Chapt 9 Flashcards by Christopher Laczko

what type of bio-metric sensor is on newer mobile devices?

fingerprint scanner

How well did you know this?

Not at all

Perfectly

when someone goes through the trash to obtain sensitive info, that is called ?

dumpster diving

How well did you know this?

Not at all

Perfectly

asking users to reveal sensitive or personal info over the phone is referred to as ______ _______?

social engineering

How well did you know this?

Not at all

Perfectly

looking at someone’s computer to see sensitive info they type in or display is called what?

shoulder surfing

How well did you know this?

Not at all

Perfectly

a problem in the coding of software that is used by an attacker is called what?

exploit

How well did you know this?

Not at all

Perfectly

malware that attaches itself to an executable program and does damage to your computer is called what?

virus

How well did you know this?

Not at all

Perfectly

malware that self-replicates and carries a payload of other malware is called what?

worm

How well did you know this?

Not at all

Perfectly

a program that appears to be beneficial but is actually malware is called what?

trojan horse

How well did you know this?

Not at all

Perfectly

malware that tracks your internet activity and sells that info to marketers is called what?

spyware

How well did you know this?

Not at all

Perfectly

malware that extorts those infected to pay a fee to remove the malware is called what?

ransomware

How well did you know this?

Not at all

Perfectly

excessive, unwanted email is referred to as what?

spam

How well did you know this?

Not at all

Perfectly

if you forget a password, what type of software can help you recover it?

password cracker

How well did you know this?

Not at all

Perfectly

the three types of intellectual property protection are what?

How well did you know this?

Not at all

Perfectly

a(n) _____ is used for intellectual property protection of a logo, word or words

trademark

How well did you know this?

Not at all

Perfectly

a(n) ____ is used for intellectual property protection of a book or a song.

How well did you know this?

Not at all

Perfectly

a(n) ______ is used for intellectual property protection of an invention.

patent

How well did you know this?

Not at all

Perfectly

what are five examples of confidentiality concerns?

snooping, eavesdropping, wiretapping, social engineering, and dumpster diving

How well did you know this?

Not at all

Perfectly

what are four examples of integrity concerns?

man in the middle, replay attack, impersonation, unauthorized information alteration

How well did you know this?

Not at all

Perfectly

what are five examples of availability concerns?

denial of service, power outage, hardware failure, destruction, service outage

How well did you know this?

Not at all

Perfectly

in information security, a(n) __________ concern is one that involves maintaining privacy of data.

confidentiality

How well did you know this?

Not at all

Perfectly

in information security, a(n) _______ concern is one that involves ensuring the data in true and accurate.

integrity

How well did you know this?

Not at all

Perfectly

in information security, a(n) _______ concern is one that involves ensuring the data is accessible when users need it

availability

How well did you know this?

Not at all

Perfectly

requiring another form of identification in addition to a password in order to log in is know as what?

multi factor authentication

How well did you know this?

Not at all

Perfectly

list examples of authentication factors.

password, pin, one-time password, software token, hardware token, bio-metrics, specific location, security questions

How well did you know this?

Not at all

Perfectly

when a user types a password once and is given access to multiple systems, what is that called?

single sign on

what security concept asks the question, 'who are you'?

authentication

what security concept determines what you can do on a network?

authorization

when assigning security permissions, always follow the _______ _______ model.

least privilege

when users are allowed to assign their own permissions, that is known as a _____ access control model.

discretionary

when users are assigned permissions based on job function and can't be assigned permissions based on their user account, that is known as a _______ access control model.

role-based

which access control model uses security labels, classifications, and categories?

mandatory access control

which security concept is responsible for tracking user actions on a system?

accounting

which security concept ensures that users can't deny that an event took place?

nonrepudiation

two ways to track user actions on a system are what?

logs and web browser history

what are four examples of non-repudiation factors?

video, bio-metrics, signature, receipt

needing to provide a password and present a smart card to log in is an example of __________ __________.

multifactor authentication

three types of info used in multi-factor authentication are what?

something you know, something you have, something you are

the ability to enter login information once and have it transfer to other systems is called what?

single sign on

you have been asked to lead a class on preventing social engineering. what two topics should you be sure to cover. choose two. viruses and worms shoulder surfing hardware theft phishing

shoulder surfing and phishing

what is the name of an app that appears to look like a helpful app but instead does harm to your computer? worm, virus, trojan horse, malware

trojan horse

you recieve an email from your bank telling you that your account has been compromised and you need to validate your account details or else your account will be closed. you are supposed to click a link to validate your information. this is an example of? phishing security breach at the bank spam ransomware

phishing

which of the following security terms best describes the process of determining what a user can do with a resource? accounting, authorization, authentication, nonrepudiation

authorization

your network's security model requires that the admin configure permissions based on a user's job within the company. what 'access control' does this describe? discretionary, mandatory, rule-based, role-based

role based

which of the following can be used as an authentication factor and for nonrepudiation? bio-metrics, one-time password, password, security question

biometrics

which of the following OS's are susceptible to viruses? win, mac, linux win and mac win win, mac, linux, android

win, mac, linux, android

esther has just written a new book, and she wants to ensure that she owns the intellectual property. which type of protection should she get? patent, copyright, digital product, trademark

which of the following are threats to data availability? choose two: wiretapping, replay attack, service outage, destruction

service outage and destruction

to log into a network you must use a password and answer a security question. what is this an example of? multifactor authentication, single sign on, authorization, nonrepudiation

multifactor authentication

you are implementing multi factor security on a computer. which of the following is not a valid factor? hardware token, specific location, receipt, password

receipt

what is it called when a co-worker sitting next to you always seems to look your way when you try to enter your user id and password to log onto the network? phishing, coincidence, shoulder surfing, social engineering

shoulder surfing

which of the following statements are true of social engineering? choose two: a) the attacker attempts to acquire info about your network or system by public means b) the attack may occur over the phone, by email or even in person. c) the attacker goes through the dumpster to steal info d) the attacker keeps an eye when someone enter their sensitive info or data

a) the attacker attempts to acquire info about your network or system by public means b) the attack may occur over the phone, by email or even in person.

on a network, a user needs to access three different types of systems. however, they are required to enter their username and password only when they initially login. this is? authentication, nonrepudiation, authorization, single sign on

single sign on

you are concerned about confidentiality of client records, which of the following should you be on the lookout for? choose two: replay attack, social engineering, denial of service, eavesdropping

social engineering and eaves dropping

you have invented a toy, what type of intellectual protection should you get? trademark, receipt, patent, copyright

patent

your manager is concerned about potential wiretapping on the wireless network. what type of concern is this? authorization, integrity, confidentiality, availability

confidentiality

which of the following are activities that a hacker might attempt? stealing usernames and passwords modifying website content disrupting network comms analyzing network traffic all of these

all

which of the following threats can directly impact data integrity on a network? choose two: denial of service, impersonation, man in the middle, snooping

impersonation, man in the middle

a network admin wants to enable accounting on her network. which options should she use? choose two: bio-metrics, web browser history, software tokens, transaction logs

web browser history, transaction logs

protect intellectual property that is a word or words or a symbol trademark, copyright, or patent

trademark

protect intellectual property that is an original work of authorship trademark, copyright, or patent

protect intellectual property that is an invention trademark, copyright, or patent

patent

the attacker captures network traffic and then looks for key pieces of info. eavesdropping, shoulder surfing, snooping, social engineering, phishing, wiretapping

snooping

the attacker simply listens (with ears) to a conversation to glean key info eavesdropping, shoulder surfing, snooping, social engineering, phishing, wiretapping

eavesdropping

the attacker monitors the communication between two parties over network cables or wireless connections without authorization. eavesdropping, shoulder surfing, snooping, social engineering, phishing, wiretapping

wiretapping

the attacker attempts to acquire info about your network or system by public means. eavesdropping, shoulder surfing, snooping, social engineering, phishing, wiretapping

social engineering

the attacker uses info that the target would be less likely to question because it appears to be coming from a trusted source. eavesdropping, shoulder surfing, snooping, social engineering, phishing, wiretapping

phishing

the attacker keeps an eye when someone enter their sensitive info or data eavesdropping, shoulder surfing, snooping, social engineering, phishing, wiretapping

shoulder surfing

ensures that private data stays that way integrity, availability, confidentiality

confidentiality

means that the data is accurate and consistent integrity, availability, confidentiality

integrity

means that the data is accessible by the user. integrity, availability, confidentiality

availability

intercepting data then sending the data back and forth as if nothing is wrong. unauthorized info alteration man in the middle attack replay attack impersonation

man in the middle attack

pretending to be something or someone that you are not to seek the information unauthorized info alteration man in the middle attack replay attack impersonation

impersonation

changing data within a database to damage the company unauthorized info alteration man in the middle attack replay attack impersonation

unauthorized info alteration

capturing information from a sender with the intent of using it later unauthorized info alteration man in the middle attack replay attack impersonation

replay attack

used to cause damage and or disruption to the system virus, worm, adware, spyware, ransomware

virus

used to transmit malware to harm other computers virus, worm, adware, spyware, ransomware

worm

used to display unwanted ads on a screen virus, worm, adware, spyware, ransomware

adware

used to report on you computer and possibly steal data virus, worm, adware, spyware, ransomware

spyware

used to extract payments from the infected user virus, worm, adware, spyware, ransomware

ransomware

seeks to keep a record of who accessed what and when, and the actions they performed accounting, authentication, authorization

accounting

provides assurance and verification about the identity of a user accounting, authentication, authorization

authenication

determines certain level of access for each user on the basis of policies, rules and attributes accounting, authentication, authorization

authorization

considered as a visual proof that no one can deny video, bio-metrics, signature, receipt

video

requires a fingerprint or facial scan for system access video, bio-metrics, signature, receipt

bio-metrics

authorizes a cheque or document that has been agreed by you video, bio-metrics, signature, receipt

signature

considered as a digital or paper proof of any purchase transaction video, bio-metrics, signature, receipt

receipt

_________ concerns include snooping, eavesdropping, wiretapping, social engineering and dumpster diving

confidentiality

_________ concerns include man in the middle attack, replay attack, impersonation and unauthorized info alteration

integrity

________ concerns include denial of service, service outages, power outages, hardware failure, and hardware destruction

availability