Quiz 1 Intro to Security
The ______________ is a variation of the brute force attack which narrows the field by selecting specific target accounts and using a list of commonly used passwords, special words, names and phrases instead of random combinations.
A Dictionary Attack
When an attack is launched against a Web site from many different attacking computers and many different locations, we call this _______________________.
A Distributed Denial of Service Attack
You receive an email from Paypal telling you that your account has been suspended and that you must follow a hyperlink in the email to go to the Paypal Website to re-enter your account information. You see a link on the page labeled www.paypal.com, but when you hold your mouse over the link, it appears to be going to www.paypal.com.123.ru. What kind of an attack do you feel this represents?
A Phishing attack
A user in a company received a call from a person identifying himself as an MIS technician conducting security tests and asking for the end user's password. If the caller was not really an MIS technician but wanted the information to gain improper access to the network, we would call this attack ________________.
A Social Engineering attack
_________ ________ are software programs that hide their true nature and reveal their designed behavior only when activated and are frequently disguised as helpful, interesting, or necessary pieces of software, such as readme.exe files often included with shareware or freeware packages.
A Trojan Horse
A ____________ is an identified weakness in a controlled system, where controls are not present or are no longer effective.
A Vulnerability
Which of the following best fits the definition of a cyberactivist?
A person who attacks to interfere with or disrupt systems to protest policies or for political reasons
_________ is "any software program intended for marketing purposes such as that used to deliver and display advertising banners or popups to the user's screen or tracking the user's online usage or purchasing activity.
Adware
____________ of information is the quality or state of being genuine or original, rather than a reproduction or fabrication. Information is authentic when it is in the same state in which it was created, placed, stored, or transferred. Consider for a moment some common assumptions about e-mail. When you receive e-mail, you assume that a specific individual or group created and transmitted the e-mail—you assume you know the origin of the e-mail. This is not always the case. E-mail spoofing, the act of sending an e-mail message with a modified field, is a problem for many people today, because often the modified field is the address of the originator.
Authenticity
_____________ enables authorized users—persons or computer systems—to access information without interference or obstruction and to receive it in the required format. Consider, for example, research libraries that require identification before entrance. Librarians protect the contents of the library so that they are available only to authorized patrons.
Availability
Passwords that containing special symbols (such a *, &, %, $) and do not contain common words or phrases are used as a means of making what kind of attack harder?
Brute Force Attack
A program asks for user information in an input field. Typical data in this field in never more than 20 characters in length. Attackers have found that by sending large amounts of data to the input field, code designed by the attacker can be run on the machine receiving the data. What kind of an attack is this?
Buffer Overflow
Information has _____________ when it is protected from disclosure or exposure to unauthorized individuals or systems and ensures that only those with the rights and privileges to access information are able to do so. When unauthorized individuals or systems can view information, ___________ is breached.
Confidentiality
Which is the correct sequence of the Security Systems Development Life-cycle?
Investigation, Analysis, Logical design, Physical design, Implementation, Maintenance & Change
____________ ___________ need to provide convenient access to resources on the Network
Network Administrator
The ___________ of information is the quality or state of ownership or control. Information is said to be in one's ___________ if one obtains it, independent of format or other characteristics.
Possession
Which of the following is a term used to describe attackers of limited skill who rely on expertly written software to provide them the tools needed to mount attacks?
Script Kiddies
A program that examines the contents of all packets on a network (can be used for both legitimate and unlawful purposes) can be called a ______.
Sniffer
________ is "any technology that aids in gathering information about a person or organization without their knowledge and is placed on a computer to secretly gather information about the user and report it.
Spyware
Some companies divide the roles of Network and Security administrators. What is the main role of the Security Administrator?
To maintain confidentiality of data in the network.
The __________ of information is the quality or state of having value for some purpose or end. Information has value when it can serve a purpose. If information is available, but is not in a format meaningful to the end user, it is not useful.
Utility
A particular type of malware program that can only be spread by attaching itself to executable program and can replicate to other executable code and takes control of that programs access to the target computer is best described by which of the following terms?
Viruses
What kind of malware can travel from network to network on it's own (without requiring another program environment) and can replicate itself constantly until it fills a systems resources (without the need for a host executable file)?
Worm
When a computer is compromised in such a way that it appears to work normally, but can be taken over or used to attack other computers by an unknown third party, we call this computer a ________.
Zombie
Information Security is a(n) __________...
all of the above