CYBR 5300 CH 2
The _____________________________ fraud is a social engineering attack that involves convincing the victim to participate in a seeming money-making venture while getting the victim to pay fees or bribes or to refund uncleared international payments. *short answer*
advance-fee
Web hosting services are usually arranged with an agreement defining minimum service levels known as a(n)_____ A: SSL B: SLA C: MSL D: MIN
B. SLA - service-level agreement
______ is any technology that aids in gathering information about a person or organization without their knowledge. A: a bot B: Spyware C: A Trojan D: A worm
B: Spyware
Microsoft acknowledged that if you type a res://URL (a Microsoft-devised type of URL) longer than _________ characters in Internet Explorer 4.0, the browser will crash. A: 64 B: 128 C:256 D: 512
C: 256
________ are compromised systems that are directed remotely (usually by a transmitted command) by the attacker or participate in an attack. A: Drones B: Helpers C: Zombies D: Servants
C: Zombies
A short-term decrease in electrical power availability is known as a(n)___________ A: blackout B: sag C: brownout D: fault
C: brownout
Which of the following is an example of a Trojan horse program? A: Netsky B: MyDoom C: Klez D: Happy99.exe
D: Happy99.exe
The _______ data file contains the hashed representation of the user's password. A: SLA B: SNMP C: FBI D: SAM
D: SAM - security account management
When information gatherers employ techniques in a commercial setting that cross the threshold of what is legal or ethical, they are conducting industrial______________ *short answer*
espionage
Some information gathering techniques are quite legal-for example, using a Web browser to perform market research. These legal techniques are called, collectively, competitive ____________________. *short answer*
intelligence
A(n)_____________ hacks the public telephone network to make free calls or disrupt services. *short answer*
phreaker
Duplication of software-based intellectual property is more commonly known as software ___________________. *short answer*
piracy
In the context of information security, _______________ is the process of using social skills to convince people to reveal access credentials or other valuable information to the attackers. *short answer*
social engineering
A(n) __________ is a potential risk to an information asset. *short answer*
threat
A long-term interruption (outage) is electrical power availability is known as a(n)_________ A: blackout B: sag C: brownout D: fault
A: blackout
The process of maintaining the confidentiality, integrity, and availability of data managed by a DBMS is known as ________ security. A: database B: data C: information D: residual
A: database
In a __________ attack, the attacker sends a large number of connection or information requests to disrupt a target from a small number of sources. A: denial-of-service B: distributed denial-of-service C: virus D: spam
A: denial-of-service
A short-term interruption in electrical power availability is known as a______ A: fault B: brownout C: blackout D: lag
A: fault
One form of online vandalism is _________ operations, which interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency. A: hacktivist B: phreak C: hackcyber D: cyberhack
A: hacktivist
When information gatherers employ techniques that cross a legal or ethical threshold, they are conducting_________. A: industrial espionage B: competitive intelligence C: opposition research D: hostile investigation
A: industrial espionage
The average amount of time between hardware failures, calculated as the total amount of operation time for a specified number of units divided by the total number of failures, is known as __________ A: mean time between failure(MTBF) B: mean time to diagnose (MTTD) C: mean time to failure (MTTF) D: mean time to repair (MTTR)
A: mean time between failure
Hackers can be generalized into two skilled groups: expert and ______ A: novice B: journeyman C: packet monkey D: professional
A: novice
The redirection of legitimate user Web traffic to illegitimate Web sites with the intent to collect personal information is known as ___________ A: pharming B: phishing C: sniffing D: pharming
A: pharming
A table of hash values and their corresponding plaintext values that can be used to look up password values if an attacker is able to steal a system's encrypted password file is known as a(n)___________ A: rainbow table B: dictionary C: crib D: crack file
A: rainbow table
"4-1-9" fraud is an example of a ________ attack. A: social engineering B: virus C: worm D: spam
A: social engineering (4-1-9 nigerian penal code)
The________hijacking attack uses IP spoofing to enable an attacker to impersonate another entity on the network. A: WWW B: TCP C: FTP D: HTTP
B: TCP
__________ is the premeditated, politically motivated attacks against information, computer systems, computer programs, and data that result in violence against noncombatant targets by subnational groups or clandestine agents. A: infoterrorism B: cyberterrorism C: hacking D: cracking
B: cyberterrorism
A ______ is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time. A: denial-of-service B: distributed denial-of-service C: virus D: spam
B: distributed denial-of-service
Human error or failure often can be prevented with training, ongoing awareness activities, and ___________ A: threats B: education C: hugs D: paperwork
B: education
As frustrating as viruses and worms are, perhaps more time and money is spent on resolving virus__________ A: false alarms B: polymorphisms C: hoaxes D: urban legends
C: hoaxes
The average amount of time until the next hardware failure is known as ______________ A: mean time between failure(MTBF) B: mean time to diagnose (MTTD) C: mean time to failure (MTTF) D: mean time to repair (MTTR)
C: mean time to failure (MTTF)
Acts of _______ can lead to unauthorized real or virtual actions that enable information gatherers to enter premises or systems they have not been authorized to enter. A: bypass B: theft C: trespass D: security
C: trespass
Which of the following functions does information security perform for an organization? A: Protecting the organization's ability to function. B: Enabling the safe operation of applications implemented on the organization's IT systems. C: Protecting the data the organization collects and uses. D: All of the above.
D: All of the above.
________ are malware programs that hide their true nature and reveal their designed behavior only when activated. A: Viruses B: Worms C: Spam D: Trojan horses
D: Trojan horses
In the ________ attack, an attacker monitors (or sniffs) packets from the network, modifies them, and inserts them back into the network. A: zombie-in-the-middle B: sniff-in-the-middle C: server-in-the-middle D: man-in-the-middle
D: man-in-the-middle
___________________ is unsolicited commercial e-mail. *short answer*
Spam
_______________ is a technique used to gain unauthorized access to computers, wherein the intruder sends messages with a source IP address that has been forged to indicate that the messages are coming from a trusted host. *short answer*
Spoofing
A(n)______________ is an act against an asset that could result in a loss. *short answer*
attack
A virus or worm can have a payload that installs a(n)__________________ door or trap door components in a system, which allows the attacker to access the system at will with special privileges. *short answer*
back
A(n) _______________ is an application error that occurs when more data is sent to a program that it is designed to handle. *short answer*
buffer overflow
Attempting to reverse-calculate a password is called_____________________ *short answer*
cracking
_______________ occurs when a application running on a Web server inserts commands into a user's browser session and causes information to be sent to a hostile server. *short answer*
cross-site scripting (XSS) cross-site scripting XSS cross site scripting (XSS) cross site scripting
ESD is the acronym for _______________ discharge *short answer*
electrostatic
The expert hacker sometimes is called a(n)__________________ hacker. *short answer*
elite
A momentary low voltage is called a(n)_____________________ *short answer*
fault
Script _______________ are hackers of limited skill who use expertly written software to attack a system. *short answer*
kiddies
A computer virus consists of segments of code that perform _____________________ actions.. *short answer*
malicious
_______________ is the percentage of time a particular service is available. *short answer*
up time
A(n) __________________ is a potential weakness in an asset or its defensive control(s). *short answer*
vulnerability
A(n) ___________________ is a malicious program that replicates itself constantly without requiring another program environment. *short answer*
worm
