Information Security

Question 1

Motivation of bad guys

Answer 1

Account theft and illegal funds transfer
Stealing personal OR financial data
Compromising computing or financial data
Extortion
Intellectual property theft
Espionage
Cyberwarfare
Terrorism
Pranksters
Hacktivism
Revenge

Question 2

Data harvesters

Answer 2

infiltrate systems and collect data for illegal resale

Question 3

Cash-out fraudsters

Answer 3

purchase data from data harvester and use stollen credit card data for illegal actions

Question 4

Botnets OR zombie computers

Answer 4

Networks infiltrated and compromised machines controlled by central command and used for nefarious activities

Question 5

Hacktivists

Answer 5

protesters seeking to make political point by leveraging tech tools

Question 6

White hat hacker

Answer 6

Good guys

Question 7

Black hat hacker

Answer 7

Bad guys

Question 8

Social engineering

Answer 8

Tricking employees into revealing info without computers

Question 9

Phishing

Answer 9

Tricking someone to install malicious software

Question 10

spoofed email adress

Answer 10

altered to seem as if it came from another source

Question 11

Zero-day exploits

Answer 11

Attacks that are so new they have not been clearly identified

Question 12

Multi-factor authentication

Answer 12

Identity proven by presenting more than one item for proof credentials

Question 13

Malware

Answer 13

Seeks to compromise a computing system without permission.

Question 14

Methods of infection

Answer 14

Viruses
Worms
Trojand

Question 15

Viruses

Answer 15

Programs that infect software OR file

Require executable

Question 16

Worms

Answer 16

Automatically spread

Do not require an executable

Question 17

Trojans

Answer 17

Masquerading as something else

Leading user to download and install

Question 18

Goals of malware

Answer 18

Botnets or zombie networks
Malicious adware
Spyware
Keylogger
Screen capture
Card skimmer
RAM scraping
Ransomware
Blended threats

Question 19

Malicious adware

Answer 19

programs installed without consent and later serve unwanted ads

Question 20

Spyware

Answer 20

Software that monitors the users actions, networks traffic, or scans for files

Question 21

Keylogger

Answer 21

records user keystrokes

Question 22

Screen capturer

Answer 22

Captures the pixels

Question 23

Card skimmer

Answer 23

Captures the data from a swipe cards magnetic strip

Question 24

RAM scraping

Answer 24

Malicious code that scans computing memory for sensitive data

Question 25

Ransomware

Answer 25

Encrypts users file and demands payment

Question 26

Blended threats

Answer 26

Combination multiple hacking exploits

Question 27

Push-button hacking

Answer 27

Hacking toolkits bought online | Hackers can just push button to launch attack

Question 28

Dumpster driving

Answer 28

Go through trash to find valuable data and insights to launch attack

Question 29

Shoulder surfing

Answer 29

Gaining info through observation

Question 30

Brute-force attack

Answer 30

Trying all possible password combinations in order to break in

Question 31

Virtual private network (VPN)

Answer 31

scrambles data passed across network

Question 32

Open-source software

Answer 32

Allows firms to use free, reliable software | Vulnerabilities in open-source software

Question 33

Taking action as a user

Answer 33

1.Surfing smart: Think before you klick 2.Staying vigilant 3.Stay updated: Turn on software update features 4 Stay armed: Install a full suite of security software 5 Be setting smart: Encrypt hard drives 6 Be password savvy: Change the default password and update regularly 7 Be disposal smart: Shred personal docs and destroy media with sensitive info 8 Back up: Avoid loss after hardware failure 9 Check with your administrator

Question 34

International Organisation Standards

Answer 34

Provides several frameworks for implementing, operating, monitoring, reviewing, maintaining and improving Information Security Management Systems

Question 35

Potential losses

Answer 35

``` Theft System manages Data loss Disclosure of proprietary info Recovery Downtime Stock price decline Legal fees Penalties Damages of reputation ```

Question 36

Firewalls

Answer 36

Used to examine traffic as it enters and leaves the network | Blocks certain types of access

Question 37

Intrusion detection system

Answer 37

Look for unauthorised behaviour Sounding alarm Take action

Question 38

Honeypots

Answer 38

Tempting to draw hacking attempts

Question 39

Blacklist

Answer 39

Deny the entry of specific IP dresses, products, Internet domains and other communication restriction for bad guys

Question 40

Whitelist

Answer 40

More restrictive | Only permit communication with approved entities or in an approved manner

Question 41

Information security

Answer 41

Complex Constantly changing Critical important