4. Security principles Flashcards
What happens when Windows Defender is turned on?
You are notified when spyware or other potentially unwanted software tries to install itself or run on your computer
What native antispyware feature is included with Windows
Windows Defender
Which type of software can assist you in protecting your computer against virus-related problems?
antivirus software
Which software gathers the user’s information through the user’s internet connection without the user’s knowledge
spyware
Which software damages or disrupts a system without the owner’s permissions?
malware
In which specific area of a hard disk drive does a boot-sector virus place its starting code?
Master Boot Record (MBR)
What is a virus
Malicious software (malware) that relies upon other application programs to execute and infect a system
Which type of attack is conducted by an email request from a financial institution asking you to log in and change your password using the provided link?
phishing
What is dumpster diving
searching the garbage collection area or dustbin to look for non-shredded confidential documents
what is war chalking
leaving notations about the wireless network on the outside of a building
What is shoulder surfing
watching someone when he enters his login credentials
What is tailgating
the act of gaining unauthorized access to a facility by using another user’s access credentials without the permission of the authorized person
When does a zero-day attack occur
When live environments become vulnerable and targeted before a fix or patch can be created by the vendor
What is a man-in-the-middle attack
When a hacker is positioned on both side of the attack to intercept communications between two sessions and devices
What is the first action you should perform if you find that your fellow technician has left the door of the server room open
close the door
Which guidelines should you refer to if you find that someone has breached the security of the server room
The company’s security policy
What is a smart card?
it is an authentication card with an integrated circuit built in
What does a face recognition scanner do
It determines whether to authenticate a user by scanning the user’s face and comaring that scan to face scans already on file
What does an iris scanner do
It determines whether to authenticate a user by taking a picture of the iris of the user’s eye and comparing the picture with iris pictures on file
Which physical barrier acts as the first line of defense against an intruder
a fence
What is a mantrap
a set of double doors that are generally monitored by a security guard
Which authentication method uses fingerprint recognition as a method to identify an individual
biometric authentication
Which authentication method uses a small card with an embedded silicon chip which stores information on it
smart card authentication
What should you do if your smart card is stolen
Get it inactivated and replaced
Which device can be installed to monitor visitor entry in server room when there is not enough manpower to escort the visitor
video surveillance cameras or closed-circuit television (CCTV)
Which attributes or details of an employee can be used by biometric devices
fingerprint, face, signature, iris, and retina
What does the acronym ACL denote
access control list
What does the acronym VPN denote
virtual private network
What is a digital certificate
an electronic file that establishes your identify via a public key infrastructure (PKI) to complete transactions
Which three types of characters can be used in combination to set a strong password in Windows
alphabetic, numeric, and special characters
cybersecurity
the practice of protecting information-related assets against whatever threatens them
digital certifcate
a file created and signed using special cryptographic algorithms
malware
a malicious or unwanted software designed to steal data or impair your computer’s performance
PCI DSS
The Payment Card Industry Data Security Standard is a set of shared rules developed by the world’s major credit card companies and administered by the PCI Council
Phishing
The use of fake but official-looking messages to trick users into performing dangerous actions
Spam
The unsolicited emails or other electronic messages, with undesired or malicious content
Spear phishing
A variant of phishing that targers specific people, such as members of an organization or even individual users
Trojan horse
A type of malware that appears to be harmless or useful program, like a game or even an anti-virus application
CIA Triad
- Confidentiality
- Integrity
- Availability
Confidentiality
Ensuring that information is viewable only bu authorized users or systems, and is either inaccessible or unreadbale to unauthroized users
Integrity
Ensuring that information remains accurate and complete over its entire lifetime. In particular this means making sure that data in storage or transit can’t be modified in an undetected manner
Availability
Ensuring that information is always easily accessible to authorized users. This means making sure that the connectivity and performance is maintained at the highest possible level
Risk
The chance of harm coming to an asset
Threat
Anything that can cause harm to an asset
Vulnerability
Any weakness the asset has against potential threats