Exam 2

Question 1

an attack made before awareness of repair of vulnerabilities are discovered

Answer 1

Zero Day Attack

Question 2

taking advantage of vulnerabilities

Answer 2

Exploit

Question 3

Malware that stops users from access unless certain demands are met

Answer 3

Ransomware

Question 4

Programming code disguised as something else that corrupts an infected computer

Answer 4

Virus

Question 5

Harmful program that resides in computers’ active memory and duplicates itself

Answer 5

Worm

Question 6

Seemingly harmless program that hides malicious code & tricks users to open it

Answer 6

Trojan Horse

Question 7

Combines features of virus, worm, Trojan horse, and other malicious code

Answer 7

Blended Threat

Question 8

Unsolicited email sent to large numbers of people

Answer 8

Spam

Question 9

Attack that takes over computers via the Internet flooding a target site with demands for data, etc.

Answer 9

Distributed Denial of Service(DDOS)

Question 10

Set of programs enabling its users to gain administrator-level access to a computer without consent or knowledge

Answer 10

Rootkit

Question 11

Intruder gains access to a network and stays undetected intending to steal data over long period

Answer 11

Advanced Persistent Threat(APT)

Question 12

Fraudulently using email to try to get the recipient to reveal personal data

Answer 12

Phishing

Question 13

a targeted version of phishing

Answer 13

Spear Phishing

Question 14

a version of phishing using voicemail

Answer 14

Vishing

Question 15

a version of phishing using SMS messaging

Answer 15

Smishing

Question 16

Deployment of malware that steals data from organizations like govt agencies, military contractors, political organizations, or manufacturing firms

Answer 16

Cyberespionage

Question 17

Intimidation of a govt or civilian population by using IT to disable critical infrastructure

Answer 17

Cyberterrorism

Question 18

Federal agency created to provide a “safe, more secure America”. Contains the Office of Cybersecurity and Communications.

Answer 18

Department of Homeland Security

Question 19

Addresses fraud and related activities in association with computers

Answer 19

Computer Fraud and Abuse Act

Question 20

Addresses false claims regarding unauthorized use of credit cards

Answer 20

Fraud and Related Activity in Connection with Access Devices Statute(FRACADS)

Question 21

Unlawful access to stored communication to obtain, alter, or prevent authorized access to a wire or electronic communication while in storage

Answer 21

Stored Wire and Electronic Communications and Transactional Records Access Statutes(SWECTRA)

Question 22

Defined cyberterrorism and associated penalties. This act expired in 2020.

Answer 22

USA Patriot Act

Question 23

Part of the CIA Security Triad and ensures only those individuals with proper authority can access sensitive data

Answer 23

Confidentiality

Question 24

Part of the CIA Security Triad and ensures data can only be changed by authorized users

Answer 24

Integrity

Question 25

Part of the CIA Security Triad and ensures data can be accessed when and where needed

Answer 25

Availability

Question 26

Process of assessing security-related risks to computers & networks from internal & external threats. Identifies biggest threats and helps focus efforts on fixing said threats.

Answer 26

Risk assessment

Question 27

Documented process for recovering an organization’s business IS assets, including hardware, software, data, networks, facilities.

Answer 27

Disaster Recovery

Question 28

Defines security requirements and controls, sanctions needed to meet them: what needs to be done, not how

Answer 28

Security policy

Question 29

Provides a comprehensive display of all key performance indicators related to security defenses including threats, exposures, compliance, alerts

Answer 29

Security Dashboard Software

Question 30

Software and/or hardware that stands guard between an internal network and the Internet

Answer 30

Firewall

Question 31

Networking device connecting multiple networks transmitting data packets between them. Each of these devices is secure w/passphrase and has a unique media access control(MAC) for each device.

Answer 31

Router

Question 32

Intermediary between web browser and another server on the Internet

Answer 32

Proxy Server

Question 33

Enables remote users to remotely yet securely access organization’s resources. Also hides IP address.

Answer 33

Virtual Private Network (VPN)

Question 34

Gives users authority to only perform assigned responsibilities

Answer 34

User roles & accounts

Question 35

a method of securing data that protects data from unauthorized access

Answer 35

Data encryption

Question 36

Monitors, manages, & maintains computer & network security for other organizations. These are typically too costly for many organizations to have in-house

Answer 36

Managed Security Service Provider (MSSP)

Question 37

Combines elements of law & computer science to collect, examine, & preserve data. Preserves integrity of the data so it may be admissible as evidence in court.

Answer 37

Computer Forensics

Question 38

A combination of data privacy and communications privacy.

Answer 38

Information Privacy

Question 39

Ability to communicate with others without those communications being monitored

Answer 39

Communications Privacy

Question 40

ability to limit access to one’s personal data by others

Answer 40

Data Privacy

Question 41

Regulates the operations of credit reporting bureaus and is enforced by the Federal Trade Commision.

Answer 41

Fair Credit Reporting Act, 1970

Question 42

Protects records of financial institution customers from unauthorized scrutiny by the federal government. This act requires the government to provide written notice of intent to secure financial records, explanation, and which records. To access financial records permission, a judicial subpoena, or a search warrant is needed.

Answer 42

Right to Financial Privacy Act, 1978

Question 43

Bank deregulation that created one stop supermarkets

Answer 43

Gramm-Leach-Bliley Act, 1999

Question 44

Amended the Fair Credit Reporting Act allowing customers to obtain a free credit report annually.

Answer 44

Fair and Accurate Transaction Act, 2003

Question 45

mandatory guidelines for collection and disclosure of personal financial data. This includes the right to opt out of personal data being shared with third-parties

Answer 45

Financial Privacy Rule

Question 46

a set of rules that require documented plan for protecting data.

Answer 46

Safeguard Rules

Question 47

a set of rules that encourages organizations to implement safeguards against people accessing data without proper authority

Answer 47

Pretexting Rules

Question 48

Requires Healthcare organizations to standardize electronic transactions, codes, etc. Enabling them to fully digitalize medical records.

Answer 48

Health insurance Portability and Accountability Act(HIPAA)

Question 49

Bans the sale of electronic health records. Promotes use of audit trails and encryption. Provides rights of access for patients. Requires notification of data breaches.

Answer 49

American Recovery and Reinvestment Act

Question 50

Assigns rights to parents(or students at 18) to children’s educational records.

Answer 50

Family Educational Rights and Privacy Act(FERPA)

Question 51

Gives parents control over collection, use, & disclosure of their children’s personal info online

Answer 51

Children’s Online Privacy Protection Act(COPPA)

Question 52

Sets out requirements to protect minors from online harms. Covered platforms must act in the best interest of minors

Answer 52

Kid’s Online Safety Act(KOSA)

Question 53

Allows Law Enforcement to use wiretapping & electronic eavesdropping with a warrant

Answer 53

Wiretap Act(title 3 of omnibus crime control and safe streets act)

Question 54

Fair information practices that sets rules for collection, maintenance, use, and dissemination of personal data kept by federal agencies.

Answer 54

Privacy Act

Question 55

Procedures for surveillance and collection of foreign agencies on domestic soil. Allows surveillance without a court order within the US for up to a year unless surveillance will acquire the contents of any communication to which a US person is a party.

Answer 55

Foreign Intelligence Surveillance Act

Question 56

Requires telecommunications providers to hold data and respond to National Security Agency.

Answer 56

USA Freedom Act

Question 57

Identifies US intelligence-gathering agencies. Defines what info can be collected, retained, and disseminated.

Answer 57

Executive Order 12333

Question 58

Grants citizens the right to access certain information of the government upon request. Redactions are allowed for private, proprietary, or security information.

Answer 58

Freedom of Information Act

Question 59

Collection prep, review, and production of electronically stored info for use in criminal and civil actions

Answer 59

Electronic Discovery

Question 60

cookies and tracking software to gather data about customers.

Answer 60

Consumer Profiling

Question 61

A type of speech that is grossly improper or offensive

Answer 61

Indecency

Question 62

A form of speech that is disgusting to the senses, abhorent to morality or virtue, Designed to incite to lust of depravity.

Answer 62

Obscenity

Question 63

-An average person applying contemporary community standards would find the work, taken as a whole, appeals to prurient interest.

-Work must depict sexual conduct in a patently offensive manner specifically defined by law

-The work taken as a whole lacks SLAPP value(Serious, Literary, Artistic, Political, Scientific)

Answer 63

Three-part Test

Question 64

Weaponizes the judicial system as a backdoor method of stifling political expression. Typically this is used with some kind of defamation claim.

Answer 64

Strategic Lawsuit Against Public Participation(SLAPP)

Question 65

Procedural motion to throw out a case. In this act the plaintiff must prove they could win on legitimate merits of the case. Whoever loses typically has to pay fees.

Answer 65

Anti-SLAPP or SLAPP-back Act (Strategic Lawsuit Against Public Participation)

Question 66

This act covers the transmission of indecent material via the internet. Fines go up to as high as 250,000 with a punishment of prison up to 2 years.

Answer 66

Communications Decency Act

Question 67

This act covers harmful communications for commercial purposes available to any minor. Fines can go as high as 50,000 with a punishment of up to 6 months in jail.

Answer 67

Child Online Protection Act

Question 68

This act states that federally financed schools and libraries must use technology to block minors access to obscene, child pornography, or other harmful material.

Answer 68

Children’s Internet Protection Act

Question 69

Making a statement of alleged fact. This statement would be false, harmful, and might cause damage to their reputation.

Answer 69

Defamation

Question 70

An oral form of defamation

Answer 70

Slander

Question 71

A written form of defamation

Answer 71

Libel