Ch. 3

Question 1

smishing

Answer 1

another variation of phishing that involves the use of texting

Question 2

vishing

Answer 2

similar to smishing except that the victims receive a voice-mail message telling them to call a phone number or access a website

Question 3

cyberterrorism

Answer 3

intimidation of government or civilian population by using information technology to disable critical national infrastructure

Question 4

CIA Triad

Answer 4

Confidentiality, integrity, and availability

Question 5

reasonable assurance (in connection with IT security)

Answer 5

recognizes that managers must use their judgment to ensure that the cost of control does not exceed the system’s benefits or the risks involved.

Question 6

key elements of the network security layer

Answer 6

Authentication methods, a firewall, routers, encryption, proxy servers, VPN, and an IDS

Question 7

key elements of the application security layer

Answer 7

Authentication methods, user roles and accounts, and data encryption

Question 8

key elements of the end-user security layer

Answer 8

Security education, authentication methods, antivirus software, and data encryption

Question 9

What actions must be taken in the event of a successful security intrusion

Answer 9

The response plan should address notification, evidence protection, activity log maintenance, containment, eradication, and follow-up

Question 10

blended threat

Answer 10

sophisticated threat that combines the features of a virus, worm, Trojan horse, and other malicious code into a single payload.

Question 11

managed security service provider (MSSP)

Answer 11

company that monitors, manages, and maintains computer and network security for other organizations.