Chapter 10

Question 1

sources of threats

Answer 1

human error
computer crime
natural disaster

Question 2

types of security loss

Answer 2

unauthorized data disclosure
incorrect data modification
faulty service
denial of service
loss of infrastructure

Question 3

unauthorized data disclosure

Answer 3

when a threat obtains data that is supposed to be protected

Question 4

pretexting

Answer 4

when someone deceives by pretending to be someone else

Question 5

phishing

Answer 5

used for obtaining unauthorized data by using pretexting through email

Question 6

spoofing

Answer 6

same as pretexing

Question 7

IP spoofing

Answer 7

an intruder uses another site’s IP address as a disguise

Question 8

sniffing

Answer 8

intercepting computer communications

Question 9

wardrivers

Answer 9

take computers with wireless connections through an area and search for unprotected networks

Question 10

faulty service

Answer 10

problems that result from incorrect system operations

Question 11

usurpation

Answer 11

when computer criminals invade a computer system and replace legitimate programs with their own

Question 12

unauthorized data disclosure (example)

Answer 12

if a professor were to release students names and grades to the public, which is illegal

Question 13

incorrect data modification (example)

Answer 13

if an employee incorrectly increases a sales discount for a customer
an employee’s salary is incorrectly modified

Question 14

faulty service (example)

Answer 14

if a person incorrectly preforms a task like putting the wrong box of cereal on the shelf
if a system developer were to incorrectly write programs

Question 15

denial of service (example)

Answer 15

if a person inadvertently shuts down a Web server

Question 16

loss of infrastructure (example)

Answer 16

a bulldozer cutting a conduit of fiber-optic cables and a floor buffer crashing into a rack of web servers

Question 17

intrusion detection system (IDS)

Answer 17

a computer program that senses when another computer is attempting to scan or access a computer or network

Question 18

brute force attack

Answer 18

a password cracker tries every possible combination of characters

Question 19

encryption

Answer 19

the process or transferring clear text into coded, unintelligible text for secure storage or communication

Question 20

key

Answer 20

a number used to encrypt the data

Question 21

symmetric encryption

Answer 21

the same key used to encode and decode

Question 22

asymmetric encryption

Answer 22

two keys used to encode and decode

Question 23

public key encryption

Answer 23

each site has a public key for encoding messages and a private key for decoding them

Question 24

Secure Sockets Layer

Answer 24

combination of public key and encryption and symmetric encryption

Question 25

firewall

Answer 25

computing device that prevents unauthorized network access

Question 26

packet-filtering firewall

Answer 26

examines each part of a message and determines whether to let that part pass

Question 27

malware

Answer 27

a broad category of software that includes viruses, spyware, and adware

Question 28

payload

Answer 28

can delete programs or data

Question 29

Trojan horses

Answer 29

viruses that masquerade as useful programs or files

Question 30

worm

Answer 30

a virus that self-propagates using the internet or other computer network

Question 31

spyware

Answer 31

programs installed on the user’s computer without the user’s knowledge or permission

Question 32

adware

Answer 32

similar to spyware but resides in the background and observes user behavior

Question 33

malware safeguards

Answer 33

antivirus programs
antimalware programs
open email attachments from known sources

Question 34

key escrow

Answer 34

when data are encrypted, a trusted party should have a copy of the encryption key

Question 35

three systems procedures

Answer 35

normal operation
backup
recovery

Question 36

honeypots

Answer 36

false targets for computer criminals to attack