IAS - THE NEED FOR SECURITY

Question 1

BUSINESS NEEDS FIRST

1. Protecting the organization’s ability to function.
   2.Enabling the safe operation of applications running on the organization’s IT systems
2. Protecting the data the organization collects and uses
3. Safeguarding the organization’s technology assets

Question 2

Both general management and IT management are responsible for implementing information security

Answer 2

1. Protecting the functionality of an Organization

Question 3

Organizations are under immense pressure to acquire and operate integrated, efficient, and capable applications.

Answer 3

2. Enabling the safe operation of applications running on the organization’s IT systems

Question 4

Without data, an organization loses its record of transactions and/or its ability to deliver value to its customers.

Answer 4

3. Protecting the data the organization collects and uses

Question 5

Organization must employ secure infrastructure services appropriate to the size and scope of the enterprise.

Answer 5

4. Safeguarding the organization’s technology assets

Question 6

Is an object, person, or other entity that presents an ongoing danger to an asset.

Answer 6

Threats

Question 7

It occurs when an individual or group designs and deploys software to attack a system.

Most of these software is referred to as _______

Answer 7

Deliberate Software Attacks - Malware

Question 8

-Malicious Software
-Any program or file that is harmful to a computer user.

Answer 8

Malware

Question 9

A malicious program designed to replicate itself and transfer from one computer to another.

Answer 9

Virus

Question 10

It is a dangerous computer program that replicates itself through a network

Answer 10

Worm

Question 11

A malicious program disguises as a useful program but, once downloaded or installed, leaves your PC unprotected and allows hackers to get your information.

Answer 11

Trojan Horse

Question 12

A virus worm can have a payload that installs trap door component in a system, which allows the system at will with special privileges.

Answer 12

Back Door

Question 13

One that over time changes the way it appears to antivirus software programs, making it undetectable by techniques that look for preconfigured signatures.

Answer 13

Polymorphic

Question 14

force majeure, can present some of the most dangerous threats, because they usually occur with very little warning and are beyond the control of people.

Answer 14

Forces of Nature

Question 15

FORCES OF NATURE

• EARTHQUAKE
• FLOOD
• TSUNAMI
• TYPHOON
• TORNADO
• FIRE
• LANDSLIDE
• LIGHTNING
• ELECTROSTATIC DISCHARGE
• DUST

Question 16

An attack is an act that takes advantage of a vulnerability to a compromise a controlled system.

Answer 16

Attack

Question 17

Is an identified weakness in a controlled system, where controls are not present or are no longer effective.

Answer 17

Vulnerability

Question 18

The application of computing and network resources to try every possible password combination.

Answer 18

Brute Force

Question 19

An attempt to reverse-calculate a password.

Answer 19

Crack

Question 20

A variation of the brute force attack which narrows the filed by selecting specific target accounts and using a list of commonly used password instead of random combinations.

Answer 20

Dictionary

Question 21

The attacker sends a large number of connection or information requests to a target.

Answer 21

Denial of Service (DOS)

Question 22

An attack in which a coordinated stream of requests is launched against a target from many locations at the same time.

Answer 22

Distributed Denial of Service (DDOS)

Question 23

A technique used to gain unauthorized access to computers, wherein the intruder sends messages with a source IP address that has been forged to indicate that the messages are coming from a trusted host.

Answer 23

Spoofing

Question 24

TCP Hijacking attack, an attacker monitors packets from a network, modifiers them, and inserts them back into the network.

Answer 24

Man in the Middle

Question 25

An attacker routes large quantities of e-mail to the target.

Answer 25

Mail Bombing

Question 26

The process of using skills to convince people to reveal access credentials or other valuable information to the attacker.

Answer 26

Social Engineering

Question 27

An attempt to gain personal or financial information from an individual, usually by posing as a legitimate entity.

Answer 27

Phishing

Question 28

The redirection of legitimate web traffic to an illegitimate site for the purpose of obtaining private information.

Answer 28

Pharming