1200 Flashcards Preview

Security > 1200 > Flashcards

Flashcards in 1200 Deck (100)
Loading flashcards...
1

An organization that purchased security products from different vendors is demonstrating which security principle? A. obscurity B. diversity C. limiting D. layering

B. diversity

2

Each of the following can be classified as an "insider" except __________. A. business partners B. contractors C. cybercriminals D. employees

C. cybercriminals

3

__________ are a network of attackers - identify thieves - and financial fraudsters. A. script kiddies B. hackers C. cybercriminals D. spies

C. cybercriminals

4

Each of the following is a characteristic of cybercriminals except __________. A. better funded B. less risk-averse C. low motivation D. more tenacious

C. low motivation

5

Each of the following is a characteristic of cybercrime except __________. A. targeted attacks against financial networks B. exclusive use of worms and viruses C. unauthorized access to information D. theft of personal information

B. exclusive use of worms and viruses

6

An example of a(n) ___________ is a software defect in an operating system that allows an unauthorized user to gain access to a computer without a password. A. threat agent B. threat C. vulnerability D. asset exploit (AE)

C. vulnerability

7

__________ requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information and to protect all electronic and paper documents containing personally identifiable financial information. A. California Savings and Loan Security Act (CS&LSA) B. Gramm-Leach-Bliley Act (GLBA) C. USA Patriot Act D. Sarbanes-Oxley Act (Sarbox)

B. Gramm-Leach-Bliley Act (GLBA)

8

The term __________ is sometimes used to identify anyone who illegally breaks into a computer system. A. hacker B. cyberterrorist C. Internet Exploiter D. cyberrogue

A. hacker

9

An example of __________ is not revealing the type of computer - operating system - software - and network connection a computer uses. A. obscurity B. limiting c. diversity D. layering

a. obscurity

10

The __________ is primarily responsible for assessment - management - and implementation of security. A. security manager B. security administrator C. Chief Information Security Officer (CISO) D. security technician

C. Chief Information Security Officer (CISO)

11

List the 3 protections or CIA.



1- Confidentiality
2- Integrity
3- Availability

12

List the 3 sets of protections that must be implemented to secure information or AAA.

1- Authentication
2- Authorization
3- Accounting

13

List the 3 information security layers.

1- Products
2- People
3- Procedures

14

A software program that delivers advertising content in a manner that is unexpected and unwanted by the user.

Adware

15

Software code that gives access to a program or a service that circumvents normal security protections.

Backdoor

16

A logical computer network of zombies under the control of an attacker.

Botnet

17

A malicious computer code that - like its biological counterpart - reproduces itself on the same computer.

Computer Virus (Virus)

18

The act of digging through trash receptacles to find information that can be useful in an attack.

Dumpster Diving

19

A false warning.

Hoax

20

An attack that creates a fictitious character and then plays out the role of that person on a victim.

Impersonation

21

Captures and stores each keystroke that a user types on the computer's keyboard.

Keylogger

22

Computer code that lies dormant until it is triggered by a specific logical event.

Logic Bomb

23

Software that enters a computer system without the user's knowledge or consent and then performs an unwanted - and usually harmful - action.

Malware

24

A phishing attack that automatically redirects the user to a fake site.

Pharming

25

Sending an email or displaying a Web announcement that falsely claims to be form a legitimate enterprise in an attempt to trick the user into surrendering private information.

Phishing

26

A set of software tools used by an attacker to hide the actions or presence of other types of malicious software.

Rootkit

27

Watching an authorized user enter a security code on a keypad.

Shoulder Surfing

28

A means of gathering information for an attack by relying on the weaknesses of individuals.

Social Engineering

29

Unsolicited email.

Spam

30

A phishing attack that targets only specific users.

Spear Phishing