Chapter 2 - ITSY 1300
"Shoulder spying" is used in public or semipublic settings when individuals gather information they are not authorized to have by looking over another individual's shoulder or viewing the information from a distance. _________________________ Select one: True False
False
A device (or a software program on a computer) that can monitor data traveling on a network is known as a socket sniffers. _________________________ Select one: True False
False
A worm requires that another program is running before it can begin functioning. Select one: True False
False
An act of theft performed by a hacker falls into the category of "theft," but is also often accompanied by defacement actions to delay discovery and thus may also be placed within the category of "forces of nature." Select one: True False
False
An advance-fee fraud attack involves the interception of cryptographic elements to determine keys and encryption algorithms. Select one: True False
False
Attacks conducted by scripts are usually unpredictable. Select one: True False
False
Compared to Web site defacement, vandalism within a network is less malicious in intent and more public. Select one: True False
False
DoS attacks cannot be launched against routers. Select one: True False
False
Information security's primary mission is to ensure that systems and their contents retain their confidentiality at any cost. Select one: True False
False
Once a(n) back door has infected a computer, it can redistribute itself to all e-mail addresses found on the infected system. _________________________ Select one: True False
False
One form of e-mail attack that is also a DoS is called a mail spoof, in which an attacker overwhelms the receiver with excessive quantities of e-mail. _________________________ Select one: True False
False
Packet munchkins use automated exploits to engage in distributed denial-of-service attacks. _________________________ Select one: True False
False
The application of computing and network resources to try every possible combination of options of a password is called a dictionary attack. _________________________ Select one: True False
False
The macro virus infects the key operating system files located in a computer's boot sector. _________________________ Select one: True False
False
A mail bomb is a form of DoS attack. Select one: True False
True
A number of technical mechanisms-digital watermarks and embedded code, copyright codes, and even the intentional placement of bad sectors on software media-have been used to deter or prevent the theft of software intellectual property. Select one: True False
True
A sniffer program can reveal data transmitted on a network segment including passwords, the embedded and attached files-such as word-processing documents-and sensitive data transmitted to or from applications. Select one: True False
True
A worm can deposit copies of itself onto all Web servers that the infected system can reach, so that users who subsequently visit those sites become infected. Select one: True False
True
A(n) polymorphic threat is one that over time changes the way it appears to antivirus software programs, making it undetectable by techniques that look for preconfigured signatures. _________________________ Select one: True False
True
As an organization grows it must often use more robust technology to replace the security technologies it may have outgrown. Select one: True False
True
Cyberterrorists hack systems to conduct terrorist activities via network or Internet pathways. _________________________ Select one: True False
True
Expert hackers are extremely talented individuals who usually devote lots of time and energy to attempting to break into other people's information systems. Select one: True False
True
Forces of nature, force majeure, or acts of God can present some of the most dangerous threats, because they are usually occur with very little warning and are beyond the control of people. Select one: True False
True
Hackers are "persons who access systems and information without authorization and often illegally." _________________________ Select one: True False
True
Information security safeguards the technology assets in use at the organization. Select one: True False
True
Intellectual property is defined as "the creation, ownership, and control of ideas as well as the representation of those ideas." _________________________ Select one: True False
True
Much human error or failure can be prevented with effective training and ongoing awareness activities. Select one: True False
True
Organizations can use dictionaries to regulate password selection during the reset process and thus guard against easy-to-guess passwords. Select one: True False
True
Software code known as a(n) cookie can allow an attacker to track a victim's activity on Web sites. _________________________ Select one: True False
True
The malicious code attack includes the execution of viruses, worms, Trojan horses, and active Web scripts with the intent to destroy or steal information. _________________________ Select one: True False
True
Microsoft acknowledged that if you type a res:// URL (a Microsoft-devised type of URL) which is longer than ____________________ characters in Internet Explorer 4.0, the browser will crash. Select one: a. 256 b. 64 c. 128 d. 512
a. 256
hich of the following functions does information security perform for an organization? Select one: a. All of the above. b. Enabling the safe operation of applications implemented on the organization's IT systems. c. Protecting the organization's ability to function. d. Protecting the data the organization collects and uses.
a. All of the above.
Which of the following is an example of a Trojan horse program? Select one: a. Happy99.exe b. MyDoom c. Netsky d. Klez
a. Happy99.exe
The ____________________ data file contains the hashed representation of the user's password. Select one: a. SAM b. FBI c. SNMP d. SLA
a. SAM
____ is any technology that aids in gathering information about a person or organization without their knowledge. Select one: a. Spyware b. A bot c. Trojan d. Worm
a. Spyware
In a ____________________ attack, the attacker sends a large number of connection or information requests to disrupt a target from a small number of sources. Select one: a. denial-of-service b. virus c. distributed denial-of-service d. spam
a. denial-of-service
Hackers can be generalized into two skill groups: expert and ____________________. Select one: a. novice b. journeyman c. packet monkey d. professional
a. novice
"4-1-9" fraud is an example of a ____________________ attack. Select one: a. social engineering b. spam c. virus d. worm
a. social engineering
____________________ are malware programs that hide their true nature, and reveal their designed behavior only when activated. Select one: a. Worms b. Trojan horses c. Spam d. Viruses
b. Trojan horses
Human error or failure often can be prevented with training, ongoing awareness activities, and ____________________. Select one: a. threats b. controls c. hugs d. paperwork
b. controls
____________________ is the premeditated, politically motivated attacks against information, computer systems, computer programs, and data which result in violence against noncombatant targets by subnational groups or clandestine agents. Select one: a. infoterrorism b. cyberterrorism c. hacking d. cracking
b. cyberterrorism
As frustrating as viruses and worms are, perhaps more time and money is spent on resolving virus ____________________. Select one: a. false alarms b. hoaxes c. polymorphisms d. urban legends
b. hoaxes
Complete loss of power for a moment is known as a ____. Select one: a. brownout b. fault c. lag d. blackout
b. fault
Web hosting services are usually arranged with an agreement defining minimum service levels known as a(n) ____. Select one: a. MIN b. MSL c. SLA d. SSL
c. SLA
The ____________________ hijacking attack uses IP spoofing to enable an attacker to impersonate another entity on the network. Select one: a. WWW b. FTP c. TCP d. HTTP
c. TCP
____________________ are compromised systems that are directed remotely (usually by a transmitted command) by the attacker to participate in an attack. Select one: a. Drones b. Servants c. Zombies d. Helpers
c. Zombies
One form of online vandalism is ____________________ operations, which interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency. Select one: a. hackcyber b. cyberhack c. hacktivist d. phreak
c. hacktivist
Acts of ____________________ can lead to unauthorized real or virtual actions that enable information gatherers to enter premises or systems they have not been authorized to enter. Select one: a. theft b. security c. trespass d. bypass
c. trespass
A ____________________ is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time. Select one: a. virus b. spam c. denial-of-service d. distributed denial-of-service
d. distributed denial-of-service
In the well-known ____________________ attack, an attacker monitors (or sniffs) packets from the network, modifies them, and inserts them back into the network. Select one: a. server-in-the-middle b. zombie-in-the-middle c. sniff-in-the-middle d. man-in-the-middle
d. man-in-the-middle
