Chapt 9 Flashcards
what type of bio-metric sensor is on newer mobile devices?
fingerprint scanner
when someone goes through the trash to obtain sensitive info, that is called ?
dumpster diving
asking users to reveal sensitive or personal info over the phone is referred to as ______ _______?
social engineering
looking at someone’s computer to see sensitive info they type in or display is called what?
shoulder surfing
a problem in the coding of software that is used by an attacker is called what?
exploit
malware that attaches itself to an executable program and does damage to your computer is called what?
virus
malware that self-replicates and carries a payload of other malware is called what?
worm
a program that appears to be beneficial but is actually malware is called what?
trojan horse
malware that tracks your internet activity and sells that info to marketers is called what?
spyware
malware that extorts those infected to pay a fee to remove the malware is called what?
ransomware
excessive, unwanted email is referred to as what?
spam
if you forget a password, what type of software can help you recover it?
password cracker
the three types of intellectual property protection are what?
copyright, trade mark, patents
a(n) _____ is used for intellectual property protection of a logo, word or words
trademark
a(n) ____ is used for intellectual property protection of a book or a song.
copyright
a(n) ______ is used for intellectual property protection of an invention.
patent
what are five examples of confidentiality concerns?
snooping, eavesdropping, wiretapping, social engineering, and dumpster diving
what are four examples of integrity concerns?
man in the middle, replay attack, impersonation, unauthorized information alteration
what are five examples of availability concerns?
denial of service, power outage, hardware failure, destruction, service outage
in information security, a(n) __________ concern is one that involves maintaining privacy of data.
confidentiality
in information security, a(n) _______ concern is one that involves ensuring the data in true and accurate.
integrity
in information security, a(n) _______ concern is one that involves ensuring the data is accessible when users need it
availability
requiring another form of identification in addition to a password in order to log in is know as what?
multi factor authentication
list examples of authentication factors.
password, pin, one-time password, software token, hardware token, bio-metrics, specific location, security questions
when a user types a password once and is given access to multiple systems, what is that called?
single sign on
what security concept asks the question, ‘who are you’?
authentication
what security concept determines what you can do on a network?
authorization
when assigning security permissions, always follow the _______ _______ model.
least privilege
when users are allowed to assign their own permissions, that is known as a _____ access control model.
discretionary
when users are assigned permissions based on job function and can’t be assigned permissions based on their user account, that is known as a _______ access control model.
role-based
which access control model uses security labels, classifications, and categories?
mandatory access control
which security concept is responsible for tracking user actions on a system?
accounting
which security concept ensures that users can’t deny that an event took place?
nonrepudiation
two ways to track user actions on a system are what?
logs and web browser history
what are four examples of non-repudiation factors?
video, bio-metrics, signature, receipt
needing to provide a password and present a smart card to log in is an example of __________ __________.
multifactor authentication
three types of info used in multi-factor authentication are what?
something you know, something you have, something you are
the ability to enter login information once and have it transfer to other systems is called what?
single sign on
you have been asked to lead a class on preventing social engineering. what two topics should you be sure to cover. choose two.
viruses and worms
shoulder surfing
hardware theft
phishing
shoulder surfing and phishing
what is the name of an app that appears to look like a helpful app but instead does harm to your computer?
worm, virus, trojan horse, malware
trojan horse
you recieve an email from your bank telling you that your account has been compromised and you need to validate your account details or else your account will be closed. you are supposed to click a link to validate your information. this is an example of?
phishing
security breach at the bank
spam
ransomware
phishing
which of the following security terms best describes the process of determining what a user can do with a resource?
accounting, authorization, authentication, nonrepudiation
authorization
your network’s security model requires that the admin configure permissions based on a user’s job within the company. what ‘access control’ does this describe?
discretionary, mandatory, rule-based, role-based
role based
which of the following can be used as an authentication factor and for nonrepudiation?
bio-metrics, one-time password, password, security question
biometrics
which of the following OS’s are susceptible to viruses?
win, mac, linux
win and mac
win
win, mac, linux, android
win, mac, linux, android
esther has just written a new book, and she wants to ensure that she owns the intellectual property. which type of protection should she get?
patent, copyright, digital product, trademark
copyright
which of the following are threats to data availability? choose two:
wiretapping, replay attack, service outage, destruction
service outage and destruction
to log into a network you must use a password and answer a security question. what is this an example of?
multifactor authentication, single sign on, authorization, nonrepudiation
multifactor authentication
you are implementing multi factor security on a computer. which of the following is not a valid factor?
hardware token, specific location, receipt, password
receipt
what is it called when a co-worker sitting next to you always seems to look your way when you try to enter your user id and password to log onto the network?
phishing, coincidence, shoulder surfing, social engineering
shoulder surfing
which of the following statements are true of social engineering? choose two:
a) the attacker attempts to acquire info about your network or system by public means
b) the attack may occur over the phone, by email or even in person.
c) the attacker goes through the dumpster to steal info
d) the attacker keeps an eye when someone enter their sensitive info or data
a) the attacker attempts to acquire info about your network or system by public means
b) the attack may occur over the phone, by email or even in person.
on a network, a user needs to access three different types of systems. however, they are required to enter their username and password only when they initially login. this is?
authentication, nonrepudiation, authorization, single sign on
single sign on
you are concerned about confidentiality of client records, which of the following should you be on the lookout for? choose two:
replay attack, social engineering, denial of service, eavesdropping
social engineering and eaves dropping
you have invented a toy, what type of intellectual protection should you get?
trademark, receipt, patent, copyright
patent
your manager is concerned about potential wiretapping on the wireless network. what type of concern is this?
authorization, integrity, confidentiality, availability
confidentiality
which of the following are activities that a hacker might attempt?
stealing usernames and passwords
modifying website content
disrupting network comms
analyzing network traffic
all of these
all
which of the following threats can directly impact data integrity on a network? choose two:
denial of service, impersonation, man in the middle, snooping
impersonation, man in the middle
a network admin wants to enable accounting on her network. which options should she use? choose two:
bio-metrics, web browser history, software tokens, transaction logs
web browser history, transaction logs
protect intellectual property that is a word or words or a symbol
trademark, copyright, or patent
trademark
protect intellectual property that is an original work of authorship
trademark, copyright, or patent
copyright
protect intellectual property that is an invention
trademark, copyright, or patent
patent
the attacker captures network traffic and then looks for key pieces of info.
eavesdropping, shoulder surfing, snooping, social engineering, phishing, wiretapping
snooping
the attacker simply listens (with ears) to a conversation to glean key info
eavesdropping, shoulder surfing, snooping, social engineering, phishing, wiretapping
eavesdropping
the attacker monitors the communication between two parties over network cables or wireless connections without authorization.
eavesdropping, shoulder surfing, snooping, social engineering, phishing, wiretapping
wiretapping
the attacker attempts to acquire info about your network or system by public means.
eavesdropping, shoulder surfing, snooping, social engineering, phishing, wiretapping
social engineering
the attacker uses info that the target would be less likely to question because it appears to be coming from a trusted source.
eavesdropping, shoulder surfing, snooping, social engineering, phishing, wiretapping
phishing
the attacker keeps an eye when someone enter their sensitive info or data
eavesdropping, shoulder surfing, snooping, social engineering, phishing, wiretapping
shoulder surfing
ensures that private data stays that way
integrity, availability, confidentiality
confidentiality
means that the data is accurate and consistent
integrity, availability, confidentiality
integrity
means that the data is accessible by the user.
integrity, availability, confidentiality
availability
intercepting data then sending the data back and forth as if nothing is wrong.
unauthorized info alteration
man in the middle attack
replay attack
impersonation
man in the middle attack
pretending to be something or someone that you are not to seek the information
unauthorized info alteration
man in the middle attack
replay attack
impersonation
impersonation
changing data within a database to damage the company
unauthorized info alteration
man in the middle attack
replay attack
impersonation
unauthorized info alteration
capturing information from a sender with the intent of using it later
unauthorized info alteration
man in the middle attack
replay attack
impersonation
replay attack
used to cause damage and or disruption to the system
virus, worm, adware, spyware, ransomware
virus
used to transmit malware to harm other computers
virus, worm, adware, spyware, ransomware
worm
used to display unwanted ads on a screen
virus, worm, adware, spyware, ransomware
adware
used to report on you computer and possibly steal data
virus, worm, adware, spyware, ransomware
spyware
used to extract payments from the infected user
virus, worm, adware, spyware, ransomware
ransomware
seeks to keep a record of who accessed what and when, and the actions they performed
accounting, authentication, authorization
accounting
provides assurance and verification about the identity of a user
accounting, authentication, authorization
authenication
determines certain level of access for each user on the basis of policies, rules and attributes
accounting, authentication, authorization
authorization
considered as a visual proof that no one can deny
video, bio-metrics, signature, receipt
video
requires a fingerprint or facial scan for system access
video, bio-metrics, signature, receipt
bio-metrics
authorizes a cheque or document that has been agreed by you
video, bio-metrics, signature, receipt
signature
considered as a digital or paper proof of any purchase transaction
video, bio-metrics, signature, receipt
receipt
_________ concerns include snooping, eavesdropping, wiretapping, social engineering and dumpster diving
confidentiality
_________ concerns include man in the middle attack, replay attack, impersonation and unauthorized info alteration
integrity
________ concerns include denial of service, service outages, power outages, hardware failure, and hardware destruction
availability
