Chapter 9

Question 1

What is Intellectual property?

Answer 1

Exclusive rights to sell an idea or product for a fair period of time.

Question 2

What are the 3 ways to protect intellectual property?

Answer 2

Trademarks
Copyright
Patents

Question 3

What is a Trademark?

Answer 3

Word, words or symbols that are legally registered as representing a company or a product.

Question 4

Give an example of a Trademark

Answer 4

Just Do It

Question 5

What are the symbols of a Trademark?

Answer 5

TM
(R)
SM

Question 6

What is the symbol for Copyright?

Answer 6

(c)

Question 7

What does Copyright do?

Answer 7

Protects the company brand.

Protects original works or authorship

Question 8

What does a patent means

Answer 8

It signifies ownership of an invention for limited time.

Question 9

Do you need to renew a patent?

Answer 9

Yes

Question 10

What do Social media companies exist as?

Answer 10

Digital Products

Question 11

Do Social media companies make their money from physical assets?

Answer 11

No

Question 12

What is the CIA triad?

Answer 12

Confidentiality
Integrity
Availability

Question 13

What is confidentiality interns of it security?

Answer 13

Ensuring that private information remains private.

Question 14

What are the different types of attacks there can be on confidentiality?

Answer 14

Snooping
Eavesdropping
Wiretapping
Social engineering
Dumpster diving

Question 15

What is the other name for Snooping?

Answer 15

Sniffing

Question 16

What is a sniffer?

Answer 16

A snooping tool

It is a protocol analyzer - A popular tool originally made by Network General now NETSCOUT.

Question 17

What does a protocol analyzer do?

Answer 17

Let’s administrators capture network traffic and analyze it’s contents

Question 18

Are there wired and wireless protocols?

Answer 18

Yes

Question 19

What happens in a snooping attack?

Answer 19

A protocol analyzer is used

The attacker captures network traffic and then looks for key pieces of information.

Question 20

What would happen without encryption?

Answer 20

Data sent would be an easy target for someone with a sniffer within range of the network.

Question 21

What is eavesdropping?

Answer 21

Low tech attack method in which the attacker simply listens to a conversation to get key network info

Question 22

Can video cameras, and microphones be used in eavesdropping?

Answer 22

Yes

Question 23

How is wiretapping done?

Answer 23

By placing a monitoring device in someone’s phone

Question 24

What is the other name for the monitoring device place in phones for wiretapping?

Answer 24

Bug

Question 25

Where can wiretapping take place?

Answer 25

Land lines
Network cable
Cellular
WiFi
Other wireless connections

Question 26

What is Social Engineering?

Answer 26

The process in which an attacker attempts to acquire info about you or your network and system by social means such as talking to people in the organization, phone, email or in person

Question 27

What kind of information can you get from social engineering?

Answer 27

User id
Password
Preferred email address
Telephone no
Physical address
Personal info (age, date of birth, maiden name, school, favorite sport team and music

Question 28

Why does social engineering work?

Answer 28

The personal touch is always the hardest to resist and the individuals are good at encouraging you to reveal personal info

Question 29

What is the golden rule to prevent social engineering

Answer 29

Never give our info on you or anyone one else to anyone whom you are not sure of

Question 30

What is phishing?

Answer 30

A form of social engineering in which someone uses email to ask you for a piece of information they are missing by making it look like an legitimate address,?

Question 31

How do you counter measure phishing?

Answer 31

Hover over the link to see the URL

Question 32

Give 2 forms of phishing

Answer 32

Spear phishing (targetted phising)
Whaling(trying to attack the head)

Question 33

How do you deal with Social Engineering?

Answer 33

Never give
Password
User I'd
Over the phone
To anyone anymore who has not been positively identified

Question 34

What is shoulder surfing

Answer 34

Looking over onee shouldefto get info

Question 35

What does integrity means in IT?

Answer 35

Data is accurate and consistent and from the indicated source.

Question 36

List 4 integrity threats

Answer 36

Man-In-The-Middle attack
Replay attacks
Impersonation
Unauthorized information alteration

Question 37

Explain Man-In-The-Middle attack

Answer 37

Secretly placing a piece of software or an unauthorized rogue router between a server and the client and neither party is aware of it.

The mitm attack software intercepts data and then send the info back and forth as if nothing is happening

Question 38

How is the Man-In-The-Middle attack accomplished

Answer 38

Via a form of wiretapping

Question 39

How does the Man-In-The-Middle software create a confidentiality concern?

Answer 39

The software may be recording info for someone to view later

Question 40

How does the Man-In-The-Middle software create an integrity concern?

Answer 40

Attackers might also alter the data

Question 41

What is a common solution to Man-In-The-Middle attacks

Answer 41

Enforce a secure wireless authentication protocol such as WPA2

Question 42

What happens during Replay Attacks?

Answer 42

The attacker captures info from a sender with the intention of using it later

Question 43

Can snooping or wiretapping be a Replay Attack?

Answer 43

Yes

Question 44

Give an example of Replay Attack

Answer 44

Capturing transmission from a client computer and later replaying the message to the server in an effort to gain unauthorized access

Question 45

What is impersonation

Answer 45

Pretending to be someone or something that you are not

Question 46

Can Unauthorized information alteration come from an internal source?

Answer 46

Yes

Question 47

What is an availability concern?

Answer 47

That data is accessible when the user needs it

Question 48

What are the 2 causes of of Availability concern?

Answer 48

Denying Service

Hardware issues

Question 49

What is a DoS?

Answer 49

Denial of Service

Question 50

How does a DoS work?

Answer 50

Server flooded with multiple illegitimate connection requests making it unable to respond to legitimate request

Question 51

How does a DDoS work?

Answer 51

After the administrator tries to resolve a DoS, by using the firewall to shut it down.. hackers command Zombies or bots and execute a distributed denial of service

Question 52

What can be hit by DoS attack?

Answer 52

Web servers

Wireless network

Question 53

What is UPS

Answer 53

Uninterrupted power supply

Question 54

Which devices are hackable?

Answer 54

All devices connected to the internet.

Question 55

Give an example of a device that is not hackable

Answer 55

Gameboy…it’s not connected to the internet

Question 56

What is DDoS

Answer 56

Distributed Denial of service

Question 57

What does DoS attack?

Answer 57

Web servers and wireless network

Question 58

How can you address a power outage?

Answer 58

Use a UPS

Question 59

What does UPS stand for?

Answer 59

Uninterrupted power supply

Question 60

How can you avoid hardware theft?

Answer 60

Use a cable lock

Question 61

What are the 2 major hardware concerns?

Answer 61

Damage

Theft

Question 62

What is the best way to secure computer and peripherals?

Answer 62

Focus on securing the the environment

Question 63

How can you secure the environment against equipment theft?

Answer 63

Use of security keycards to access the office
Having securities present
Keeping doors and windows closed
Being prepared to challenge anyone who isn’t normally a part of your work environment

Question 64

How can you prevent hardware damage and theft?

Answer 64

By physically securing your area.

Question 65

What are the tips to securing your laptop?

Answer 65

1. Know where it is at all times
2. Don’t leave device unattended
3. Carry an unconventional bag
4. Install an alarm that beeps if your device gets more than a certain distance away
5. Use a cable lock

Question 66

Give 2 devices that can secure a laptop

Answer 66

K-slot (Kensington security slot)
LoJack
Kill switch

Question 67

How does a lojack work?

Answer 67

Track the device through a small radio installed inside the device. Preinstalled in the BIOS

Question 68

How do kill switches work?

Answer 68

Disable the device

Question 69

What are the types of malware?

Answer 69

1. Exploits
2. Viruses
3. Trojan horses
4. Adware
5. Spyware
6. Ransomware
7. Backdoors
8. Keyloggers

Question 70

What does Exploits do?

Answer 70

Take advantage of flaws in the OS or application.

Question 71

What does Viruses do?

Answer 71

Used to cause damage and or disruption

Question 72

What do worms do?

Answer 72

Used to transmit malware.

Question 73

What do Trojan horses do

Answer 73

Application that mask their true intent

Question 74

What do adware do?

Answer 74

Used to display unwanted advertisement

Question 75

What do spyware do?

Answer 75

Used to report on your computer.

Question 76

What do Ransomware do?

Answer 76

Used to extract payment from the infected user.

Question 77

What do Rootkits do?

Answer 77

Conceal themselves on the host OS, allowing for full control access of the computer at a later date.

Question 78

What do Backdoors do?

Answer 78

Open ports or other routes into your system.

Question 79

What do Keyloggers do?

Answer 79

Record every keystroke and then use that data for identity theft

Question 80

What is Malware?

Answer 80

Anything installed on the computer without their intent and designed dokey for mischief.

Software that is malicious/bad

Question 81

What was the original reason for UAC?

Answer 81

Because they couldn’t verify who was on the computer

Question 82

How do OSes guard against exploits?

Answer 82

They have mechanisms to update and patch themselves automatically

Question 83

How often should you download and install updates

Answer 83

Promptly as they are available

Question 84

What are service packs?

Answer 84

Collection of critical updates and minor enhancements that are released as a group

Question 85

What the difference between a service packs and an update?

Answer 85

Service pack takes longer to download and install

You usually cannot remove a service pack after it has been installed

Question 86

Which software is the most hacked software and why?

Answer 86

Excel

Financial software

Question 87

Where do viruses hide

Answer 87

Inside the host file/ RAM

Question 88

How are viruses triggered?

Answer 88

By clicking on them

Question 89

What is the main thing about a virus

Answer 89

It self replicates

Question 90

Which files do viruses attach themselves to

Answer 90

Exe

Question 91

How are viruses classified?

Answer 91

By Different attack strategy

By Different consequences

Question 92

What are the different classification of viruses?

Answer 92

Polymorphic
Multipartite
Phage
Stealth
Armored
Macrovirus
Retro virus
Companion

Question 93

List symptoms of virus infection

Answer 93

1 Program loading slow
2 unusual files on hard drive
3 Files disapearing
4 program size change from installed version
5 browser, word processor app and other software behaving strange
6 system shuts down itself
7 loss of access to a diskdrive or system resource
8 System not rebooting

Question 94

What should be done if a system is infected?

Answer 94

Quarantine

Question 95

How are viruses detected and removed?

Answer 95

Antivirus software

Question 96

How is a virus different from a worm?

Answer 96

It’s self contained
It doesn’t need a host application to be transported
It can reproduce itself

Question 97

What is a payload

Answer 97

The additional malware that a worm might carry. It is a worm

Question 98

Can worms be active or passive?

Answer 98

Yes

Question 99

What does an active worm do?

Answer 99

Self transport

Question 100

What does a passive worm do?

Answer 100

Rely on user’s innocence to transport them normally through email or social media

Question 101

What can be used to detect and remove worms

Answer 101

Most anti-malware programs

Question 102

What is the most common way that Trojan horses spread?

Answer 102

Via worms

Question 103

What is a Trojan horse?

Answer 103

An application that enters the system or network disguised as another program.

Question 104

What kind of malware is one that claims to scan your system for malware but instead installs a Keylogger?

Answer 104

Trojan horse

Question 105

What does a Keylogger do?

Answer 105

Records keystroke with the intention of use the information to impersonate you

Question 106

Do Trojan horse replicate

Answer 106

No

Question 107

What do adware do?

Answer 107

Display unrequsted ads on a computer

Question 108

What do spyware do?

Answer 108

Record computer usage

Question 109

Are spyware self replicating

Answer 109

No

Question 110

How is spyware spread

Answer 110

Through low level social engineering

Question 111

What is the most common way to get spyware?

Answer 111

Install a free application from a website
Or
Run Active X or Java component

Question 112

Which application is designed to remove Spyware?

Answer 112

Windows Defender

Question 113

What is Windows defender?

Answer 113

An antivirus designed for Windows which is installed by default

Question 114

What does Ransomware do?

Answer 114

Extorts the infected users for money

Question 115

What is cryptoviral extortion

Answer 115

The name given to Ransomware threat

Question 116

What software blocks Ransomware?

Answer 116

Most anti-malware software

Question 117

If your system is infected, locked or encrypted by ransomware what can be done?

Answer 117

you can wipe your system and restore from backup

Question 118

Where do you associate rootkits

Answer 118

In the OS

Question 119

What is a Rootkits used for

Answer 119

To access Exploits

Question 120

What is Backdoor?

Answer 120

A method to circumvent the normal security system on a computer

Question 121

How can backdoors take place?

Answer 121

By not changing a default password

Question 122

What is used to create a backdoor?

Answer 122

A worm

Question 123

How can spam be sent?

Answer 123

Email
Instant message
Blog
Smart phone
Message group
Online classification

Question 124

What is the name of the program that generates spam

Answer 124

Spambot

Question 125

What is the best way to handle spam

Answer 125

Delete it

Question 126

What is the brute Force password cracking method?

Answer 126

When a program tries random strings of characters in an attempt to guess your password

Question 127

What is the Triple A framework in Access control

Answer 127

Authentication - who are you
Authorization
Accounting

Question 128

What are the types of Authentication?

Answer 128

Single Factor authentication

Multifactor authentication

Question 129

Explain single Factor authentication

Answer 129

Only need one piece of information other than username

Question 130

Is single Factor authentication secure

Answer 130

No

Question 131

Explain multifactor authentication

Answer 131

Use username + 2 or more others
Something you know -password
Something you have- smart card
Something you are
Somewhere you are

Question 132

What is an algorithm?

Answer 132

A set of instructions.

Question 133

Is having Single sign on a good practice

Answer 133

No

Question 134

What does Authorization do

Answer 134

Determines what the user can do?

Question 135

What are the 4 access control methods?

Answer 135

Mandatory Access control
Discretionary Access control
Role based access control
Rule based access control

Question 136

What happens with Mandatory access control?

Answer 136

Everything is locked until you are given permission

Question 137

Where is mandatory access control used

Answer 137

In highly secure environment

Question 138

What happens with Discretionary Access control?

Answer 138

Users are allowed to set their own security

They manage privileges based on ACL

Question 139

If the question is asked

Is this person authorized to get into the system. What access control methods is being used?

Answer 139

Authentication

Question 140

What is Role based access control

Answer 140

Access is granted to an entire role

Question 141

Who controls role based access control

Answer 141

The administrator

Question 142

If accounts can only be assigned to one role at a time what access control method is that

Answer 142

Role based

Question 143

What happens in rule based access control?

Answer 143

Uses ACL list and an administrator defines the rules that allow or deny access to resources

Question 144

What happens in Accounting Access control?

Answer 144

It keeps track of what is happening/keeps a log

Question 145

Where can you go to see Windows log?

Answer 145

Event Viewer

Question 146

What is the goal of non repudiation?

Answer 146

To make it so that people cannot deny that an event took place

Question 147

What are the 4 methods of repudiation?

Answer 147

Video
Biometric _ very strong form
Signature
Receipt

Question 148

What is spoofing?

Answer 148

Sending fake information.

Question 149

Would you find spoofing taking place
Replay Attack
Impersonation

Answer 149

Impersonation