Test 2

Question 1

T O F:
It is impossible for organizations to provide perfect security

Answer 1

True

Question 2

Define Security

Answer 2

can be defined as the degree of protection against criminal activity, danger, damage, or loss.

Question 3

Define Information Security

Answer 3

all of the processes and policies designed to protect an organization’s information and information systems (IS) from unauthorized access, use, disclosure, disruption, modification, or destruction

Question 4

Define a Threat to an information resource

Answer 4

A threat to an information resource is any danger to which a system may be exposed.

Question 5

Define the Exposure of an information resource

Answer 5

The exposure of an information resource is the harm, loss, or damage that can result if a threat compromises that resource

Question 6

Define an information resource’s vulunerability

Answer 6

An information resource’s vulnerability is the possibility that a threat will harm that resource.

Question 7

What are the 5 Key Facts contributing to the increasing vulnerability of organizational information resources

Answer 7

1.Today’s interconnected, interdependent, wirelessly networked business environment

2.Smaller, faster, cheaper computers and storage devices

3.Decreasing skills necessary to be a computer hacker

4.International organized crime taking over cybercrime

5.Lack of management support

Question 8

What are the 2 major categories of threats in information security?

Answer 8

The 2 major categories of threats are unintentional threats and deliberate threats.

Unintentional threats are acts performed without malicious intent

Question 9

Define Social Engineerings

Answer 9

An attack in which the perpetrator uses social skills to trick or manipulate legitimate employees into providing confidential company information, such as passwords

Question 10

Types of Social Engineering

Answer 10

Phone Calls- why weren’t u in court?

Physical- hey I’m with IT

Tailgating- following in 320 lol

Soulder Surfing- watch you put password on phone

Question 11

What are Fishing Attacks?

Answer 11

Phishing Attacks: use deception to acquire sensitive personal information by masquerading as official-looking e-mails, instant messages or te

Question 12

What are the types of fishing attacks

Answer 12

Spear Phishing Attacks: personalized phishing attacks that target specific individuals or organizations

Whaling Attacks: spear phishing towards high-value individuals to steal sensitive info from companies (usually targeting executives and HR departments)

Question 13

What are deliberate cyber threats?

Answer 13

Theft of Equipment or Information

Question 14

What are some examples of deliberate threats

Answer 14

Identity Theft

Compromises to Intellectual Property

Software Attacks

Ransomware

Doxxing

Bots/Denial of Service

Question 15

What is Malware

Answer 15

MALICIOUS software designed to wreak havoc

Question 16

Define Ransomware

Answer 16

Blocks access to an individual computer or an organization’s computer system/network

Question 17

Define Ransomware

Answer 17

Blocks access to an individual computer or an organization’s computer system/network

Question 18

Define Doxxing

Answer 18

cybercriminals threaten to release the data to the public (private / sensitive customer data).

Question 19

What is a bot master / bot herder?

Answer 19

Bot Master / Bot Herder- Person Over the Botnet
Bot: Infected Computer
Botnet: A bunch

Question 20

Alien Software (pestware)

Answer 20

Adware, spyware, Spamware, Keystroke lovers, screen scrapers, stalkerware

Question 21

What are some examples of alien software

Answer 21

Adware- Ads

Spyware – collects personal information about users without their consent.
Keystroke loggers (keyloggers) = records your keyboard strokes & internet browsing history
Screen scrapers = record a “movie” of screen contents and activities
Stalkerware = powerful surveillance functions which include keylogging, making screenshots, monitoring internet activity, recording location, recording video and
phone calls, and intercepting app (Skype, Facebook, WhatsApp, Snapchat iMessage,etc) communications

Question 22

What are SCADA attacks

Answer 22

Supervisory control and data acquisition (SCADA) attacks

Important infastructure

Used to monitor or to control chemical, physical, and transport processes – such as those used in oil refineries, water/sewage treatment plants, electrical generators, and power plants.

SCADA systems control equipment (open/close valves, pumps, pressure, flow, voltage, current, etc)

Think Utilities (power/water) or Nuclear Facility cyber attack

Question 23

What is cyberterrorism

Answer 23

Cyber attacks carried out by individuals or groups

Question 24

What is cyberwarfare

Answer 24

Cyber attack related to government

Question 25

What is information security

Answer 25

Information Systems are vulnerable to many potential hazards and threats. The 2 major categories of threats are unintentional threats and deliberate threats.

Question 26

What is the most common level of attacks

Answer 26

Phishing and spear phishing

Question 27

How Can Organizations Protect Against Malware / Ransomware & Other Threats?

Answer 27

Education Information Security Controls Risk Management

Question 28

What is the most valuable control for protecting against threats

Answer 28

The single most valuable control is user education and training. Effective and ongoing education makes every member of the organization aware of the vital importance of information security.

Question 29

What are the major types of information security controls

Answer 29

Physical controls Access controls Communication controls

Question 30

What does Access controls consist of

Answer 30

Prevent unauthorized individuals from using information resources (Passwords, Biometrics) Multi-factor authentication

Question 31

What is Encryption

Answer 31

Encryption: process of converting (scrambling) an original message into a form that cannot be read by anyone except the intended receiver

Question 32

What is Transport Layer Security (TLS):

Answer 32

secures transactions on the internet (credit card purchases/online banking); encrypts and decrypts data between a Web server and browser

Question 33

What is the goal of risk management

Answer 33

The goal of risk management is to identify, control, and minimize the impact of threats. Seeks to reduce risk to acceptable levels (impossible to eliminate all risk)

Question 34

What are the 3 most common Risk Mitigation strategies

Answer 34

Risk Acceptance: accept the potential risk, continue operating with no controls, and absorb any damages that occur Risk Limitation: limit the risk by implementing controls that minimize the impact of the threat Risk Transference: transfer the risk by using other means to compensate for the loss (buying insurance, 3rd party vendor)

Question 35

What is an common example of a wide area network (WAN)

Answer 35

INTERNET is a type of WIDE AREA NETWORK

Question 36

What is authentication

Answer 36

is that person supposed to be allowed to access the network

Question 37

What is authorization

Answer 37

they’re supposed to be here but what should they have access to?

Question 38

What is network protocols

Answer 38

How devices communicate with each other. For computers & devices to communicate with each other, they have a common set of rules and procedures – known as protocol Protocols dictate how data is formatted, transferred & received

Question 39

What are internet addresses

Answer 39

Each computer on the internet has an assigned address, called the IP address (internet protocol address) that distinguishes it from all other computers Your IP address is assigned to you when you login to a network or your service provider

Question 40

What is the internet backbone

Answer 40

Primary network connections that link fiber cables connecting the whole world