IT101 COMP SECURITY THREATS

Question 1

No —– = very vulnerable to virus infections

Answer 1

anti-virus software

Question 2

No anti-virus software = very ——- to virus infections

Answer 2

vulnerable

Question 3

*A technology term used when someone impersonates
*Ranges from using the name, identification card, SSS
number or any other personal information
*Get a document or credit in your behalf, without the
owner’s knowledge and permission

Answer 3

Identity Theft

Question 4

Identity Theft

*A technology term used when someone ———-
*Ranges from using the —————- or any other personal information
*Get a document or credit in your behalf, without the
owner’s knowledge and permission

Answer 4

-impersonates
-name, identification card, SSS
number

Question 5

*Watching someone who withdraws in an ATM machine
*Getting to know his/her PIN (Personal Identification
Number)

Answer 5

Shoulder Surfing

Question 6

Snagging

*Also known as ———–
* The attacker can listen to your conversation on the
telephone as you give your personal information (credit
card number and other pertinent details)

Answer 6

Wire-tapping or Man-in-the-middle attack

Question 7

*Also known as Wire-tapping or Man-in-the-middle attack
* The attacker can listen to your conversation on the
telephone as you give your personal information (credit
card number and other pertinent details)

Answer 7

Snagging

Question 8

*Attacker goes to garbage cans or trash bins to get
cancelled checks, bank deposit slips, or credit card
statements

Answer 8

Dumpster Diving

Question 9

• Most predominant sources of identity theft
• Theft tricks the unsuspecting victim into providing critical
  information under the pretext of something legitimate
  (pretending to be one who is in authority)

Answer 9

Social Engineering

Question 10

Social Engineering

• Most ——– of identity theft
• Theft tricks the unsuspecting victim into providing critical
  information under the pretext of something legitimate
  (pretending to be one who is in authority)

Answer 10

predominant sources

Question 11

• attacker recreates the website or support portal of a renowned
  company and sends the link to targets via emails or social media
  platforms
• other person, completely unknown of the real attacker, ends up
  compromising personal information and even credit card details

Answer 11

• Phishing

Question 12

• assumed as a subset of Phishing since it requires an extra effort
  from the side of the attackers
• need to pay attention to the degree of uniqueness for the limited
  number of users they target
• the chances of users falling for the false emails are considerably
  higher in the case of spear phishing

Answer 12

• Spear Phishing or Whaling Attack

Question 13

• Old fashioned attack – using a phone
• recreate the IVR (Interactive Voice Response) system of a
  company
• attach it to a toll-free number and trick people into calling the
  phone number and entering their details

Answer 13

• Vishing

Question 14

• scripted scenario presented in front of the targets, used to
  extract PII or some other information
• seen various TV shows and movies where detectives use this
  technique to get into places where they’re personally not
  authorized, or extract information by tricking people

Answer 14

• Pretexting

Question 15

• Attackers leave infected USB drives or optical disks at
  public places with a hope of someone picking it up out of
  curiosity and using it on their devices
• Various download links, mostly containing malicious software,
  are thrown in front of random people hoping someone would
  click on them

Answer 15

Baiting

Question 16

• a person takes help of an authorized person to get access to
  restricted areas where RFID authentication or some other
  electronic barrier is present

Answer 16

Tailgating

Question 17

Tailgating
* Also known as ——
* a person takes help of an authorized person to get access to
restricted areas where RFID authentication or some other
electronic barrier is present

Answer 17

piggybacking

Question 18

• involves people posing as technical support
• make random calls to a company’s employees claiming that
  they’re contacting them regarding an issue
• involves an exchange of something with the target, for instance,
  the attacker trying to solve a victim’s genuine problem; in return,
  they will as for a gift

Answer 18

Quid Pro Quo

Question 19

• Program triggered to perform a task or mission when it
  encounters some sequence of events or activities or after
  a certain amount of time lapses or when a data come
• Friday the 13th Virus and April Fool’s Day virus

Answer 19

Logic Bombs

Question 20

Logic Bombs

• Program triggered to perform a task or mission when it
  encounters some sequence of events or activities or after
  a certain amount of time lapses or when a data come

Answer 20

Friday the 13th Virus and April Fool’s Day virus

Question 21

*A small code that a Web server asks your web browsers
to place in the computer
* Contains pertinent information that identifies your
workstation’s IP address, login name, email address and
other information about the visited site

Answer 21

Cookies

Question 22

Cookies

*A ——– that a Web server asks your web browsers
to place in the computer
* Contains pertinent information that identifies your
workstation’s IP address, login name, email address and
other information about the visited site

Answer 22

small code

Question 23

*Offers products or services that usually the user don’t
need or want

*Almost tagged as commercial advertisements
*Defined as unsolicited email

Answer 23

Spam

Question 24

Spam

*Offers products or services that usually the user don’t
need or want

*Almost tagged as commercial advertisements
*Defined as ——–

Answer 24

unsolicited email

Question 25

• Fraudulent act
• Such as stealing account information from unsuspecting
  customers, non-delivery of services and merchandise that
  are ordered online, etc.

Answer 25

Cybercrime

Question 26

Cybercrime

• Such as stealing account information from unsuspecting
  customers, non-delivery of services and merchandise that
  are ordered online, etc.

Answer 26

Fraudulent act

Question 27

Cybercrime Types

Answer 27

• Cyber Extortion
• Cryptojacking
• Cyber Espionage
• Dark Web

Question 28

Crime involving an attack or threat coupled with a demand for
money to stop the attack

Answer 28

Cyber Extortion

Question 29

• attacks use scripts to mine cryptocurrencies within browsers
  without the user’s consent
• involve loading cryptocurrency mining software to the victim’s
  system

Answer 29

Cryptojacking

Question 30

• cybercriminal hacks into systems or networks to gain access to
  confidential information held by a government or other
  organization
• gather, modify or destroy data, as well as using
  network-connected devices, like webcams or closed-circuit TV
  (CCTV) cameras, to spy on a targeted individual or groups and
  monitoring communications, including email, text messages and
  instant messages

Answer 30

Cyber Espionage

Question 31

• Old crime as “exit scam”
• dark web administrators divert virtual currency held in
  marketplace escrow accounts to their own accounts –
  essentially, criminals stealing from other criminals

Answer 31

*Dark Web

Question 32

*Dark Web
* Old crime as “———”

Answer 32

exit scam

Question 33

*Illegal act of accessing the computer resources of some
people without their knowledge or permission
*Unauthorized access into company’s network system
*Hacker uses network or Internet connection to connect to
some other people’s computer to corrupt, change or
destroy data

Answer 33

Hacking

Question 34

Tries to guess the password of the hapless victim

Answer 34

Sniffing

Question 35

Hacker intercepts the data while it is transmitted or gain
access to the computer network system by posing as an
authorized user

Answer 35

IP Spoofing

Question 36

Cybercrime Types

Answer 36

• Cyber Extortion
• Cryptojacking
• Cyber Espionage
  *Dark Web

Question 37

• Crime involving an attack or threat coupled with a demand for
  money to stop the attack

Answer 37

• Cyber Extortion

Question 38

• attacks use scripts to mine cryptocurrencies within browsers
  without the user’s consent
• involve loading cryptocurrency mining software to the victim’s
  system

Answer 38

• Cryptojacking

Question 39

• cybercriminal hacks into systems or networks to gain access to
  confidential information held by a government or other
  organization
• gather, modify or destroy data, as well as using
  network-connected devices, like webcams or closed-circuit TV
  (CCTV) cameras, to spy on a targeted individual or groups and
  monitoring communications, including email, text messages and
  instant messages

Answer 39

• Cyber Espionage

Question 40

• Old crime as “exit scam”
• administrators divert virtual currency held in
  marketplace escrow accounts to their own accounts –
  essentially, criminals stealing from other criminals

Answer 40

*Dark Web

Question 41

*Dark Web
* Old crime as

Answer 41

“exit scam”

Question 42

*Illegal act of accessing the computer resources of some
people without their knowledge or permission
*Unauthorized access into company’s network system
*Hacker uses network or Internet connection to connect to
some other people’s computer to corrupt, change or
destroy data

Answer 42

Hacking

Question 43

Hacking Types

Answer 43

• Sniffing
• IP Spoofing

Question 44

• Tries to guess the password of the hapless victim

Answer 44

• Sniffing

Question 45

• Hacker intercepts the data while it is transmitted or gain
  access to the computer network system by posing as an
  authorized user

Answer 45

*IP Spoofing

Question 46

• An act of attacking the mission-critical information technology
  infrastructure and government network system of a particular
  country
• Goals: gain control to key computer network systems that control
  and monitor electric power grids, telecommunication system
  infrastructure, power plants and water treatment plants

Answer 46

Cyberterrorism

Question 47

• Make full use of and derive benefit from a resource

*A software tool designed to take advantage of a flaw in a
computer system, typically for malicious purposes

Answer 47

Exploit

Question 48

*Any program or file that is harmful to a computer user
* Computer virus, worms, Trojan horses and spyware

Answer 48

Malware

Question 49

• Stealing, encrypting or deleting sensitive data
  *Altering or hijacking core computing functions
• Monitoring users’ activities without permission

Answer 49

Malware

Question 50

Malware Types

Answer 50

• Virus
  *Worm
• Trojan Horse
• Spyware
  *Ransomware
  *Rootkit
  *Keyloggers

Question 51

• Designed to spread from host to host and has the ability to replicate
  itself
• Computer virus cannot reproduce and spread without
  programming such file or document
• A type of malicious code or program to alter the way a computer
  operates and is designed to spread from one computer to another

Answer 51

Virus

Question 52

Types of Computer Virus

Answer 52

*Resident Virus
* Multipartite Virus
*Direct Action Virus
*Browser Hijacker
*Overwrite Virus
*Web Scripting Virus
*Directory Virus
* Polymorphic Virus
* File Infector Virus
*Network Virus

Question 53

• Lives in your RAM; can interfere with normal system operation
  which can lead to corruption of files and programs

Answer 53

*Resident Virus

Question 54

• Performing unauthorized actions in the operating system, in
  folders and other programs on the computer

Answer 54

• Multipartite Virus

Question 55

• Attacks certain file types typically .exe or .com files; replicate and
  infect files in folders

Answer 55

*Direct Action Virus

Question 56

*Bring you to different websites; hijackers open multiple
websites that may harm your computer

Answer 56

*Browser Hijacker

Question 57

*Overwrites content of the file, losing the original
content

Answer 57

*Overwrite Virus

Question 58

*When a link is clicked, the virus will automatically
download or direct o malicious websites

Answer 58

*Web Scripting Virus

Question 59

• Changes file paths thus it will be difficult to locate the original
  app

Answer 59

*Directory Virus

Question 60

• Special method of encoding and encrypting, making it difficult
  for antivirus to identify

Answer 60

• Polymorphic Virus

Question 61

• Can slow down the program and produce other damaging
  effects

Answer 61

• File Infector Virus

Question 62

• Spread throughout the Local Area Network (LAN) and the Internet; replicates
  through shared resources

Answer 62

*Network Virus

Question 63

• Can self-replicate without a host program and typically spreads
  without any human interaction or directives from the malware
  authors
• Often uses parts of the operating system that are automatic and
  invisible to the users

Answer 63

Worm

Question 64

Types of Worms

Answer 64

*Internet Worms
*Email Worms
*Instant Messaging Worm
*File-sharing Worms

Question 65

• Can replicate themselves onto any computer being
  used to access the website in question
  *Distributed to other connected computers through the
  Internet and LAN connections

Answer 65

*Internet Worms

Question 66

*Have double extensions (eg. .mp4.exe; docx.exe;
pdf.exe)
*When victims click on the attachment, copies of the
same infected file will automatically be sent to
addresses from their contacts
*Body — might contain a link to fool the users to click;
taken to another website that will automatically start
downloading malicious software to the computer

Answer 66

*Email Worms

Question 67

Accompanied by short messages to trick the victim into thinking
of something
* If clicked, the exact same message will be sent to their contacts
* Can be solved by changing the password

Answer 67

*Instant Messaging Worm

Question 68

• File sharing and peer-to-peer file transfers are still used by
  millions of users
• Unknowingly exposing the computer to the threat
• Once downloaded and opened, an executable file (hidden) may
  be discreetly installed

Answer 68

*File-sharing Worms

Question 69

• Often disguised as legitimate software
• Employed by cyber-thieves and hackers trying to gain access to
  users’ system
• Users are tricked in some form of social engineering into loading
  and executing Trojans on their systems
• Once activated, cybercriminals can steal, spay and gain backdoor
  access to your system

Answer 69

Trojan Horse

Question 70

Types Trojan Horse

Answer 70

*Backdoor Trojan
* Exploit
*Rootkit
*Trojan-banker
* Trojan-DDOS
* Trojan-FakeAV
*Trojan-Dropper
*Trojan-GameThief
*Trojan-IM
*Trojan-Ransom
* Trojan-SMS
* Trojan-Spy
* Trojan-Mailfinder

Question 71

Trojan Horse

• Known as Trojan
• Often disguised as ——–

Answer 71

legitimate software

Question 72

*Unwanted software that infiltrates the computing device,
stealing internet usage data and sensitive information
*A type of malware designed to gain access to or damage
the computer, often without the knowledge
*Gathers information and relays it to advertisers, data firms
or external users

Answer 72

Spyware

Question 73

Types of Spyware

Answer 73

*Adware
*Tracking Cookies
* System Monitors

Question 74

• Tracks browser history and downloads, with the intent
  of predicting what products or services the user is
  interested in
  *Will display advertisements for the same or related
  products or services to entice the user to click or make
  a purchase
  *Used for marketing purposes and can slow down the
  computer

Answer 74

*Adware

Question 75

• Track users’ web activities (search history, downloads)
  for marketing purpose

Answer 75

*Tracking Cookies

Question 76

• Can capture everything the user does in the computer
• Can record all keystrokes, emails, chat-room dialogs,
  websites visited and programs run
  *Often disguised as freeware

Answer 76

• System Monitors

Question 77

*A subset of malware in which the data on the victim’s
computer is locked (encryption) and payment is
demanded before the ransomed data is unlocked
(decrypted)
*Attacks is nearly always monetary
* Payment is demanded in virtual currency (Bitcoin) so that
the cybercriminals identity will not be known

Answer 77

Ransomware

Question 78

• Can spread and infect in email attachments, infected
  software applications, infected external storage devices
  and compromised websites
  *Have remote desktop protocol and other approaches that
  do not rely on any form of user interaction

Answer 78

Ransomware

Question 79

*Will try and pose as security software or tech support
* Victim may receive pop-up notifications saying malware
has been discovered on the system
*Not responding may lead to more pop-ups

Answer 79

*Scareware

Question 80

*Designed to completely lock a user out of their
computer
* The victim may see what looks to be an official
government seal, leading the victim into believing they
are the subject of an official inquiry
*After notification, the victim is given instructions on
how to pay

Answer 80

*Screen Lockers (Lockers)

Question 81

*Attacker will gain access to and encrypt the data of the
victim, then ask for a payment to unlock the files
* There is no guarantee that the victim will get access to
their data back even if they will negotiate

Answer 81

*Encrypting Ransomware (Data Kidnapping)

Question 82

• Attacker threatens to publish the data online if the victim does
  not pay a ransom

Answer 82

*Doxware

Question 83

• Steal data from a phone or lock it and require a ransom to return
  the data or unlock the device

Answer 83

• Mobile ransomware

Question 84

*A collection of software tools that gives a threat actor
remote access to and control over a computer or other
system
*Open a backdoor on victim systems to introduce malicious
software
*Often attempt to prevent detection of malicious software
by endpoint antivirus software
*Once installed, a rootkit gives the remote actor access to
and control over almost every aspect of the operating
system

Answer 84

Rootkit

Question 85

*Designed to change the functionality of an operating
system
* Typically adds its own code and own data structure
* Many kernel mode rootkits exploit the fact that OSes
allow device drivers or loadable modules to execute
with the same level of system privileges as the OS
kernel

Answer 85

*Kernel Mode

Question 86

• Executes the same way as an ordinary user program
• may be initialized like other ordinary programs during system
  startup, or they may be injected into the system by a dropper

Answer 86

*User Mode Rootkit (Application Rootkit)

Question 87

• infects the master boot record of a hard drive or other storage
  device connected to the target system
• able to subvert the boot process and maintain control over the
  system after booting and, as a result, have been used
  successfully to attack systems that use full disk encryption.

Answer 87

• Bootkit (Bootloader Rootkit)

Question 88

*take advantage of software embedded in system
firmware and install themselves in firmware images
used by network cards, BIOS, routers or other
peripherals or devices.

Answer 88

*Firmware Rootkit

Question 89

*Keystroke loggers or system monitor
* a type of surveillance technology used to monitor and
record each keystroke typed on a specific
computer’s keyboard
* often used as a spyware tool by cybercriminals to
steal personally identifiable information (PII), login
credentials and sensitive enterprise data.

Answer 89

Keyloggers

Question 90

Keyloggers

*——– or ——–
* a type of surveillance technology used to monitor and
record each keystroke typed on a specific
computer’s keyboard

Answer 90

Keystroke loggers
system monitor

Question 91

may also be used by employers to observe employees’
computer activities, parents to supervise their children’s
internet usage, users to track possible unauthorized
activity on their devices or law enforcement agencies to
analyze incidents involving computer use

Answer 91

Keyloggers

Question 92

• serves as a connector between the computer keyboard and the
  computer
• designed to resemble an ordinary keyboard PS/2 connector, part
  of the computer cabling or a USB adaptor, making it relatively
  easy for someone who wants to monitor a user’s behavior to
  hide such a device
• may also come in the form of a module that is installed inside the
  keyboard itself

Answer 92

*Hardware-based Keylogger

Question 93

• does not require physical access to the user’s computer for
  installation
• someone who wants to monitor activity on a particular
  computer, or it can be malware downloaded unwittingly and
  executed as part of a rootkit or remote administration Trojan
  (RAT)

Answer 93

*Keylogger Software