Chapter 4: People Authentication and Authorization

Question 1

Social Engineering

Answer 1

How hackers trick people into revealing access credentials or other valuable information.

Question 2

Dumpster Diving

Answer 2

Looking through people’s trash to obtain information.

Question 3

Pretexting

Answer 3

Form of social engineering in which one individual lies to obtain confidential data about another individual. Ex. CRA scam

Question 4

Information Security Policies

Answer 4

Identifies the rules required to maintain information security.

Question 5

Information Secrecy

Answer 5

Category of computer security that addresses the protection of data from unauthorized disclosure and confirmation of data source authenticity.

Question 6

Phishing

Answer 6

A technique to gain personal information for the purpose of identity theft, usually by means of fraudulent email.

Question 7

Pharming

Answer 7

Reroutes requests for legitimate websites to false websites.

Question 8

Zombie

Answer 8

A program that secretly takes over another computer for the purpose of launching attacks.

Question 9

Authentication

Answer 9

A method for confirming users’ identities.

Question 10

Authorization

Answer 10

The process of providing a user with permission, including access levels and abilities.

Question 11

Categories for authentication and authorization

Answer 11

1) Something the user knows, such as user ID and password.
2) Something the user has, such as a smart card or token.
3) Something that is part of the user, such as a fingerprint or voice signature.