40 terms

Network Security Chapter 1 & 2

Each of the following is a reason why it is difficult to defend against today's attackers except
A. complexity of attack tools
B. weak patch distribution
C. greater sophistication of attacks
D. delays in patching hard work software products

Answer: A
In a general sense "security" is
the necessary steps to protect a person or property from harm
ensures that only authorized parties can view the information.
Each of the following is a successive layer in which information security is achieved except for :
A. products
B. purposes
C. procedures
D. people

Answer: B
Threat agent
is a person or thing that has the power to carry out a threat
ensures that the individual is who they claim to be
Each of the following is a goal for information security except :
A. Foil cyberterrorism
B. Avoid legal consequences
C. Decrease user productivity
D. Prevent data theft

Answer: C
Health Insurance Portability and Accountability Act (HIPAA)
requires that enterprises must guard protected health information and implement polices and procedures to safeguard it
attackers can significantly disrupt business and person activities by destroying a few targets. Utility companies, telecommunications, and financial services are considered prime targets
After an attacker probed a network for information the next step is to :
penetrate any defenses
security principle demonstrated in an organization that purchased security products from different vendors
Each of the following can be classified as an "insider" except :
A. business partners
B. contractors
C. cybercriminals
D. employees

Answer: C
are a network of attackers, identity thieves and financial fradusters
Characteristics of cybercriminals
(1) better funded
(2) less risk-averse
(3) high motivation
(4) more tenacious
Characteristics of cybercrime
(1) Targeted attacks against financial networks
(2) Unauthorized access to information
(3) Theft of personal information
is a software defect in an operating system that allows an unauthorized user to gain access to a computer without a password.
Gramm-Leach-Bliley Act (GLBA)
requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information and to protect all electronic and paper containing personally identifiable financial information.
is sometimes used to identify anoyone who illegally breaks into a computer system
is not revealing the type of computer, operating system, software, and network connection a computer uses.
Chief Information Security Office (CISO)
is primarily responsible for assessment, management and implementation of security
requires a user to transport it from one computer to another
Each of the following is an action that a virus can take
(1) Cause a computer to crash
(2) Erase files from a hard drive
(3) Make multiple copies of itself and consumed all of the free space in a hard drive
Types of computer viruses
(1) Program virus
(2) Macro virus
(3) Boot Virus

-Remote is not a virus
Li downloads a program that prints out coupons but in the background it silently collects her passwords. Li has actually downloaded a(n)
To completely remove a rootkit from a computer you should :
reformat the hard drive and reinstall the operating system
Each of the following could be a logic bomb:
(1) Erase all data if John Smith's name is removed from the list of employees
(2) Reformat the hard drive three months after Susan Jones left the company
(3) If the company's stock price drops below $10 then credit Jeff Brown with ten additional years of retirement credit
GIF laying
is an image spam that is divided into multiple images and each piece of the message is divided and then layered to create a complete and legible message
is a general term used for describing software that gathers information without the user's consent
Each of the following is true regarding a keylogger:
(1) Hardware keyloggers are installed between the keyboard connector and computer keyboard or USB port
(2) Software keyloggers are difficult to detect
(3) Keyloggers can be used to capture passwords, credit card numbers, or personal information
(4) Software keyloggers can be designed to automatically send captured information back to the attacker through the Internet
Hypertext Transport Protocol (HTTP)
the preferred method today of bot herders for command and control of zombies
is a social engineering technique that uses flattery on a victim
sends phishing messages only to wealthy individuals
is unsolicited instant messaging
Erin pretends to be a manager from another city and calls Nick to trick him into giving to her his password. What social engineering attack has Erin performed?
How can an attacker use a hoax?
A hoax could convince a user that a bad Trojan is circulating and that he should change his security settings.
Which of the following is not an item that could be retrieved through dumpster diving that would provide useful information?
(1) Calendars
(2) Memos
(3) Organizational charts
(4) Books
is following an authorized person through a secure door.
Each of the following is the reason why adware is scorned :
(1) It displays objectionable content
(2) It can cause a computer to crash or slow down
(3) It can interfere with a user's productivity
Bot herder
an attacker who controls multiple zombies in a botnet
Shoulder surfing
someone observing a user from a distance who enters a keypad code