Intro to Cybersecurity CIT 171 REVIEW

Ace your homework & exams now with Quizwiz!

About how many people in the United States are victims of identity theft each year? ○ 10,000,000 ○ 100,000 ○ 10,000 ○ 1,000

10,000,000

_____ of United States citizens can be uniquely identified with just three facts about them: date of birth, gender, and zip code. ○ 64% ○ 43% ○ 87% ○ 100%

87%

Which of the following best represents the concept of a policy? ○ A collection of detailed plans and prescriptions for how a policy is pursued and implemented. (It answers the question, "How should it happen?") ○ A tool to regulate or guide security efforts; can be preventive, detective, corrective, etc. ○ Insurance that protects against unforeseen adverse events. ○ A brief statement of goals, ends, desires, or purposes. (It answers the question, "What should happen?")

A brief statement of goals, ends, desires, or purposes. (It answers the question, "What should happen?")

Which of the following best represents the concept of whitelist? ○ Duplicating a resource, to eliminate single points of failure and ensure availability. ○ A collection of forbidden actions or items. ○ A device or software to control the kinds of transmissions that are denied or permitted on a network connection. ○ A collection of permitted or allowed actions or items.

A collection of permitted or allowed actions or items.

Which of the following best represents the concept of bot or zombie? ○ A compromised computer under the control of an attacker for the purpose of launching attacks. ○ The threat actor in control of a botnet. ○ A group of compromised "bot" computers. ○ A threat actor that is strongly motivated by ideology.

A compromised computer under the control of an attacker for the purpose of launching attacks.

Data saved by a web browser on behalf of a web server. ○ A cookie ○ A patent ○ A trade secret ○ A copyright

A cookie

Which of the following best represents the concept of a key? ○ An access control mechanism that prevents use of a device until an unlocking action is successfully performed. ○ A component of a system, which, if it stops functioning properly, adversely affects the entire system. ○ A secret collection of numbers or keystrokes used by a cryptographic algorithm. ○ A mathematical procedure or recipe that may be used to transform data.

A secret collection of numbers or keystrokes used by a cryptographic algorithm.

Which of the following best represents the concept of hacktivist? ○ The potential of someone outside an organization to be a threat actor. ○ A threat actor that is strongly motivated by ideology. ○ Threat actors carrying out attacks over an extended time period without being detected. ○ The potential of a trusted partner or employee to be a threat actor.

A threat actor that is strongly motivated by ideology.

Which of the following best represents the concept of control? ○ Systems and technologies that are not computer information systems, but can be used to help protect computer information systems. ○ A tool to regulate or guide security efforts; can be preventive, detective, corrective, etc. ○ A policy that defines the actions users may perform while accessing systems and network equipment. ○ Providing only the minimum authorization necessary to perform a duty or task.

A tool to regulate or guide security efforts; can be preventive, detective, corrective, etc.

______________ is a calculated network attack on any organization. These threats occur when a hacker, or group of hackers, establishes a foothold inside of an enterprise network. They go undetected for prolonged periods of time, allowing for sensitive data to be mined. ○ An APT (advanced persistent threat) ○ An RFI (remote file inclusion) ○ An SQL injection ○ A cross-site scripting (XSS)

An APT (advanced persistent threat)

Identify the type of authentication used (have/know/are) in the following spy scenario: I walk into my favorite restaurant. The waiter greets me at the door and directs me to a special table in the back. ○ Know ○ Are ○ Have

Are

Receptionists at a real estate company answer a call from a customer, mention the expertise of a professional to the caller, and then forward the customer's call to that professional. This is an example of which principle of influence? ○ Consistency ○ Liking ○ Authority ○ Reciprocity

Authority

Contracts, sales reports, and security assessments are examples of what type of data classification? ○ Confidential ○ Highly confidential ○ Private ○ General ○ Public

Confidential

The following are examples of APTs (advance persistent threats), except: ○ Remote file inclusion (RFI); and ○ SQL injection ○ Cross-site scripting (XSS) ○ DDOS (distributed denial of service)

DDOS (distributed denial of service)

______________ a multi-billion dollar industry that collect, package, and sell detailed profiles of individuals based on their online and offline behavior. ○ Data brokers are ○ Cambridge Analytica is ○ Google is ○ Online trackers are

Data brokers are

Do not ever write a password down on a piece of paper. ○ True ○ False

False

The CIA triad applies to information that is in storage and in transit, but not in processing. ○ True ○ False

False

_______ is a set of rules designed to give people more control over their personal data. ○ NIST CSF ○ FISMA ○ PCI DSS ○ GDPR

GDPR

Which of the following best represents the concept of transfer? ○ Abandon a potentially risky activity. ○ Make another party assume responsibility for a risk. ○ Make a risk less serious. ○ Acknowledge risk without addressing it.

Make another party assume responsibility for a risk.

Which of the following best represents the concept of mitigation? ○ Abandoning a potentially dangerous activity. ○ Acknowledging risk without addressing it. ○ Making a risk less serious. ○ Making another party assume responsibility for a risk.

Making a risk less serious.

At a restaurant, a waiter gives you a free desert because "you are awesome," in the hopes that you might give a better tip. This is an example of which principle of influence? ○ Consensus ○ Authority ○ Reciprocity ○ Consistency

Reciprocity

Food companies often provide free samples because they know people are more likely to buy their product after receiving a free sample. This is an example of which principle of influence? ○ Reciprocity ○ Consistency ○ Liking ○ Consensus

Reciprocity

Which of the following best represents the concept of trojan? ○ Malware that tries to alter a system in order to prevent itself from being detected. ○ Software that disguises itself as useful, but actually delivers malware. ○ Software that uses hoaxes to trick users into installing malware. ○ Software that disguises itself as useful, but actually provides a backdoor.

Software that disguises itself as useful, but actually delivers malware.

Online shopping fraud is a form of identity theft? ○ True ○ False

True

The information that is stored on computers is almost always worth more than the computers themselves. ○ True ○ False

True

Information sold on by data brokers is most often funded by ________________. ○ governments ○ advertisers ○ researchers ○ Big Pharma

advertisers

Software or a system used to accomplish tasks is _____________. ○ an application ○ an account ○ an information system ○ a user interface

an application

The door to Batman's bat cave requires a voice command (something he is), his key (something he has), and a pattern on a keypad (something he knows) in order to get inside. This is an example of multi-factor _____________________. ○ authentication ○ authorization ○ certification ○ access control

authentication

If banking customers are unable to check their balance or withdraw their funds in a timely manner because of a computer problem, the situation is a failure of: ○ triangulation ○ confidentiality ○ availability ○ integrity

availability

The Jones family keeps a shared document on the grandmother's Google Drive, on which each child and grandchild plans the food they want to bring to the next family reunion potluck dinner. This is an example of ____________ information resources. ○ cloud ○ archived ○ on-premise ○ in transit

cloud

Which kind of intellectual property law applies if a business wants to play sound recordings of popular music in a store in order to attract customers? ○ trade secret ○ trademark ○ copyright ○ patent

copyright

While Trevor is writing a paper for his homework, the computer is updating the displayed text with every keystroke. This is an example of ___________________________. ○ data being processed ○ data at rest ○ data in transit ○ data on premise

data being processed

One way for us to regain custody and control of our data is for ____________________. ○ people to setup fictitious accounts and lie about ourselves. ○ people to become data hermits. ○ people to turn down offers and turn off features. ○ people to be paid for their data.

people to be paid for their data.

A simple step we can take to protect ourselves from even the most sophisticated trackers is to use ________________ more. ○ anonymity ○ ad blocking software ○ private browsing ○ fake identities

private browsing

A computer running Microsoft's Windows operating system has at least one "Administrator" account with elevated privileges. This is an example of a ____________. ○ back door account ○ confidential account ○ privileged account ○ shell account

privileged account

A ________, in plain language, is a chance of something bad happening combined with how bad it would be if it did happen. ○ vulnerability ○ risk ○ probability ○ threat

risk

Who are the two types of employees when it comes to IT security? (Choose two) ☐ Medium risk employees ☐ Major risk employees ☐ Minimal risk employees ☐ No risk employees

☑ Major risk employees ☑ Minimal risk employees

What is the main point of comparing computer backups to automobile insurance? ☐ Peace of mind comes with be prepared. ☐ Pick an appropriate level of protection for your environment. ☐ A backup system will be an ongoing but necessary cost. ☐ Always be ready, because you never know when an accident will happen.

☑ Pick an appropriate level of protection for your environment.

GDPR is a law passed by the European Union. It's primary purpose is to address _________. ☐ privacy ☐ ethics ☐ identity theft ☐ intellectual property ☐ cookies

☑ privacy

In the context of risk management, which of the following best represents the concept behind the word "avoid?" ○ Make a risk less serious. ○ Acknowledge risk without addressing it. ○ Make another party assume responsibility for a risk. ○ Abandon a potentially dangerous activity.

Abandon a potentially dangerous activity.

Identify the type of authentication used (have/know/are) in the following spy scenario: I knock on the door and my assistant answers through the door "Who is it?" I reply "It is me" ○ Know ○ Have ○ Are

Are

Instead of a login prompt on your computer, you get a message saying your system has been encrypted and you can no longer access it unless you follow the instructions to pay bitcoin, which will then allow you to decrypt your system. Which of the following would best allow you to recover without giving in to the hacker's demands? ○ Screen lock ○ Backup ○ System hardening ○ Antivirus

Backup

_____________ is usually used for gadgets and peripherals rather than connections to the Internet. ○ BYOD ○ Bluetooth ○ WiFi ○ WPA

Bluetooth

All of the following are types of password attacks except: ○ Denial of service attacks ○ Keylogger attacks ○ Dictionary attacks ○ Brute force attacks

Denial of service attacks

Under GDPR, personal data is any data that can __________ you. ○ expose ○ ruin ○ identify ○ incriminate

identify

Integrated components for collecting, storing, and processing data and for providing intelligence, knowledge, and digital products is called ___________________. ○ data being processed ○ information systems ○ an application ○ on-premise computing

information systems

The Book of Mormon Videos are an example of ________________________ of the Church of Jesus Christ of Latter-day Saints. ○ trademarks ○ intellectual property ○ patents ○ trade secrets

intellectual property

Manipulation is very similar to influence, except manipulation is more ____________. ○ positive ○ negative ○ ethical

negative

General definitions of privacy state that a person is free from ________: ○ observation ○ cyber bullying ○ identity theft ○ ethical restraint

observation

Which of these is a tool used to protect data integrity? ○ encryption ○ error checking methods ○ money ○ data storage

error checking methods

Security professionals are faced with more _______________ temptations due to their exposure to more data and information that most traditional employees. ○ ethical ○ possible ○ lucrative ○ patent

ethical

Cybersecurity professionals should prove to their supervisors that they can act _____________ in order to demonstrate that they can be trusted with sensitive information. ○ ethically ○ swiftly ○ practically ○ sensibly

ethically

When referring to information security, what do "C," "I," and "A" stand for in the "CIA triangle?" (choose all that apply) ☐ Information ☐ Integrity ☐ Availability ☐ Confidentiality ☐ Assessment ☐ Confirmation

☑ Integrity ☑ Availability ☑ Confidentiality

If the company you work for loses data due to a backup failure, what factors should you consider when you estimate how badly the lost data will cost your business? ☐ Lost customers ☐ Lower morale ☐ The cost of the backup system ☐ The labor rate to backup the system. ☐ Diminished reputation ☐ Lost orders ☐ Lost time

☑ Lost customers ☑ Lower morale ☑ Diminished reputation ☑ Lost orders ☑ Lost time

In 2018 the company Grumpy Cat Limited defended the use of its Grumpy Cat name against another company, Granade Beverage, which tried to use the name without permission to sell Grumpy Cat branded coffee items. This is an example of what? ○ Copyright ○ Trade secret ○ Patent ○ Trademark

Trademark

All of the following are good ways to thwart rogue software attacks except: ○ Use encrypted wireless access points. ○ Use an up to date firewall. ○ Use efficient anti-virus software. ○ Generally distrust anything you encounter on the Internet.

Use encrypted wireless access points.

Risk = Probability X __________ ○ Chance ○ Vulnerability ○ Threat ○ Impact

Impact

For increased password strength, include all of the following in your password, except: ○ Special characters e.g., !@#$%^&*() ○ Upper and lower case letters ○ Modifier keys e.g. fn, alt, ctrl ○ Numbers

Modifier keys e.g. fn, alt, ctrl

Shoulder surfing to observe someone's password is an example of what? ○ Non-technical OSINT ○ Technical OSINT ○ Non-tactical ○ Tactical OSINT

Non-technical OSINT

Which of the following is NOT a type of intellectual property? ○ None of these ○ Trade Secrets ○ Inventions ○ Processes derived from the work of the mind or intellect. ○ Trademarks ○ Copyrights ○ PowerPoint Presentation

None of these

Which of the following best represents the concept of jamming? ○ Threat actors carrying out attacks over an extended time period without being detected. ○ An attempt to copy a file without authorization ○ An attempt to overwhelm a service with a flood of traffic from many computers or a botnet. ○ Wireless denial of service; an attempt to interfere with or overwhelm a wireless signal with a flood of extra radio frequency signal energy.

Wireless denial of service; an attempt to interfere with or overwhelm a wireless signal with a flood of extra radio frequency signal energy.

Which of the following contribute to screen addiction? ☐ Operant conditioning (or "cue" sounds) from a social media app or game ☐ Frequent stimulation from a social media app or game ☐ Unpredictable stimulation from a social media app or game

☑ Operant conditioning (or "cue" sounds) from a social media app or game ☑ Frequent stimulation from a social media app or game ☑ Unpredictable stimulation from a social media app or game

Which of the following best represents the concept of a logic bomb? ○ "Ambush" malware; code that waits for a particular event or circumstance to occur before it executes. ○ Malware that tries to alter a system in order to prevent itself from being detected. ○ Software that disguises itself as useful, but actually delivers malware. ○ A problem that cannot be solved with an algorithm.

"Ambush" malware; code that waits for a particular event or circumstance to occur before it executes.

Which is probably the most recognized acronym in the information security industry? ○ CIA ○ APT ○ MAC ○ MI6

CIA

A telephone solicitor asks you for a large amount of money for a very good cause. You say you cannot afford that much. The solicitor then asks for a small amount of money. This is an example of which principle of influence? ○ Concession ○ Consensus ○ Scarcity ○ Liking

Concession

A company announced that it suffered an incident in which private information was stolen and disclosed. The disclosed data included names, email addresses, passwords, dates of birth, and phone numbers. This is an example of what type of cyber security breach? ○ Availability ○ Confidentiality ○ Integrity ○ None of these

Confidentiality

A hotel is able to increase the number of customers who reuse towels by putting a note in their room telling that most of their other customers also share towels. This is an example of which principle of influence? ○ Consensus ○ Scarcity ○ Liking ○ Authority

Consensus

People were four times more likely to allow a "drive safely" sign in their yard because ten days earlier they had agreed to place a "drive safely" postcard in their front window. This is an example of which principle of influence? ○ Liking ○ Consensus ○ Consistency ○ Reciprocity

Consistency

Someone makes a small request of you and you grant it. Then they make a similar, but larger request of you and you feel obligated to grant it too. This is an example of which principle of influence? ○ Reciprocity ○ Consistency ○ Liking ○ Consensus

Consistency

Scholastic Inc. can legally distribute the Harry Potter novels in the United States, and Warner Bros. Entertainment Inc. can legally distribute the Harry Potter films based on those novels. This is an example of what? ○ Trade secret ○ Trademark ○ Patent ○ Copyright

Copyright

Which is the best thing we can do to avoid wrist overuse injuries from activities such as typing, texting, or gaming? ○ Ultrasound therapy. ○ Cut back on doing the repetitive activity. ○ Apply a splint. ○ Have surgery.

Cut back on doing the repetitive activity.

In today's society and culture, we need to ask if ______________ should be a human right. ○ Internet access ○ online voting ○ net neutrality ○ privacy

Internet access

Which principle of influence depends on creating feelings of debt? ○ Scarcity ○ Liking ○ Authority ○ Reciprocity

Reciprocity

Avoid using the same password at multiple Web sites. ○ True ○ False

True

The key to thwarting a brute-force password cracking attempt is having a password with more _______________. ○ length ○ randomness ○ special characters ○ complexity

length

In the context of risk management, which of the following best represents the concept behind the word "accept?" ○ Make another party assume responsibility for a risk. ○ Mitigate a potentially risky activity. ○ Acknowledge risk without addressing it. ○ Make a risk less serious.

Acknowledge risk without addressing it.

____________ is a centrally located WLAN connection device that can send and receive information, or a node that connects wireless endpoints with another network. ○ A wireless local area network ○ An access point ○ WPA2 ○ WiFi

An access point

Which of the following best represents the concept of zero-day? ○ A date on which a vendor stops supporting a product or service. ○ An attack without any days of prior warning, or a novel attack method. ○ The point at which a device stops functioning properly. ○ The date when warranty on a product or service expires.

An attack without any days of prior warning, or a novel attack method.

Which of the following best represents the concept of a cipher? ○ A secret collection of numbers or keystrokes used by a cryptographic algorithm. ○ A collection of forbidden actions or items. ○ An encryption algorithm that substitutes characters for other characters. ○ Using an algorithm with keys to recover encrypted data.

An encryption algorithm that substitutes characters for other characters.

Which of these best describes the task or purpose of "backup" in the world of computers and cybersecurity? ○ To reconsider or rethink a previously held position. ○ To start and bring a computer up to full operation. ○ To provide support for computer users. ○ An extra copy of data from a computer.

An extra copy of data from a computer.

Which of the following best represents the concept of misconfiguration? ○ An incorrectly configured device. ○ A component of a system that stops functioning properly. ○ Software that circumvents normal security controls. ○ A device under the control of an attacker.

An incorrectly configured device.

Which of the following best represents the concept of cryptanalysis? ○ Exhaustively test every possible input until one is found that produces a desired result. ○ Attempts to recover plaintext from ciphertext with limited or no knowledge of the algorithm or keys. ○ Attempt to guess a password by trying words from a dictionary or from a similar list of candidates. ○ An encryption algorithm that substitutes characters for other characters.

Attempts to recover plaintext from ciphertext with limited or no knowledge of the algorithm or keys.

Someone in a uniform that you do not know tells you to do something and you do it. This is an example of which principle of influence? ○ Consensus ○ Authority ○ Reciprocity ○ Consistency

Authority

The United Kingdom's National Health Service was crippled when an attack with software called "WannaCry" rendered many of their computers unusable. Over 19,000 medical appointments had to be cancelled, which caused NHS to lose over £92 million. This is an example of what type of cyber security breach? ○ None of these ○ Integrity ○ Confidentiality ○ Availability

Availability

Which of the following best represents the concept of system hardening? ○ Copying an information system's data, to preserve it in case of loss or destruction of the system or its information. ○ Locking the access control mechanism that prevents use of a device until an unlocking action is successfully performed. ○ Installing software to detect and prevent execution of worms and viruses. ○ Disabling unused services, changing default accounts/passwords, and updating or patching a system.

Disabling unused services, changing default accounts/passwords, and updating or patching a system.

What is the main point about the following IT security saying? "You don't have to be faster than the lion; you just have to be faster than the other guy running away from the lion." ○ To be good at IT security, you have to be strong and fast, like a lion. ○ Hackers are looking for the easiest targets when it comes to end users. ○ The race toward IT security will be won by those who are the fastest. ○ You don't have to have perfect security; just better than most.

Hackers are looking for the easiest targets when it comes to end users.

Identify the type of authentication used (have/know/are) in the following spy scenario: As I begin some high-level negotiations, I offer my hand to shake. My opponent recognizes the ring I am wearing which identifies me as a member of his secret society. Based on this association, he gives me some top-secret information. ○ Are ○ Have ○ Know

Have

Which of the following definitions best matches the concept of accountability from a security standpoint? ○ Being able to explain your actions to figures of authority, such as a police officer or a manager ○ Having or being responsible to your records of actions you performed ○ The trustworthiness of a web site in holding bank account information ○ The principle of being judged for the purpose of punishment or reward

Having or being responsible to your records of actions you performed

A BYU-Idaho student's financial account suffered a loss of over $900.00; the funds were transferred to an account not belonging to the student. This is an example of what type of cyber security breach? ○ None of these ○ Integrity ○ Availability ○ Confidentiality

Integrity

If a person tampers with an election by altering ballot data or adding additional ballots, that scenario represents a failure of which information security characteristic? ○ Integrity ○ Availability ○ Franchise ○ Confidentiality

Integrity

There are lots of answers to core questions because of the "big secret." What is the big secret? ○ Aligning heart and head ○ Aligning self and society ○ Balancing justice and mercy ○ It depends

It depends

Identify the type of authentication used (have/know/are) in the following spy scenario: I walk into the back room of a pawn shop and am met by a brawny thug carrying a gun. He tells me to get lost. I reply "Skinny Joe sent me." He lets me in. ○ Have ○ Are ○ Know

Know

Identify the type of authentication used (have/know/are) in the following spy scenario: Over a game of cards, I let slip a curious turn of phrase which identifies me as being involved in an event that happened earlier in the week. ○ Are ○ Know ○ Have

Know

When negotiating business contracts, agreements were nearly twice as likely when negotiators took time to establish relationships. This is an example of which principle of influence? ○ Reciprocity ○ Consensus ○ Consistency ○ Liking

Liking

Which of the following best represents the concept of a virus? ○ Software that secretly captures and transmits a user's data, credentials, passwords, or usage behavior. ○ Malware that spreads copies of itself to other computers when it is executed by a user. ○ Malware that tries to alter a system in order to prevent itself from being detected. ○ Software that uses hoaxes to trick users into installing malware.

Malware that spreads copies of itself to other computers when it is executed by a user.

_____________ is the life blood of social engineering. ○ FISMA ○ APT ○ OSINT ○ CVE

OSINT

Which principle of influence depends social norms or expected behavior? ○ Liking ○ Obligation ○ Consistency ○ Authority

Obligation

What does OSINT stand for? ○ Open Source Intelligence ○ Open Systems Interconnection ○ Operating Systems Integration ○ Office Security Interview

Open Source Intelligence

Phishing is a cybersecurity threat used for all of the following except: ○ Stealing confidential data. ○ Impersonating valid users. ○ Password cracking. ○ Harvesting login credentials.

Password cracking.

Until 2019, the company GlaxoSmithKline had the sole legal right to manufacture and sell the asthma treatment drug Advair. This is an example of what? ○ Trade secret ○ Trademark ○ Copyright ○ Patent

Patent

Which of the following is not a malware cybersecurity threat? ○ Worms ○ Trojan horse ○ Phishing ○ Computer virus

Phishing

A PCI DSS breach could result in all of the following, except: ○ PCI DSS fines ○ Prison time ○ Loss of payment card privileges ○ GDPR fines

Prison time

You should avoid all of the following in your passwords, except for: ○ Swear words ○ Common phrases ○ Addresses ○ Phone numbers ○ Random characters ○ Sports teams ○ Birth dates

Random characters

Which of these is NOT an alternative term or synonym for "information security?" ○ Computer Security ○ Risk Management ○ Data Security ○ Information Assurance

Risk Management

An airline announced they would discontinue a flight that was no longer profitable. The very next day, bookings for that flight increased dramatically. This is an example of which principle of influence? ○ Consensus ○ Liking ○ Scarcity ○ Reciprocity

Scarcity

A man dressed as a telephone repairman was able to gain unauthorized access to the business' server room based on the pretense that he had just checked the "Internet problem" at the businesses on either side and that they checked out okay. This is an example of which principle of influence? ○ Concession ○ Liking ○ Consistency ○ Social proof

Social proof

Which of the following best represents the concept of an exploit? ○ An attempt to overwhelm a service with a flood of traffic from many computers or a botnet. ○ An incorrectly configured device. ○ A date on which a vendor stops supporting a product or service. ○ Software or processes that take advantage of a bug or vulnerability to make a system behave in an unintended manner.

Software or processes that take advantage of a bug or vulnerability to make a system behave in an unintended manner.

Which of the following best represents the concept of malware? ○ An incorrectly configured device. ○ A component of a system which, if it stops functioning properly, adversely affects the entire system. ○ Software that acts against the best interests of a user, often profiting its developer. ○ Hardware that is in the state of failure.

Software that acts against the best interests of a user, often profiting its developer.

Which of the following best represents the concept of a backdoor? ○ A situation in which an amount of data to be processed exceeds the amount of memory a programmer allocated to contain that data, causing adjacent memory to be overwritten. ○ Software that circumvents normal security controls, in order to provide access to a computer or service. ○ Software that prevents availability of a computer resource until a ransom is paid. ○ Software that secretly records a user's input.

Software that circumvents normal security controls, in order to provide access to a computer or service.

Which of the following best represents the concept of RAT (remote access trojan)? ○ Software that uses hoaxes to trick users into installing malware. ○ Software that disguises itself as useful, but actually provides a backdoor. ○ Software that encrypts data and offers a decryption mechanism after payment of a ransom. ○ Software that disguises itself as useful, but actually delivers malware.

Software that disguises itself as useful, but actually provides a backdoor.

Which of the following best represents the concept of adware? ○ Software that prevents availability of a computer resource until a ransom is paid. ○ Software that secretly records a user's input. ○ Software that displays advertisements on a computer display, or intercepts input to collect marketing data. ○ Software that circumvents normal security controls, in order to provide access to a computer or service.

Software that displays advertisements on a computer display, or intercepts input to collect marketing data.

Which of the following best represents the concept of crypto-malware? ○ Software that secretly captures and transmits a user's data, credentials, passwords, or usage behavior. ○ Software that encrypts data and offers a decryption mechanism after payment of a ransom. ○ Malware that spreads copies of itself to other computers when it is executed by a user. ○ "Ambush" malware; code that waits for a particular event or circumstance to occur before it executes.

Software that encrypts data and offers a decryption mechanism after payment of a ransom.

Which of the following best represents the concept of scareware? ○ Malware that spreads copies of itself to other computers when it is executed by a user. ○ Software that disguises itself as useful, but actually delivers malware. ○ Software that uses hoaxes to trick users into installing malware. ○ Software that secretly captures and transmits a user's data, credentials, passwords, or usage behavior.

Software that uses hoaxes to trick users into installing malware.

All of the following are good ways to thwart password attacks except: ○ Use different passwords on each of the various systems. ○ Do not use dictionary words. ○ Use long passwords made of upper and lower case letters, numbers, and special characters. ○ Stop clicking on suspicious links.

Stop clicking on suspicious links.

Which of the following best represents the concept of bot herder? ○ A group of compromised "bot" computers. ○ Threat actors that work together, usually seeking profit. ○ A compromised computer under the control of an attacker for the purpose of launching attacks. ○ The threat actor in control of a botnet.

The threat actor in control of a botnet.

The most common contributor to hearing loss related to computer and device use is: ○ The volume level. ○ The type of headphone used. ○ Interference from the wireless signal.

The volume level.

Which of the following best represents the concept of nation state actor? ○ Threat actors that work together, usually seeking profit. ○ Threat actors carrying out attacks over an extended time period without being detected. ○ Threat actors employed by a government or military. ○ A threat actor that is strongly motivated by ideology.

Threat actors employed by a government or military.

Which of the following best represents the concept of organized crime? ○ Threat actors that work together, usually seeking profit. ○ Threat actors employed by a government or military. ○ A threat actor that is strongly motivated by ideology. ○ Threat actors carrying out attacks over an extended time period without being detected.

Threat actors that work together, usually seeking profit.

What is the main reason for intellectual property (IP) laws? ○ To protect your ideas from being unfairly exploited by others ○ To provide income to attorneys and court officers ○ To reduce tax burdens of creative professionals ○ Because documents, photos, maps, plans, and web sites aren't automatically protected

To protect your ideas from being unfairly exploited by others

Which of the following best represents the concept of exfiltrate? ○ Wireless denial of service; an attempt to interfere with or overwhelm a wireless signal with a flood of extra radio frequency signal energy. ○ To steal data; to transfer or copy data without authorization. ○ An incorrectly configured device. ○ An attack without any days of prior warning, or a novel attack method.

To steal data; to transfer or copy data without authorization.

A fried chicken restaurant opens in Korea. Its name is Louis Vuiton Dak. In addition to the name, it's logo and packaging all reflect a distinct similarity to that of the designer Louis Vuitton. This case is an example of which of the following? ○ Patent infringement ○ Copyright infringement ○ Trademark infringement ○ No infringement violations

Trademark infringement

A good rule of thumb to avoid noise induced hearing loss: If you are listening to music using headphones or earbuds while having a conversation with someone about an arm's-length away, but you can't understand that person unless they raise their voice, then your music device's volume is too loud. ○ True ○ False

True

Children are susceptible to screen addiction due to the release of dopamine. ○ True ○ False

True

The strongest passwords will have a combination of the following characteristics, except: ○ Use a common password ○ Avoid dictionary words ○ Use character substitutions ○ Use a long password ○ Use illogical phrases ○ Use acronyms and abbreviations

Use a common password

All of the following are good ways to manage passwords on multiple Web sites, except: ○ Use a cloud-based password manager with a strong master password. ○ Use a very strong password that is long and randomly generated on all your Web sites. ○ Use a locally stored password manager with a strong master password. ○ Create a list of every Web site for which you have a password and next to each one write your login name and a clue that has meaning only for you.

Use a very strong password that is long and randomly generated on all your Web sites.

All of the following are good ways to thwart man in the middle attacks except: ○ Use encrypted wireless access points. ○ Use a virtual private network. ○ Use secure connections to web sites (such as https). ○ Use lengthy passwords made up of random characters.

Use lengthy passwords made up of random characters.

All of the following are good ways to prevent malware, except: ○ Stop clicking on suspicious links. ○ Keep your OS software up-to-date. ○ Use strong passwords. ○ Protect your network with a firewall.

Use strong passwords.

Which of the following best represents the concept of decryption? ○ Exhaustively test every possible input until one is found that produces a desired result. ○ Using an algorithm with keys to transform data, making it unintelligible to everyone except intended recipients. ○ A secret collection of numbers or keystrokes used by a cryptographic algorithm. ○ Using an algorithm with keys to recover encrypted data.

Using an algorithm with keys to recover encrypted data.

Which of the following best represents the concept of encryption? ○ Using an algorithm with keys to transform data, making it unintelligible to everyone except intended recipients. ○ Exhaustively test every possible input until one is found that produces a desired result. ○ Using an algorithm with keys to recover encrypted data. ○ Attempts to recover plaintext from ciphertext with limited or no knowledge of the algorithm or keys.

Using an algorithm with keys to transform data, making it unintelligible to everyone except intended recipients.

The most common overuse injuries related to computer and device use are to: ○ Addiction ○ Ears ○ Eyes ○ Wrists

Wrists

A person operating an application or an information system is called ______________. ○ an account ○ an application ○ a user ○ a user interface

a user

A family uses parental control features on a computer which allows each parent to use a computer at any time, but allows children to use the computer only before their bed times. This an example of which access control principle? ○ prioritization ○ authentication ○ accountability ○ authorization

authorization

The PCI DSS was launched in 2004 as the result of collaboration between the major ______________. ○ security firms ○ democratic countries ○ credit card brands ○ computer manufacturers

credit card brands

Which kind of intellectual property law applies if a clockmaker wants to make and sell "knock-off" clocks that look identical to another clockmaker's popular clocks? ○ trade secret ○ copyright ○ trademark ○ design rights

design rights

One phenomenon that the rise of the Internet has led to is the collection and analysis of ___________. ○ advertisements ○ fake news ○ big data ○ social media

big data

An information system that allows anyone to connect with their own gadgets, instead of restricting the system to only those devices owned by its controlling organization is called _________________________. ○ bring your own device ○ intellectual property ○ open system architecture ○ data in transit

bring your own device

After Keiko spends some time playing an adventure game, she saves her progress and turns off the computer. She turns on the computer again to play the game the next day, and she doesn't have to restart the adventure at the beginning because the system stored or remembered her previous accomplishments. This is an example of ________________________. ○ data being processed ○ data in the cloud ○ data at rest ○ data in transit

data at rest

Pablo uploads a photograph from his smartphone to his Instagram account. This is an example of _____________________. ○ data in transit ○ data at rest ○ data archival ○ data retrieval

data in transit

You are attempting to use your friend's mobile phone, but you don't know their PIN code. After three failed attempts, a message tells you that access to the mobile device has been suspended. Which of the following terms best represents the concept at play? ○ screen lock ○ antivirus ○ system hardening ○ backup

screen lock

Using search engines to find personally identifiable information is an example of ___________ OSINT. ○ tactical ○ technical ○ non-tactical ○ non-technical

technical

A ____________ is a negative event that can lead to an undesired outcome, such as damage to, or loss of, an asset. ○ threat ○ risk ○ vulnerability ○ bit storm

threat

The following are examples of ___________. Hacktivists Cybercriminals Disgruntled insiders Nation States Careless employees ○ threat actors ○ threats ○ vulnerabilities ○ risks

threat actors

Which type of intellectual property law applies to a company's name? ○ patent ○ trademark ○ copyright ○ trade secret

trademark

The following are examples of ___________. Lack of proper building access control Cross-site Scripting (XSS) SQL Injection Cleartext transmission of sensitive data Failure to check authorization to sensitive resources Failure to encrypt sensitive data at rest ○ threat actors ○ threats ○ vulnerabilities ○ risks

vulnerabilities


Related study sets

Chapter 2: Collecting Subjective Data: The Interview and Health History - ML4

View Set

Ch 4 - Physical Development in Infancy and Toddlerhood

View Set