MIDTERM EXAM | LESSON 3-6 Flashcards

1
Q

a business policy that permits, and in some cases encourages, employees to use their own mobile devices

A

Bring Your Own Device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Common Computer Attacks/Type of Exploits

A

virus
worm
Trojan horse
spam
distributed denial-of-service
rootkit
phishing
spear-phishing
smishing
vishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

a piece of programming code, usually disguised as something else, that causes a computer to behave in an unexpected and usually undesirable manner.

A

Virus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

a harmful program that resides in the active memory of the computer and duplicates itself

A

Worms

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

a program in which malicious code is hidden inside a seemingly harmless program

A

Trojan Horse

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

a form of low-cost commercial advertising, sometimes for questionable products such as pornography, phony get-rich-quick schemes, and worthless stock

A

Spam

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

a malicious hacker takes over computers via the Internet and causes them to flood a target site with demands for data and other small tasks

A

Distributed Denial-of-Service (DDoS) Attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

is a set of programs that enables its user to gain administrator-level access to a computer without the end user’s consent or knowledge

A

rootkit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

is the act of fraudulently using email to try to get the recipient to reveal personal data.

A

Phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

a variation of phishing in which the phisher sends fraudulent emails to a certain organization’s employees. It is known as ____ because the attack is much more precise and narrow,

A

Spear-phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

another variation of phishing that involves the use of Short Message Service (SMS) texting

A

Smishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

a type of phishing attack where scammers use phone calls to trick individuals into revealing personal information

A

Vishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Types of Perpetrators

A

HACKERS
CRACKERS
MALICIOUS INSIDERS
INDUSTRIAL SPIES
CYBERCRIMINALS
HACKTIVISTS
CYBERTERRORISTS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Types of Perpetrators

Test limits of system and/or gain publicity

A

Hackers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Types of Perpetrators

Cause prob;em, steal data, and corrupt system

A

Crackers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Types of Perpetrators

Gain financially and/or disrupt company’s informatio and business operations

A

Malicious Insiders

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Types of Perptrator

Capture trade secrets and gain competitie advantage

A

Industrial Spies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Types of Perpetrators

Gain Financially

A

Cybercriminals

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Types of Perpetrators

Promote Political ideology

A

Hacktivists

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Types of Perpetrators

Destroy infrastructure componenent of financial institutions, utilities, and emergency response units

A

Cyberterrorrists

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Common Ethical Issues for IT Users

A
  • Software Piracy
  • Inappropriate Use of Computing Resources
  • Inappropriate Sharing of Information
22
Q

Creating an IT Usage Policy

A
  • Establishing Guidelines for Use of Company Software
  • Defining the Appropriate Use of IT Resources
  • Structuring Information Systems to Protect Data and Information
23
Q

Some employees use their computers to surf popular Web sites that have nothing to do with their jobs, participate in chat rooms, view pornographic sites, and play computer games.

A

Inappropriate Use of Computing Resources

24
Q

is hardware or software that serves as a barrier between an organization’s network and the Internet;

25
____ means to be in accordance with established policies, guidelines, specifications, or legislation
Compliance
26
Why Computer Incidents Are So Prevalent
* **I**ncreasing Complexity Increases Vulnerability * **V**irtualization * **H**igher Computer User Expectations * **E**xpanding and Changing Systems Introduce New Risks * **B**ring Your Own Device * **I**ncreased Reliance on Commercial Software with Known Vulnerabilities
27
The computing environment has become enormously complex. The number of possible entry points to a network expands continually **as more devices are added, increasing the possibility of security breaches.**
Increasing Complexity Increases Vulnerability
28
____ also introduces further complications into today’s computer environment. ____ software operates in a software layer that runs on top of the operating system.
Virtualization
29
As a result, computer help desks are under intense pressure to respond very quickly to users’ questions.
Higher Computer User Expectations
30
Business has moved from an era of stand-alone computers, in which critical data was stored on an isolated mainframe computer in a locked room, to an era in which personal computers connect to networks with millions of other computers, all capable of sharing information.
Expanding and Changing Systems Introduce New Risks
31
this practice raises many potential security issues as it is highly likely that such devices are also used for nonwork activity that exposes them to malware much more frequently than a device used strictly for business purposes
Bring Your Own Device
32
a method of computing that delivers secure, private, and reliable computing experiences based on sound business practices
Trustworthy computing
33
The security of any system or network is a combination of technology, policy, and people and requires a wide range of activities to be effective.
THIS STATEMENT IS TRUE
34
____ is the **process of assessing security-related risks** to an organization’s computers and networks **from both internal and external threats.**
Risk Assessment
35
A ____ **defines an organization’s security requirements**, as well as the **controls and sanctions** needed to meet those requirements.
security policy
36
A good security policy delineates responsibilities and the behavior expected of members of the organization. A security policy outlines what needs to be done but not how to do it.
TRUE STATEMENTS
37
The following is a partial list of the **templates available from the SANS Institute**:
* Ethics Policy * Information Sensitivity Policy * Risk Assessment Policy * Personal Communication Devices and Voice-mail Policy
38
template defines the **means to establish a culture of openness, trust, and integrity** in business practices.
Ethics Policy
39
This sample policy **defines the requirements for classifying and securing the organization’s information** in a manner **appropriate to its level of sensitivity.**
Information Sensitivity Policy
40
This template **defines the requirements** and provides the authority for the information security team **to identify, assess, and remediate risks** to the organization’s information infrastructure associated with conducting business.
Risk Assessment Policy
41
This sample policy describes **security requirements for personal communication devices and voice mail.**
Personal Communication Devices and Voice-mail Policy
42
# Educating Employees and Contract Workers Employees and contract workers must be educated about the importance of security so that they will be motivated to understand and follow the security policies.
TRUE STATEMENT
43
TOP RATED FIREWALL FOR PERSONAL COMPUTERS
* Norton 360 * Norton Internet Security * Kaspersky PURE 2.0 Total Security * Kaspersky Internet Security 2013 * Zone Alarm Extreme Security 2012 * Zone Alarm Free
44
____ is **software and/or hardware that monitors system and network resources and activities**, and **notifies network security personnel when it detects network traffic** that attempts to circumvent the security measures
intrusion detection system (IDS)
45
two fundamentally different approaches to intrusion detection
**Knowledge-based** approaches and **behavior-based** approaches
46
____ **contain information about specific attacks and system vulnerabilities** and watch for attempts to exploit these vulnerabilities
Knowledge-based IDS
47
**models normal behavior of a system** and its users from reference information collected by various means.
Behavior-based IDS
48
Antivirus software should be installed on each user’s personal computer to scan a computer’s memory and disk drives regularly for viruses.
TRUE STATEMENT
49
____ scans for a specific sequence of bytes, known as a virus signature, that indicates the presence of a specific virus.
Antivirus software
50
Conducting Periodic IT Security Audits Steps
* **D** etection * **R**esponse * **I**ncident Notification * **P**rotection of Evidence and Activity Logs * **I**ncident Containment * **E**radication * **I**ncident Follow-Up
51
____ is a **discipline that combines elements** of **law** and **computer science to identify, collect, examine, and preserve data** from computer systems
Computer Forensics
52
a violation is when **employees copy software from their work computer** to use at home
Sofrware Piracy