Which of the following usually happens in a malicious denial-of-service attack?
answer
a hacker floods a web server which millions of bogus service requests.
question
A ___ pretends to be a legit company and sends an email requesting confidential data, such as account numbers, SSN, account passwords, and so forth
answer
phisher
question
When an employee is terminated, IS administrators should receive advance notice so that they can ___
answer
remove the user account and password
question
Mark is transferring funds online through the Web site of a reputed bank. Which of the following will be displayed in the address bar of his browser that will let him know that the bank is using the Secure Sockets Layer (SSL) protocol?
answer
HTTPS
question
A ________ examines each part of a message and determines whether to let that part pass.
answer
firewall
question
In the context of malware protection, the program code that causes the unwanted actions is called the ________.
answer
payload
question
the three main components of IT security includez
Principle of Accountability
Principle of Least Privilege
and ___
answer
Principle of Defense in Depth
question
Which of the following is a critical security function that should be addressed by the senior management of an organization?
answer
establishing the security policy
question
In information security, which of the following is true about managing risk?
answer
organizations should implement safeguards that balance the trade-off between risk and cost
question
________ are false targets for computer criminals to attack.
answer
Honeypots
question
A common security technique used by financial institutions and major corp. requires users attempting to login to have something physical and something they know. when the users login without the physical portion of this technique, the security systems send either a text to a cell phone or call the users directly. the common name for this login security technique is ___
answer
2FA - two factor authentication
question
A ___ is a person or an org that seeks to obtain or alter data or other IS assets illegally, without the owner's permission and often without the owner's knowledge.
answer
a threat
question
___ is a technique for intercepting computer communications through a physical connection to a network or without a physical connection, in case of wireless networks.
answer
sniffing
question
5 Components of IT
answer
(1) Hardware
(2) Software
(3) Data
(4) People
(5) Networking/ Telecommunications
question
What are cases that helped with security, privacy and safeguards
answer
Gramm Leach Bliley (GLB) Act, 1999
Privacy Act of 1974
HIPAA, 1996
Australian Privacy Act of 1998
question
pretending to be a valid web address
answer
IP Spoofing
question
what you call a threat that interrupts data on transit
answer
drive-by sniffers
question
those searching for unprotected wireless nets
answer
wardrivers
question
In the context of security threats, pretexting, sniffing, spoofing, and phishing are all examples of ________.
answer
unauthorized data disclosure
question
What is pretexting?
answer
A social engineering attack whereby the attacker pretends to be someone they are not.
question
Sources of security threats
answer
human error, computer crime, natural disasters
question
phishing for the big ones. targets are corporate level executives or high ranking officials within access to high valued information is called ____.
answer
Whaling
question
4 elements of cyber attack
answer
Surveillance and Intelligence Gathering
Exploit Weakest defenses and gain a toe hold
Elevate Privileges
Capture the Flag
question
What does APT stand for?
answer
Advanced Persistent Threat
question
3 Principles of IT Security
answer
Accountability
Least Privilege
Defense in Depth
question
what is phishing that is targeted to intended victims specifically?
answer
Spear Phishing
question
what does RAT stand for
answer
Remote Access Trojan or Remote Access Tools
question
When criminals invade a computer system and replace programs with unauthorized ones that shut down apps and substitute own to spy, steal or change data.
answer
Usurpation
question
When humans inadvertently shut down a web server
answer
Denial of Service
question
what happens when human maliciously hack and shut down a web server intentionally
answer
Denial of Attacks
question
Goal of Information Systems Security
answer
Find appropriate trade-off between risk of loss and cost of implementing safeguards (upper/senior management)
question
What does IDS stand for?
answer
Intrusion Detection System
question
resides in the background and unknown to user, observes users' actions, minitors, reports to threat organization
answer
spyware
question
malicious spyware that captures keystrokes, web history, etc
answer
key loggers
question
should be benign but it watches activity and produces pop ups i.e. google ads
answer
adware
question
trusted party should have copy of this encryption key
answer
key escrow
question
org-wide function that is in charge of developing data policies and enforcing data standards
answer
data administration
question
protects data
answer
data safeguards
question
checks and balances, separation of powers
answer
sarbanes oxley case
Haven't found what you need?
Search for quizzes and test answers now
Quizzes.studymoose.com uses cookies. By continuing you agree to our cookie policy
