Mis 3

gray hat hackers

A cross between black and white—they will often illegally break into systems merely to flaunt their expertise to the administrator of the system they penetrated or to attempt to sell their services in repairing security breaches.

encryption

Scrambling data using a code or formula, known as a cipher, such that it is hidden from those who do not have the unlocking key.

Attacks that exhaust all possible password combinations in order to break into an account are called _____ attacks.

brute-force

disruptive innovation

challenge incumbent businesses create and new market and value network 1. performance attributes and not valued by existing customers 2. performance attributes invade established markets

black hat hackers

criminals who exploit a system's weakness for personal or financial gain

An attack on the US power grid by terrorists or a foreign power is indicative of:

cyberwarfare

Almost all security breaches can be traced back to technology lapses; personnel or procedural factors rarely factor in.

false

Because of Moore's Law, widely-used encryption programs currently employed by banks and ecommerce sites are now easily penetrated by brute-force attacks that can be employed by hackers using just a handful of simple desktop computers

false

a black hat hacker looks for the weaknesses in security mechanisms, with a view to help plug the holes that might be exploited by cyber-criminals.

false

Sustaining innovation

improve existing products that customers are eager to buy, higher profit margins

which of the following is a valid statement on information security?

information security is everyone's responsibility

security breach

is a security incident in which data is viewed, copied, altered, deleted by an unauthorized individual

which of the following statements hold true for encryption?

it refers to scrambling data using a code or formula, known as a cipher, such that it is hidden from those who do not have the unlocking key

which of the following statements is consistent with ground realities regarding information security?

law-enforcement agencies struggle to hire, train, and retain staff capable of keeping pace with today's cyber-criminals

which is the following aspects of international law would enable a cyber-criminal operating across the borders to evade prosecution?

non-existent extradition agreements between two countries

which of these would be an example of a DDoS attack?

overloading a popular social networking site with inbound messages in order to shut down access to the site

Updates that plug existing holes in a software are called:

patches

which of the following types of infiltration techniques does one open up to by posting sensitive personal information and details about one's workplace on social networking sites?

social engineering

white hat hackers

work at the request of the system owners to find system vulnerabilities and plug the holes

brute-force attack

Every possible key is tried

innovation

a new idea, method, or product

which of the following are considered sources of information that can potentially be used by social engineers?

all of the above

information security policies would be ineffective without __ and ___.

audit; enforcement

Technologies that measure and analyze human body characteristics for identification or authentication are known as _____.

biometrics

Hordes of surreptitiously infiltrated computers, linked and controlled remotely, are known as zombie networks or:

botnets

a(n) ___ is someone who uncovers computer weaknesses and reveals them to manufacturers or system owners; without exploiting these vulernabilities

white hat hacker

hacker

someone who uses their knowledge to break down and bypass security measures on a computer, device, or network

Some of the most common guidelines issued by Web sites when designing a secure password include:

the password should be at least eight characters long and include at least one number and other non alphabet character

social eng

tricking people into revealing sensitive information

computer systems are often infected with malware by means of exploits that sneak in masquerading as something they are not. these exploits are called

trojans

dumpster diving refers to physically trawling through trash to mine any valuable data or insights that can be stolen or used in a security attack

true

phis

type of social engineering, fake email with link to get your information

cyberwarfare

using technology to disrupt the activities of a state or organization