Chapter 11 study notes

Ace your homework & exams now with Quizwiz!

According to the National Institute of Standards Technology (NIST), cybersecurity personnel can take steps to ensure data and systems are protected. The first thing an organization should conduct is a cybersecurity risk assessment. The cybersecurity risk assessment is concerned with answering which of the following questions?

What are the relevant threats and the threat sources to our organization? What are our organization's most important information technology assets? What are the internal and external vulnerabilities?

Security risk can be calculated using the following calculation: Risk = Threat x Vulnerability x __________.

asset

A group of computers under the control of a hacker is referred to as a __________.

botnet, botnets, or bot net

A deliberate misuse of computers and networks via the Internet that uses malicious code to modify the normal operations of a computer or network is called a __________.

cyberattack, cyber attack, or cybercrime

A crime in which a computer is the object of the crime or is used to commit a criminal offense is called _____.

cybercrime

A __________ denial-of-service (DDoS) attack takes place when a hacker gains unauthorized access and control of a network of computers that are connected to the Internet.

distributed

Hardware or software used to keep a computer secure from outside threats such as hackers and viruses by allowing or blocking Internet traffic is called a ____.

firewall

Personal software __________ are typically included with the operating system and can be configured based on user preference.

firewalls or firewall

In cybersecurity, the probable maximum loss (PML) is used to______.

help determine spending needed to adequately secure an organization's IT infrastructure

The goal of the NIST Cybersecurity Framework Protect (PR) function is to ______.

help protect an organization's IT infrastructure from security breaches by offering guidelines on IT infrastructure protection

A form of spyware that records all actions typed on a keyboard is called a ___________ logger.

keystroke or key

Malware is short for __________ software.

malicious or malicious software

The illegitimate use of an email message that appears to be from an established organization such as a bank, financial institution, or insurance company is referred to as __________. In order to appear legitimate, the message often contains the company's logo and identifying information.

phishing

As reported by Andrei Ene, Tiny Banker __________ (TBT) is one of the worst malware attacks in the last 10 years.

trojan or Trojan

The Identify (ID) function of the NIST Cybersecurity Framework focuses on organizational______.

understanding of how to manage cybersecurity risks

Put the steps for how a virus infects a digital device in the correct order.

1. The virus arrives via email attachment, file download, or by visiting a website that has been infected. 2. An action such as running or opening a file activates the virus. 3. The infection spreads to other computers via infected email, files, or contact with infected web sites. 4. The payload or the component of a virus that executes the malicious activity hits the computer and other infected devices.

What percentage of malicious attachments are masked as Microsoft Office files?

38%

Recently, TechJury compiled a list of cybersecurity statistics that show the impact of different malware and network attacks. What percentage of cyberattacks are aimed at small businesses?

43%

What percentage of cyberattacks are aimed at small business?

43%

What percentage of daily email attachments are harmful for their intended recipient?

85%

What percentage of cyberattacks are launched with a phishing email?

91%

Who performs probable maximum loss calculations?

A company's cybersecurity analysts

Which of the following is an example of data in transit? More than one answer may be correct.

A person uses an app on their smartphone to check their bank balance. At home, a person sends a photo taken on their smartphone to display on their smart TV.

Developed by Cisco and used by firewalls, routers, and computers that are part of a network and are connected to the Internet, Network ___________ Translation provides a type of firewall protection by hiding internal IP addresses.

Access

Before data security strategies are created, which questions must be answered?

Am I reducing the risk in the most cost-effective way? Is this the highest priority security risk? What is the risk I am reducing?

What do the three categories of the Detect (DE) function of the NIST Cybersecurity Framework include?

Analysis, observation, detection

White hat hackers use the same techniques and tools that are used by illegitimate hackers. These tools include which of the following?

Back door programs Rootkits Social engineering

Which of the following are considered cybercrimes?

Computer hacking Trojan horse viruses Digital identity theft

Which of the following are examples of cyberattacks?

DDoS attacks Information theft DoS attacks

Which of the following are reasons why states are making cybersecurity measures a high priority? More than one answer may be correct.

Data and technology continue to be at risk from cyber threats. New technologies continue to advance at a rapid rate.

Malware is designed to do which of the following?

Destroy data Incapacitate networks and computers Steal information

What is the "DE" function in the National Institute of Standards Technology (NIST) Cybersecurity Framework?

Detect function

A DDoS attack is when computers that have been infected by a virus act as "zombies" and work together to send out illegitimate messages creating huge volumes of network traffic. The acronym DDoS stands for ___ .

Distributed Denial of Service

An attack on a network that is designed to interrupt or stop network traffic by flooding it with too many requests is called a ___________ attack.

DoS, DOS, dos, or denial of service

Computer viruses are not frequently disguised as attachments of funny images, greeting cards, or audio and video files.

False

Select all options that describe the goals of the National Institute of Standards Technology (NIST) Cybersecurity Framework.

Give guidance to organizations who wish to understand potential security breaches Help organizations develop appropriate policies and procedures to mitigate data breaches Create an atmosphere where organizations can effectively discuss cybersecurity risks internally and with those outside of the organization

Select what's true about how a Trojan infects a computer system.

Hackers use Trojans to create a backdoor into a user's system which allows them to spy on the computer's activities. Trojans are designed using some sort of social engineering tactic. Trojans are commonly used by hackers to gain access to systems and devices.

Which of the following is an example of a task that might be completed during the planning stage of the plan-protect-respond cycle? More than one answer may be correct.

Having an authorized user attempt to hack into the system to determine vulnerabilities. Determine the degree of vulnerability that exists. Determine what security flaws exist.

Which function of the NIST Cybersecurity Framework involves an organization gaining deeper understanding of cybersecurity management in the context of their business needs and resources?

Identify (ID) function

Which of the following is prohibited by the Computer Fraud and Abuse Act? More than one answer may be correct

Intentionally destroying a computer Cyber blackmail

The technology that provides a type of firewall protection by hiding internal IP addresses is called _____.

NAT

Select what's true about Trojan malware.

Often found attached to free downloads and apps Often used to find passwords, destroy data, or to bypass firewalls Similar to viruses, but do not replicate themselves

Where are data in transit found?

On a cellular network

There are multiple ways ransomware attacks can be launched. Which of the following are methods a ransomware attack can be launched?

Phishing Trojan Horse

Which of the following statements correctly describes phishing?

Phishing scams use legitimate looking email messages to con a user into giving up private information. Phishing is the illegitimate use of an email message that appears to be from an established organization such as a bank.

Which function of the National Institute of Standards Technology (NIST) Cybersecurity Framework involves an organization analyzing cybersecurity risk and reducing potential damage to IT infrastructures?

Protect (PR) function

Which of the following are areas covered by state-specific cybersecurity laws? More than one answer may be correct

Protecting elections from cyber threats. Ensuring state and local governments are protected from cybersecurity threats. Addressing security needs of smart devices.

Malware that encrypts a computer's data, forcing the victim to purchase a decryption code, is called ___ .

Ransomware

One version of this type of malware encrypts a victims data until a payment is made. Another version threatens to make public a victim's personal data unless a payment is made. This type of malware is called ___>

Ransomware

Select the true statements about ransomware attacks.

Ransomware attacks invade computers via Trojan Horse viruses, worms, or by a user opening a legitimate looking email. Ransomware is malware that makes a computer's data inaccessible until a ransom is paid. One of the most popular methods used in ransomware attacks is through phishing.

Rootkits are typically used to allow hackers to do which of the following?

Remotely control the operations of a computer. Create a backdoor into a computer

Select the true statements about keystroke loggers.

Software based keystroke loggers are often a Trojan that is installed without the user's knowledge Can be hardware devices and software applications Keystroke loggers can record passwords and confidential information

According to National Institute for Standards __________, once a cybersecurity risk assessment has been conducted and the various questions in the risk assessment have been answered, an organization will be able to decide what to protect.

Technology or technology

What is the National Institute of Standards Technology (NIST) Cybersecurity Framework?

The NIST Cybersecurity Framework is a voluntary guide that helps organizations understand and protect themselves against cybersecurity risks.

Accessing the communications of an organization without authorization was made a criminal violation by which federal cybersecurity law?

The Stored Communications Act

Select the true statements about white hat hackers.

The goal of white hat hackers is to find gaps in network security and to test security defenses. Use the same techniques and tools that are used by illegitimate hackers.

Often accompanying downloaded music or apps, programs that appear to be legitimate, but executes an unwanted activity when activated is called a _____.

Trojan

A program that appears legitimate, but executes an unwanted activity when activated is called a __________ horse virus.

Trojan, trojan, or trojans

What is the goal of the planning phase of the plan-protect-respond cycle?

Understand the steps needed to design effective information security architecture.

Mohammed is experiencing issues with his work computer. He speaks to the IT department and they identify various symptoms of a computer virus. Symptoms of a computer virus include:

Unexpected error messages Critical files may be automatically deleted The operating system may not launch properly

Which of the following statements about computer viruses are true?

Viruses can destroy programs or alter the operations of a computer or network. A computer virus is software that infects computers and is created using computer code.

According to Norton, which of the following steps should be taken to defend against rootkits?

Watch out for drive-by-downloads Don't ignore software updates Be aware of phishing emails


Related study sets

Social Studies Chapter 11 - The Origins of Judaism

View Set

How to Fill Out a Job Application

View Set

Evolutionary Biology Exam 2 Practice Questions

View Set

Angels CHHA School Quiz Review Ch 19, 20, and 21

View Set

Chapter 6 - Additional Database Objects

View Set

Chapter 50 (Biliary Diseases [GI])

View Set