Module 07: digital Security

Ace your homework & exams now with Quizwiz!

Suppose that you've lost a digital device that has a@rdvark as the login password. Will the hacker who found your device crack the password more quickly with a brute force attack or a dictionary attack?

A dictionary attack

Which of the following is not an example of a user authentication technique?

AES

Which one of the following would offer the most login security?

An 8-character alphanumeric code.

Hackers and government agencies sometimes use ________ address spoofing to set up an intermediary server to capture web traffic.

DNS

Hackers set up an unsecured Wi-Fi hotspot complete with an Internet connection in order to establish a _____.

Evil twin

Antivirus software can detect viruses by looking for signatures or by ________ analysis.

Heuristic

Mobile phones are susceptible to an interception exploit that uses ____ catchers.

IMSI

DNS spoofing changes the _____.

IP address for a URL

Who typically sets up blacklist filters?

ISPs

Which password for Dave Meyers is most secure?

Ih2gtg8pw

Which of the following is a reason to manually check for updates even if your antivirus software is set for auto-updates?

It might indicate if your antivirus subscription has expired.

Which one of the following is NOT a reason why antivirus software quarantines files?

It sometimes takes days to analyze a file to determine if it is actually malware.

Which of the following sequences of events best describes an online intrusion?

Malware enters the device, then opens a backdoor leading to an open communications link on the device that a hacker can exploit.

Which of the following is true about multiple firewalls?

Multiple software-based firewalls tend to conflict with each other.

What is the term used to describe unwanted software that installs along with downloaded software?

PUP

Web site traffic is redirected to fraudulent Web sites that perpetrate scams by _______.

Pharming

What is the difference between phishing and pharming?

Phishing is based on fraudulent email, whereas pharming is based on fraudulent Web sites.

Which form of malware arrives in a trojan disguised as legitimate software and sets up a secret communication link to a hacker?

RAT

Botnets might carry out all of the following exploits, EXCEPT

RATs

Which one of the following statements about spam is true?

Spam may originate from legitimate merchants as well as from hackers and scammers

A digital certificate depends on a security protocol called _______.

TLS

The current method of encrypting communication between a client and a server depends on a security protocol called _______.

TLS

What is significant about exclusions in antivirus settings?

They define files and locations that the antivirus software will not scan.

What is the purpose of heuristic analysis?

To detect virus-like commands or behaviors

Security is increased when a device can be accessed only when the user's identity is verified by both a password and a verification code, which is an example of ________ authentication.

Two-factor

An Evil Twin exploit usually takes place on an unsecured _________ network.

Wi-Fi

The attack vector for an Evil Twin exploit is a _______ .

Wi-Fi hotspot

What is the key difference between computer viruses and worms?

Worms are standalone executable programs, whereas viruses have to piggyback on other executable files.

IMSI catchers can force phones to use ________ in order to carry out an MITM attack.

a 2G connection

Computer viruses are characterized by their ____.

ability to self-replicate

Changing an originating address or a destination address to redirect the flow of data between two parties is called _____.

address spoofing

When a victim is promised a large sum of money in exchange for a bank account number from which a small initial fee is withdrawn, that victim is the target of a social engineering scam called _____.

advance fee fraud

Digital certificates do NOT contain ______.

an ARP routing table

The best defense against malware is _____________.

antivirus software

Phishing attacks are a type of spam that _____.

appears to originate from a trusted business

User ______ techniques include PINs, passwords, fingerprint scans, and facial recognition.

authentication

Password managers are available as operating system utilities, ______ extensions, and standalone utilities.

browser

Which of the following attacks uses password-cracking software to generate every possible combination of letters, numerals, and symbols?

brute force

The process of modifying an executable file or data stream by adding commands is called _____.

code injection

A set of self-replicating program instructions that surreptitiously attaches itself to a legitimate executable file on a host device is called a _____.

computer virus

Botnets are commonly used to carry out distributed _______-of-service attacks.

denial

A ________ attack usually cracks passwords in less time than a brute force attack.

dictionary

In the context of malware, a trojan's main purpose is to ______.

disguise malware as legitimate software

Malware trojans often contain code that is called a(n) _____ , which secretly installs malware.

dropper

Conventional wisdom tells us that strong passwords include one or more uppercase letters, numbers, and symbols and have a length of at least _______ characters.

eight

PINs and passwords protect logins, but they can also be used to _____ storage volumes.

encrypt

Which of the following terms would best match this definition: Technology that transforms a message or data file in such a way that its contents are hidden from unauthorized readers?

encryption

A term such as 46-bit is used to indicate the strength, or __________, of a password.

entropy

Correctly installed antivirus software will prevent all intrusions.

false

IMSI catchers are a DEF CON exploit designed to eavesdrop on Wi-Fi users at Wi-Fi hotspots.

false

Microsoft operates a service called Safe Browsing to alert users about phishing scams embedded in social media posts.

false

Most mass-mailing databases are legitimately compiled from customer lists.

false

Advance _____ fraud and stranded traveler scams are two social engineering exploits that are delivered in spam.

fee

Blacklist spam _______ block mail that originates from IP addresses of known spammers.

filters

A personal _________ uses a set of rules to block unauthorized access through open communications ports.

firewall

Which of the following tools can be used to block unauthorized access while allowing authorized communications on a device or network?

firewall

A virus _______ usually arrives as an email alert that warns against an imminent virus attack.

hoax

The 64-bit number that uniquely identifies a cellular device is a ____.

imsi

A word, number, or phrase that must be known to encrypt or decrypt data is known as a cryptographic ____.

key

Which of the following tools would be considered spyware?

keylogger

PUPs and PUAs are most similar to ______.

malware

The objective of most MITM attacks is to ______.

monitor or alter communications

You can view a detailed list of open ports on a device by running the network utility called _____.

netstat

If you feel more secure with a totally random and unique password for each of your logins, then an excellent option is a _____.

password manager

The action carried out by malware code is referred to as a malware exploit or a "___________ ."

payload

An example of a software-based deterrent against unauthorized port access is a _____.

personal firewall

Many _______ attacks use DNS spoofing to send victims to a fraudulent Web site.

pharming

A _____ attack usually begins with a fraudulent email message that appears to be from a legitimate company.

phishing

A mass-email scam that masquerades as a message from a legitimate source is called _____.

phishing

A(n) ______ scan is used by hackers to discover which applications are using online communications.

port

What technique used by hackers pings a packet of data to a port in order to determine whether that port is open?

port scan

Antivirus software produces what is referred to as a false _______ when a legitimate program is mistakenly identified as a virus.

positive

A rootkit does NOT ____.

protect a device from hackers

A disposable email address is most useful for .

reducing the amount of spam that arrives at your main email account

A ____________ access trojan is the underlying technology for most online intrusions.

remote

A ________ antivirus exploit displays a fake virus warning.

rogue

Which type of exploit usually begins with a virus warning and an offer to disinfect the infected device?

rogue antivirus

To spread, trojans depend on ________.

social engineering

Any software that secretly gathers personal information without the victim's knowledge is classified as _____.

spyware

If you use a password manager, what do you as the user need to remember?

the master password

The security of a password manager depends on ________.

the security of the primary password

What is the significance of zero-day attacks?

they take advantage of previously unknown vulnerabilities

A computer program that seems to perform one function while actually doing something else is called a _____.

trojan

Any data entering a digital device could be malware.

true

Encryption is the best defense against MITM attacks.

true

If a hacker intercepts encrypted data by way of a MITM attack, that data may no longer be secure.

true

The most common types of PUPs and PUAs are toolbars and alternative browsers.

true

How does an online intrusion usually begin?

with a worm or trojan

A ______ is self-replicating, self-distributing malware.

worm

A self-replicating, self-distributing program designed to carry out unauthorized activity on a victim's device is called a computer _____.

worm

A ________-day attack exploits previously unknown vulnerabilities in software applications, hardware, and operating systems.

zero

Which kind of attack exploits previously unknown vulnerabilities in software applications, hardware, and operating system program code?

zero-day


Related study sets

Final exam COSC(11,12,13,14,15,19,10,9,8) missing 7

View Set

AP Psych Unit 11 (Testing and Individual Differences)

View Set

NFS 2112 Exam 3 WIC SNAP HS NSLP

View Set

Chapter 3 - General Biology Majors

View Set

Intro to Programming Definitions

View Set

National Real Estate Exam Questions

View Set