Lesson 2 Flashcards

1
Q

The primary mission of information security is to…

A

…ensure that systems and their contents remain the same.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the four (4) important factors of information security?

A

Protecting the Functionality of an Organization
Enabling Safe Operation
Protecting Data
Safeguard Technology Assets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Shared by general management and IT management; addresses infosec in terms of business impact.

A

Protecting the Functionality of the Organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Requires integrated, efficient, and capable applications; must protect critical applications (operating systems, electronic mail, instant messaging)

A

Enabling Safe Operation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Data provides record of transactions (e.g. banking), includes data in motion (online transactions) and data at rest (offline transactions).

A

Protecting Data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Must have secure infrastructure services.

A

Safeguard Technology Assets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

More complex; additional service for larger businesses.

A

Public Key Infrastructure (PKI)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the twelve (12) categories of threats?

A

Acts of Human Error or Failure
Compromise to Intel. Property
Deliberate Acts of Espionage
Deliberate Acts of Information Extortion
Deliberate Acts of Sabotage or Vandalism
Deliberate Acts of Theft
Deliberate Software Attacks
Forces of Nature
Deviations in Quality or Service
Technical Hardware Failures
Technical Software Failures
Technological Obsolence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Includes viruses, worms, Trojan horses, active web scripts, state-of-the-art (polymorphic or multivector worms, CERT, Symantec, etc. warnings), has attack vectors (IP scan and attack, web browsing, unprotected shares, mass mail).

A

Malicious Code

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Also referred to as trap doors; previously discovered access mechanisms to gain access to a system; left by system designers and maintenance staff; hard to detect.

A

Back Doors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Reverse-calculate a password; component of dictionary attacks.

A

Password Crack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Contains hashed representation of a user’s password.

A

Security Account Manager (SAM) File

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Also called password attack: trying every combination for a password.

A

Brute Force Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Uses a list of commonly used passwords instead of random combinations.

A

Dictionary Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Overloads target with requests.

A

Denial of Service (DoS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Sends many TCP connection requests; clogs server.

A

TCP SYN Flood Attack

17
Q

Uses compromised machines called zombies to attack the target system.

A

Distributed Denial of Service (DDoS)

18
Q

Sending messages to a computer using a source IP address that indicates the messages are coming from a trusted host.

A

Spoofing

19
Q

Also called TCP Hijacking Attack; attacker sniffs packets from the network, modifies them, then inserts them back into the network; uses IP spoofing to allow a hijacker to eavesdrop.

A

Man-in-the-Middle Attack

20
Q

Email DoS attack; social engineering and SMTP flaws.

A

Mail Bombing

21
Q

Also called packet sniffers; program or device that can monitor data traveling over a network.

A

Sniffers

22
Q

Using social skills to persuade people to reveal access credentials or other valuable information; impersonating someone higher; scam.

A

Social Engineering

23
Q

Includes war driving, garbage diving, and tapping; through the use of physical means.

A

(Illegal) Physical Access

24
Q

Illegal physical access through driving around, trying to catch a signal (can be wireless or non-wireless).

A

War Driving

25
Q

Illegal physical access through disposed documents.

A

Garbage Diving

26
Q

Illegal physical access through any cable that is not optical.

A

Tapping

27
Q

Uses buffers; attackers can take advantage of this to cause unintended side effects.

A

Buffer Overflow

28
Q

Used for data storage on a logical level (AKA queue in networking); implemented as arrays.

A

Buffer

29
Q

Something bad happens when a certain time is reached; explores browser cache.

A

Timing Attack

30
Q

A process of systematically scanning a computer system or network to identify open ports and services available on a host.

A

Port Scanning