MIDTERMS

Question 1

The need to secure the physical location of computer technology from outside threats

Answer 1

COMPUTER SECURITY

Question 2

German code machine Enigma in 1930’s.

Answer 2

ENIGMA

Question 3

During these early years infosec was a straightforward process composed predominantly of physical security and simple document classification scheme.

Answer 3

1930s

Question 4

During the cold War, many more mainframe computer were brought online to accomplish more complex and sophisticated tasks.

Answer 4

1960s

Question 5

-Developed the ARPANET
-Program plan June 3, 1968
PROGRAM PLAN
-Is the master document describing a major program.

Answer 5

DR. LARRY ROBERTS

Question 6

During the next decade ARPANET became more popular and saw wider use increasing the potential of misuse.

-Individual remote site did not have sufficient controls to protect data from unauthorized remote users.

-Vulnerability of password structure and formats

-Lack of safety procedures for dial-up connections

-Phone numbers were widely distributed.

Answer 6

1970s, and 1980s

Question 7

-Network security was commonly referred to as network security.

Answer 7

ARPANET

Question 8

-Creator of Ethernet
-Identified the fundamentals problems with ARPANET security (1973)

Answer 8

ROBERT METCALFE

Question 9

1990s

-The first global network of networks
-The internet brought connectivity to a virtually all computers that could reach a phone line or an internet connected LAN

Answer 9

INTERNET

Question 10

-The DEFCON conference was held in Las, Vegas.
-White Hats
-Black Hats
-Antivirus products became extremely popular

Answer 10

1993

Question 11

Law enforcement and security professionals

Answer 11

WHITE HATS

Question 12

-Internet brings millions of unsecured computer networks.
-Awareness of the need to improve InfoSec, as well as realization that InfoSec is important to National Defense

Answer 12

2000s – Present

Question 13

DUTIES OF PIC/PIP

Answer 13

• TRANSPARENCY
• PROTECTION
• DATA INTEGRITY
• LAWFUL PROCESSING

Question 14

RIGHTS OF DATA SUBJECT

Answer 14

• INFORMED CONSENT
• OBJECT
• ACCESS
• CORRECTION
• ERASURE
• DAMAGES
• DATA PORTABILITY

Question 15

Refers to a natural or juridical person, or any other body who controls the processing of personal data, or instructs another to process personal data on its behalf

Answer 15

PERSONAL INFORMATION CONTROLLER

Question 16

Refers to an individual (natural person) whose personal, sensitive personal, or privileged information is processed.

Answer 16

DATA SUBJECT

Question 17

Any and all forms of data which under the rules of court or other pertinent laws constituted privileged communication

Answer 17

PRIVILEGED INFORMATION

Question 18

Refers to any operation or any set of operation performed upon personal data such as collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data.

Answer 18

CONCEPT: PROCESSING

Question 19

Personal information whose leakage could impact the material well being of an individual is considered as sensitive PII

Answer 19

SENSITIVE PERSONAL INFORMATION

Question 20

Information directly attributable to an individual
* Name
* Home Address
* Phone Number

Answer 20

PERSONAL INFORMATION

Question 21

-The redirection of legitimate web traffic to an illegitimate site for the purpose of obtaining private information.

Answer 21

PHARMING

Question 22

An attempt to gain personal or financial information from an individual, usually by posing as a legitimate entity.

Answer 22

PHISHING

Question 23

The process of using skills to convince people to reveal access credentials or other valuable information to the attacker.

Answer 23

SOCIAL ENGINEERING

Question 24

An attacker routes large quantities of e-mail to the target.

Answer 24

MAIL BOMBING

Question 25

THE PRIVACY ECOSYSYEM

Answer 25

DATA Subject –Provide Personal Data
* Personal Information
* Sensitive Personal Information
* Privilege Information
-Personal Information Controller – outsources the processing
-Personal Information Processor – share data – third parties

Question 26

An attack is an act that takes advantage of a vulnerability to a compromise a controlled system.

Answer 26

ATTACK

Question 27

Is an identified weakness in a controlled system, where controls are not present or are no longer effective.

Answer 27

VULNERABILITY

Question 28

TCP Hijacking attack, an attacker monitors packets from a network, modifiers them, and inserts them back into the network.

Answer 28

MAN IN THE MIDDLE

Question 29

A technique used to gain unauthorized access to computers, wherein the intruder sends messages with a source IP address that has been forged to indicate that the messages are coming from a trusted host.

Answer 29

MAN IN THE MIDDLE