Information Security Chapter 2
Microsoft acknowledged that if you type a res:// URL (a Microsoft-devised type of URL) which is longer than ____________________ characters in Internet Explorer 4.0, the browser will crash.
256
A(n) ______ is an act against an asset that could result in a loss.
Attack
When information gatherers employ techniques in a commercial setting that cross the threshold of what is legal or ethical, they are conducting industrial ______.
Espionage
Which of the following is an example of a Trojan horse program?
Happy99.exe
Some information gathering techniques are quite legal, for example, using a Web browser to perform market research. These legal techniques are called, collectively, competitive ______.
Intelligence
Script ______ are hackers of limited skill who use expertly written software to attack a system.
Kiddies
A(n) ______ hacks the public telephone network to make free calls or disrupt services.
Phreaker
Duplication of software-based intellectual property is more commonly known as software ______.
Piracy
Which of the following functions does information security perform for an organization?
Protecting the organization's ability to function. Enabling the safe operation of applications implemented on the organization's IT systems. Protecting the data the organization collects and uses.
Web hosting services are usually arranged with an agreement defining minimum service levels known as a(n) ____.
SLA
In the context of information security, ______ is the process of using social skills to convince people to reveal access credentials or other valuable information to the attacker.
Social Engineering
______ is a technique used to gain unauthorized access to computers, wherein the intruder sends messages with a source IP address that has been forged to indicate that the messages are coming from a trusted host.
Spoofing
____ is any technology that aids in gathering information about a person or organization without their knowledge.
Spyware
____________________ are malware programs that hide their true nature, and reveal their designed behavior only when activated.
Trojan horses
A(n) ______ is a potential weakness in an asset or its defensive control(s).
Vulnerability
Human error or failure often can be prevented with training, ongoing awareness activities, and ____________________.
controls
____________________ is the premeditated, politically motivated attacks against information, computer systems, computer programs, and data which result in violence against noncombatant targets by subnational groups or clandestine agents.
cyberterrorism
In a ____________________ attack, the attacker sends a large number of connection or information requests to disrupt a target from a small number of sources.
denial-of-service
A worm requires that another program is running before it can begin functioning.
f
An act of theft performed by a hacker falls into the category of "theft," but is also often accompanied by defacement actions to delay discovery and thus may also be placed within the category of "forces of nature."
f
An advance-fee fraud attack involves the interception of cryptographic elements to determine keys and encryption algorithms.
f
Compared to Web site defacement, vandalism within a network is less malicious in intent and more public.
f
DoS attacks cannot be launched against routers.
f
Information security's primary mission is to ensure that systems and their contents retain their confidentiality at any cost
f
With electronic information is stolen, the crime is readily apparent.
f
One form of online vandalism is ____________________ operations, which interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency.
hacktivist
As frustrating as viruses and worms are, perhaps more time and money is spent on resolving virus ____________________.
hoaxes
In the well-known ____________________ attack, an attacker monitors (or sniffs) packets from the network, modifies them, and inserts them back into the network.
man-in-the-middle
"4-1-9" fraud is an example of a ____________________ attack.
social engineering
A mail bomb is a form of DoS attack.
t
A number of technical mechanisms—digital watermarks and embedded code, copyright codes, and even the intentional placement of bad sectors on software media—have been used to deter or prevent the theft of software intellectual property.
t
A worm can deposit copies of itself onto all Web servers that the infected system can reach, so that users who subsequently visit those sites become infected.
t
As an organization grows it must often use more robust technology to replace the security technologies it may have outgrown.
t
Expert hackers are extremely talented individuals who usually devote lots of time and energy to attempting to break into other people's information systems.
t
Forces of nature, force majeure, or acts of God can present some of the most dangerous threats, because they are usually occur with very little warning and are beyond the control of people.
t
Much human error or failure can be prevented with effective training and ongoing awareness activities.
t
Organizations can use dictionaries to regulate password selection during the reset process and thus guard against easy-to-guess passwords.
t
Acts of ____________________ can lead to unauthorized real or virtual actions that enable information gatherers to enter premises or systems they have not been authorized to enter.
trespass
Complete loss of power for a moment is known as a ____.
fault
The ______ fraud is a social engineering attack that involves convincing the victim to participate in a seeming money-making venture while getting the victim to pay fees, bribes or refund uncleared international payments.
Advance Fee
