Midterms Flashcards

1
Q

this stands for malicious software. it is designed to gain access to a computer without the consent of the user

A

malware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

they perform unwanted tasks in the host computer for the benefit of a third party

A

malware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

special type of malware used for forced advertising. supported by the organizations whose products are advertised

A

adware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

malicious software downloaded along with the free software on the internet and installed in the computer without the user’s knowledge.

A

browser hijacking software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

this modifies the browsers setting and redirect links to other unintentional sites

A

browser hijacking software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

installed in the target computer with or without the user permission and is designed to steal sensitive information from the target machine

A

spyware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

this is a malicious code written to damage/harm the computer by deleting or appending a file, occupying memory space through code replication, slow down the performance of the computer, format the computer, etc…

A

virus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

true or false: virus can be spread via email attachment, pen drives, digital images, e-greeting, audio, or video clips

A

true

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

true or false: a virus may be present in a computer but it cannot activate itself without human intervention or when the executable file (.exe) is executed

A

true

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

this virus can replicate itself and doesn’t need human intervention to travel over the network and spread from the infected machine to the whole network; can spread through the network, using the loopholes of the OS or via email

A

worms

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

the replication and spreading of the ____ over the network consume the network resources like space and bandwidth and force the network to choke

A

worm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

this is a malicious code that is installed in the computer by pretending to be useful software. this not only damages the computer but also creates a backdoor in the computer so it can be controlled by a remote computer

A

trojan horse

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

this can become part of botnet (robot-network) or a network of computers infected by malicious code and controlled by a central controller

A

trojan horse

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

the computers infected by trojan horse are known as

A

zombies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

true or false: trojans neither infect other computers in the network nor do they replicate

A

true

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

networks of hijacked computer devices used to carry out various scams and cyberattacks. these automate mass attacks, such as data theft, server crashing, and malware distribution

A

botnet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

botnet is formed using two words

A

robot and network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

while surfing the internet, suddenly a pop-up alert appears in the screen which warns the presence of dangerous virus, spyware, etc., and urges the user to download the full paid version of the software to fix the problem

A

scareware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

as the user downloads the malicious code, their computer is held hostage until the ransom is paid. the malicious code can neither be uninstalled nor used until the ransom is paid

A

scareware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

when was the internet born

A

1960’s; access is limited to scientists, researchers, and the defense only

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

when was the internet launched to the public

A

1996

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

this is used to describe an unlawful activity in which computer or computing devices, such as smartphones, tablets, personal digital assistants are used as a tool for criminal activity

A

cyber crime

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

this is often committed by the people of destructive and criminal mindset, either for revenge, greed or adventure

A

cyber crime

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

an attack to the network or computer by some person with authorized system access

A

insider attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

performed by dissatisfied or unhappy inside employees or contractors; motivation can be revenger or greed

A

insider attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

true or false: it is easy for an insider to perform a cyber attack as he is well aware of the policies, processes, IT architecture, and wellness of the security system

A

true

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

the insider attack could be prevented by planning and installing an _________ (IDS) in the organization

A

intrusion detection systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

the attacker is either hired by an insider or an external entity to the organization

A

external attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

cyber attacks can be classified as?

A

structure attacks and unstructured attacks base don the level of maturity of the attacker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

generally performed by amateurs who don’t have any predefined motives to perform the cyber attack; they test a tool available on the internet on the network of a random company

A

unstructured attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

performed by highly skilled and experienced people and the motives are clear in their mind; use tools that can’t be noticed by intrusion detection systems

A

structure attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

true or false: cyber crimes have turned out to be low investment, low-risk business with huge returns

A

true

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

people are motivated towards committing cyber crime to make quick and easy money

A

money

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

some people try to take revenge with other person/organizations/society/or religion by defaming its reputation or bringing economical or physical loss; comes under the category of cyber terrorism

A

revenge

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

one can have pride if they hack highly secured networks like defense sites or networks

A

recognition

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

the anonymity that a cyber space provides motivate cyber crimes; it is easier to get away with criminal activity in cyber space than the real word

A

anonymity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

the government itself is involved in cyber trespassing to keep eye on other person/network/country; the reason could be politically, economically, or socially motivated

A

cyber espionage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

this is an act of stalking, harassing or threatening someone using internet/computer as a medium; this is often done to defame a person using the internet as it offers anonymity; behavior includes false accusations, threats, sexual exploitation to minors, monitoring, etc…

A

cyber stalking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

an act of possessing image or video of a minor (under 18) engaged in sexual conduct

A

child pornography

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

use of computer to forge or counterfeit a document

A

forgery and counterfeiting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

true or false: because of the internet, it is possible to produce counterfeit that matches the original document to such an extent that it is not possible to judge the authenticity of the document without expert judgement

A

true

43
Q

this is an illegal reproduction and distribution for personal use or business. it comes under crime related to IPR infringement

A

software piracy and crime related to IPRs

44
Q

it is defined as the use of computer resources to intimidate or coerce government, the civilian population in furtherance of political or social objectives

A

cyber terrorism

45
Q

process of acquiring personal and sensitive information (identity theft) of an individual via email by disguising as a trustworthy entity in an electronic communication

A

phishing

46
Q

if a telephone is used as a medium for identity theft, it is known as _______

A

Vishing

47
Q

This uses SMS to lure customers or steal their personal information

A

Smishing

48
Q

the act of physical destroying computer resources using physical force or malicious code

A

computer vandalism

49
Q

practice of modifying computer hardware and software to accomplish a goal outside the creator’s original purpose

A

computer hacking

50
Q

persons who hack the system to find security vulnerabilities of a system and notify to the organizations so that a preventive action can be taken to protect the system from outside hackers; may be paid employee of an organization or a freelancer

A

white hat

51
Q

white hat are popularly known as

A

ethical hackers

52
Q

hack the system with ill intentions. they find security loopholes and exploit the system for personal or organizational benefits until the organization who’s hacked apply security patches

A

black hat

53
Q

black hat hackers are popularly known as

A

crackers

54
Q

they find out security vulnerabilities and report to the site administrators and offer the fix of the security bug for a consultancy fee

A

grey hat

55
Q

someone outside computer security consulting firms who bug-test a system prior to its launch, looking for exploits so they can be closed

A

blue hat

56
Q

true or false: the organization can sue the hacker, if found, for the sum of more than or equivalent to the loss borne by the organization

A

true

57
Q

sending of unsolicited and commercial bulk message over the internet is known as

A

spamming

58
Q

the email is not targeted to one particular person but to a large number of people

A

mass mailing

59
Q

the real identity of the person is not known

(spamming)

A

anonymity

60
Q

the email is neither expected nor requested for the recipient

A

unsolicited

61
Q

an activity involving injecting a malicious client side script into a trusted website. the information gained can be used for financial benefits or physical access to a system for personal interest

A

cross-site scripting

62
Q

cyber criminals lure the customers to online auction fraud schemes which often lead to either overpayment of the product or the item is never delivered once the payment is made

A

online auction fraud

63
Q

an act reserving the domain names of someone else’s trademark with intent to sell it afterwards to the organization who is the owner of the trademark at a higher price

A

cyber squatting

64
Q

malicious code inserted into legitimate software, in which the malicious action is triggered by some specific condition. this can either destroy the information stored in the system or make system unusable

A

logic bombs

65
Q

hacker gains access to a website of an organization and either blocks it or modify it to serve political, economical, or social interest

A

web jacking

66
Q

examples of web jacking

A
  • educational institutes were hacked by pakistani hackers and an animation which contains pakistani flags were flashed in the homepage of these websites
  • indian hackers hacked website of pakistani railways and flashed indian flag for several hours on the occasion of independencce day of india in 2014
67
Q

hacking the username and password of ISP of an individual and surfing the internet at his cost

A

internet time theft

68
Q

a cyber attack in which the network is chocked and often collapsed by flooding it with useless traffic and thus preventing the legitimate network traffic

A

denial of service attack

69
Q

an attack which proceeds with small increments and finally add up to lead to a major attack, like gaining access to online banking of an individual and withdrawing small amounts unnoticed by the owner

A

salami attack

70
Q

a practice of changing the data before its entry into the computer system.

A

data diddling

71
Q

DA or the basic salary of the person is changed in the payroll data of an individual for pay calculation. once the salary is calculated and transferred to his account, the total salary is replaced by his actual salary in the report

A

data diddling

72
Q

a process of changing the header information of an email so that its original source is not identified and it appears to an individual at the receiving end that the email has been originated from source other than the original source

A

email spoofing

73
Q

a process of identifying an individual and ensuring that the individual is the same who he/she claims to be.

A

authentication

74
Q

what is the typical method for authentication over the internet

A

username and password

75
Q

it is a password which can be used one time only and is sent to the user as an SMS or an email at the mobile number/email address that they have specified during the registration process

A

one time password

76
Q

this is a known two-factor authentication method and requires two type of evidence to authenticate an individual to provide an extra layer of security for authentication

A

one time password

77
Q
A
77
Q

biometric data and physical token are examples of

A

two-way authentication/two-factor authentication

78
Q

the process of giving access to an individual to certain resources based on the credentials of an individual is known as

A

authorization

79
Q

this combines both the username and password along with hardware security measures like biometric system

A

hybrid authentication system

80
Q

a method to provide secure access via hybrid security authentication to the company network over the internet

A

Virtual Private Network (VPN)

81
Q

a technique to convert the data in unreadable form before transmitting it over the internet

A

encryption

82
Q

a technique to lock the data by converting it to complex codes using mathematical algorithms

A

encryption

83
Q

the decoding of the complex code to original text using key is known as

A

decryption

84
Q

if the same key is used to lock and unlock the data, it is known as

A

symmetric key encryption

85
Q

the key used to encrypt and decrypt data are different; every user possess two keys: public and private key

A

asymmetric key encryption

86
Q

provide a situational example of asymmetric encryption

A

A will encrypt the message using B’s public key, as the public key is known to everyone. Once the message is encrypted, the message can safely be sent over to B through the internet. As soon as the message is received by B, he will use his private key to decrypt the message and regenerate the original message

87
Q

a technique to validate data and is also used for authentication; this is created by encrypting the data with the private key of the sender, then the encrypted data is attached with the original message. the receiver can decrypt the signature with the public key of the sender, then if the decrypted message is same with the original message, the data is not tampered and the authenticity of the sender is verified

A

digital signatures

88
Q

a special program designed to protect the system against virus. it not only prevents the malicious code to enter the system but also detects and destroys the malicious code that is installed into the system

A

antivirus

89
Q

a hardware/software which acts as a shield between an organization’s network and the internet and protects it from threats like virus, malware, hackers, etc.; it limits the people who can have access to your network

A

firewall

90
Q

example of hardware firewalls

A

routers

91
Q

firewalls installed on the server and client machines and acts as a gateway to the organization’s network

A

software firewalls

92
Q

true or false: the firewalls can be configured to follow rules and policies and based on these defined rules the firewalls can follow the following filtering mechanisms

A

true

93
Q

all the outbound traffic is routed through these for monitoring and controlling the packet that are routed out of the organization

A

proxy

94
Q

based on the rules defined in the policies, each packet is filtered by their type, port information, source, and destination information. for example. ip address, domain names, port numbers, protocols

A

packet filtering

95
Q

the outgoing/incoming packets are judged based on defined characteristics only instead of going through all the field of a packet

A

stateful inspection

96
Q

a technique of hiding secret messages in a document file, image file, and program or protocol, such that embedded message is invisible and can be retrieved using special software

A

steganography

97
Q

this is a fundamental system in case of a mishap where data is inadvertently lost or corrupted from original system

A

data recovery

98
Q

data is backed up on a full-scale and recovered back from the same

A

full back up

99
Q

only changed or newly added data is backed up subsequently after the last full or incremental backup; recovery is made with the help of last full backup and all incremental backups performed everyday from the date of last full backup

A

incremental backup

100
Q

only changed or newly added data is backed up after last full or differential backup but changes made in the previous differential backup are updated in the next differential backup

A

differential backup

101
Q

this defines the threshold limits of a system in terms of time needed to restore an application and allowable limit of data loss

A

recovery time objective and recovery point objective

102
Q

aob means

A

age of backup

103
Q

speeds at which data is backed up and restored

A

time taken to backup and time taken to recover

104
Q

measured in terms of cost for infrastructure, operations, and maintenance

A

total cost of ownership