Ethics in Tech

Question 1

a cyperattack that takes place before the security community and/or software developers become aware of and fix security vulnerability

Answer 1

Zero-day exploits

Question 2

malware that keeps you from accessing your accessing data until you meet certain demands

Answer 2

Ransomware

Question 3

umbrella term for a piece of programming code that causes a computer to behave in an unexpected and desirable manner

Answer 3

Viruses

Question 4

a harmful program that resides in the active memory of the computer and duplicates itself

Answer 4

Worm

Question 5

a seemingly harmless program with malicious code.. infected software seems harmless

Answer 5

Trojan Horse

Question 6

an attack in which a malicious hacker takes over a computer via internet to flood the target site and make it so legitimate users cannot access the site

Answer 6

Distributed denial-of-service attack (DDoS)

Question 7

allows a user to gain access administrator-level access to a computer without permission

Answer 7

Rootkit

Question 8

a network attack that allows a hacker to gain access to a network undetected in order to steal data over a period of time

Answer 8

Advanced persistent threat

Question 9

fraudulently using email to try to get a recipient to reveal personal data

Answer 9

Phishing

Question 10

a type of phishing that sends fraudulent emails to employees

Answer 10

Spear Phishing

Question 11

a variation of phishing that involves texting

Answer 11

Smishing

Question 12

a variation of phishing that involves voicemail

Answer 12

Vishing

Question 13

the deployment of malware that secretly steals data in the computer system of organizations

Answer 13

Cyberespionage

Question 14

intimidation of a government or civilian population by using information technology to disable national infrastructure to achieve political, religious, or ideological goals

Answer 14

Cyberterrorism

Question 15

oversees U.S. cyber and communication infrastructure

Answer 15

The Department of Homeland Security’s Office of Cybersecurity and Communications

Question 16

addresses several fraud related activities such as illegal access, transmitting harmful codes and commands, trafficking passwords, and threatening to damage a computer program

Answer 16

Computer fraud and abuse act

Question 17

only people with authority should be able to access data

Answer 17

Confidentiality

Question 18

only authorized individuals can make changes to data

Answer 18

Integrity

Question 19

data can be accessed when and where it is needed

Answer 19

Availability

Question 20

the process of assessing security-related risks to an organization’s computers and networks from both internal and external threats

Answer 20

Risk-Assessment

Question 21

part of cost-benefit analysis, management must use judgement to assure the cost of protecting a system does not exceed the benefits

Answer 21

Reasonable Assurance

Question 22

a documented process for recovering an organization’s assets in the event of a disaster

Answer 22

Disaster recovery plan

Question 23

a risk-based plan that allows an organization to carry out its operations in case of a cyberattack or some form of disaster

Answer 23

Business continuity plan

Question 24

determining what business processes are most pivotal to an organization

Answer 24

Mission-critical process

Question 25

defines an organization’s security requirements, as well as controls and sanctions to meet those requirements

Answer 25

Security policy

Question 26

establishes responsibilities and behaviors expected from members of the organization.. evaluates if a security policy is effective and being followed

Answer 26

Security audit

Question 27

limits access to an organization’s internal network

Answer 27

Firewall

Question 28

enables users to connect to a safe network, usually from their homes, to only allow the user to connect to the network

Answer 28

Router

Question 29

the process of scrambling messages or data in a way that only authorized parties can read

Answer 29

Encryption

Question 30

protects sensitive data by ensuring privacy between communicating applications and their users on the internet

Answer 30

Transport layer security (TLS)

Question 31

intermediaries between a web browse and another server on the internet

Answer 31

Proxy Server

Question 32

a software or hardware that monitors system and network resources and activities and notifies network security personnel of suspicious activity

Answer 32

Intrustion Detection Systems

Question 33

an approach that is aware of vulnerabilities and watches for attempts to exploit those vulnerabilities

Answer 33

Knowledge-based approach

Question 34

approach that models normal activity and looks for variations from the norm

Answer 34

Behavior-based approach

Question 35

a discipline that combines elements of law and computer science to collect various kinds of data from systems, networks, and storage devices to be used in a court of law

Answer 35

Computer forensics