CTI 120 Final Exam

Ace your homework & exams now with Quizwiz!

a. authentication (1) b. authorization (2) c. confidentiality (3) d. cybercrime (4) e. exploit kit (5) f. identity theft (6) g. insiders (7) h. integrity (8) i. threat vector (9)

(matching questions chapter 1) 1. steps that ensure that the individual is who he or she claims to be 2. the process of providing proof of genuineness 3. the act of providing permission or approval to technology resources 4. targeted attacks against financial networks, unauthorized access to information, and the theft of personal information 5. automated attack package that can be used without an advanced knowledge of computers 6. stealing another person's personal information, such as a Social Security number, and then using the information to impersonate the victim, generally for financial gain 7. employees, contractors, and business partners who can be responsible for an attack 8. security actions that ensure that the information is correct and no unauthorized person or malicious software has altered the data 9. the means by which an attack could occur a. authentication b. authorization c. confidentiality d. cybercrime e. exploit kit f. identity theft g. insiders h. integrity i. threat vector

a. adware b. bot herder c. botnet d. feature update e. firewall f. logic bomb g. signature file h. worm i. zombie

(matching questions chapter 3) 1. A software program that delivers advertising content in a manner that is unexpected and unwanted by the user 2. An attacker who controls a botnet 3. A logical computer network of zombies under the control of an attacker 4. Enhancements to the software to provide new or expanded functionality, but do not address security vulnerability 5. Hardware or software designed to limit the spread of malware 6. Computer code that lies dormant until it is triggered by a specific logical event 7. A database of viruses that is used to identify an infected file 8. A malicious program designed to enter a computer via a network 9. An infected computer that is under the remote control of an attacker a. adware b. bot herder c. botnet d. feature update e. firewall f. logic bomb g. signature file h. worm i. zombie

false

Data backups only protect data against computer attacks. true or false

true

Virtually anyone could type in a person's username and pretend to be that person. true or false

b. dumpster diving

Which technique might an attacker employ to find documents that may reveal the true level of security within an organization? a. Pretexting b. Dumpster diving c. Vishing d. Shoulder surfing

d. denying services

Botnets can flood a Web server with thousands of requests and overwhelm it to the point that it cannot respond to legitimate requests. What is this called? a. spamming b. spreading malware c. manipulating online polls d. denying services

c. 853 million

From January 2005 through July 2015, approximately how many electronic data records in the United States were breached, exposing to attackers a range of personal electronic data, such as address, Social Security numbers, health records, and credit card numbers? a. 456,000 b. 22 million c. 853 million d. 660 billion

b. TCP/IP

HTTP is based on which larger set of standards for Internet communication? a. IEEE 802.11 b. TCP/IP c. IPX/SPX d. NetBEUI

b. by using a common Internet protocol

How do attackers today make it difficult to distinguish an attack from legitimate traffic? a. by using simple scripting b. by using common Internet protocols c. by using diverse interfaces d. by using a common language

c. 30

In the U.S., if a consumer finds a problem on her credit report, she must first send a letter to the credit-reporting agency. Under federal law, how many days does the agency have to investigate and respond to the alleged inaccuracy and issue a corrected report? a. 15 b. 45 c. 30 d. 60

d. hacker

In the past, which term was commonly used to refer to a person who uses advanced computer skills to attack computers? a. slacker b. black-hat c. white-hat d. hacker

true

It is recommended that a copy of a data backup be stored at an off-site location. true or false

false

Malware usually enters a computer system with the user's knowledge. true or false

false

There is a straightforward and easy solution to securing computers. true or false

true

Today, many attack tools are freely available and do not require any technical knowledge to use. true or false

c. HIPPA

Under which law must healthcare enterprises guard protected health information and implement policies and procedures to safeguard it, whether it be in paper or electronic format? a. Sarbox b. GLBA c. HIPAA d. COPPA

true

Web servers distribute HTML documents based on a set of standards, or protocols, known as the Hypertext Transport Protocol (HTTP). true or false

c. HTML

What do Web authors use to combine text, graphic images, audio, video, and hyperlinks into a single document? a. IPL b. XSLT c. HTML d. SGML

c. HTML5

What standardizes sounds and video format so plug-ins like Flash are no longer needed? a. IMAP4 b. JavaScript c. HTML5 d. SMTP

true

With blocked top-level domain lists, email from entire countries or regions can be blocked and treated as spam. true or false

a. Authentication (1) b. Brute force attack (2) c. Dictionary attack (3) d. Password (4) e. Shoulder surfing (5) f. Social engineering (6) g. Typo squatting (7) h. Vishing (8) i. Whaling (9)

(matching questions chapter 2) 1. The steps that ensure that the individual is who he or she claims to be 2. A password attack in which every possible combination of letters, numbers, and characters is used to match passwords in a stolen password file 3. A password attack that compares common dictionary words against those in a stolen password file. 4. A secret combination of letters, numbers, and/or symbols that serves to authenticate a user by what he or she knows 5. Viewing information that is entered by another person 6. Grouping individuals and organizations into clusters based on an affiliation 7. Redirecting a user to a fictitious website based on a misspelling of the URL 8. A phishing attack in which the attacker calls the victim on the telephone 9. A phishing attack that targets wealthy individuals

a. add-on b. attachment c. blacklist d. cookie e. extension f. image spam g. malvertising h. spam i. whitelist

(matching questions chapter 4) 1. Web browser addition that adds functionality to the entire web browser 2. File, such as a word processing document, spreadsheet, or picture, that is attached to an email message 3. A list of senders from whom the user does not want to receive any email 4. A file created by a web server and stored on the local computer that contains the user's preferences and other information 5. Web browser addition that expands the normal capabilities of a web browser for a specific webpage 6. Spam that uses graphical images of text in order to circumvent text-based filters 7. Attacks that are based on malicious code sent through third-party advertising networks so that malware is distributed through ads sent to users' web browsers 8. Unsolicited email 9. A list of senders from whom the user will accept email

c. LSO

A(n) ____________ is also called a Flash cookie, named after Adobe Flash. a. image spam b. Third-party cookie c. LSO d. First-party cookie

d. signature

AV software on a computer must have its ____ files regularly updated by downloads from the Internet. a. control b. program c. behavior d. signature

b. zombie

An infected robot computer is known as a ____. a. beachhead b. zombie c. bottle d. Trojan horse

c. every 12 months

How often does FACTA grants consumers the right to request one free credit report from each of the three national credit-reporting firms? a. every 18 months b. every 2 months c. every 12 months d. every 6 months

c. people

Information contained on devices is protected by three layers: Two of the layers are products and policies and procedures. What is the third layer? a. tools b. systems c. people d. applications

b. reading pane

Most email clients contain a ____ that allows the user to read an email message without actually opening it. a. safety pane b. reading pane c. sandbox pane d. preview pane

true

Most users actually receive only a small amount of spam in their local email inbox. The majority is blocked before it even reaches the user. true or false

false

Passwords are still considered a strong defense against attackers. true or false

false

Script kiddies typically have advanced knowledge of computers and networks. true or false

c. inversely proportional to

Security is ____ convenience. a. less important than b. more important than c. inversely proportional to d. proportional to

c. cyberterrorist

Terrorists who turn their attacks to the network and computer infrastructure to cause panic among citizens are known as which of the following? a. spies b. hackers c. cyberterrorists d. hacktivists

b. internet

The ____ is a worldwide set of interconnected computers, servers, and networks. a. Globalnet b. Internet c. Interweb d. NSFNet

b. World Wide Web

The ____ is composed of Internet server computers on networks that provide online information in a specific format. a. Internet Web b. World Wide Web c. Global Web d. World Web

c. IMAP

Using what email protocol can mail be organized into folders on the mail server and read from any device? a. POP3 b. HTML c. IMAP d. SMTP

d. private browsing

Using which Internet security best practice is information not saved by the browser, such as pages that are visited will not be recorded to history or the address bar? a. controlling cookies b. clearing the cache c. downloading files d. private browsing

c. authority

Using which Social engineering principle might an attacker impersonate a CEO of a company? a. Trust b. Urgency c. Authority d. Scarcity

a. viruses, trojans, and worms

What are the three types of malware that have the primary traits of circulation and/or infection? a. viruses, Trojans, and worms b. viruses, spyware, and Trojans c. worms, viruses and spyware d. Trojans, spyware, and adware

a. backdoor

What can an attacker use that gives them access to a computer program or service that circumvents normal security protections? a. backdoor b. botnet c. bot herder d. adware

d. change-of-address form

What can an attacker use to divert all mail to their post office box so that the victim is never aware that personal information has been stolen? a. mail redirect b. automatic forwarding c. mail bouncing d. change-of-address form

b. sandboxing

What can be used to run JavaScript in a restricted environment and limit what resources it can access? a. retaining wall b. sandboxing c. same origin d. firewall

d. cookies

What do web servers use to track whether a user has previously visited a web site? a. keylogger b. scripting language c. plug-ins d. cookies

a. cyberterrorism

What does the FBI define as any "premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against non-combatant targets by sub-national groups or clandestine agents?" a. cyberterrorism b. information warfare c. eTerrorism d. cyberware

c. vulnerability

What is a flaw or weakness that allows a threat agent to bypass security? a. risk b. threat c. vulnerability d. asset

d. embedded hyperlink

What is contained within the body of an email message as a shortcut to a website? a. spam filter b. attachment c. attached image d. embedded hyperlink

d. drive-by-download

What is it called when unsuspecting users visit an infected website and their browsers download code that targets a vulnerability in the user's browser? a. targeted spamming b. poison add-on c. corrupt plug-in d. drive-by-download

d. use technology for managing passwords

What is the best approach to establishing strong security with passwords? a. Keep a written log of your passwords b. Keep passwords short so you can remember them c. Use the same password for many sites d. Use technology for managing passwords

d. fair and accurate credit transactions act

What law contains rules regarding consumer privacy? a. Fair Credit Reporting Act b. Accurate Transactions Act c. Credit and Transactions Act d. Fair and Accurate Credit Transactions Act

b. social networking

What popular online activity involves grouping individuals and organizations into clusters or groups based on their likes and interests? a. social marketing b. social networking c. affiliate marketing d. affiliate networking

b. information security

What term is frequently used to describe the tasks of securing information that is in a digital format? a. network security b. information security c. information warfare d. information assurance

b. dictionary

What type of attack begins with the attacker creating digests of common dictionary words, and then comparing those in a stolen password file? a. brute force b. dictionary c. man in the middle d. hash

c. hoaxes

What type of attack is a false warning, often contained in an email message claiming to come from the information technology (IT) department? a. pretexting b. dumpster diving c. hoaxes d. vishing

c. identity thief

What type of attacker is most likely to use information you have posted about yourself on a social networking site? a. Dumpster diver b. Hoaxer c. Identity thief d. Phisher

b. Continuous backup

What type of backup is performed continually without any intervention by the user? a. Scheduled backup b. Continuous backup c. One-time backup d. 3-2-1 backup

c. keylogger

What type of device is inserted between the computer keyboard connection and USB port for the purposes of stealing information? a. backdoor b. rootkit c. keylogger d. zombie

b. ransomware

What type of malware can, for example, locks up a user's computer and then display a message that purports to come from a law enforcement agency that states the user must pay a fine for illegal activity? a. logic bomb b. ransomware c. zombie d. adware

a. logic bomb

What type of malware is typically added to a legitimate program but lies dormant until it is triggered by a specific event? a. logic bomb b. spam c. zombie d. ransomware

d. passwords management application

What type of program lets a user create and store multiple strong passwords in a single user database file that is protected by one strong master password? a. password fault program b. password vault program c. password generation program d. password management application

a. service pack

What type of software update is a cumulative package of all patches and feature updates? a. service pack b. patch group c. bulletin d. exploit

a. keylogger

What type of spyware silently captures and stores each keystroke that a user types on the computer's keyboard? a. keylogger b. worm c. backdoor d. rootkit

true

When creating passwords, the most important principle is that length is more important than complexity. true or false

d. An automobile

Where are you most likely to find a PKES system? a. A railroad car b. A government building c. An airplane d. An automobile

d. spear phishing

Whereas phishing involves sending millions of generic e-mail messages to users, which type of similar attack targets only specific users? a. vishing b. pharming c. whaling d. spear phishing

d. same origin

Which JavaScript defense restricts a JavaScript downloaded from Site A from accessing data that came from Site B? a. Destination filter b. Sandboxing c. Limit capabilities d. Same origin

a. User Account Control

Which Windows feature provides information to users and obtains their approval before a program can make a change to the computer's settings? a. User Account Control b. Application Modification Control c. System Settings Authorization d. Access Based Enumeration

a. insider

Which attacker category might have the objective of retaliation against an employer? a. insider b. state-sponsored attacker c. hactivist d. cybercriminal

b. organizational charts

Which document identifies individuals within the organization who are in positions of authority? a. System manuals b. Organizational charts c. Policy manuals d. Phone directories

c. GLBA

Which law requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information? a. Sarbox b. COPPA c. GLBA d. HIPAA

c. malvertising

Which of the following can be described as a poisoned ad attack? a. drive-by download b. script attack c. malvertising d. cookies

a. Availability

Which of the following ensures that data is accessible when needed to authorized users? a. Availability b. Integrity c. Non-repudiation d. Confidentiality

c. Integrity

Which of the following ensures that information is correct and no unauthorized person or malicious software has altered it? a. Protection b. Availability c. Integrity d. Confidentiality

b. extensions

Which of the following expands the normal capabilities of a web broswer for a specific webpage? a. Updates b. Extensions c. Plug-ins d. Add-ons

b. identity theft

Which of the following involves stealing another person's personal information, such as a Social Security number, and then using the information to impersonate the victim, generally for financial gain? a. Cyberterrorism b. Identity theft c. White hat hacking d. Digital fraud

a. identity theft

Which of the following involves using someone's personal information, such as a Social Security number, to fraudulently establish bank or credit card accounts? a. Identity theft b. Information theft c. Identity borrowing d. Property theft

c. Enhanced encryption algorithms

Which of the following is NOT a factor that contributes to difficulties faced in defending against attacks? a. Universally connected devices b. Faster detection of vulnerabilities c. Enhanced encryption algorithms d. Greater sophistication of attacks

b. disk drive formatting software

Which of the following is NOT a technology typically used by spyware? a. Tracking software b. Disk drive formatting software c. System modifying software d. Automatically download software

d. used on multiple accounts

Which of the following is a characteristic of a weak password? a. managed with a password manaqer b. uses a long string of characters c. cannot be easily memorized d. used on multiple accounts

d. Malware

Which of the following is a general term that refers to a wide variety of damaging or annoying software programs? a. Harmware b. Trashware c. Bloatware d. Malware

c. credit score

Which of the following is a numerical measurement used by lenders to assess a consumer's creditworthiness? a. credit level b. credit rank c. credit score d. credit report

a. trojan

Which of the following is a program advertised as performing one activity but actually does something else? a. Trojan b. virus c. worm d. rootkit

b. threat

Which of the following is a type of action that has the potential to cause harm? a. asset b. threat c. vulnerability d. threat agent

d. pretexting

Which of the following is described as an attacker who pretends to be from a legitimate research firm who asks for personal information? a. Dumpster diving b. Stealing c. Phishing d. Pretexting

b. Image spam

Which of the following uses graphical images of text in order to circumvent text-based filters? a. Java spam b. Image spam c. Flash spam d. PDF spam

a. the goal to be free from danger as well as the process that achieves that freedom

Which phrase best describes security? a. the goal to be free from danger as well as the process that achieves that freedom b. the protection of data from harm c. the procedures used to protect data d. the process of hiding sensitive data with the goal of maintaining privacy

c. patch

Which term can be described as a publicly released software security update intended to repair a vulnerability? a. control b. hole c. patch d. repair

d. threat agent

Which term is best described as a person or element that has the power to carry out a threat? a. risk b. attack agent c. vulnerability d. threat agent

c. Script kiddies

Which term is best described as individuals who want to attack computers yet who lack the knowledge of computers and networks needed to do so? a. Crackers b. Hackers c. Script kiddies d. Elites

a. phishing

Which type of attacks might send an e-mail or display a Web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information? a. Phishing b. Flashing c. Polling d. Pharming

c. worm

Which type of malware exploits a vulnerability on one system and then immediately searches for another computer on the network that has the same vulnerability? a. Trojan horse b. mass-mailer c. worm d. virus

c. rootkit

Which type of malware is a set of software tools used by an attacker to hide the actions or presence of other types of malicious software, such as Trojans, viruses, or worms? a. virus b. hacking kit c. rootkit d. worm

c. worm

Which type of malware self-replicates between computers (from one computer to another)? a. Trojan b. virus c. worm d. rootkit

b. rootkit

Which type of malware will hide or remove all traces of evidence that may reveal the malware, such as log entries? a. Adware b. Rootkit c. Trojan d. Virus

b. typo squatting

Which type of social engineering attack depends on the user incorrectly entering a URL? a. whaling b. typo squatting c. spear phishing d. vishing

b. add-ons

Which type of web browser enhancement can change browser menus or create additional toolbars? a. Plug-ins b. Add-ons c. Extensions d. Updates

b. code emulation

Which virus detection method creates a virtual environment that simulates the central processing unit (CPU) and memory of the computer? a. static analysis b. code emulation c. string scanning d. dynamic scanning

d. phishing

With which type of social engineering attack are users asked to respond to an email or are directed to a website where they are requested to update personal information, such as passwords or credit card numbers? a. pharming b. pretexting c. typo squatting d. phishing

a. Java

____ is a complete programming language that can be used to create stand-alone applications. a. Java b. Shell script c. WScript d. JavaScript

c. JavaScript

____ is a scripting language that does not create standalone applications. a. WebScript b. C# c. JavaScript d. Java

c. Spam filters

____ look for specific words and block email messages containing those words. a. Network filters b. Ad filters c. Spam filters d. Virus filters


Related study sets

Report on Sles Trip - South Korea

View Set

World Geography Unit 2 Exam study guide

View Set

(Learning Curve 11 a) Body Development; Cognitive Development Psy 200 chapter 11

View Set

ATR2010-Ch2- Concepts of Sports Injury

View Set

Otázky českého občanství - Realie

View Set

22.09.21 Psychologie clinique de l'enfant et de l'adolescent

View Set

Cranial Nerves Trigeminal only: Head and Neck Innervation

View Set