Chapt 9 Flashcards

1
Q

what type of bio-metric sensor is on newer mobile devices?

A

fingerprint scanner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

when someone goes through the trash to obtain sensitive info, that is called ?

A

dumpster diving

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

asking users to reveal sensitive or personal info over the phone is referred to as ______ _______?

A

social engineering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

looking at someone’s computer to see sensitive info they type in or display is called what?

A

shoulder surfing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

a problem in the coding of software that is used by an attacker is called what?

A

exploit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

malware that attaches itself to an executable program and does damage to your computer is called what?

A

virus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

malware that self-replicates and carries a payload of other malware is called what?

A

worm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

a program that appears to be beneficial but is actually malware is called what?

A

trojan horse

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

malware that tracks your internet activity and sells that info to marketers is called what?

A

spyware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

malware that extorts those infected to pay a fee to remove the malware is called what?

A

ransomware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

excessive, unwanted email is referred to as what?

A

spam

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

if you forget a password, what type of software can help you recover it?

A

password cracker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

the three types of intellectual property protection are what?

A

copyright, trade mark, patents

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

a(n) _____ is used for intellectual property protection of a logo, word or words

A

trademark

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

a(n) ____ is used for intellectual property protection of a book or a song.

A

copyright

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

a(n) ______ is used for intellectual property protection of an invention.

A

patent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

what are five examples of confidentiality concerns?

A

snooping, eavesdropping, wiretapping, social engineering, and dumpster diving

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

what are four examples of integrity concerns?

A

man in the middle, replay attack, impersonation, unauthorized information alteration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

what are five examples of availability concerns?

A

denial of service, power outage, hardware failure, destruction, service outage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

in information security, a(n) __________ concern is one that involves maintaining privacy of data.

A

confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

in information security, a(n) _______ concern is one that involves ensuring the data in true and accurate.

A

integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

in information security, a(n) _______ concern is one that involves ensuring the data is accessible when users need it

A

availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

requiring another form of identification in addition to a password in order to log in is know as what?

A

multi factor authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

list examples of authentication factors.

A

password, pin, one-time password, software token, hardware token, bio-metrics, specific location, security questions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
when a user types a password once and is given access to multiple systems, what is that called?
single sign on
26
what security concept asks the question, 'who are you'?
authentication
27
what security concept determines what you can do on a network?
authorization
28
when assigning security permissions, always follow the _______ _______ model.
least privilege
29
when users are allowed to assign their own permissions, that is known as a _____ access control model.
discretionary
30
when users are assigned permissions based on job function and can't be assigned permissions based on their user account, that is known as a _______ access control model.
role-based
31
which access control model uses security labels, classifications, and categories?
mandatory access control
32
which security concept is responsible for tracking user actions on a system?
accounting
33
which security concept ensures that users can't deny that an event took place?
nonrepudiation
34
two ways to track user actions on a system are what?
logs and web browser history
35
what are four examples of non-repudiation factors?
video, bio-metrics, signature, receipt
36
needing to provide a password and present a smart card to log in is an example of __________ __________.
multifactor authentication
37
three types of info used in multi-factor authentication are what?
something you know, something you have, something you are
38
the ability to enter login information once and have it transfer to other systems is called what?
single sign on
39
you have been asked to lead a class on preventing social engineering. what two topics should you be sure to cover. choose two. viruses and worms shoulder surfing hardware theft phishing
shoulder surfing and phishing
40
what is the name of an app that appears to look like a helpful app but instead does harm to your computer? worm, virus, trojan horse, malware
trojan horse
41
you recieve an email from your bank telling you that your account has been compromised and you need to validate your account details or else your account will be closed. you are supposed to click a link to validate your information. this is an example of? phishing security breach at the bank spam ransomware
phishing
42
which of the following security terms best describes the process of determining what a user can do with a resource? accounting, authorization, authentication, nonrepudiation
authorization
43
your network's security model requires that the admin configure permissions based on a user's job within the company. what 'access control' does this describe? discretionary, mandatory, rule-based, role-based
role based
44
which of the following can be used as an authentication factor and for nonrepudiation? bio-metrics, one-time password, password, security question
biometrics
45
which of the following OS's are susceptible to viruses? win, mac, linux win and mac win win, mac, linux, android
win, mac, linux, android
46
esther has just written a new book, and she wants to ensure that she owns the intellectual property. which type of protection should she get? patent, copyright, digital product, trademark
copyright
47
which of the following are threats to data availability? choose two: wiretapping, replay attack, service outage, destruction
service outage and destruction
48
to log into a network you must use a password and answer a security question. what is this an example of? multifactor authentication, single sign on, authorization, nonrepudiation
multifactor authentication
49
you are implementing multi factor security on a computer. which of the following is not a valid factor? hardware token, specific location, receipt, password
receipt
50
what is it called when a co-worker sitting next to you always seems to look your way when you try to enter your user id and password to log onto the network? phishing, coincidence, shoulder surfing, social engineering
shoulder surfing
51
which of the following statements are true of social engineering? choose two: a) the attacker attempts to acquire info about your network or system by public means b) the attack may occur over the phone, by email or even in person. c) the attacker goes through the dumpster to steal info d) the attacker keeps an eye when someone enter their sensitive info or data
a) the attacker attempts to acquire info about your network or system by public means b) the attack may occur over the phone, by email or even in person.
52
on a network, a user needs to access three different types of systems. however, they are required to enter their username and password only when they initially login. this is? authentication, nonrepudiation, authorization, single sign on
single sign on
53
you are concerned about confidentiality of client records, which of the following should you be on the lookout for? choose two: replay attack, social engineering, denial of service, eavesdropping
social engineering and eaves dropping
54
you have invented a toy, what type of intellectual protection should you get? trademark, receipt, patent, copyright
patent
55
your manager is concerned about potential wiretapping on the wireless network. what type of concern is this? authorization, integrity, confidentiality, availability
confidentiality
56
which of the following are activities that a hacker might attempt? stealing usernames and passwords modifying website content disrupting network comms analyzing network traffic all of these
all
57
which of the following threats can directly impact data integrity on a network? choose two: denial of service, impersonation, man in the middle, snooping
impersonation, man in the middle
58
a network admin wants to enable accounting on her network. which options should she use? choose two: bio-metrics, web browser history, software tokens, transaction logs
web browser history, transaction logs
59
protect intellectual property that is a word or words or a symbol trademark, copyright, or patent
trademark
60
protect intellectual property that is an original work of authorship trademark, copyright, or patent
copyright
61
protect intellectual property that is an invention trademark, copyright, or patent
patent
62
the attacker captures network traffic and then looks for key pieces of info. eavesdropping, shoulder surfing, snooping, social engineering, phishing, wiretapping
snooping
63
the attacker simply listens (with ears) to a conversation to glean key info eavesdropping, shoulder surfing, snooping, social engineering, phishing, wiretapping
eavesdropping
64
the attacker monitors the communication between two parties over network cables or wireless connections without authorization. eavesdropping, shoulder surfing, snooping, social engineering, phishing, wiretapping
wiretapping
65
the attacker attempts to acquire info about your network or system by public means. eavesdropping, shoulder surfing, snooping, social engineering, phishing, wiretapping
social engineering
66
the attacker uses info that the target would be less likely to question because it appears to be coming from a trusted source. eavesdropping, shoulder surfing, snooping, social engineering, phishing, wiretapping
phishing
67
the attacker keeps an eye when someone enter their sensitive info or data eavesdropping, shoulder surfing, snooping, social engineering, phishing, wiretapping
shoulder surfing
68
ensures that private data stays that way integrity, availability, confidentiality
confidentiality
69
means that the data is accurate and consistent integrity, availability, confidentiality
integrity
70
means that the data is accessible by the user. integrity, availability, confidentiality
availability
71
intercepting data then sending the data back and forth as if nothing is wrong. unauthorized info alteration man in the middle attack replay attack impersonation
man in the middle attack
72
pretending to be something or someone that you are not to seek the information unauthorized info alteration man in the middle attack replay attack impersonation
impersonation
73
changing data within a database to damage the company unauthorized info alteration man in the middle attack replay attack impersonation
unauthorized info alteration
74
capturing information from a sender with the intent of using it later unauthorized info alteration man in the middle attack replay attack impersonation
replay attack
75
used to cause damage and or disruption to the system virus, worm, adware, spyware, ransomware
virus
76
used to transmit malware to harm other computers virus, worm, adware, spyware, ransomware
worm
77
used to display unwanted ads on a screen virus, worm, adware, spyware, ransomware
adware
78
used to report on you computer and possibly steal data virus, worm, adware, spyware, ransomware
spyware
79
used to extract payments from the infected user virus, worm, adware, spyware, ransomware
ransomware
80
seeks to keep a record of who accessed what and when, and the actions they performed accounting, authentication, authorization
accounting
81
provides assurance and verification about the identity of a user accounting, authentication, authorization
authenication
82
determines certain level of access for each user on the basis of policies, rules and attributes accounting, authentication, authorization
authorization
83
considered as a visual proof that no one can deny video, bio-metrics, signature, receipt
video
84
requires a fingerprint or facial scan for system access video, bio-metrics, signature, receipt
bio-metrics
85
authorizes a cheque or document that has been agreed by you video, bio-metrics, signature, receipt
signature
86
considered as a digital or paper proof of any purchase transaction video, bio-metrics, signature, receipt
receipt
87
_________ concerns include snooping, eavesdropping, wiretapping, social engineering and dumpster diving
confidentiality
88
_________ concerns include man in the middle attack, replay attack, impersonation and unauthorized info alteration
integrity
89
________ concerns include denial of service, service outages, power outages, hardware failure, and hardware destruction
availability