MIS 3317 CH4

Ace your homework & exams now with Quizwiz!

________ is the general name for a security flaw in a program

A vulnerability

Authentication should generally be ________.

Appropriate for a specific source

In a ________ attack, the attacker encrypts some or all of the victim's hard drive

a ransom

In an SPI firewall, all rules except the last will permit the connection. The last will ________.

Deny the connection

NIST guidelines for reusable passwords permit ________.

Entirely lowercase passwords

When a firewall identifies an attack packet, it ________.

both discards the packet and copies information about the packet into a log file

In terms of security thinking, "insiders" include ________.

both employees and many contractors working for the company

Attack programs that can be remotely controlled by an attacker are ________.

bots

What type of attacker are most attackers today

career criminals

Who are the most dangerous types of employees?

IT security employees

Using SSL/TLS for Web applications is attractive because SSL/TLS ________.

Is essentially free

Fingerprint recognition is generally acceptable for ________.

Laptops

The general term for evil software is ________.

Malware

Firewall log files should be read ________.

every day

The digital certificate provides the________.

Neither the Public Key of the Supplicant, Private Key of the Supplicant, or Private Key of the True Party

How will a stateful packet inspection (SPI) firewall handle a packet containing a TCP segment that contains an acknowledgement?

Pass it if it is part of an approved connection

Which of the following probably suffered the most financial damage from the Target breach?

Retailers

________ is the dominant firewall filtering method used on main border firewalls today.

Stateful packet inspection

________ is a program that can capture passwords as you enter them.

keystroke logger

Digital certificate authentication fails if the supplicant ________.

learns the true party's private key

In authentication, the ________ is the party trying to prove his or her identity.

supplicant

In most encryption, keys must be at least ________ long to be considered safe.

128 bits

________ attacks typically extend over a period of months

APT

For consumers who suffered credit card fraud because of the Target breach and acted quickly, which of the following is true?

The Credit card companies did not charge them for fraudulent purchases

The supplicant claims to be ________.

The true party


Related study sets

CHAPTER 11 GRADED VS ACTION POTENTIALS

View Set

Chapter 2 - physical aging and changes

View Set

AP World History Unit 3 Multiple Choice questions

View Set

Ch. 25: Negotiable Instruments & Ch. 26: Transferability and HDC

View Set