CSIA 105

Ace your homework & exams now with Quizwiz!

the user's identity with his public key

A digital certificate associates ____________.

to verify the authenticity of the registration authorizer

Digital certificates can be used for each of the following except __________. A. to verify the authenticity of the Registration Authorizer B. to verify the identity of clients and servers on the Web C. to encrypt messages for secure e-mail communications D. to encrypt channels to provide secure communication between clients and servers

perfect forward secrecy

Public key systems that generate random public keys that are different for each session.

exploit kit

Script kiddies acquire which item below from other attackers to easily craft an attack:

script kiddies

Select below the term that is used to describe individuals who want to attack computers yet lack the knowledge of computers and networks needed to do so

risk loss

Which of these is NOT a basic security protection for information that cryptography can provide? a. risk loss b. integrity c. confidentiality d. authenticity

security technician

Which position below is considered an entry-level position for a person who has the necessary technical skills?

information security

Which term below is frequently used to describe the tasks of securing information that is in a digital format?

digest

a______is not decrypted but is only used for comparison purposes

certificate repository

a centralized directory of digital certificates is called

a smaller group of specific users

a watering hole attack is directed against

18

according to the US bureau of labor statistics, what percentage of growth is the available job outlook supposed to reach by the end of the decade

security and convenience are inversely proportional

adone is attempting to explain to his friend the relationship between security and convenience. which of the following statements would he use

HIPAA

healthcare enterprises are required to guard protected health information and implement policies and procedures whether it be in paper or electronic format

rsa

illya was asked to recommend the most secure asymmetric cryptographic algorithm to his supervisor. which of the following did he choose

certificate authority

in entity that issues digital certificates is a

all all of the above

in information security, what constitutes a loss?

distributed

in what kind of attack can attackers make use of hundreds of thousands of computers under their control in an attack against a single server or Network

tailgating

is following an authorized person through a secure door

intimidation

lykke receives a call while working at the help desk from someone who needs his account reset immediately when lykke questions the collar, he says if you don't reset my account immediately I will call your supervisor what psychological approach is the collar attention to use

online certificate status protocol

performs a real-time lookup of a digital certificate status

Non-repudiation

proving that a user sent an email message is known as

is the management of digital certificates

public key infrastructure

us Patriot act

purpose is to strengthen domestic security and broaden the powers of law enforcement agencies with regards to identifying and stopping terrorists

Gramm-Leach-Bliley Act

requires Banks and financial institutions to alert customers of their policies and practices in disclosing customer information

integrity

select below the information protection item that ensures that information is correct and that no unauthorized person or malicious software has altered that data

whaling

sends fishing messages only to wealthy individuals

obscurity

signe wants to improve the security of the small business where she serves as a security manager. she determines that the business needs to do a better job of not revealing the type of computer, operating system, software, and network connections they use. what security principle does signe want to use

Americans with disabilities

standards created to require accessibility of electronic media websites software applications, operating systems, video, etc.

in encrypt the key and the message

the hash message authentication code HMAC

authentication

the security protection item that ensures that the individual is who they claim to be the authentic or genuine person and not and an imposter is known as

digital certificate

the strongest technology that would assure Alice that Bob is the sender of the message is a

love bug

to date, the single most expensive malicious attack occurred in 2000, which cost an estimated 8.7 billion dollars. what was the name of the attack?

regulatory

what are industry-standard frameworks and reference architectures that are required by external agencies known as

difficulties: human error, contamination, not knowing policy, live operations

what are some key things people need to know about how to handle evidence related to different types of disputes civil, criminal, private? what makes this difficult at times

Indonesia

what country is now the number one source of attack traffic?

crypto service provider

what entity calls in crypto modules to perform cryptographic task

manager

what information security position reports to the ciso and supervises technicians, administrators, and security staff?

when two concurrent threads of execution access a shared resource simultaneously resulting in unintended consequences

what is a race condition

salt

what is a value that can be used to ensure that hashed plaintext will not consistent sleep result in the same digest

plain text

what is data called that is to be encrypted by inputting it into a cryptographic algorithm

brokers

what is the category of threat actors that sell their knowledge of vulnerabilities to other attackers or governments

command and control server

what is the name of the threat actors computer that gives instructions to an infected computer

bot herder

what is the term used for a threat actor who controls multiple bots in a botnet

identity theft

what type of theft involves stealing another person's personal information, such as a social security number, and then using the information to impersonate the victim, generally for financial gain?

Gramm-Leach-Bliley Act (GLBA)

which act requires Banks and financial institutions to alert their customers of their policies in disclosing customer information

extended validation

which did a digital certificate displays the name of the entity behind the website

cipher block chaining

which of the following block ciphers XO RS each block of plain text with the previous block of ciphertechs before being encrypted

confidentiality

which of the following ensures that only authorized parties can view protected information

information

which of the following is an Enterprise critical asset

a route kit is always the payload of a Trojan

which of the following is not a correct about a rootkit

variability

which of the following is not a method for strengthening a key

diffusion

which of the following is not a primary trait of malware

greater sophistication of defense tools

which of the following is not a reason why it is difficult to defend against today's attacks

purposes

which of the following is not a successive layer in which information security is achieved

security is a war that must be won at all cost

which of the following is not true regarding security

Diffe Helman

which of the following key exchanges uses the same keys each time

confidentiality

which of the three protections ensures that only authorized parties can view information

send spam email to moa's inbox on Tuesday.

which of these could not be defined as a logic bomb

hardware security module

which of these has an on-board key generator and key storage facility, as well as accelerated symmetric and asymmetric encryption and can back up system material in encrypted form

spyware

which of these is a general term used for describing software that gathers information without the user's consent

TLS v 1.2

which of these is considered the strongest cryptographic transport protocol

collision should be rare

which of these is not a characteristic of a secure hash algorithm

advanced encryption standard

which of these is the strongest symmetric cryptographic algorithm

books

which of these items retrieved through the dumpster diving would not provide useful information

it is designed for use on larger scale

which statement is not true regarding hierarchical trust models

software keyloggers are generally easy to detect

which statement regarding a keylogger is not true

advanced persistent threat

which tool is most commonly associated with nation-state threat actors

bridge

which trust model has multiple cas one of which acts as a facilitator

virus

which type of malware requires a user to transport it from one computer to another

metamorphic

which type of mutation completely changes a virus from its original form by rewriting its own code whenever it is executed

they can cause significant disruption by destroying only a few targets

why do cyber terrorists Target power plants, air traffic control centers, and water systems

session keys

AR symmetric keys to encrypt and decrypt information exchanged during the session in to verify its integrity

0

Abram was asked to explain to one of his coworkers the xor cipher. he showed his co-worker in the example of adding two bits, 1 + 1. what is the result of the sum

ROT13 cipher

Alexi was given a key to a substitution cipher the key show that the entire alphabet was rotated 13 steps. what type of cipher is used

crypto malware

Astrid's computer screen suddenly says that all files are now locked until money is transferred to a specific account, at which time she will receive amen means to unlock the files what type of malware has infected her computer

it displays the attackers programming skills

Each of the following is the reason adware is scorned except __________..

RAT

Ebba received a message from one of her tech support employees. in violation of company policy, a user had downloaded a free program to receive weather reports, but the program had also installed malware on the computer that gave the thread actor unrestricted access to the computer. what type of malware had been downloaded

verify the receiver

Edgar wanted to use a digital signature which of the following benefits will the digital signature not provide

extinguish risk

Gunner is creating a document that explains risk response techniques which of the following would he not list and explain in his document

security administrator

Ian recently earned his security certification and has been offered a promotion to a position that requires him to analyze and design security solutions as well as identifying users knees. which of these generally recognized security positions has in been offered

Alice's public key

If Bob wants to send a secure message to Alice using an asymmetric cryptographic algorithm, which key does he use to encrypt the message?

blocking ransomware

Linneafather called her to say that a message suddenly appeared on his screen that says his software license has expired and he must immediately pay $500 to have it renewed before control of the computer will be returned to him. what type of flower is this

vulnerable business processes

Tatiana is discussing with her supervisor potential reasons why a recent attack was successful against one of their systems. which of the following configuration issues would not covered

in the directory structure of the file system

The areas of a file in which steganography can hide data include all of the following EXCEPT ___

it provides cryptographic services in hardware instead of software

What is a characteristic of the Trusted Platform Module (TPM)?

to spy on citizens

What is an objective of state-sponsored attackers?

SHA-3

What is the latest version of the Secure Hash Algorithm?

serial server

What kind of server connects a remote system through the Internet to local serial ports using TCP/IP?

Cybercriminals

What term is used to describe a loose network of attackers, identity thieves, and financial fraudsters?

Misconfiguration

alyona has been asked by her supervisor to give a presentation regarding reasons why security attacks continue to be successful. she has decided to focus on the issue of widespread vulnerabilities. which of the following would a alyona not include in her presentation

confusion

alyosha was explaining to a friend the importance of protecting a cryptographic key from crypto analysis. he said that the key should not relate in a simple way to the ciphertext which protection is he describing

the children's online act

an act created to help protected children under the age of 13 from exploitation by governing the online collection of the child's personal information

diversity

an organization that practices purchasing products from different vendors is demonstrating which security principle

it would be a essentially impossible to keep its location a secret from everyone

at a staff meeting one of the technicians suggested that the Enterprise for tactics new web server by hiding it and not telling anyone where it is located why is security through obscurity a poor idea

through products, people, and procedures on the devices that store, manipulate, and transmit the information

complete this definition of information security. that which protects the integrity confidentiality and availability of information

computer security act

created 2 improve the security and privacy of sensitive information and to create acceptable security practices

Sarbanes-Oxley Act

created for corporate governance and financial practice

FERPA

created to protect the privacy of student records

payment-card industry act

defines minimum requirements for merchants and service providers to protect cardholder data


Related study sets

PSCI 1102 International Relations Final

View Set

Chapter 7 The Skeleton review questions

View Set

Chapter 11 "The Fat-Soluble Vitamins: A, D, E, and K

View Set

Chapter 11 Business Dynamics Quiz

View Set