MIDTERM EXAM | LESSON 3-6

Question 1

a business policy that permits, and in some cases encourages, employees to use their own mobile devices

Answer 1

Bring Your Own Device

Question 2

Common Computer Attacks/Type of Exploits

Answer 2

virus
worm
Trojan horse
spam
distributed denial-of-service
rootkit
phishing
spear-phishing
smishing
vishing

Question 3

a piece of programming code, usually disguised as something else, that causes a computer to behave in an unexpected and usually undesirable manner.

Answer 3

Virus

Question 4

a harmful program that resides in the active memory of the computer and duplicates itself

Answer 4

Worms

Question 5

a program in which malicious code is hidden inside a seemingly harmless program

Answer 5

Trojan Horse

Question 6

a form of low-cost commercial advertising, sometimes for questionable products such as pornography, phony get-rich-quick schemes, and worthless stock

Answer 6

Spam

Question 7

a malicious hacker takes over computers via the Internet and causes them to flood a target site with demands for data and other small tasks

Answer 7

Distributed Denial-of-Service (DDoS) Attacks

Question 8

is a set of programs that enables its user to gain administrator-level access to a computer without the end user’s consent or knowledge

Answer 8

rootkit

Question 9

is the act of fraudulently using email to try to get the recipient to reveal personal data.

Answer 9

Phishing

Question 10

a variation of phishing in which the phisher sends fraudulent emails to a certain organization’s employees. It is known as ____ because the attack is much more precise and narrow,

Answer 10

Spear-phishing

Question 11

another variation of phishing that involves the use of Short Message Service (SMS) texting

Answer 11

Smishing

Question 12

a type of phishing attack where scammers use phone calls to trick individuals into revealing personal information

Answer 12

Vishing

Question 13

Types of Perpetrators

Answer 13

HACKERS
CRACKERS
MALICIOUS INSIDERS
INDUSTRIAL SPIES
CYBERCRIMINALS
HACKTIVISTS
CYBERTERRORISTS

Question 14

Types of Perpetrators

Test limits of system and/or gain publicity

Answer 14

Hackers

Question 15

Types of Perpetrators

Cause prob;em, steal data, and corrupt system

Answer 15

Crackers

Question 16

Types of Perpetrators

Gain financially and/or disrupt company’s informatio and business operations

Answer 16

Malicious Insiders

Question 17

Types of Perptrator

Capture trade secrets and gain competitie advantage

Answer 17

Industrial Spies

Question 18

Types of Perpetrators

Gain Financially

Answer 18

Cybercriminals

Question 19

Types of Perpetrators

Promote Political ideology

Answer 19

Hacktivists

Question 20

Types of Perpetrators

Destroy infrastructure componenent of financial institutions, utilities, and emergency response units

Answer 20

Cyberterrorrists

Question 21

Common Ethical Issues for IT Users

Answer 21

• Software Piracy
• Inappropriate Use of Computing Resources
• Inappropriate Sharing of Information

Question 22

Creating an IT Usage Policy

Answer 22

• Establishing Guidelines for Use of Company Software
• Defining the Appropriate Use of IT Resources
• Structuring Information Systems to Protect Data and Information

Question 23

Some employees use their computers to surf popular Web sites that have nothing to do with their jobs, participate in chat rooms, view pornographic sites, and play computer games.

Answer 23

Inappropriate Use of Computing Resources

Question 24

is hardware or software that serves as a barrier between an organization’s network and the Internet;

Answer 24

Firewall

Question 25

____ means to be in accordance with established policies, guidelines, specifications, or legislation

Answer 25

Compliance

Question 26

Why Computer Incidents Are So Prevalent

Answer 26

* **I**ncreasing Complexity Increases Vulnerability * **V**irtualization * **H**igher Computer User Expectations * **E**xpanding and Changing Systems Introduce New Risks * **B**ring Your Own Device * **I**ncreased Reliance on Commercial Software with Known Vulnerabilities

Question 27

The computing environment has become enormously complex. The number of possible entry points to a network expands continually **as more devices are added, increasing the possibility of security breaches.**

Answer 27

Increasing Complexity Increases Vulnerability

Question 28

____ also introduces further complications into today’s computer environment. ____ software operates in a software layer that runs on top of the operating system.

Answer 28

Virtualization

Question 29

As a result, computer help desks are under intense pressure to respond very quickly to users’ questions.

Answer 29

Higher Computer User Expectations

Question 30

Business has moved from an era of stand-alone computers, in which critical data was stored on an isolated mainframe computer in a locked room, to an era in which personal computers connect to networks with millions of other computers, all capable of sharing information.

Answer 30

Expanding and Changing Systems Introduce New Risks

Question 31

this practice raises many potential security issues as it is highly likely that such devices are also used for nonwork activity that exposes them to malware much more frequently than a device used strictly for business purposes

Answer 31

Bring Your Own Device

Question 32

a method of computing that delivers secure, private, and reliable computing experiences based on sound business practices

Answer 32

Trustworthy computing

Question 33

The security of any system or network is a combination of technology, policy, and people and requires a wide range of activities to be effective.

Answer 33

THIS STATEMENT IS TRUE

Question 34

____ is the **process of assessing security-related risks** to an organization’s computers and networks **from both internal and external threats.**

Answer 34

Risk Assessment

Question 35

A ____ **defines an organization’s security requirements**, as well as the **controls and sanctions** needed to meet those requirements.

Answer 35

security policy

Question 36

A good security policy delineates responsibilities and the behavior expected of members of the organization. A security policy outlines what needs to be done but not how to do it.

Answer 36

TRUE STATEMENTS

Question 37

The following is a partial list of the **templates available from the SANS Institute**:

Answer 37

* Ethics Policy * Information Sensitivity Policy * Risk Assessment Policy * Personal Communication Devices and Voice-mail Policy

Question 38

template defines the **means to establish a culture of openness, trust, and integrity** in business practices.

Answer 38

Ethics Policy

Question 39

This sample policy **defines the requirements for classifying and securing the organization’s information** in a manner **appropriate to its level of sensitivity.**

Answer 39

Information Sensitivity Policy

Question 40

This template **defines the requirements** and provides the authority for the information security team **to identify, assess, and remediate risks** to the organization’s information infrastructure associated with conducting business.

Answer 40

Risk Assessment Policy

Question 41

This sample policy describes **security requirements for personal communication devices and voice mail.**

Answer 41

Personal Communication Devices and Voice-mail Policy

Question 42

# Educating Employees and Contract Workers Employees and contract workers must be educated about the importance of security so that they will be motivated to understand and follow the security policies.

Answer 42

TRUE STATEMENT

Question 43

TOP RATED FIREWALL FOR PERSONAL COMPUTERS

Answer 43

* Norton 360 * Norton Internet Security * Kaspersky PURE 2.0 Total Security * Kaspersky Internet Security 2013 * Zone Alarm Extreme Security 2012 * Zone Alarm Free

Question 44

____ is **software and/or hardware that monitors system and network resources and activities**, and **notifies network security personnel when it detects network traffic** that attempts to circumvent the security measures

Answer 44

intrusion detection system (IDS)

Question 45

two fundamentally different approaches to intrusion detection

Answer 45

**Knowledge-based** approaches and **behavior-based** approaches

Question 46

____ **contain information about specific attacks and system vulnerabilities** and watch for attempts to exploit these vulnerabilities

Answer 46

Knowledge-based IDS

Question 47

**models normal behavior of a system** and its users from reference information collected by various means.

Answer 47

Behavior-based IDS

Question 48

Antivirus software should be installed on each user’s personal computer to scan a computer’s memory and disk drives regularly for viruses.

Answer 48

TRUE STATEMENT

Question 49

____ scans for a specific sequence of bytes, known as a virus signature, that indicates the presence of a specific virus.

Answer 49

Antivirus software

Question 50

Conducting Periodic IT Security Audits Steps

Answer 50

* **D** etection * **R**esponse * **I**ncident Notification * **P**rotection of Evidence and Activity Logs * **I**ncident Containment * **E**radication * **I**ncident Follow-Up

Question 51

____ is a **discipline that combines elements** of **law** and **computer science to identify, collect, examine, and preserve data** from computer systems

Answer 51

Computer Forensics

Question 52

a violation is when **employees copy software from their work computer** to use at home

Answer 52

Sofrware Piracy