Chapter 3

Question 1

What is Cloud Computing

Answer 1

Software and Data services provided via the Internet

Question 2

Exploit

Answer 2

Attack on an information system that takes advantage of a system vulnerability

Question 3

Organizations that capture and report information about software vulnerabilities

Answer 3

Open Source Vulnerability Database (OSVDB), Computer Emergency Response Team (CERT), Common Vulnerabilities and Exposures (CVE)

Question 4

Types of Exploits

Answer 4

Virus, Worm, Trojan horse, distributed denial-of-service, rootkit, spam, phishing, spear-phishing, smishing, and vishing

Question 5

Virus

Answer 5

Piece of programming code, disguised as something else, that cause a computer to behave in an unexpected and usually undesirable manner.
Does not spread on it own.

Question 6

Macro Virus

Answer 6

Insert unwanted words, numbers, or phrases into documents.

Question 7

Worms

Answer 7

Program that resides in the active memory of the computer and duplicates itself.. Spread without Human intervention

Question 8

Trojan Horse

Answer 8

Program which harmful code is hidden inside a seemingly harmless program.

Question 9

Logic bomb

Answer 9

Type of Trojan Horse

Triggered by a specific event

Question 10

Distributed denial-of-service attack (DDoS)

Answer 10

Hacker takes over computers(uknowingly to owners of those computers) via the Internet and causes them to flood a target site with demands for data and small tasks

Question 11

Rootkits

Answer 11

set of programs that enables it user to gain administrator level access to a computer without the end user’s consent or knowledge.

Question 12

CAPTCHA

Answer 12

Completely Automated Public Turing Test to tell Computers And Humans Apart

Question 13

Phising

Answer 13

using email to try to get the recipient to reveal personal data

Question 14

Spear-phishing

Answer 14

Variation of phishing that target certain organization’s employee
Looks like the employee’s higher up

Question 15

Smishing

Answer 15

SMS texting variation of phishing

Question 16

Vishing

Answer 16

Voice mail version of phishing

Question 17

Hacker

Answer 17

Test limits of system and/or gain publicly

Question 18

Cracker

Answer 18

Cause problems, steal data, and corrupt systems

Question 19

Malicious Insider

Answer 19

Financial gain and/or disrupt company’s information systems and business operations.

Question 20

Cybercriminal

Answer 20

Gain financially

Question 21

Hacktivist

Answer 21

Promote political ideology

Question 22

Cyberterroritst

Answer 22

Destroy infrastructure components of financial institutions, utilities, and emergency response units

Question 23

lamers/Script kiddies

Answer 23

Technically inept hackers

Question 24

Steps to reduce potential for attack

Answer 24

Perform a thorough background check as well as psychological and drug testing of candidates for sensitive position
Establish an expectation of regular and ongoing psychological and drug testing as a normal routine for people in sensitive positions
Limit The number of people who can perform sensitive operation and grant only the minimum rights and privileges necessary to perform essential duties
Define job roles and procedures so that same person cannot initiate and approve an action.
Periodically rotate people in sensitive positions
Immediately revoke all rights and privileges necessary to perform essential duties when someone leaves a sensitive position
Implement an ongoing audit process

Question 25

Defense Advanced Research Projects Agency (DARPA)

Answer 25

exploring new ways to detect malicious insiders

Question 26

Negligent insiders

Answer 26

Poorly trained and inadequately managed employees who mean well but cause damage

Question 27

Competitive Intelligence

Answer 27

legally obtained information gathered using sources available

Question 28

USA Patriot Act

Answer 28

Defines cyber terrorism and penalties

Question 29

Identity Theft and Assumption Deterrence Act

Answer 29

Makes identity theft a Federal crime with 15 years imprisonment and a maximum fine of $250,000

Question 30

Fraud and Related Activity in Connection with Access Devices Statute

Answer 30

False claims regarding unauthorized use of credit cards

Question 31

Computer Fraud and Abuse Act

Answer 31

Accessing a computer without authorization or exceeding authorized access Transmitting a program, code, or command that causes harm to a computer Trafficking of Computer passwords Threatening to cause damage to a protected computer

Question 32

Stored Wire and Electronic Communications And Transactional Records Access Statutes

Answer 32

Unlawful access to stored communication to obtain, alter, or prevent authorized access to a wire or electronic communication while it is in electronic storage

Question 33

Trustworthy computing

Answer 33

method of computing that delivers secure, private and reliable computing experiences based on sound business practices

Question 34

Risk assessment

Answer 34

Assessing security related risks to an organization's computers and networks from both internal and external threats. ``` Identify assets Specify loss events Frequency of events Impact of events Options to mitigate Feasibility of options Cost/benefit analysis ```

Question 35

Security policy

Answer 35

identifies an organization's security requirements

Question 36

Virtual private network (VPN)

Answer 36

works by using the Internet to relay communications.

Question 37

Firewall

Answer 37

Any Internet traffic that is not explicitly permitted into the internal network is denied entry

Question 38

Intrusion prevention system (IPS)

Answer 38

block what you explicitly state

Question 39

Virus signature

Answer 39

presence of a specific virus

Question 40

Antivirus software

Answer 40

scan a computer's memory and disk drives regularly for viruses

Question 41

Critical infrastructures

Answer 41

Include telecommunications, energy, banking and finance, water, government operations, and emergency services

Question 42

Intrusion detection system (IDS)

Answer 42

software/hardware that monitors system and network resources and activities.

Question 43

Response

Answer 43

``` Incident Notification Protection of Evidence and Activity Logs Incident Containment Eradication Incident Follow-up ```

Question 44

Computer Forensics

Answer 44

discipline that combines elements of laws and identify, collect, examine, and preserve data from computer systems, networks and storage devices in a manner that preserves the integrity of data gathered so that it is admissible as evidence in a court of law.

Question 45

Laws governing the collection of evidence

Answer 45

Fourth Amendment Fifth Amendment Wiretap Act