Chapter 1

Question 1

threat environment

Answer 1

consists of the types of attackers and attacks that companies face

Question 2

confidentiality

Answer 2

people cannot read sensitive information, either while its on a computer or traveling across a network

Question 3

integrity

Answer 3

attackers can’t change/destroy info, either while on a computer or traveling across a network

Question 4

availability

Answer 4

the people who are authorized to use info aren’t prevented from doing so

Question 5

compromises

Answer 5

successful attacks

Question 6

countermeasures

Answer 6

tools used to thwart attacks

Question 7

3 types of countermeasures

Answer 7

preventative
detective
corrective

Question 8

SQL injection

Answer 8

an attack that involves sending modified SQL statements to a web application that will modify a database

Question 9

unexpected input

Answer 9

what attackers can send through their web browser which can enable them to read from, write to, and even delete entire databases

Question 10

employees/ex-employees are dangerous because

Answer 10

they have knowledge of internal systems, permission to access systems, how to avoid detection, and are trusted

Question 11

employee sabotage

Answer 11

destruction of hardware, software, or data

Question 12

employee hacking

Answer 12

intentionally accessing a computer resource without authorization or in excess of authorization

Question 13

employee financial theft

Answer 13

misappropriation of assets; theft of money

Question 14

employee theft of intellectual property

Answer 14

copyright and patents

Question 15

employee extortion

Answer 15

perpetrator tries to obtain money or other goods by threatening to take actions that would be against the victim’s interest

Question 16

carelessness

Answer 16

loss or theft of computers or data media containing sensitive information

Question 17

malware

Answer 17

a generic name for any evil software

Question 18

virus

Answer 18

program that attaches itself to legitimate programs on the victim’s machine

Question 19

worms

Answer 19

full programs that do not attach themselves to other programs

Question 20

blended threats

Answer 20

malware propagates in several ways– like worms, viruses, etc.

Question 21

payloads

Answer 21

pieces of code that do damage

Question 22

nonmobile malware

Answer 22

must be placed on the user’s computer through one of a growing number of attack techniques

Question 23

trojan horse

Answer 23

program that replaces an existing system file, taking its name

Question 24

remote access trojans

Answer 24

remotely control the victim’s PC

Question 25

downloaders

Answer 25

small trojan horses that download the larger trojan horses after the downloader is installed

Question 26

spyware

Answer 26

programs that gather info about you and make it available to the adversary

Question 27

rootkits

Answer 27

take control of the super user account, difficult to detect

Question 28

mobile code

Answer 28

executable code on a webpage (automatically when the webpage is downloaded)

Question 29

social engineering

Answer 29

attempting to trick users into doing something that goes against security policies

Question 30

traditional hackers

Answer 30

motivated by the thrill, validation of skills, and sense of power

Question 31

first thing to do in a hack

Answer 31

reconnaissance probes

Question 32

reconnaissance probes

Answer 32

IP address scans to identify possible victims and the port scans to learn which services are open on each potential victim host

Question 33

the exploit of a hack

Answer 33

this is the specific hack method the attacker is using

Question 34

chain of attack computers

Answer 34

the attacker attacks through a chain of victim computers

Question 35

social engineering focuses on what kind of weakness?

Answer 35

human weakness

Question 36

Denial-of-Service (DoS) attack

Answer 36

make a server or entire network unavailable to its users and typically sends a flood of attack messages to the victim

Question 37

expert attackers create hacker _____ to automate some of their work

Answer 37

scripts

Question 38

Script ______ use scripts to make attacks

Answer 38

kiddies

Question 39

today most attackers are career criminals with

Answer 39

traditional criminal motives

Question 40

fraud

Answer 40

the attacker deceives the victim into doing something against the victim’s financial self-interst

Question 41

extortion

Answer 41

threaten a DoS attack or threaten to release stolen info unless the victim pays the attacker

Question 42

identity theft

Answer 42

stealing enough info to represent a victim in large transactions

Question 43

corporate identity theft

Answer 43

stealing the identity of an entire corporation

Question 44

commercial espionage

Answer 44

attacks on confidentiality and public info gathering

Question 45

DoS attacks by competitors

Answer 45

attacks of availability

Question 46

attacks by national govts are

Answer 46

cyberwar

Question 47

attacks by organized terrorists are

Answer 47

cyberterror

Question 48

cyberwar

Answer 48

computer-based attacks by national govts

Question 49

cyberterror

Answer 49

attacks by terrorists or terrorist groups that use the internet to attack IT resources directly