module 19: Methods of securing Information
Put the steps for how a virus infects a digital device in the correct order.
1. The virus arrives via email attachment, file download, or by visiting a website that has been infected. 2. An action such as running or opening a file activates the virus. 3. the infection spreads to other computers via infected email, files, or contact with infected web sites. 4. The payload or the component of a virus that executes the malicious activity hits the computer and other infected devices.
Which of the following statements about computer viruses are true?
A computer virus is software that infects computers and is created using computer code. Viruses can destroy programs or alter the operations of a computer or network.
A deliberate misuse of computers and networks via the Internet that uses malicious code to modify the normal operations of a computer or network is called __.
A cyberattack
Used by firewalls, routers, and computers that are part of a network and are connected to the Internet, Network ___ Translation provides a type of firewall protection by hiding internal IP addresses.
Access
You are speaking with a friend about how to protect yourself from phishing scams. Your friend (who works in cybersecurity) gives you some advice about what to do if you receive a phishing message. Which of the following statements would be considered good advice?
Banks and credit card companies will never ask you to provide personal information via email messages. If you receive a suspicious message, contact the institution that the message was allegedly sent from. Contact US-CERT.
According to Norton, which of the following steps should be taken to defend against rootkits?
Be aware of phishing emails Watch out for drive-by-downloads Don't ignore software updates
Match each statement to the correct term related to DoS attacks. Distributed Denial of Service (DDoS) Attack Bot Botnet
Bot = A hacker uses software to infect computers, including laptops, desktops, tablets, and Internet of Things (IoT) devices, turning each computer into a zombie Distributed Denial of Service (DDoS) Attack = When a hacker gains unauthorized access and control of a network of computers that are connected to the Internet. Botnet = A group of computers under the control of a hacker.
Rootkits are typically used to allow hackers to do which of the following?
Create a backdoor into a computer Remotely control the operations of a computer.
A DDoS attack is when computers that have been infected by a virus act as "zombies" and work together to send out illegitimate messages creating huge volumes of network traffic. The acronym DDoS stands for_______
Distributed Denial of Service = DDoS
An attack on a network that is designed to interrupt or stop network traffic by flooding it with too many requests is called a _____ attack
DoS, DOS, denial of service
Computer viruses are not frequently disguised as attachments of funny images, greeting cards, or audio and video files.
False
Before data security strategies are created, which questions must be answered?
Is this the highest priority security risk? What is the risk I am reducing? Am I reducing the risk in the most cost-effective way?
The technology that provides a type of firewall protection by hiding internal IP addresses is called _____.
NAT Network Address Translation (NAT) is used to protect data. It was developed by Cisco and is used by firewalls, routers, and computers that are part of a network and are connected to the Internet.
Select what's true about Trojan malware.
Often found attached to free downloads and apps Similar to viruses, but do not replicate themselves Often used to find passwords, destroy data, or to bypass firewalls
Activities where white-hat hackers are paid to hack into private networks and applications is referred to as __ testing.
Penetration
Which of the following statements correctly describes phishing?
Phishing is the illegitimate use of an email message that appears to be from an established organization such as a bank. Phishing scams use legitimate looking email messages to con a user into giving up private information.
Select the true statements about ransomware attacks.
Ransomware is malware that makes a computer's data inaccessible until a ransom is paid. Ransomware attacks invade computers via Trojan Horse viruses, worms, or by a user opening a legitimate looking email. One of the most popular methods used in ransomware attacks is through phishing.
Select the true statements about keystroke loggers.
Software based keystroke loggers are often a Trojan that is installed without the user's knowledge Can be hardware devices and software applications Keystroke loggers can record passwords and confidential information
The NIST states that cybersecurity risk assessments are essential for determining which data should be protected. NIST stands for National Institute of ___ and Technology.
Standards
There are multiple ways ransomware attacks can be launched. Which of the following are methods a ransomware attack can be launched?
Trojan Horse Phishing
Which of the following are considered cybercrimes?
Trojan horse viruses Computer hacking Digital identity theft
Select what's true about how a Trojan infects a computer system.
Trojans are commonly used by hackers to gain access to systems and devices. Trojans are designed using some sort of social engineering tactic. Hackers use Trojans to create a backdoor into a user's system which allows them to spy on the computer's activities.
Mohammed is experiencing issues with his work computer. He speaks to the IT department and they identify various symptoms of a computer virus. Symptoms of a computer virus include:
Unexpected error messages Critical files may be automatically deleted The operating system may not launch properly
Select the true statements about white hat hackers.
Use the same techniques and tools that are used by illegitimate hackers. Breach and attack simulation technologies are used to automate hacking and threat/infiltration analysis. The goal of white hat hackers is to find gaps in network security and to test security defenses.
According to the National Institute of Standards Technology (NIST), cybersecurity personnel can take steps to ensure data and systems are protected. The first thing an organization should conduct is a cybersecurity risk assessment. The cybersecurity risk assessment is concerned with answering which of the following questions?
What are our organization's most important information technology assets? What are the relevant threats and the threat sources to our organization? What are the internal and external vulnerabilities?
TechJury compiled a list of cybersecurity statistics that show the impact of different malware and network attacks. Match the correct percentage to the correct statement.
What percentage of cyberattacks are aimed at small business? = 43% What percentage of cyberattacks are launched with a phishing email? = 91% What percentage of daily email attachments are harmful for their intended recipient? = 85% What percentage of malicious attachments are masked as Microsoft Office files? = 38%
Malware is short for malicious software and is designed to steal information, destroy data, impact the operations of a computer or network, or frustrate the user. Common types of malware include:
Worms Viruses Trojans
Security risk can be calculated using the following calculation: Risk = Threat x Vulnerability x ___
asset
A deliberate misuse of computers and networks, _____ use malicious code to modify the normal operations of a computer or network.
cyberattacks
A crime in which a computer is the object of the crime or is used to commit a criminal offense is called _____.
cybercrime
A _____ denial-of-service (DDoS) attack takes place when a hacker gains unauthorized access and control of a network of computers that are connected to the Internet.
distributed
Hardware or software used to keep a computer secure from outside threats such as hackers and viruses by allowing or blocking Internet traffic is called a ____.
firewall
Personal software ____ are typically included with the operating system and can be configured based on user preference.
firewalls or firewall
Sharing infected files and opening an infected email attachment are ways that a computer ____ can infect a digital device.
virus