CIS133 - Chapter 2 Quiz, Review Chapter 2 NE, Security Awareness ch 1 quiz, Security Chapter 1 Questions, IT 301 Chp 2, CIS133 - Chapter 1 Quiz

Credit score reports cost about ____.

$10

FACTA grants consumers the right to request one free credit report from each of the three national credit-reporting firms every ____.

12 months

The average phishing site only exists for ____ days to prevent law enforcement agencies from tracking the attackers.

3.8

If a consumer finds a problem on her credit report, she must first send a letter to the credit-reporting agency. Under federal law, the agency has ____ days to investigate and respond to the alleged inaccuracy and issue a corrected report.

30

From January 2005 through July 2012, over ____ electronic data records in the United States were breached, exposing to attackers a range of personal electronic data, such as address, Social Security numbers, health records, and credit card numbers.

562 million

From January 2005 through July 2015, approximately how many electronic data records in the United States were breached, exposing to attackers a range of personal electronic data, such as address, Social Security numbers, health records, and credit card numbers?

853 million

Dictionary

A_____ attack begins with the attacker creating digests of common dictionary words, and then comparing those in a stolen password file.

The ability that provides tracking of events.

Accounting

Password

Any secret combination of letters, numbers, and or symbols that serves to validate or authenticate a user by what she knows.

The steps to ensure that the individual is who he or she claims to be; the process of providing proof of genuineness.

Authentication

Using which Social engineering principle might an attacker impersonate a CEO of a company?

Authority

The act of providing permission or approval to technology resources.

Authorization

Where are you most likely to find a PKES system?

Automobile

____ ensures that data is accessible when needed to authorized users.

Availability

Attacker who sells knowledge of a vulnerability to other attackers or governments.

Brokers

"____" involves breaking into a car's electronic system.

Car hacking

Individual who participates in a network of attackers, identity thieves, spammers, and financial fraudsters.

Cybercriminal

A premeditated, politically motivated attack against information, computer systems, computer programs, and data, which often results in violence.

Cyberterrorism

Attacker whose motivation may be defined as ideological, or attacking for the sake of principles or beliefs.

Cyberterrorist

Which technique might an attacker employ to find documents that may reveal the true level of security within an organization?

Dumpster diving

Which of the following is NOT a factor that contributes to difficulties faced in defending against attacks?

Enhanced encryption algorithms

Automated attack package that can be used without an advanced knowledge of computers.

Exploit Kit

12 months.

FACTA grants consumers that right to request one free credit report from each of the three national credit-reporting firms every

FACTA grants consumers free access to their credit score.

FALSE

The ____ of 2003 contains rules regarding consumer privacy.

Fair and Accurate Credit Transactions Act

What law contains rules regarding consumer privacy?

Fair and Accurate Credit Transactions Act

FACTA grants consumers free access to their credit score.

False

In a well-run information security program, attacks will never get through security perimeters and local defenses.

False

Passwords are still considered a strong defense against attackers.

False

Script kiddies typically have advanced knowledge of computers and networks.

False

There is a straightforward and easy solution to securing computers.

False

In the last year, over 600,000 Apple Macs were infected with a malicious software called ____.

Flashback

Which law requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information?

GLBA

____ requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information.

GLBA

A US law that requires banks and financial institutions to alert customer of their policies and practices in disclosing customer information.

Gramm-Leach-Bliley Act (GLBA)

Social networking.

Grouping Individuals and organizations into clusters or groups based on their likes and interests is called.

Under____, healthcare enterprises must guard protected health information and implement policies and procedures to safeguard it, whether it be in paper or electronic format.

HIPAA

Attacker who attacks for ideological reasons that are generally not as well defined as a cyberterrorist's motivation.

Hactivists

What type of attack is a false warning, often contained in an email message claiming to come from the information technology (IT) department?

Hoaxes

How do attackers today make it difficult to distinguish an attack from legitimate traffic?

How do attackers today make it difficult to distinguish an attack from legitimate traffic?

Which of the following involves stealing another person's personal information, such as a Social Security number, and then using the information to impersonate the victim, generally for financial gain?

Identity theft

____ involves stealing another person's personal information, such as a Social Security number, and then using the information to impersonate the victim, generally for financial gain.

Identity theft

____ involves using someone's personal information, such as a Social Security number, to establish bank or credit card accounts that are then left unpaid, leaving the victim with the debts and ruining their credit rating.

Identity theft

What type of attacker is most likely to use information you have posted about yourself on a social networking site?

Identity thief

What term is frequently used to describe the tasks of securing information that is in a digital format?

Information Security

Employees, contractors, and business partners who can be responsible for an attack.

Insiders

Pharming

Instead of asking the user to visit a fraudulent web site, ______ atomically redirects the user of the fake site.

Security actions that ensure that the information is correct and no unauthorized person or malicious software has altered the data.

Integrity

Which of the following ensures that information is correct and no unauthorized person or malicious software has altered it?

Integrity

____ ensures that information is correct and no unauthorized person or malicious software has altered that data.

Integrity

Which document identifies individuals within the organization who are in positions of authority?

Organizational charts

____ identify individuals within the organization who are in positions of authority.

Organizational charts

True

Passwords are not considered a strong defense against attackers.

____ is sending an e-mail or displaying a Web announcement that falsely claims to be from a legitimate enterprise, in an attempt to trick the user into surrendering private information.

Phishing

____ may reveal the true level of security within the organization.

Policy manuals

Which of the following is described as an attacker who pretends to be from a legitimate research firm who asks for personal information?

Pretexting

____ means an attacker who pretends to be from a legitimate research firm asks for personal information.

Pretexting

A US law designed to fight corporate corruption.

Sarbanes-Oxley Act (Sarbox)

Individual who lacks advanced knowledge of computers and networks and so uses downloaded automated attack software to attack information systems.

Script Kiddies

____ are individuals who want to attack computers yet they lack the knowledge of computers and networks needed to do so.

Script kiddies

impersonation

Social engineering_____means to create a fictitious character and then play out the role of that person on a victim.

Social networking sites

The Web sites that facilitate linking individuals with common interests and function as an online community of users are called.

Fair and Accurate Credit Transactions act.

The ____ of 2003 contains rules regarding consumer privacy.

Password management tool.

The best approach to establishing strong security with passwords is to use a

True

The weakness of passwords centers on human memory

A type of action that has the potential to cause harm.

Threat

A person or element that has the power to carry out a threat.

Threat Agent

The means by which an attack could occur.

Threat Vector

Attack tools can initiate new attacks without any human participation, thus increasing the speed at which systems are attacked.

True

Financial cybercrime is often divided into two categories. The first category focuses on individuals and businesses.

True

The weakness of passwords centers on human memory.

True

Today, many attack tools are freely available and do not require any technical knowledge to use.

True

Virtually anyone could type in a person's username and pretend to be that person.

True

When creating passwords, the most important principle is that length is more important than complexity.

True

What is the best approach to establishing strong security with passwords?

Use technology for managing passwords

Change of address.

Using standard ______form, attackers can divert all mail to their post office so that the victims never see any charges mades.

True

Virtually anyone could type in person's username and pretend to be that person.

A flaw or weakness that allows a threat agent to bypass security.

Vulnerability

Identity theft.

____ Involves using someone's personal information, such as Social Security number, to establish bank credit card accounts that are then left unpaid, leaving the victims with the debts and ruining their credit rating.

Organizational Charts.

_____ Identify individuals within the organization who are in positions of authority.

Pretexting.

_____ Means an attacker who pretends to be from a legitimate research firm asks for personal information.

Phishing

_______is sending an e mail or displaying a Web announcement that falsely claims to be from a legitimate enterprise, in an attempt to trick the user into surrendering private information.

process that confirms a user's identity

authenication

trying to guess a password through combining a systematic combination of characters

bruce force attack

Using a standard ____ form, attackers can divert all mail to their post office box so that the victim never sees any charges made.

change-of-address

What can an attacker use to divert all mail to their post office box so that the victim is never aware that personal information has been stolen?

change-of-address form

A ____ is a numerical measurement used by lenders to assess a consumer's creditworthiness.

credit score

Which of the following is a numerical measurement used by lenders to assess a consumer's creditworthiness?

credit score

Targeted attacks against financial networks, unauthorized access to information, and the theft of personal information are sometimes known as ____________________.

cybercrime

The FBI defines ____ as any "premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against non-combatant targets by sub-national groups or clandestine agents."

cyberterrorism

What does the FBI define as any "premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against non-combatant targets by sub-national groups or clandestine agents?"

cyberterrorism

Terrorists who turn their attacks to the network and computer infrastructure to cause panic among citizens are known as ____.

cyberterrorists

Terrorists who turn their attacks to the network and computer infrastructure to cause panic among citizens are known as which of the following?

cyberterrorists

A ____ attack begins with the attacker creating digests of common dictionary words, and then comparing those in a stolen password file.

dictionary

What type of attack begins with the attacker creating digests of common dictionary words, and then comparing those in a stolen password file?

dictionary

Technically speaking, the process for creating a password digital representation is based on a hash algorithm, which creates a(n) ____________________.

digest

How often does FACTA grants consumers the right to request one free credit report from each of the three national credit-reporting firms?

every 12 months

In the past, the term ____ was commonly used to refer to a person who uses advanced computer skills to attack computers.

hacker

____ involves using someone's personal information, such as a Social Security number, to establish bank or credit card accounts that are then left unpaid, leaving the victim with the debts and ruining their credit rating.

identity theft

Social engineering ____ means to create a fictitious character and then play out the role of that person on a victim.

impersonation

Shoulder Surfing

information entered is observed by another person

The term ____ is frequently used to describe the tasks of securing information that is in a digital format.

information security

Security is ____ convenience.

inversely proportional to

Security ____ convenience.

is inversely proportional to

It is vital to have ____________________ security on all of the personal computers to defend against any attack that breaches the perimeter.

local

Whaling

one type of spear phishing

any secret combination of letters, numbers, and/or symbols that serves to validate or authenticate a user by what she knows

password

A ____ is a program that lets a user create and store multiple strong passwords in a single user database file that is protected by one strong master password.

password management application

What type of program lets a user create and store multiple strong passwords in a single user database file that is protected by one strong master password?

password management application

The best approach to establishing strong security with passwords is to use a ____.

password management tool

Information (contained on the devices) is protected by three layers: products, ____, and policies and procedures.

people

Instead of asking the user to visit a fraudulent Web site, ____ automatically redirects the user to the fake site.

pharming

With which type of social engineering attack are users asked to respond to an email or are directed to a website where they are requested to update personal information, such as passwords or credit card numbers?

phishing

Information contained on devices is protected by three layers: Two of the layers are products and policies and procedures. What is the third

products, people, & policy and procedures

Attackers today use common Internet ____ and applications to perform attacks, making it difficult to distinguish an attack from legitimate traffic.

protocols

information entered is observed by another person

shoulder surfing

Grouping individuals and organizations into clusters or groups based on their likes and interests is called ____.

social networking

What popular online activity involves grouping individuals and organizations into clusters or groups based on their likes and interests?

social networking

The Web sites that facilitate linking individuals with common interests and function as an online community of users are called ____.

social networking sites

means of gathering information for an attack by relying on the weaknesses of individuals

soical engineering

Whereas phishing involves sending millions of generic e-mail messages to users, ____ targets only specific users.

spear phishing

Whereas phishing involves sending millions of generic e-mail messages to users, which type of similar attack targets only specific users?

spear phishing

A computer ____ is a person who has been hired to break into a computer and steal information.

spy

Stolen wallets and purses contain personal information that can be used in identity theft. This is known as ____.

stealing

WUuAxB2aWBndTf7MfEtm is an example of this

strong passwords

once an authorized person opens the door then virtually any number of individuals can follow behind and also enter the building or area

tailgating

On average it takes ____ days for a victim to recover from an attack.

ten

Which phrase best describes security?

the goal to be free from danger as well as the process that achieves that freedom

A(n) ____ is a type of action that has the potential to cause harm.

threat

Which of the following is a type of action that has the potential to cause harm?

threat

A(n) ____ is a person or element that has the power to carry out a threat.

threat agent

the goal to be free from danger as well as the process that achieves that freedom

threat agent

Passwords are still considered a strong defense against attackers.

true

Which type of social engineering attack depends on the user incorrectly entering a URL?

typo squatting

Social engineering

use of a telephone call instead of email to contact a potential victim

Which of the following is a characteristic of a weak password?

used on multiple accounts

use of a telephone call instead of e-mail to contact a potential victim

vishing

A(n) ____ is a flaw or weakness that allows a threat agent to bypass security.

vulnerability

What is a flaw or weakness that allows a threat agent to bypass security?

vulnerability

one type of spear phishing

whaling