Network Security Chapters 1-3
Which type of malware exploits a vulnerability on one system and then immediately searches for another computer on the network that has the same vulnerability?
worm
Whereas phishing involves sending millions of generic e-mail messages to users, which type of similar attack targets only specific users?
spear phishing
Which term is best described as a person or element that has the power to carry out a threat?
threat agent
Which of the following is a characteristic of a weak password?
used on multiple accounts
From January 2005 through July 2015, approximately how many electronic data records in the United States were breached, exposing to attackers a range of personal electronic data, such as address, Social Security numbers, health records, and credit card numbers?
853 million
Where are you most likely to find a PKES system?
An automobile
Using which Social engineering principle might an attacker impersonate a CEO of a company?
Authority
Which of the following ensures that data is accessible when needed to authorized users?
Availability
What type of backup is performed continually without any intervention by the user?
Continuous backup
Which technique might an attacker employ to find documents that may reveal the true level of security within an organization?
Dumpster diving
What law contains rules regarding consumer privacy?
Fair and Accurate Credit Transactions Act
Which law requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information?
GLBA
Under which law must healthcare enterprises guard protected health information and implement policies and procedures to safeguard it, whether it be in paper or electronic format?
HIPAA
Which of the following involves using someone's personal information, such as a Social Security number, to fraudulently establish bank or credit card accounts?
Identity theft
What type of attacker is most likely to use information you have posted about yourself on a social networking site?
Identity thief
Which of the following is described as an attacker who pretends to be from a legitimate research firm who asks for personal information?
Pretexting
Which of the following is a program advertised as performing one activity but actually does something else?
Trojan
Which Windows feature provides information to users and obtains their approval before a program can make a change to the computer's settings?
User Account Control
What can an attacker use that gives them access to a computer program or service that circumvents normal security protections?
backdoor
Which of the following is a numerical measurement used by lenders to assess a consumer's creditworthiness?
credit score
What does the FBI define as any "premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against non-combatant targets by sub-national groups or clandestine agents?"
cyberterrorism
Terrorists who turn their attacks to the network and computer infrastructure to cause panic among citizens are known as which of the following?
cyberterrorists
Botnets can flood a Web server with thousands of requests and overwhelm it to the point that it cannot respond to legitimate requests. What is this called?
denying services
How often does FACTA grants consumers the right to request one free credit report from each of the three national credit-reporting firms?
every 12 months
In the past, which term was commonly used to refer to a person who uses advanced computer skills to attack computers?
hacker
What type of attack is a false warning, often contained in an email message claiming to come from the information technology (IT) department?
hoaxes
What term is frequently used to describe the tasks of securing information that is in a digital format?
information security
Information contained on devices is protected by three layers: Two of the layers are products and policies and procedures. What is the third layer?
people
With which type of social engineering attack are users asked to respond to an email or are directed to a website where they are requested to update personal information, such as passwords or credit card numbers?
phishing
What type of malware can, for example, locks up a user's computer and then display a message that purports to come from a law enforcement agency that states the user must pay a fine for illegal activity?
ransomware
Which type of malware is a set of software tools used by an attacker to hide the actions or presence of other types of malicious software, such as Trojans, viruses, or worms?
rootkit
What type of software update is a cumulative package of all patches and feature updates?
service pack
What popular online activity involves grouping individuals and organizations into clusters or groups based on their likes and interests?
social networking
Which phrase best describes security?
the goal to be free from danger as well as the process that achieves that freedom
What is a flaw or weakness that allows a threat agent to bypass security?
vulnerability
Which type of malware self-replicates between computers (from one computer to another)?
worm
In the U.S., if a consumer finds a problem on her credit report, she must first send a letter to the credit-reporting agency. Under federal law, how many days does the agency have to investigate and respond to the alleged inaccuracy and issue a corrected report?
30
Which of the following is NOT a factor that contributes to difficulties faced in defending against attacks?
Enhanced encryption algorithms
Which of the following involves stealing another person's personal information, such as a Social Security number, and then using the information to impersonate the victim, generally for financial gain?
Identity theft
Which of the following ensures that information is correct and no unauthorized person or malicious software has altered it?
Integrity
Which of the following is a general term that refers to a wide variety of damaging or annoying software programs?
Malware
Which term is best described as individuals who want to attack computers yet who lack the knowledge of computers and networks needed to do so?
Script kiddies
What can an attacker use to divert all mail to their post office box so that the victim is never aware that personal information has been stolen?
change-of-address form
Which attacker category might have the objective of retaliation against an employer?
insider
Security is ____ convenience.
inversely proportional to
What type of device is inserted between the computer keyboard connection and USB port for the purposes of stealing information?
keylogger
What type of malware is typically added to a legitimate program but lies dormant until it is triggered by a specific event?
logic bomb
What type of program lets a user create and store multiple strong passwords in a single user database file that is protected by one strong master password?
password management application
Which term can be described as a publicly released software security update intended to repair a vulnerability?
patch
AV software on a computer must have its ____ files regularly updated by downloads from the Internet.
signature
