5. Protecting Information Resources

Question 1

Spyware

Answer 1

Gathers info about users on the web

Question 2

Adware

Answer 2

Type of spyware that collects information about the user w/o user consent to determine ads to display in browser

Question 3

Phishing

Answer 3

Transmission of fraudulent emails that seem to come from legitimate sources

Question 4

Pharming

Answer 4

Directs internet users to fraudulent websites to steal their personal information

Question 5

Baiting

Answer 5

Similar to phishing, but the baiter promises the recipient something in return.

Question 6

Quid pro quo

Answer 6

Similar to baiting, a hacker requests exhange of info for a service/prize

Question 7

Sniffing

Answer 7

Capturing and recording network traffic

Question 8

Computer fraud

Answer 8

The unauthorized use of computer data for personal gain

Question 9

Fault-tolerant systems

Answer 9

Ensure availability in the event of a system failure by using a combo of hardware and software

Question 10

Virus

Answer 10

Self-propagating code triggered by a specified time or event.

Question 11

Worm

Answer 11

Travels from computer to computer in a network, but does not erase data.

Question 12

Trojan programs

Answer 12

Contains code intended to disrupt a comp, network, or website, hidden within a popular program

Question 13

Back door

Answer 13

Programming routine built into a system by its programmer. Enables programmer to bypass security & sneak into the system to access programs or files

Question 14

Adware

Answer 14

is a form of spyware that collects information about the user (without the user’s consent) to determine which advertisements to display in the user’s Web browser.

Question 15

Confidentiality

Answer 15

means that a system must prevent disclosing information to anyone who is not authorized to access it.

Question 16

Keystroke loggers

Answer 16

are software or hardware devices that monitor and record keystrokes.

Question 17

Computer fraud

Answer 17

is the unauthorized use of computer data for personal gain.

Question 18

Spoofing

Answer 18

is an attempt to gain access to a network by posing as an authorized user in order to find sensitive information, such as passwords and credit card information.

Question 19

Integrity

Answer 19

refers to the accuracy of information resources within an organization.

Question 20

Availability

Answer 20

means that computers and networks are operating, and that authorized users can access the information they need. It also means a quick recovery in the event of a system failure or disaster.

Question 21

logic bomb

Answer 21

A logic bomb is a type of Trojan program used to release a virus, worm, or other destructive code. Logic bombs are triggered at a certain time (sometimes the birthday of a famous person) or by a specific event, such as a user pressing the Enter key or running a certain program.

Question 22

blended threat

Answer 22

A blended threat is a security threat that combines the characteristics of computer viruses, worms, and other malicious codes with vulnerabilities found on public and private networks.

Question 23

rootkit

Answer 23

A rootkit is a series of software tools that enable an unauthorized user to gain access to a computer or network system without being detected.

Question 24

denial-of-service (DoS) attack

Answer 24

A denial-of-service (DoS) attack floods a network or server with service requests to prevent legitimate users’ access to the system.

Question 25

social engineering

Answer 25

takes advantage of the human element of a security system to trick others into revealing private information.

Question 26

callback modem

Answer 26

A callback modem verifies whether a user’s access is valid by logging the user off (after the user attempts to connect to the network) and then calling the user back at a predetermined number.

Question 27

Cryptojacking

Answer 27

occurs when hackers secretly use the computing power of a user to mine cryptocurrency.

Question 28

intrusion detection system (IDS)

Answer 28

An intrusion detection system (IDS) can protect against both external and internal access. It is usually placed in front of a firewall and can identify attack signatures, trace patterns, generate alarms for the network administrator, and cause routers to terminate connections with suspicious sources.

Question 29

firewall

Answer 29

A firewall is a combination of hardware and software that acts as a filter or barrier between a private network and external computers or networks, including the Internet. A network administrator defines rules for access, and all other data transmissions are blocked.

Question 30

Biometric security measures

Answer 30

use a physiological element that is unique to a person and cannot be stolen, lost, copied, or passed on to others.

Question 31

Physical security measures

Answer 31

primarily control access to computers and networks, and they include devices for securing computers and peripherals from theft.

Question 32

password

Answer 32

A password is a combination of numbers, characters, and symbols that a user enters to gain access to a system.

Question 33

DNA identification

Answer 33

gathers a user’s unique behavioral characteristics and then creates an “eDNA” profile that is used for identification when the user tries to log in to a system.

Question 34

Zero login

Answer 34

assumes that devices will be smart and secure enough to quickly recognize users by their unique features, such as their voice and their typing patterns.

Question 35

brain password

Answer 35

A brain password is a digital reading of a user’s brain activity while looking at a series of images. These brain activities are recorded in a database. To log in to a system or enter a secure room, the user puts on a special hat and again watches the sequence of images. The new brain activities are compared with the ones in the database and then access is given or denied.

Question 36

Access controls

Answer 36

are designed to protect systems from unauthorized access in order to preserve data integrity.

Question 37

Implanted microchips

Answer 37

a controversial technology, are microchips the size of a grain of rice that are inserted between the thumb and the index finger. The microchip can store various information, including that for a user’s ID cards and credit cards, which could be used to log in to Web sites and to enter a secure room.

Question 38

Authentication tokens

Answer 38

improve security by transmitting a security token among connected applications. The user logs in once with approved credentials, and then a unique token is generated and shared with connected applications or Web sites to verify the user’s identity for a given period.

Question 39

Transport Layer Security (TLS)

Answer 39

is a cryptographic protocol that ensures data security and integrity over public networks, such as the Internet.

Question 40

Data encryption

Answer 40

transforms data, called plaintext or cleartext, into a scrambled form called ciphertext that cannot be read by others.

Question 41

virtual private network (VPN)

Answer 41

A virtual private network (VPN) provides a secure “tunnel” through the Internet for transmitting messages and data via a private network.

Question 42

PKI (public key infrastructure)

Answer 42

A PKI (public key infrastructure) enables users of a public network such as the Internet to securely and privately exchange data through the use of a pair of keys—a public one and a private one—that is obtained from a trusted authority and shared through that authority.

Question 43

Secure Sockets Layer (SSL)

Answer 43

is a commonly used encryption protocol that manages transmission security on the Internet.

Question 44

Asymmetric encryption

Answer 44

uses two keys: a public key known to everyone and a private or secret key known only to the recipient. A message encrypted with a public key can be decrypted only with the same algorithm used by the public key and requires the recipient’s private key, too. Any people who intercept the message cannot decrypt it because they do not have the private key.

Question 45

Zero trust security

Answer 45

requires every person and every device that accesses a network to be secure, regardless of whether the access is within the organization or outside of it.

Question 46

symmetric encryption

Answer 46

In symmetric encryption (also called secret key encryption), the same key is used to encrypt and decrypt the message. The sender and receiver must agree on the key and keep it secret.

Question 47

business continuity planning

Answer 47

outlines procedures for keeping an organization operational after a natural disaster or network attack.

Question 48

Black hats

Answer 48

Hackers who specialize in unauthorized penetration of information systems. They attack systems for profit, fun, or political motivation or as part of a social cause. These penetration attacks often involve modifying and destroying data.

Question 49

Gray hats

Answer 49

As you might imagine, they are a mixture of black and white hacking. Gray hats may violate laws or ethical standards, but they do not have the malicious intent to harm a person or a system. They look for vulnerabilities in a system without the owner’s permission or knowledge. They may inform the owner that they have found vulnerabilities and will fix them for a small fee.

Question 50

Script kiddies

Answer 50

Inexperienced, usually young hackers who use programs that others have developed to attack computer and network systems and deface Web sites.

Question 51

White hats

Answer 51

Also known as ethical hackers, these are computer security experts who specialize in penetration testing and other testing methods to ensure that a company’s information systems are secure.