1 backup Scheduled backup One-time backup
Continuous backup
What is a frist-party cookie
Cookies that are made and recognized by the website.
Which of the following is NOT a technology typically used by spyware? Automatically download software Disk drive formatting software Tracking software System modifying software
Disk drive formatting software
Which technique might an attacker employ to find documents that may reveal the true level of security within an organization? Shoulder surfing Dumpster Diving Vishing Pretexting
Dumpster Diving
____________________ involves digging through trash receptacles to find information that can be useful in an attack.
Dumpster Diving
Which of the following is NOT a factor that contributes to difficulties faced in defending against attacks? Universally connected devices Greater sophisitcation of attacks Enhanced Encryption algorithims Faster detection of vulnerabilities
Enhanced Encryption algorithims
feature update
Enhancements to the software to provide new or expanded functionality, but do not address security vulnerability
What law contains rules regarding consumer privacy? Credit and Transactions Act Fair and Accurate Credit Transactions Act Fair Credit Reporting Act Accurate Transactions Act
Fair and Accurate Credit Transactions Act
True or False: Malware usually enters a computer system with the user's knowledge.
False
True or False: Passwords are still considered a strong defense against attackers.
False
True or False: Third-party cookies can be stolen and used to impersonate the user, while first-party cookies can be used to track the browsing or buying habits of a user.
False
Ture or False: Data backups only protect data against computer attacks.
False
Wi-Fi networks operate in basically the same way as cellular telephony networks that are designed, installed, and maintained by the wireless telephone carriers.
False
___________________ cookies can be used to reinstate regular cookies that a user has deleted or blocked.
Flash
Which law requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information? Sarbox COPPA GLBA HIPAA
GLBA
Social Engineering
Grouping individuals and organizations into clusters based on an affiliation
Under which law must healthcare enterprises guard protected health information and implement policies and procedures to safeguard it, whether it be in paper or electronic format? Sarbox COPPA GLBA HIPAA
HIPAA
How does a hardware keylogger work?
Hardware keyloggers are used for keystroke logging, a method of capturing and recording computer users' keystrokes, including sensitive passwords. They can be implemented via BIOS -level firmware, or alternatively, via a device plugged in line between a computer keyboard and a computer. They log all keyboard activity to their internal memory.
A(n) ____________________ is a false warning, often contained in an e-mail message claiming to come from the IT department.
Hoax
Using what email protocol can mail be organized into folders on the mail server and read from any device? HTML SMTP POP3 IMAP
IMAP
Which of the following involves using someone's personal information, such as a Social Security number, to fraudulently establish bank or credit card accounts? Identity borrowing Identity theft Information theft Property theft
Identity Theft
Which of the following involves stealing another person's personal information, such as a Social Security number, and then using the information to impersonate the victim, generally for financial gain? White hat hacking Identity theft Cyberterrorism Digital fraud
Identity theft
Which of the following ensures that information is correct and no unauthorized person or malicious software has altered it? Protection Availability Confidentiality Integrity
Integrity
The ____ is a worldwide set of interconnected computers, servers, and networks.
Interweb Globalnet NSFNet Internet
Briefly explain how IMAP works.
It allows you to connect your email to a plethora of devices instead of relying on one singular device to access your email on.
____ is a complete programming language that can be used to create stand-alone applications. Java Javascript Wscript Shellscript
Java
____ is a scripting language that does not create standalone applications.
JavaScript
A(n) ____________ is also called a Flash cookie, named after Adobe Flash. LSO Third-party cookie First-party cookie image spam
LSO
Attacks that are based on malicious code sent through third-party advertising networks so that malware is distributed through ads sent to users' web browsers
Malvertising
Which of the following is a general term that refers to a wide variety of damaging or annoying software programs? Harmware Malware Bloatware Trashware
Malware
How is offline password cracking accomplished?
Offline password cracking technique involves recovering passwords from an already obtained password hash file. This happens after a hacker has already gained local access to an infected endpoint and starts to collect locally stored hashes or conducts other methods to attack the network, such as LLNMNR poisoning.
Discuss the risks of social networking sites.
Over-sharing Information The friendly and intimate nature of social media sites often causes people to drop their guard. Surveys & Questionnaires Phishing Scams Fake Apps Fake Accounts/Connection Requests Profile Hacking Key Points to Remember When Using Social Media Sites
List the two TCP/IP protocols used by earlier email systems to send and receive messages.
POP3 and SMPT
List the features of password management applications. What are some of the recommendations for creating strong passwords?
Password management software suggests extremely strong passwords and stores them for you. In order for you to access these passwords, you hide all the passwords behind your master password, which is the password that allows you to access your password management software. Recommendations include: Never use personal information Use a longer password Don't use the same password over and over Try to include numbers, symbols, and uppercase/lowercase letters Avoid using words that can be found in the dictionary
Which type of attacks might send an e-mail or display a Web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information? Pharming Phishing Polling Flashing
Phishing
Describe phishing.
Phishing is an online scam where criminals send alluring emails to the organization, user, and more to collect sensitive information.
Which of the following expands the normal capabilities of a web broswer for a specific webpage?
Plug-ins Extensions Add-ons Updates
Which of the following is described as an attacker who pretends to be from a legitimate research firm who asks for personal information? Dumpster diving Phishing Stealing Pretexting
Pretexting
What is pretexting? Provide an example.
Pretexting is a type of social engineering attack that involves a situation, or pretext, created by an attacker in order to lure a victim into a vulnerable situation and to trick them into giving private information. Example: An attacker who pretends to be from a legitimate research firm who asks for personal information
What is ransomware? Give an example.
Ransomware is a type of malware that denies access to data files using encryption until a ransom is paid. It comes under the category of cyber extortion.
Typo Squatting
Redirecting a user to a fictitious website based on a misspelling of the URL
What is remote code execution?
Remote code execution (RCE) is a type of security vulnerability that allows attackers to run arbitrary code on a remote machine, connecting to it over public or private networks.
Explain one way rootkits operate.
Rootkits work using a simple concept called modification. In general, software is designed to make specific decisions based on very specific data. A rootkit locates and modifies the software so it makes incorrect decisions.
What serves as the network name identifier in a Wi-Fi network? WPA2 ID SSID WPS Pin number MAC adress
SSID
Which JavaScript defense restricts a JavaScript downloaded from Site A from accessing data that came from Site B? Limit Capabilitys Sandboxing Same origin Destination filter
Same origin
____ look for specific words and block email messages containing those words. Virus filters Ad filters Network filters Spam filters
Spam filters
HTTP is a subset of a larger set of standards for Internet transmission known as ____________________.
TCP/IP
HTTP is based on which larger set of standards for Internet communication? TCP/IP IPX/SPX NetBEUI IEEE 802.11
TCP/IP
Which phrase best describes security? The procedures used to protect data The goal to be free from danger as well as the process that achieves that freedom The protection of data from harm The process of hiding sensitive data with the goal of maintaining privacy
The goal to be free from danger as well as the process that achieves that reedom
What are some concerns for using a public Wi-Fi network in a coffee shop, airport, or school campus, for example?
The networks usually aren't encrypted with WPA2+ protocol and use WPA or WEP protocols which are unsecure, and hackers can see your information.
Authentication
The steps that ensure that the individual is who he or she claims to be
With respect to the web, what is dynamic content?
Things that change based on your personal preference on the web.
True of Flase: A worm is designed to enter a computer through the network and then take advantage of a vulnerability in an application or an operating system on the host computer.
True
True or False: Almost all viruses infect a system by inserting themselves into a computer file.
True
True or False: FACTA grants consumers the right to request one free credit report from each of the three national credit-reporting firms every 12 months.
True
True or False: It is recommended that a copy of a data backup be stored at an off-site location.
True
True or False: The weakness of passwords centers on human memory.
True
True or False: Virtually anyone could type in a person's username and pretend to be that person.
True
True or False: When creating passwords, the most important principle is that length is more important than complexity.
True
True or Flase: Most users actually receive only a small amount of spam in their local email inbox. The majority is blocked before it even reaches the user.
True
What is the purpose of a URL expander?
URL Expander is a tool that expands shortened URLs to their original long URL to determine if a site is suspected of malware, phishing, and/or illegal contents before you actually visits it.
What is the best approach to establishing strong security with passwords? Keep passwords short so you can remember them Use the same password for many sites Keep a written log of your passwords Use technology for managing passwords
Use technology for managing passwords
Shoulder Surfing
Viewing information that is entered by another person
From what term is war driving derived? war walking walk dialing war dailing chalk walking
War dialing
Which of the following is an optional means of configuring WPA2 Personal security using a PIN? security scripts Wi-Fi Protected Setup (WPS) SSID broadcast batch configuration
Wi-Fi Protected Setup (WPS)
What are some of the attacks on Wi-Fi?
Worms, Unencrypted networks can steal info, DDOS, and many more.
What are some of the characteristics of weak passwords?
You never want to use your name, company name, or family member names in your password Your phone number or address. Common substitutions. For example, using @ for a, 3 for e, and $ for s Any personal information Repetitive characters
Web browser addition that adds functionality to the entire web browser
add-on
A(n) ________________ infection is when the virus first attaches itself to the end of the infected file. It then inserts at the beginning of the file a "jump" instruction that points to the end of the file.
appender
When the malware payload allows an attacker to execute virtually any command on the victim's computer this is called ______________________________.
arbitrary code execution
File, such as a word processing document, spreadsheet, or picture, that is attached to an email message
attachments
A ___________________ that is installed on a computer allows the attacker to return at a later time and bypass security settings.
backdoor
What can an attacker use that gives them access to a computer program or service that circumvents normal security protections? adware backdoor bot herder botnet
backdoor
How do attackers today make it difficult to distinguish an attack from legitimate traffic? by using a common language by using diverse interfaces by using common Internet protocols by using simple scripting
by using common Internet protocols
What can an attacker use to divert all mail to their post office box so that the victim is never aware that personal information has been stolen? mail bouncing automatic forwarding change-of-address form mail redirect
change-of-address form
Which virus detection method creates a virtual environment that simulates the central processing unit (CPU) and memory of the computer? code emulation static analysis dynamic scanning string scanning
code emulation
A file created by a web server and stored on the local computer that contains the user's preferences and other information
cookie
What do web servers use to track whether a user has previously visited a web site? cookies key logger scripting language plug-ins
cookies
Which of the following is a numerical measurement used by lenders to assess a consumer's creditworthiness? credit report credit score credit level credit rank
credit score
What does the FBI define as any "premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against non-combatant targets by sub-national groups or clandestine agents?" information warfare cyberware cyberterrorism eTerrorism
cyberterrorism
Terrorists who turn their attacks to the network and computer infrastructure to cause panic among citizens are known as which of the following? cyberterrorists spies hackers hacktivists
cyberterrorists
Botnets can flood a Web server with thousands of requests and overwhelm it to the point that it cannot respond to legitimate requests. What is this called? manipulating online polls spamming spreading malware denying services
denying services
What type of attack begins with the attacker creating digests of common dictionary words, and then comparing those in a stolen password file? man in the middle brute force dictionary hash
dictionary
Technically speaking, the process for creating a password digital representation is based on a hash algorithm, which creates a(n) ____________________.
digest
What is contained within the body of an email message as a shortcut to a website? spam filter attached image attachment embedded hyperlink
embedded hyperlink
What does a VPN use to ensure that any transmissions that are intercepted will be indecipherable? encryption ad hoc network private SSID lock screen
encryption
An attacker sets up a look-alike Wi-Fi network, tempting unsuspecting users to connect with the attacker's Wi-Fi network instead. What is this called? evil twin ad hoc network VPN guest network
evil twin
Web browser addition that expands the normal capabilities of a web browser for a specific webpage
extension
In the past, which term was commonly used to refer to a person who uses advanced computer skills to attack computers? slacker hacker white-hat black-hat
hacker
What type of attack is a false warning, often contained in an email message claiming to come from the information technology (IT) department? dumpster diving vishing hoaxes pretexting
hoaxes
____________________ allow users to jump from one area on the Web to another with a click of the mouse button.
hyperlinks
Spam that uses graphical images of text in order to circumvent text-based filters
image spam
What term is frequently used to describe the tasks of securing information that is in a digital format? network security information assurance information security information warfare
information security
Which attacker category might have the objective of retaliation against an employer? cybercriminal insider hacktivist state-sponsored attacker
insider
Security is ____ convenience. more important than inversely proportional to proportional to less important than
inversely proportional to
What is it called if a user disables the built-in limitations on their Apple iOS device to provide additional functionality? ROM swapping remote lockout jailbreaking root logon
jailbreaking
What type of device is inserted between the computer keyboard connection and USB port for the purposes of stealing information? rootkit backdoor keylogger zombie
keylogger
What type of spyware silently captures and stores each keystroke that a user types on the computer's keyboard? backdoor worm rootkit keylogger
keylogger
What type of malware is typically added to a legitimate program but lies dormant until it is triggered by a specific event? logic bomb ransomewear spam zombie
logic bomb
A(n) ___________________ is a series of instructions that can be grouped together as a single command.
macro
What type of program lets a user create and store multiple strong passwords in a single user database file that is protected by one strong master password? password management application password generation program password fault program password vault program
password management application
With which type of social engineering attack are users asked to respond to an email or are directed to a website where they are requested to update personal information, such as passwords or credit card numbers? pharming typo squatting phishing pretexting
phishing
Why should you clear the cache when the browser is closed?
prevents you from using old forms protects your personal information helps our applications run better on your computer
What type of malware can, for example, locks up a user's computer and then display a message that purports to come from a law enforcement agency that states the user must pay a fine for illegal activity? zombie adware ransomware logic bomb
ransomware
Most email clients contain a ____ that allows the user to read an email message without actually opening it. preview pane safety pane reading pane
reading pane
Which type of malware is a set of software tools used by an attacker to hide the actions or presence of other types of malicious software, such as Trojans, viruses, or worms? virus worm hacking kit rootkit
rootkit
Which type of malware will hide or remove all traces of evidence that may reveal the malware, such as log entries? worm trojan virus rootkit
rootkit
What can be used to run JavaScript in a restricted environment and limit what resources it can access? sandboxing firewall retaining wall same origin
sandboxing
Which term is best described as individuals who want to attack computers yet who lack the knowledge of computers and networks needed to do so? hackers elites crackers script kiddies
script kiddies
With arbitrary code execution, the ________________ launches ("spawns") a command shell from which instructions can then be issued to the computer.
shellcode
AV software on a computer must have its ____ files regularly updated by downloads from the Internet. behavior program signature control
signature
What popular online activity involves grouping individuals and organizations into clusters or groups based on their likes and interests? affiliate marketing affiliate networking social networking social marketing
social networking
A list of senders from whom the user does not want to receive any email
spam
Text-based messages that include words such as Viagra or investments can easily be trapped by _________ filters that look for these words and block the email.
spam
Whereas phishing involves sending millions of generic e-mail messages to users, which type of similar attack targets only specific users? whaling vishing spear phishing pharming
spear phishing
Information contained on devices is protected by three layers: Two of the layers are products and policies and procedures. What is the third layer? people systems applications tools
systems
A(n) ____________________-party cookie is a cookie that was not created by the Web site that attempts to access the cookie.
third
Which of the following is a type of action that has the potential to cause harm? asset vulernability threat threat agent
threat
Which term is best described as a person or element that has the power to carry out a threat? risk vulnerability threat agent agent attack
threat agent
Which of the following is a program advertised as performing one activity but actually does something else? worm rootkit trojan virus
trojan
Which type of social engineering attack depends on the user incorrectly entering a URL? whaling vishing spear phishing typo squatting
typo squatting
Which of the following is a characteristic of a weak password? cannot be easily memorized used on multiple accounts managed with a password manaqer uses a long string of characters
used on multiple accounts
A(n) ____________________ is a unique name used for identification.
username
What type of network uses an unsecured public network, such as the Internet, as if it were a secure private network? ad hoc network free access network virtual private network secure accsess network
virtual private network
What are the three types of malware that have the primary traits of circulation and/or infection? viruses, Trojans, and worms Trojans, spyware, and adware viruses, spyware, and Trojans worms, viruses and spyware
viruses, Trojans, and worms
What is a flaw or weakness that allows a threat agent to bypass security? risk asset vulnerability threat
vulnerability
Which type of malware self-replicates between computers (from one computer to another)? worm trojan virus rootkit
worm
An infected robot computer is known as a _____? zombie trojan horse beachhead bottle
zombie