Flashcards in 1200 Deck (100):
An organization that purchased security products from different vendors is demonstrating which security principle? A. obscurity B. diversity C. limiting D. layering
Each of the following can be classified as an "insider" except __________. A. business partners B. contractors C. cybercriminals D. employees
__________ are a network of attackers - identify thieves - and financial fraudsters. A. script kiddies B. hackers C. cybercriminals D. spies
Each of the following is a characteristic of cybercriminals except __________. A. better funded B. less risk-averse C. low motivation D. more tenacious
C. low motivation
Each of the following is a characteristic of cybercrime except __________. A. targeted attacks against financial networks B. exclusive use of worms and viruses C. unauthorized access to information D. theft of personal information
B. exclusive use of worms and viruses
An example of a(n) ___________ is a software defect in an operating system that allows an unauthorized user to gain access to a computer without a password. A. threat agent B. threat C. vulnerability D. asset exploit (AE)
__________ requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information and to protect all electronic and paper documents containing personally identifiable financial information. A. California Savings and Loan Security Act (CS&LSA) B. Gramm-Leach-Bliley Act (GLBA) C. USA Patriot Act D. Sarbanes-Oxley Act (Sarbox)
B. Gramm-Leach-Bliley Act (GLBA)
The term __________ is sometimes used to identify anyone who illegally breaks into a computer system. A. hacker B. cyberterrorist C. Internet Exploiter D. cyberrogue
An example of __________ is not revealing the type of computer - operating system - software - and network connection a computer uses. A. obscurity B. limiting c. diversity D. layering
The __________ is primarily responsible for assessment - management - and implementation of security. A. security manager B. security administrator C. Chief Information Security Officer (CISO) D. security technician
C. Chief Information Security Officer (CISO)
List the 3 protections or CIA.
List the 3 sets of protections that must be implemented to secure information or AAA.
List the 3 information security layers.
A software program that delivers advertising content in a manner that is unexpected and unwanted by the user.
Software code that gives access to a program or a service that circumvents normal security protections.
A logical computer network of zombies under the control of an attacker.
A malicious computer code that - like its biological counterpart - reproduces itself on the same computer.
Computer Virus (Virus)
The act of digging through trash receptacles to find information that can be useful in an attack.
A false warning.
An attack that creates a fictitious character and then plays out the role of that person on a victim.
Captures and stores each keystroke that a user types on the computer's keyboard.
Computer code that lies dormant until it is triggered by a specific logical event.
Software that enters a computer system without the user's knowledge or consent and then performs an unwanted - and usually harmful - action.
A phishing attack that automatically redirects the user to a fake site.
Sending an email or displaying a Web announcement that falsely claims to be form a legitimate enterprise in an attempt to trick the user into surrendering private information.
A set of software tools used by an attacker to hide the actions or presence of other types of malicious software.
Watching an authorized user enter a security code on a keypad.
A means of gathering information for an attack by relying on the weaknesses of individuals.
A phishing attack that targets only specific users.
A variation of spam - which targets instant messaging users instead of email users.
A general term used to describe software that spies on users by gathering information without consent - thus violating their privacy.
The act of unauthorized individuals entering a restricted-access building by following an authorized user.
An executable program advertised as performing one activity - but actually does something else (or it may perform both the advertised and malicious activities).
Trojan Horse (Trojan)
A phishing attack that uses a telephone call instead of using email.
A phishing attack that targets only wealthy individuals.
Horizontally separating words so that they can still be read by the human eye.
A malicious program designed to take advantage of a vulnerability in an application or an operating system in order to enter a computer and then self-replicate to other computers.
A __________ requires a user to transport it from one computer to another. A. worm B. rootkit c. virus d. trojan
Each of the following is an action that a virus can take except __________. A. transport itself through the network to another device B. cause a computer to crash C. erase files for a hard drive D. make multiple copies of itself and consume all of the free space in a hard drive
A. transport itself through the network to another device
Each of the following is a different type of computer virus except ___________. A. program virus B. macro virus C. remote virus D. boot virus
C. remote virus
Li downloads a program that prints coupons - but in the background it silently collects her passwords. Li has actually downloaded a __________. A. virus B. worm C. Trojan D. logic bomb
To completely remove a rootkit from a computer - you should __________. A. flash the ROM BIOS B. erase and reinstall all fires in the WINDOWS folder C. expand the Master Boot Record D. reformat the hard drive and reinstall the operating system
D. reformat the hard drive and reinstall the operating system
Each of the following could be a logic bomb except ___________. A. erase all data if John Smith's name is removed from the list of employees. B. reformat the hard drive three months after Susan Jones left the company C. send spam e-mail to all users D. if the company's stock price drops below $10 - then credit Jeff Brown with 10 additional years of retirement credit
C. send spam e-mail to all users
C. GIF layering A. Word splitting B. Geometric variance
D. if the company's stock price drops below $10 - then credit Jeff Brown with 10 additional years of retirement credit
__________ is an image spam that is divided into multiple images - and each piece of the message is divided and then layered to create a complete and legible message. A. Word splitting B. Geometric variance C. GIF layering D. Split painting
C. GIF layering
__________ is a general term used for describing software that gathers information without the user's consent. A. Adware B. Scrapeware C. Pullware D. Spyware
Each of the following is true regarding a keylogger except __________. A. hardware keyloggers are installed between the keyboard connector and computer keyboard or USB port B. software keyloggers are easy to detect C. keyloggers can be used to capture passwords - credit card numbers - or personal information D. software keyloggers can be designed to send captured information automatically back to the attacker through the Internet
B. software keyloggers are easy to detect
The preferred method today of bot herders for command and control of zombies is to use __________. A. Internet Relay Chat (IRC) B. e-mail C. Hypertext Transport Protocol (HTTP) D. spam
C. Hypertext Transport Protocol (HTTP)
Which of the following is a social engineering technique that uses flattery on a victim? A. Conformity B. Friendliness C. Fear D. Ingratiation
__________ sends phishing messages only to wealthy individuals. A. Spear phishing B. Target phasing C. Microing D. Whaling
__________ is unsolicited instant messaging. A. Spam B. Vishing C. SMS Phishing (SMS-P) D. Spim
Erin pretends to be a manager from another city and calls Nick to trick him into giving her his password. What social engineering attack has Erin performed? A. Aliasing B. Luring C. Impersonation D. Duplicity
How can an attacker use a hoax? A. A hoax could convince a user that a bad Trojan is circulating and that he should change his security settings. B. By sending out a hoax - an attacker can convince a user to read his e-mail more often. C. A user who receives multiple hoaxes could contact his supervisor for help. D. Hoaxes are not used by attackers today.
A. A hoax could convince a user that a bad Trojan is circulating and that he should change his security settings.
Which of the following is not an item that could be retrieved through dumpster diving that would provide useful information? A. Calendars B. Memos C. Organizational Charts D. Books
__________ is the following of an authorized person through a secure door. A. Tagging B. Tailgating C. Social Engineering Following (SEF) D. Backpacking
Each of the following is the reason adware is scorned except __________. A. it displays the attackers programming skills B. it displays objectionable content C. it can cause a computer to crash slow down. D. it can interfere with a user's productivity
A. it displays the attackers programming skills
An attacker who controls multiple zombies in a botnet is known as a __________. A. zombie shepherd B. rogue IRC C. bot herder D. cyberrobot
C. bot herder
Observing someone entering a keypad code from a distance is known as __________. A. shoulder surfing B. piggybacking C. spoofing D. watching
A. shoulder surfing
Programs that provide additional functionality to Web browsers.
Part of the TCP/IP protocol for determining the MAC address based on the IP address.
Address Resolution Protocol (ARP)
An attack that corrupts the ARP cache.
Files that are coupled to e-mail messages.
An attack that occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer.
An attack that targets vulnerabilities in client applications that interact with a compromised server or processes malicious data.
A file on a local computer in which a server stores user-specific information.
Injecting and executing commands to execute on a server.
An attack that injects scripts into a Web application server to direct attacks at clients.
Cross-Site Scripting (XSS)
An attack that attempts to prevent a system from performing its normal functions.
Denial of Service (DoS)
An attack that takes advantage of a vulnerability in the Web application program or the Web server software so that a user can move from the root directory to other restricted directories.
An attack that uses multiple zombie computers (even hundreds or thousands) in a botnet to flood a device with requests.
Distributed Denial of Service (DDoS)
An attack that substitutes DNS addresses so that the computer is automatically redirected to another device.
A hierarchical name system for matching computer names and numbers.
Domain Name System (DNS)
A cookie that is created from the Web site that currently is being viewed.
A cookie named after the Adobe Flash player. Also known as local shared objects (LSO's). Flash cookies cannot be deleted through the browser's normal configuration settings as regular cookies can. Typically - they are saved in multiple locations on the hard drive and can take up as much as 100 - 000 bytes of storage per cookie (about 25 times the size of a normal cookie). Flash cookies can also be used to reinstate regular cookies that a user has deleted or blocked.
A list of the mappings of names to computer numbers.
Part of HTTP that is composed of fields that contain the different characteristics of the data that is being transmitted.
Modifying HTTP headers to create an attack.
HTTP Header Manipulation
An attack that intercepts legitimate communication and forges a fictitious response to the sender.
A cookie that is recorded on the hard drive of the computer and does not expire when the browser closes.
Persistent Cookie (Tracking Cookie)
A utility that sends an ICMP echo request message to a host.
An attack that uses the Internet Control Message Protocol (ICMP) to flood a victim with packets.
An attack that exploits a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining.
An attack that makes a copy of the transmission before sending it to the recipient.
A cookie that is only used when a browser is visiting a server using a secure connection.
A cookie that is stored in Random Access Memory (RAM) - instead of on the hard drive - and only lasts for the duration of visiting a Web site.
An attack in which an attacker attempts to impersonate the user by using his session token.
A form of verification used when accessing a secure Web application.
An attack that broadcasts a ping request to all computers on the network yet changes the address from which the request came to that of the target.
Impersonating another computer or device.
An attack that targets SQL servers by injecting commands to be manipulated by the database.
An attack that takes advantage of the procedures for initiating a TCP session.
SYN Flood Attack
A cookie that was created by a third party that is different from the primary Web site.
An attack involving using a third party to gain access rights.
A markup language that is designed to carry data instead of indicating how to display it.
XML (Extensible Markup Language)
An attack that injects XML tags and data into a database.
Attacks that exploit previously unknown vulnerabilities - so victims have not time (zero days) to prepare or defend against the attacks.
Zero Day Attacks
A __________ attack exploits previously unknown vulnerabilities.
D. zero day
Why can traditional networking security devices NOT be used to block Web application attacks? A. Traditional network security devices ignore the content of HTTP traffic - which is the vehicle of Web application attacks B. Web application attacks use Web browsers that cannot be controlled on a local computer C. Network security devices cannot prevent attacks from Web resources D. The complex nature of TCP/IP allows for too many ping sweeps to be blocked.
A. Traditional network security devices ignore the content of HTTP traffic - which is the vehicle of Web application attacks