Management Science 590 - Chapter 05

Ace your homework & exams now with Quizwiz!

Phishing attack rely on browser parasites.

False

Which dimension(s) of security is spoofing a threat to?

Integrity and Authenticity

Secure Sockets Layer/Transport Layer Security (SSL/TLS)

Protocols that secure communications between the client and the server

Which of the following is not an example of malicious code? Spyware Trojan Horse Bot Sniffer

Sniffer

FREAK is an example of which of the following? Mobile malware Software vulernability Botnet Trojan horse

Software vulnerability

What happens when a sniffing attack is used legitimately?

Used to steal proprietary information from a network, including passwords, e-mail messages, company files, and confidential reports.

Linden Dollars, created for use in Second Life, are an example of:

Virtual Currency

What is the current standard used to protect Wi-Fi networks?

WPA2

An unauthorized person intercepts an online communication and changes its contents is a violation of what?

E-Commerce security

Which of the following is the leading cause of data breaches? Theft of a computer Accidental disclosures Hackers DDoS attacks

Hackers

Typically attacks governments, organizations, and sometimes individuals for political purposes.

Hacktivists

What is a sniffing attack?

It is a type of eavesdropping program that monitors information traveling over a network.

Why is it difficult to accurately estimate the actual amount of cybercrime?

It is difficult to accurately estimate the actual amount of cybercrime in part because many companies are hesitant to report it due to a fear of losing the trust of their customers, and because even if crime is reported, it may be difficult to quantify the actual dollar amount of the loss.

Trojan Horse

It is not itself a virus because it does not replicate but it is a method by which viruses or other malicious code can be introduced into a computer system. It appears benign and then suddenly does something harmful.

A worm does not need to be activated by a user in order for it to replace itself.

True

Public Key Encryption

Two mathematically related digital keys are used: a public key and a private key. The private key is kept secret by the owner, and the public key is widely disseminated. Both keys can be used to encrypt and decrypt a message. However, once the keys are used to encrypt a message, that same key cannot be used to unencrypt the message

Bot programs

Type of malicious code that can be covertly installed on a computer when it is attached to the Internet. Once installed, the bot responds to external commands sent by the attacker, and many bots can be coordinated by a hacker into a botnet.

Confidentiality is sometimes confused with what?

Privacy

Software that is used to obtain private user information such as a user's keystrokes or copies of e-mail is:

Spyware

How does the Great Cannon allow hackers to do?

To hijack traffic to individual IP addresses and uses a man-in-the-middle attack to replace unencrypted content between a Web server and the user with malicious Javascript that would load the two GitHub project pages every two seconds.

What is not a limitation of the existing online credit card payment system?

Cost to Consumers

According to Ponemon Institute's 2015 survey, which of the following was not among the causes of the most costly cybercrimes? Malicious insiders Malicious code Denial of Service Botnets

Denial of Service

Worms

Designed to spread not only from file to file but from computer to computer and do not necessarily need to be activated in order to replicate.

Internet of Things (IoT)

Involves the use of the Internet to connect a wide variety of sensors, devices, and machines, and is powering the development of a multitude of smart connected things, such as home electronics (smartTVs, thermostats, home security systems, and more), connected cars, medical devices and industrial equipment that supports manufacturing, energy, transportation, and other industrial sectors.

What can SSL/TLS not provide?

Irrefutability

VPN (Virtual Private Network)

Is a network that is constructed using public wires — usually the Internet — to connect to a private network, such as a company's internal network. There are a number of systems that enable you to create networks using the Internet as the medium for transporting data.

Transmission Control Protocol/Internet Protocol (TCP/IP)

Is the basic communication language or protocol of the Internet. It can also be used as a communications protocol in a private network (either an intranet or an extranet).

How does a sniffing attack differ from a MitM attack?

It also involves eavesdropping but is more active, and also involves passive monitoring. the attacker is able to intercept communications between two parties who believe they are directly communicating with one another, when in fact the attacker is controlling the communications.

Malicious Code

It includes a variety of threats such as viruses, worms, Trojan horses, ransomware, and bot programs

All of the following statements about public key cryptography are true except: Public key cryptography uses two mathematically related digital keys. Public key cryptography ensures authentication of the sender. Public key cryptography does not ensure message integrity. Public key cryptography is based on the idea of irreversible mathematical functions.

Public key cryptography ensures authentication of the sender.

Which of the following is the most common protocol for security a digital channel of communication? DES SSL/TLS VPN HHTP

SSL/TLS

Symmetric key cryptography is also know as:

Secret Key Cryptography

CryptoLocker is an example of ransomware.

True

Exploit kits are often rented or sold as a commercial product.

True

PayPal is the most popular alternative payment method in the United States.

True

SLS/TLS cannot provide irrefutability.

True

SSL/TLS addresses the threat of authenticity by allowing users to verify another user's identify or the identity of a server.

True

ShellShock is an example of a software vulnerability.

True

Spoofing a Web site is a thread to the integrity of the Web site.

True

The easiest and least expensive way to prevent threats to system integrity is to install antivirus software.

True

There is a finite number of Bitcoins that can be created.

True

Bitcoins are an example of:

digital cash

The overall rate of online credit card fraud is ________ of all online card transactions.

less than 1%

Secure Negotiated Session

A client-server session in which the URL of the requested document, along with the contents, contents of forms, and the cookies exchanged, are encrypted

Which of the following has the Internet Advertising Bureau urged advertisers to abandon? HTML HTML5 Adobe Flash Adobe Acrobat

Adobe Flash

Ransomware

Also known as scareware, is a type of malware (often a worm) that locks your computer or files to stop you from accessing them.

All of the following experienced high-profile data breaches in 2014 except: eBay Home Depot Amazon Sony

Amazon

Refers to the ability to identify the person or entity with whom you are dealing on the Internet.

Authenticity

Refers to the ability to ensure that an e-commerce site continues to function as intended.

Availability

All of the following are prominent hacktivist groups except: Anonymous LulzSec Impact Team Avid Life

Avid Life

Symmetric Key Encryption

Both the sender and the receiver use the same key to encrypt and decrypt the message

To allow lower-level employees access to the corporate network while preventing them from accessing private human resources documents, you would use:

An authorization management system.

Virus

A computer program that can replicate or make copies of itself and spread to other files. They can range in severity from simple programs that display a message or graphic as a "joke" to more malevolent code that will destroy files or reformat the hard drive of a computer, causing programs to run incorrectly.

SSL/TLS will be used to establish what type of session?

A secure negotiated session.

What is the main Pro and Con of Symmetric Key Encryption?

Can be used effectively for data storage protection, but is less convenient for e-mail since the correspondents have to pass the secret key to one another over another secure medium prior to commencing the communications.

How many dimensions of e-commerce security does encryption address?

Can provide four of the six dimensions. Integrity, Nonrepudiation, Authentication, and Confidentiality.

Bill Me Later is an example of social/mobile peer-to-peer payment systems.

False

Vishing attacks exploit SMS messages.

False

Which of the following was designed to cripple Iranian nuclear centrifuges? Stuxnet Flame Snake Storm

Stuxnet

All the following statements about symmetric key cryptography are true except: In symmetric key cryptography, both the sender and the receiver use the same key to encrypt and decrypt a message. The Data Encryption Standard is symmetric key encryption system. Symmetric key cryptography is computationally slower. Symmetric key cryptography is a key element in digital envelopes.

Symmetric key cryptography is computationally slower.

Slammer is an example of which of the following? Virus Worm Trojan Horse Botnet

Worm

Session Key

A unique symmetric encryp-tion key chosen for a single secure session

Rustock is an example of which of the following? Worm Botnet Phishing Hacktivism

Botnet

Accessing data without authorization on Dropbox is an example of what?

Cloud Security Issue

Refers to the ability to ensure that messages and data are only available to those authorized to view them.

Confidentiality

Apple Pay uses near field communication (NFC) chips.

True

Security issues for the Internet of Things.

- Many IoT devices, such as sensors, are intended to be deployed on a much greater scale than traditional Internet-connected devices, creating a vast quantity of interconnected links that can be exploited. - Existing tools, methods, and strategies need to be developed to deal with this unprecedented scale. - Many instances of IoT consist of collections of identical devices, which magnifies the potential impact of security vulnerabilities. - Many IoT devices are anticipated to have a much longer service life than typical equipment. - Many IoT devices are intentionally designed without the ability to be upgraded. - Many IoT devices do not provide the user with visibility into the workings of the device or the data being produced, nor alert the user when a security problem arises. - Some IoT devices, such as sensors, are unobtrusively embedded in the environment such that a user may not even be aware of the device

The Data Encryption Standard uses a(n) __________-bit key.

56

Malware that comes with a download file that a user requests is called a:

Drive-by Download

What is not a major trend in e-commerce payments in 2015-2016?

Mobile retail payment volume decreases.

In 2014, online bill payment accounted for ________ of all bill payments, while paper checks accounted for ________.

More than 50%; Less than 25%

Which of the following is a set of short-range wireless technologies used to share information among devices within about two inches of each other? DES NFC IM Text Messaging

NFC -> Near Field Communication

Refers to the ability to ensure that e-commerce participants do not deny their online actions.

Nonrepudiation

PayPal is what type of payment system?

Online stored value payment system.

The Internet and VPNs can be used to significantly reduce what?

The cost of secure communications.

What is the most frequent cause of stole credit cards and card information today?

The hacking and looting of corporate servers storing credit card information.

What dimensions do digital signatures and hash digests add to public key cryptography?

Digital signatures and has digests can add authentication, nonrepudiation, and integrity when used with public key encryption. Encryption technology also allows for digital signatures and authentication. The sender encrypts the message yet again using their private key to produce a digital signature.

Which of the following is not an example of a Potentially Unwanted Programs (PUP)? Adware Browser parasite Drive-by download Spyware

Drive-by Download

Apple Pay is available for both iPhone 5s and iPhone 6s.

False

The Cybersecurity Information Sharing Act is strongly supported by most large technology companies and privacy advocates.

False

Typically, the more security measures added to an e-commerce site, the faster and easier it becomes to use.

False

Backdoor

Feature of worms, viruses, and Trojans that allow attackers to remotely access compromised computers.

Online purchasing history being sold to other merchants without your content is an example of what?

Online privacy violation

The credit card industry establishes what type of standard?

PCI-DSS -> Payment Card Industry Data Security Standard

What is the first step in developing an e-commerce security plan?

Perform a risk assessment.

Automatically redirecting a Web link to a different address is an example of which of the following? Sniffing Social engineering Pharming DDoS attack

Pharming

While SSL/TLS provides secure transactions between merchant and consumer, what can it only guarantee?

Server-side authentication.

Next generation firewalls provide all the following except: An application-centric approach to firewall control. The ability to identify applications regardless of the port, protocol, or security evasion tools used. The ability to automatically update applications with security patches. The ability to identify users regardless of the device or IP address.

The ability to automatically update applications with security patches.

All of the following statements about PKI are true except: The term PKI refers to the certification authorities and digital certificate procedures that are accepted by all parties. PKI is not effective against insiders who have a legitimate access to corporate systems including customer information. PKI guarantees that the verifying computer of the merchant is secure. The acronym PKI stands for public key infrastructure.

The acronym PKI stands for public key infrastructure.

What are VPNs primarily used for?

Transactions between partners because dedicated connections can be very expensive.

Zeus is an example of which of the following? SQL injection attack Browser parasite DDoS attack Trojan horse/botnet

Trojan horse/botnet

A Trojan horse appears to be benign, but then does something other than expected.

True

A fingerprint scan is considered biometircs.

True

Digital cash is legal tender that is instantly convertible into other forms of value without the intermediation of any third parties.

False

What is the Great Cannon, who developed it, and how has it been used?

The nickname given by researchers to a tool believed to be developed by China that was used to launch a major DDoS attack in March 2015 against the software development platform GitHub, aimed specifically at two Chinese anti-censorship projects hosted on the platform.

In 2014, Sony experienced which of the following? High-profile data breach DDoS attack that shut down its web site Hacktivist attack to protest employment policies Browser parasite

High-profile data breach

What is the main advantage of public key encryption?

It has the ability to begin secure correspondence over the Internet without prior exchanging of the keys and, therefore, without the need for a meeting in person or using conventional carriers for key exchange.


Related study sets

Chapter 11 Certification Style Exam Quiz

View Set

Chapter 9 Biology Connect study guide

View Set

PEDs Chapt 27 - 30 (Quiz) J.Erney@ LPN

View Set

Chapter 29- Saving Investment, and the Financial System

View Set

Real Estate Section 2 "Title & Ownership" Quiz Questions

View Set

Anatomy: Chapter 12 HW Mastering A&P

View Set