ISIN 121 Final Exam Review

Ace your homework & exams now with Quizwiz!

signature file

A database of viruses that is used to identify an infected file

firewall

Hardware or software designed to limit the spread of malware

A list of senders from whom the user will accept email

Whitelist

Unsolicited email

spam

Which type of malware exploits a vulnerability on one system and then immediately searches for another computer on the network that has the same vulnerability? worm virus trojan horse mass-mailer

worm

In the U.S., if a consumer finds a problem on her credit report, she must first send a letter to the credit-reporting agency. Under federal law, how many days does the agency have to investigate and respond to the alleged inaccuracy and issue a corrected report? 15 30 45 50

30

From January 2005 through July 2015, approximately how many electronic data records in the United States were breached, exposing to attackers a range of personal electronic data, such as address, Social Security numbers, health records, and credit card numbers? 456,000 22 million 853 million 660 billion (please dont pick this one you braindead 💀)

853 million

Which Windows feature provides information to users and obtains their approval before a program can make a change to the computer's settings? System Settings Authorization Application Modification Control User Account Control Access Based Enumeration Briefly describe Trojan horse malware and give an example.

A Trojan horse malware is a virus that is supposed to look like something innocent. For example, if you use an android and download "Cooking Frenzy Unlimited" and download it without checking if it's a safe game manufacturer or if it's been reviewed by trusted sources, there is a good chance that the program is secretly a virus that grabs your bank information, credit card information, etc. On the bright side though, it is a very good cooking game 👍

Why should you disable Bluetooth on smartphones and tablets?

A hacker could easily connect your phone to a malicious device if they have access to it.

bot net

A logical computer network of zombies under the control of an attacker

worm

A malicious program designed to enter a computer via a network

Brute Force Attack

A password attack in which every possible combination of letters, numbers, and characters is used to match passwords in a stolen password file

Dictionary Attack

A password attack that compares common dictionary words against those in a stolen password file.

Vishing

A phishing attack in which the attacker calls the victim on the telephone

Whaling

A phishing attack that targets wealthy individuals

Password

A secret combination of letters, numbers, and/or symbols that serves to authenticate a user by what he or she knows

What is the difference between a security patch, a feature update, and a service pack?

A security patch is something that updates a software's security patching an existing vulnerability. A feature update is usually some sort of quality-of-life improvement for the user using the software. A service pack is a cumulative package of all patches and feature updates.

Adware

A software program that delivers advertising content in a manner that is unexpected and unwanted by the user.

What are the primary traits that are used to classify malware?

A software, or script, file, etc, that is able to take over your computer and steal your information, as well as multiply itself.

What is a split infection?

A split infection is when the virus first attaches itself to the end of the infected file. It then inserts at the beginning of the file a "jump" instruction that points to the end of the file.

What are some recommendations for defending against social networking attacks?

Add more security guards Educate employees regarding security policies Enable a policy that states that the IT department should supply information over the phone only to managers Deploy well-designed firewall appliances Resist the urge to click on enticing web links Do not provide password resets in a chat window

Which type of web browser enhancement can change browser menus or create additional toolbars? Plug-ins Extensions Add-ons Updates

Add-ons

bot herder

An attacker who controls a botnet

Zombie

An infected computer that is under the remote control of an attacker

Using which Social engineering principle might an attacker impersonate a CEO of a company? Scarcity Authority Urgency Trust

Authority

Where are you most likely to find a PKES system? Automobile Airplane Railroad car Government building

Automobile

Which of the following ensures that data is accessible when needed to authorized users? Confidentiality Non-repudiation Integrity Availability

Availability

Which of the following is an attack that sends unsolicited messages to Bluetooth-enabled devices? Bluesurfing Bluejacking Bluephishing Bluesnarfing

Bluejacking

There are two major types of wireless networks that are popular today among users. One of these networks is Wi-Fi; what is the other? 4G LTE Bluetooth 3G GSM

Bluetooth

logic bomb

Computer code that lies dormant until it is triggered by a specific logical event

What type of backup is performed continually without any intervention by the user? Continuous backup 3-2-1 backup Scheduled backup One-time backup

Continuous backup

What is a frist-party cookie

Cookies that are made and recognized by the website.

Which of the following is NOT a technology typically used by spyware? Automatically download software Disk drive formatting software Tracking software System modifying software

Disk drive formatting software

Which technique might an attacker employ to find documents that may reveal the true level of security within an organization? Shoulder surfing Dumpster Diving Vishing Pretexting

Dumpster Diving

____________________ involves digging through trash receptacles to find information that can be useful in an attack.

Dumpster Diving

Which of the following is NOT a factor that contributes to difficulties faced in defending against attacks? Universally connected devices Greater sophisitcation of attacks Enhanced Encryption algorithims Faster detection of vulnerabilities

Enhanced Encryption algorithims

feature update

Enhancements to the software to provide new or expanded functionality, but do not address security vulnerability

What law contains rules regarding consumer privacy? Credit and Transactions Act Fair and Accurate Credit Transactions Act Fair Credit Reporting Act Accurate Transactions Act

Fair and Accurate Credit Transactions Act

True or False: Malware usually enters a computer system with the user's knowledge.

False

True or False: Passwords are still considered a strong defense against attackers.

False

True or False: Third-party cookies can be stolen and used to impersonate the user, while first-party cookies can be used to track the browsing or buying habits of a user.

False

Ture or False: Data backups only protect data against computer attacks.

False

Wi-Fi networks operate in basically the same way as cellular telephony networks that are designed, installed, and maintained by the wireless telephone carriers.

False

___________________ cookies can be used to reinstate regular cookies that a user has deleted or blocked.

Flash

Which law requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information? Sarbox COPPA GLBA HIPAA

GLBA

Social Engineering

Grouping individuals and organizations into clusters based on an affiliation

Under which law must healthcare enterprises guard protected health information and implement policies and procedures to safeguard it, whether it be in paper or electronic format? Sarbox COPPA GLBA HIPAA

HIPAA

How does a hardware keylogger work?

Hardware keyloggers are used for keystroke logging, a method of capturing and recording computer users' keystrokes, including sensitive passwords. They can be implemented via BIOS -level firmware, or alternatively, via a device plugged in line between a computer keyboard and a computer. They log all keyboard activity to their internal memory.

A(n) ____________________ is a false warning, often contained in an e-mail message claiming to come from the IT department.

Hoax

Using what email protocol can mail be organized into folders on the mail server and read from any device? HTML SMTP POP3 IMAP

IMAP

Which of the following involves using someone's personal information, such as a Social Security number, to fraudulently establish bank or credit card accounts? Identity borrowing Identity theft Information theft Property theft

Identity Theft

Which of the following involves stealing another person's personal information, such as a Social Security number, and then using the information to impersonate the victim, generally for financial gain? White hat hacking Identity theft Cyberterrorism Digital fraud

Identity theft

Which of the following ensures that information is correct and no unauthorized person or malicious software has altered it? Protection Availability Confidentiality Integrity

Integrity

The ____ is a worldwide set of interconnected computers, servers, and networks.

Interweb Globalnet NSFNet Internet

Briefly explain how IMAP works.

It allows you to connect your email to a plethora of devices instead of relying on one singular device to access your email on.

____ is a complete programming language that can be used to create stand-alone applications. Java Javascript Wscript Shellscript

Java

____ is a scripting language that does not create standalone applications.

JavaScript

A(n) ____________ is also called a Flash cookie, named after Adobe Flash. LSO Third-party cookie First-party cookie image spam

LSO

Attacks that are based on malicious code sent through third-party advertising networks so that malware is distributed through ads sent to users' web browsers

Malvertising

Which of the following is a general term that refers to a wide variety of damaging or annoying software programs? Harmware Malware Bloatware Trashware

Malware

How is offline password cracking accomplished?

Offline password cracking technique involves recovering passwords from an already obtained password hash file. This happens after a hacker has already gained local access to an infected endpoint and starts to collect locally stored hashes or conducts other methods to attack the network, such as LLNMNR poisoning.

Discuss the risks of social networking sites.

Over-sharing Information The friendly and intimate nature of social media sites often causes people to drop their guard. Surveys & Questionnaires Phishing Scams Fake Apps Fake Accounts/Connection Requests Profile Hacking Key Points to Remember When Using Social Media Sites

List the two TCP/IP protocols used by earlier email systems to send and receive messages.

POP3 and SMPT

List the features of password management applications. What are some of the recommendations for creating strong passwords?

Password management software suggests extremely strong passwords and stores them for you. In order for you to access these passwords, you hide all the passwords behind your master password, which is the password that allows you to access your password management software. Recommendations include: Never use personal information Use a longer password Don't use the same password over and over Try to include numbers, symbols, and uppercase/lowercase letters Avoid using words that can be found in the dictionary

Which type of attacks might send an e-mail or display a Web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information? Pharming Phishing Polling Flashing

Phishing

Describe phishing.

Phishing is an online scam where criminals send alluring emails to the organization, user, and more to collect sensitive information.

Which of the following expands the normal capabilities of a web broswer for a specific webpage?

Plug-ins Extensions Add-ons Updates

Which of the following is described as an attacker who pretends to be from a legitimate research firm who asks for personal information? Dumpster diving Phishing Stealing Pretexting

Pretexting

What is pretexting? Provide an example.

Pretexting is a type of social engineering attack that involves a situation, or pretext, created by an attacker in order to lure a victim into a vulnerable situation and to trick them into giving private information. Example: An attacker who pretends to be from a legitimate research firm who asks for personal information

What is ransomware? Give an example.

Ransomware is a type of malware that denies access to data files using encryption until a ransom is paid. It comes under the category of cyber extortion.

Typo Squatting

Redirecting a user to a fictitious website based on a misspelling of the URL

What is remote code execution?

Remote code execution (RCE) is a type of security vulnerability that allows attackers to run arbitrary code on a remote machine, connecting to it over public or private networks.

Explain one way rootkits operate.

Rootkits work using a simple concept called modification. In general, software is designed to make specific decisions based on very specific data. A rootkit locates and modifies the software so it makes incorrect decisions.

What serves as the network name identifier in a Wi-Fi network? WPA2 ID SSID WPS Pin number MAC adress

SSID

Which JavaScript defense restricts a JavaScript downloaded from Site A from accessing data that came from Site B? Limit Capabilitys Sandboxing Same origin Destination filter

Same origin

____ look for specific words and block email messages containing those words. Virus filters Ad filters Network filters Spam filters

Spam filters

HTTP is a subset of a larger set of standards for Internet transmission known as ____________________.

TCP/IP

HTTP is based on which larger set of standards for Internet communication? TCP/IP IPX/SPX NetBEUI IEEE 802.11

TCP/IP

Which phrase best describes security? The procedures used to protect data The goal to be free from danger as well as the process that achieves that freedom The protection of data from harm The process of hiding sensitive data with the goal of maintaining privacy

The goal to be free from danger as well as the process that achieves that reedom

What are some concerns for using a public Wi-Fi network in a coffee shop, airport, or school campus, for example?

The networks usually aren't encrypted with WPA2+ protocol and use WPA or WEP protocols which are unsecure, and hackers can see your information.

Authentication

The steps that ensure that the individual is who he or she claims to be

With respect to the web, what is dynamic content?

Things that change based on your personal preference on the web.

True of Flase: A worm is designed to enter a computer through the network and then take advantage of a vulnerability in an application or an operating system on the host computer.

True

True or False: Almost all viruses infect a system by inserting themselves into a computer file.

True

True or False: FACTA grants consumers the right to request one free credit report from each of the three national credit-reporting firms every 12 months.

True

True or False: It is recommended that a copy of a data backup be stored at an off-site location.

True

True or False: The weakness of passwords centers on human memory.

True

True or False: Virtually anyone could type in a person's username and pretend to be that person.

True

True or False: When creating passwords, the most important principle is that length is more important than complexity.

True

True or Flase: Most users actually receive only a small amount of spam in their local email inbox. The majority is blocked before it even reaches the user.

True

What is the purpose of a URL expander?

URL Expander is a tool that expands shortened URLs to their original long URL to determine if a site is suspected of malware, phishing, and/or illegal contents before you actually visits it.

What is the best approach to establishing strong security with passwords? Keep passwords short so you can remember them Use the same password for many sites Keep a written log of your passwords Use technology for managing passwords

Use technology for managing passwords

Shoulder Surfing

Viewing information that is entered by another person

From what term is war driving derived? war walking walk dialing war dailing chalk walking

War dialing

Which of the following is an optional means of configuring WPA2 Personal security using a PIN? security scripts Wi-Fi Protected Setup (WPS) SSID broadcast batch configuration

Wi-Fi Protected Setup (WPS)

What are some of the attacks on Wi-Fi?

Worms, Unencrypted networks can steal info, DDOS, and many more.

What are some of the characteristics of weak passwords?

You never want to use your name, company name, or family member names in your password Your phone number or address. Common substitutions. For example, using @ for a, 3 for e, and $ for s Any personal information Repetitive characters

Web browser addition that adds functionality to the entire web browser

add-on

A(n) ________________ infection is when the virus first attaches itself to the end of the infected file. It then inserts at the beginning of the file a "jump" instruction that points to the end of the file.

appender

When the malware payload allows an attacker to execute virtually any command on the victim's computer this is called ______________________________.

arbitrary code execution

File, such as a word processing document, spreadsheet, or picture, that is attached to an email message

attachments

A ___________________ that is installed on a computer allows the attacker to return at a later time and bypass security settings.

backdoor

What can an attacker use that gives them access to a computer program or service that circumvents normal security protections? adware backdoor bot herder botnet

backdoor

How do attackers today make it difficult to distinguish an attack from legitimate traffic? by using a common language by using diverse interfaces by using common Internet protocols by using simple scripting

by using common Internet protocols

What can an attacker use to divert all mail to their post office box so that the victim is never aware that personal information has been stolen? mail bouncing automatic forwarding change-of-address form mail redirect

change-of-address form

Which virus detection method creates a virtual environment that simulates the central processing unit (CPU) and memory of the computer? code emulation static analysis dynamic scanning string scanning

code emulation

A file created by a web server and stored on the local computer that contains the user's preferences and other information

cookie

What do web servers use to track whether a user has previously visited a web site? cookies key logger scripting language plug-ins

cookies

Which of the following is a numerical measurement used by lenders to assess a consumer's creditworthiness? credit report credit score credit level credit rank

credit score

What does the FBI define as any "premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against non-combatant targets by sub-national groups or clandestine agents?" information warfare cyberware cyberterrorism eTerrorism

cyberterrorism

Terrorists who turn their attacks to the network and computer infrastructure to cause panic among citizens are known as which of the following? cyberterrorists spies hackers hacktivists

cyberterrorists

Botnets can flood a Web server with thousands of requests and overwhelm it to the point that it cannot respond to legitimate requests. What is this called? manipulating online polls spamming spreading malware denying services

denying services

What type of attack begins with the attacker creating digests of common dictionary words, and then comparing those in a stolen password file? man in the middle brute force dictionary hash

dictionary

Technically speaking, the process for creating a password digital representation is based on a hash algorithm, which creates a(n) ____________________.

digest

What is contained within the body of an email message as a shortcut to a website? spam filter attached image attachment embedded hyperlink

embedded hyperlink

What does a VPN use to ensure that any transmissions that are intercepted will be indecipherable? encryption ad hoc network private SSID lock screen

encryption

An attacker sets up a look-alike Wi-Fi network, tempting unsuspecting users to connect with the attacker's Wi-Fi network instead. What is this called? evil twin ad hoc network VPN guest network

evil twin

Web browser addition that expands the normal capabilities of a web browser for a specific webpage

extension

In the past, which term was commonly used to refer to a person who uses advanced computer skills to attack computers? slacker hacker white-hat black-hat

hacker

What type of attack is a false warning, often contained in an email message claiming to come from the information technology (IT) department? dumpster diving vishing hoaxes pretexting

hoaxes

____________________ allow users to jump from one area on the Web to another with a click of the mouse button.

hyperlinks

Spam that uses graphical images of text in order to circumvent text-based filters

image spam

What term is frequently used to describe the tasks of securing information that is in a digital format? network security information assurance information security information warfare

information security

Which attacker category might have the objective of retaliation against an employer? cybercriminal insider hacktivist state-sponsored attacker

insider

Security is ____ convenience. more important than inversely proportional to proportional to less important than

inversely proportional to

What is it called if a user disables the built-in limitations on their Apple iOS device to provide additional functionality? ROM swapping remote lockout jailbreaking root logon

jailbreaking

What type of device is inserted between the computer keyboard connection and USB port for the purposes of stealing information? rootkit backdoor keylogger zombie

keylogger

What type of spyware silently captures and stores each keystroke that a user types on the computer's keyboard? backdoor worm rootkit keylogger

keylogger

What type of malware is typically added to a legitimate program but lies dormant until it is triggered by a specific event? logic bomb ransomewear spam zombie

logic bomb

A(n) ___________________ is a series of instructions that can be grouped together as a single command.

macro

What type of program lets a user create and store multiple strong passwords in a single user database file that is protected by one strong master password? password management application password generation program password fault program password vault program

password management application

With which type of social engineering attack are users asked to respond to an email or are directed to a website where they are requested to update personal information, such as passwords or credit card numbers? pharming typo squatting phishing pretexting

phishing

Why should you clear the cache when the browser is closed?

prevents you from using old forms protects your personal information helps our applications run better on your computer

What type of malware can, for example, locks up a user's computer and then display a message that purports to come from a law enforcement agency that states the user must pay a fine for illegal activity? zombie adware ransomware logic bomb

ransomware

Most email clients contain a ____ that allows the user to read an email message without actually opening it. preview pane safety pane reading pane

reading pane

Which type of malware is a set of software tools used by an attacker to hide the actions or presence of other types of malicious software, such as Trojans, viruses, or worms? virus worm hacking kit rootkit

rootkit

Which type of malware will hide or remove all traces of evidence that may reveal the malware, such as log entries? worm trojan virus rootkit

rootkit

What can be used to run JavaScript in a restricted environment and limit what resources it can access? sandboxing firewall retaining wall same origin

sandboxing

Which term is best described as individuals who want to attack computers yet who lack the knowledge of computers and networks needed to do so? hackers elites crackers script kiddies

script kiddies

With arbitrary code execution, the ________________ launches ("spawns") a command shell from which instructions can then be issued to the computer.

shellcode

AV software on a computer must have its ____ files regularly updated by downloads from the Internet. behavior program signature control

signature

What popular online activity involves grouping individuals and organizations into clusters or groups based on their likes and interests? affiliate marketing affiliate networking social networking social marketing

social networking

A list of senders from whom the user does not want to receive any email

spam

Text-based messages that include words such as Viagra or investments can easily be trapped by _________ filters that look for these words and block the email.

spam

Whereas phishing involves sending millions of generic e-mail messages to users, which type of similar attack targets only specific users? whaling vishing spear phishing pharming

spear phishing

Information contained on devices is protected by three layers: Two of the layers are products and policies and procedures. What is the third layer? people systems applications tools

systems

A(n) ____________________-party cookie is a cookie that was not created by the Web site that attempts to access the cookie.

third

Which of the following is a type of action that has the potential to cause harm? asset vulernability threat threat agent

threat

Which term is best described as a person or element that has the power to carry out a threat? risk vulnerability threat agent agent attack

threat agent

Which of the following is a program advertised as performing one activity but actually does something else? worm rootkit trojan virus

trojan

Which type of social engineering attack depends on the user incorrectly entering a URL? whaling vishing spear phishing typo squatting

typo squatting

Which of the following is a characteristic of a weak password? cannot be easily memorized used on multiple accounts managed with a password manaqer uses a long string of characters

used on multiple accounts

A(n) ____________________ is a unique name used for identification.

username

What type of network uses an unsecured public network, such as the Internet, as if it were a secure private network? ad hoc network free access network virtual private network secure accsess network

virtual private network

What are the three types of malware that have the primary traits of circulation and/or infection? viruses, Trojans, and worms Trojans, spyware, and adware viruses, spyware, and Trojans worms, viruses and spyware

viruses, Trojans, and worms

What is a flaw or weakness that allows a threat agent to bypass security? risk asset vulnerability threat

vulnerability

Which type of malware self-replicates between computers (from one computer to another)? worm trojan virus rootkit

worm

An infected robot computer is known as a _____? zombie trojan horse beachhead bottle

zombie


Related study sets

Financial Accounting Midterm Exam

View Set

Go further with you Google Analytics Data

View Set

ATI RN Eating Disorders Assessment

View Set

Ch 6: strengthen a company's competitive positions

View Set

REL 130 - Periodic Exam 2 - Fall20

View Set

CH 2 Health Care Delivery System

View Set