Module 2 quiz Flashcards
1
Q
With the removal of copyright protection mechanisms, software can be easily and illegally distributed and installed.
A
True
2
Q
- Compared to Website defacement, vandalism within a network is less malicious in intent and more public.
A
False
3
Q
- A worm requires another program is running before it can begin functioning.
A
False
4
Q
- Forces of nature, sometimes called Acts of God, can present some of the most dangerous threats because they usually occur with very little warning and are beyond the control of people.
A
True
5
Q
- When electronic information is stolen, the crime is readily apparent.
A
False
6
Q
- Organizations can use dictionaries to regulate password selection during the reset process and thus guard against easy-to-guess passwords.
A
True
7
Q
- As an organization grows, it must often use more robust technology to replace the security technologies it may have outgrown.
A
True
8
Q
- An advance-fee fraud attack involves the interception of cryptographic elements to determine keys and encryption algorithms.
A
False
9
Q
- A sniffer program can reveal data transmitted on a network segment, including passwords, the embedded and attached files—such as word-processing documents—and sensitive data transmitted to or from applications.
A
True
10
Q
- Media as a subset of information assets are the systems and networks that store, process, and transmit information.
A
True
11
Q
- Attacks conducted by scripts are usually unpredictable.
A
False
12
Q
- The information security function in an organization safeguards its technology assets.
A
False
13
Q
- An e-mail bomb is a form of DoS attack
A
True
14
Q
- When information gatherers employ techniques that cross a legal or ethical threshold, they are conducting______.
A
Industrial Espionage
15
Q
- Human errors or failure often can be prevented with training, ongoing awareness activities, and _____.
A
Controls
16
Q
- Web hosting services are usually arranged with an agreement defining minimum service levels known as a(n) _______.
A
SLA
17
Q
- The ______ hijacking attack uses IP spoofing to enable an attacker to impersonate another entity on the network.
A
TCP (Transmission Control Protocol)
18
Q
- A table of hash values and their corresponding plaintext values that can be used to look up password values if an attacker is able to steal a system’s encrypted password file is known as a(n)______.
A
Rainbow Table
19
Q
- A short-term interruption in electrical power availability is known as a ____.
A
Fault
20
Q
- A _____ is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time.
A
Distributed denial-of-service
21
Q
- The redirection of legitimate user Web traffic to illegitimate Web sites with the intent to collect personal information is known as _____.
A
Pharming
22
Q
- Hackers can be generalized into two skill groups: expert and _____
A
Novice
23
Q
- Microsoft acknowledged that if you type a res://URL (a Microsoft-devised type of URL) longer than ______ characters in Internet Explorer 4.0, the browser will crash.
A
256
24
Q
- The process of maintaining the confidentiality, integrity, and availability of data managed by a DBMS (Database Management System) is known as ______ security.
A
Database
25
Q
- In an ______ attack, the attacker sends a large number of connection or information requests to disrupt a target from a small number of sources.
A
denial-of-service
26
Q
- One form of online vandalism is ______ operations, which interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency.
A
hacktivist
27
Q
- Which of the following is an example of a trojan horse program?
A
Happy99.exe
28
Q
- ______ is the premeditated, politically motivated attacks against information, computer systems, computer programs, and data that result in violence against noncombatant targets by subnational groups or clandestine agents.
A
cyberterrorism
29
Q
- In the _____ attack, an attacker monitors (sniffs) packets from a network, modifies them, and inserts them back into the network.
A
man-in-the-middle
30
Q
- The average amount of time between hardware failures, calculated as the total amount of operation time for a specified number of units divided by the total number of failures, is known as ______.
A
mean-time-between-failures (MTBF)
31
Q
- Acts of ______ can lead to unauthorized real or virtual actions that enable information gatherers to enter premises or systems they have not been authorized to enter.
A
trespass
32
Q
- As frustrating as viruses and worms are, perhaps more money is spent on resolving virus _____.
A
hoaxes
33
Q
- ______ are malware programs that hide their true nature and reveal designed behavior only when activated.
A
trojan horses
34
Q
- A long-term interruption (outage) in electrical power availability is known as a(n) ____.
A
blackout
35
Q
- _____ is any technology that aids in gathering information about a person or organization without their knowledge.
A
spyware
36
Q
- Which of the following functions does information security perform for an organization?
A
- All of the above
Protecting the organization’s ability to function
Enabling the safe operation of applications implemented on the organization’s IT system Protecting the data the organization collects and uses.
37
Q
- ______are compromised systems that are directed remotely (usually by a transmitted command) by the attacker to participate in an attack.
A
Zombies (safe definition alos applies to bots)
38
Q
- The _____ data file contains hashed representations of the user’s password.
A
SAM (Security Account Manager)
39
Q
- Advanced-fee fraud is an example of an ____ attack.
A
Social Engineering
40
Q
- The average amount of time until the next hardware failure is known as ____.
A
mean-time-to-failure (MTTF)