CH11 Flashcards
What is a person doing when searching trash for useful information?
Dumpster Diving
Edward loiters at the local cafe, taking notes on what people type on their computers, especially at the login screens. What kind of theft does he practice?
Shoulder Surfing
Disabling the Bluetooth adapter on a Laptop when it is not in use is an example of?
Device Hardening
Which of the following can prevent people from snooping on a device that you leave unattended for several minutes?
A. Configuring a Lock-Out-Time
B. Shoulder Surfing
C. Using a Strong Password
D. Disabling WiFi
A. Configuring a Lock-Out-Time
After you have recognized that there is a Virus on your PC, what is the next step to removing the virus?
Quarantine
How can you defend against malware delivered by email?
A. Delete old messages regularly.
B. Don’t Open attachments from unknown senders.
C. Only use the preview window.
D. Only use Mozilla Thunderbird
B. Don’t Open attachments from unknown senders.
Which type of file tracks your activities on the Internet?
A. Spam
B. Java
C. Pop-Up
D. Cookie
D. Cookie
Which of the following might you want to disable to protect your privacy?
A. Autofill Forms
B. Hyperlinks
C. Certificates
D. InPrivate Browsing
A. Autofill Forms
Which type of malware tries to get you to pay a Fee to decrypt your own files?
Ransomware
What indicates that you’ve browsed to a secure web page? (Choose Two)
A. The web address starts with HTTP://
B. The web address starts with HTTPS://
C. A Small Lock appears in the browser.
D. A Small Key appears in the browser.
B. The Web address starts with HTTPS://
C. A Small Lock appears in the browser.
an Attacker?
Threats to your security, privacy, and computer lurk around every corner. Through your device, a malicious person or automated malware can gain valuable information about you. An attacker can steal your files, monitor your web usage, encrypt your data files, or run programs that log your keystrokes to pilfer account names and passwords, credit card information, and much much more. An attacker could even run software that takes over your computer to send spam or steal from others. Viruses and other malicious software can sneak into your system and destroy your data from anywhere in the world.
Local Security Threats?
A Local Security threat originates from your local environment. A disgruntled employee might try to access private salary data or delete the customer database on the company network, or someone might steal the receptionist’s laptop when he/she steps away for a moment. Many people overlook threats from inside the building.
Authorized/Unauthorized Access?
Successful authentication, users can then be Authorized to access network resources for which they have been granted permissions.
Unauthorized Access occurs when a person accesses resources (such as data, applications, and hardware) without permission. A user can alter or delete data, access sensitive information, such as financial data, personnel files, or email messages, or use a computer for purposes the owner did not intend. Not all Unauthorized Access is malicious.
Password Cracking?
Most common way of gaining unauthorized access is to obtain a password that you aren’t authorized to have. Cracking is more than just random guessing, it’s a disciplined technique for obtaining a password through rapid-fire trial and error, often by employing password cracking software. Password crackers who know something about the owner of the password can further target their guessing by including names and words that would be meaningful, like the name of a spouse or family pet, or a birthday or an anniversary date. Strong passwords should be used to make it more difficult for password cracking programs to acquire your password.
Dumpster Diving?
Is the generic term for anytime an attack goes through your refuse, looking for information. To prevent this threat, shred sensitive information using a proper shredder.
Shoulder Surfing?
Another type of theft to worry about when computing in public is theft of your passwords. Shoulder Surfing is when people spy on you from behind, watching what you type. The act of trying to memorize the keys you type/press.
Unauthorized WiFi Usage?
Failing to secure a wireless router means unauthorized users can join the network. If a PC on the network has File and Printer Sharing enabled, an intruder could potentially read and even modify or destroy the user’s files. Even if all of your individual systems are locked down, an attacker could use your network to commit fraud, attack other networks, or engage in piracy and other illegal activities that could be traced back to you. Best defense against unauthorized WiFi use is to implement wireless encryption methods such as WPA2.
Data Destruction?
Unauthorized Modifying or Deleting Files or changing of system settings.
Theft?
Thieves steal whatever you don’t have locked down, either physically or electronically.
Malware?
Malicious software written to do something unwelcome to your computer. Malware takes many forms.
Physical Security options?
Access Control - The act of keeping people who shouldn’t have access away from the actual hardware.
Device Hardening - The practice of device hardening means to make the device as difficult as possible to compromise by changing hardware and software settings. Also known as Reducing the Attack Surface.
Device Hardening tips?
Disable Unused Wireless Features - Such as WiFi, Bluetooth, and NFC. You can easily reenable them when you want to use them and keeping them turned OFF during downtimes ensures that nobody can gain access to your device through them without your permission.
Setup Lockout Times - So that the Lock Screen appears after a certain period of idleness, a password or PIN must be entered to get back in. This prevents someone from snooping around your device if you leave it unattended.
Enable Security Features - Each OS has different security features that you can optionally enable to increase security. Windows has Windows Defender for malware, and Windows Firewall for Network Attacks. Some smartphones have fingerprint recognition and enhanced passcodes. Applying firmware and software updates not only introduces new fe4atures in some cases but also sometimes fixes security problems.
Encryption - If your device uses a file system and a OS version that supports encrypting files on the hard drive, do so for all files containing sensitive data. That way even if your hard drive is stolen, nobody can view the files without signing in with your credentials.
User Account Types (Windows)?
Administrator Account - Has Full Permissions
Standard Account - Can only make changes affecting the one account. Standard Accounts can’t easily affect other accounts.
Guest Account - Can only run a few applications, such as Web Browser, and can’t change anything. (Microsoft Removed Guest Accounts from Windows 10)
Authenticating Users Options?
Username and Password
PINs
Hardware Token such as a Keyfob.
Software Token, similar to a hardware token except it is an app.
Biometric; fingerprints, voice scans, retinal scans, facial scans.
Location-Based, using GPS coordinates or IP address prefixes, a user must be in a specific geographical region to successfully authenticate.