Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

Security > 1200 > Flashcards

1200 Flashcards

(100 cards)

Start Studying
1
Q

An organization that purchased security products from different vendors is demonstrating which security principle? A. obscurity B. diversity C. limiting D. layering

A

B. diversity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Each of the following can be classified as an “insider” except __________. A. business partners B. contractors C. cybercriminals D. employees

A

C. cybercriminals

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

__________ are a network of attackers - identify thieves - and financial fraudsters. A. script kiddies B. hackers C. cybercriminals D. spies

A

C. cybercriminals

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Each of the following is a characteristic of cybercriminals except __________. A. better funded B. less risk-averse C. low motivation D. more tenacious

A

C. low motivation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Each of the following is a characteristic of cybercrime except __________. A. targeted attacks against financial networks B. exclusive use of worms and viruses C. unauthorized access to information D. theft of personal information

A

B. exclusive use of worms and viruses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

An example of a(n) ___________ is a software defect in an operating system that allows an unauthorized user to gain access to a computer without a password. A. threat agent B. threat C. vulnerability D. asset exploit (AE)

A

C. vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

__________ requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information and to protect all electronic and paper documents containing personally identifiable financial information. A. California Savings and Loan Security Act (CS&LSA) B. Gramm-Leach-Bliley Act (GLBA) C. USA Patriot Act D. Sarbanes-Oxley Act (Sarbox)

A

B. Gramm-Leach-Bliley Act (GLBA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The term __________ is sometimes used to identify anyone who illegally breaks into a computer system. A. hacker B. cyberterrorist C. Internet Exploiter D. cyberrogue

A

A. hacker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

An example of __________ is not revealing the type of computer - operating system - software - and network connection a computer uses. A. obscurity B. limiting c. diversity D. layering

A

a. obscurity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The __________ is primarily responsible for assessment - management - and implementation of security. A. security manager B. security administrator C. Chief Information Security Officer (CISO) D. security technician

A

C. Chief Information Security Officer (CISO)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

List the 3 protections or CIA.

A

1- Confidentiality
2- Integrity
3- Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

List the 3 sets of protections that must be implemented to secure information or AAA.

A

1- Authentication
2- Authorization
3- Accounting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

List the 3 information security layers.

A

1- Products
2- People
3- Procedures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A software program that delivers advertising content in a manner that is unexpected and unwanted by the user.

A

Adware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Software code that gives access to a program or a service that circumvents normal security protections.

A

Backdoor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A logical computer network of zombies under the control of an attacker.

A

Botnet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

A malicious computer code that - like its biological counterpart - reproduces itself on the same computer.

A

Computer Virus (Virus)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

The act of digging through trash receptacles to find information that can be useful in an attack.

A

Dumpster Diving

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

A false warning.

A

Hoax

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

An attack that creates a fictitious character and then plays out the role of that person on a victim.

A

Impersonation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Captures and stores each keystroke that a user types on the computer’s keyboard.

A

Keylogger

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Computer code that lies dormant until it is triggered by a specific logical event.

A

Logic Bomb

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Software that enters a computer system without the user’s knowledge or consent and then performs an unwanted - and usually harmful - action.

A

Malware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

A phishing attack that automatically redirects the user to a fake site.

A

Pharming

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Sending an email or displaying a Web announcement that falsely claims to be form a legitimate enterprise in an attempt to trick the user into surrendering private information.
Phishing
26
A set of software tools used by an attacker to hide the actions or presence of other types of malicious software.
Rootkit
27
Watching an authorized user enter a security code on a keypad.
Shoulder Surfing
28
A means of gathering information for an attack by relying on the weaknesses of individuals.
Social Engineering
29
Unsolicited email.
Spam
30
A phishing attack that targets only specific users.
Spear Phishing
31
A variation of spam - which targets instant messaging users instead of email users.
Spim
32
A general term used to describe software that spies on users by gathering information without consent - thus violating their privacy.
Spyware
33
The act of unauthorized individuals entering a restricted-access building by following an authorized user.
Tailgating
34
An executable program advertised as performing one activity - but actually does something else (or it may perform both the advertised and malicious activities).
Trojan Horse (Trojan)
35
A phishing attack that uses a telephone call instead of using email.
Vishing
36
A phishing attack that targets only wealthy individuals.
Whaling
37
Horizontally separating words so that they can still be read by the human eye.
Word Splitting
38
A malicious program designed to take advantage of a vulnerability in an application or an operating system in order to enter a computer and then self-replicate to other computers.
Worm
39
A __________ requires a user to transport it from one computer to another. A. worm B. rootkit c. virus d. trojan
C. Virus
40
Each of the following is an action that a virus can take except __________. A. transport itself through the network to another device B. cause a computer to crash C. erase files for a hard drive D. make multiple copies of itself and consume all of the free space in a hard drive
A. transport itself through the network to another device
41
Each of the following is a different type of computer virus except ___________. A. program virus B. macro virus C. remote virus D. boot virus
C. remote virus
42
Li downloads a program that prints coupons - but in the background it silently collects her passwords. Li has actually downloaded a __________. A. virus B. worm C. Trojan D. logic bomb
C. Trojan
43
To completely remove a rootkit from a computer - you should __________. A. flash the ROM BIOS B. erase and reinstall all fires in the WINDOWS folder C. expand the Master Boot Record D. reformat the hard drive and reinstall the operating system
D. reformat the hard drive and reinstall the operating system
44
Each of the following could be a logic bomb except ___________. A. erase all data if John Smith's name is removed from the list of employees. B. reformat the hard drive three months after Susan Jones left the company C. send spam e-mail to all users D. if the company's stock price drops below $10 - then credit Jeff Brown with 10 additional years of retirement credit
C. send spam e-mail to all users
45
C. GIF layering A. Word splitting B. Geometric variance
D. if the company's stock price drops below $10 - then credit Jeff Brown with 10 additional years of retirement credit
46
__________ is an image spam that is divided into multiple images - and each piece of the message is divided and then layered to create a complete and legible message. A. Word splitting B. Geometric variance C. GIF layering D. Split painting
C. GIF layering
47
__________ is a general term used for describing software that gathers information without the user's consent. A. Adware B. Scrapeware C. Pullware D. Spyware
D. Spyware
48
Each of the following is true regarding a keylogger except __________. A. hardware keyloggers are installed between the keyboard connector and computer keyboard or USB port B. software keyloggers are easy to detect C. keyloggers can be used to capture passwords - credit card numbers - or personal information D. software keyloggers can be designed to send captured information automatically back to the attacker through the Internet
B. software keyloggers are easy to detect
49
The preferred method today of bot herders for command and control of zombies is to use __________. A. Internet Relay Chat (IRC) B. e-mail C. Hypertext Transport Protocol (HTTP) D. spam
C. Hypertext Transport Protocol (HTTP)
50
Which of the following is a social engineering technique that uses flattery on a victim? A. Conformity B. Friendliness C. Fear D. Ingratiation
D. Ingratiation
51
__________ sends phishing messages only to wealthy individuals. A. Spear phishing B. Target phasing C. Microing D. Whaling
D. Whaling
52
__________ is unsolicited instant messaging. A. Spam B. Vishing C. SMS Phishing (SMS-P) D. Spim
D. Spim
53
Erin pretends to be a manager from another city and calls Nick to trick him into giving her his password. What social engineering attack has Erin performed? A. Aliasing B. Luring C. Impersonation D. Duplicity
C. Impersonation
54
How can an attacker use a hoax? A. A hoax could convince a user that a bad Trojan is circulating and that he should change his security settings. B. By sending out a hoax - an attacker can convince a user to read his e-mail more often. C. A user who receives multiple hoaxes could contact his supervisor for help. D. Hoaxes are not used by attackers today.
A. A hoax could convince a user that a bad Trojan is circulating and that he should change his security settings.
55
Which of the following is not an item that could be retrieved through dumpster diving that would provide useful information? A. Calendars B. Memos C. Organizational Charts D. Books
D. Books
56
__________ is the following of an authorized person through a secure door. A. Tagging B. Tailgating C. Social Engineering Following (SEF) D. Backpacking
B. Tailgating
57
Each of the following is the reason adware is scorned except __________. A. it displays the attackers programming skills B. it displays objectionable content C. it can cause a computer to crash slow down. D. it can interfere with a user's productivity
A. it displays the attackers programming skills
58
An attacker who controls multiple zombies in a botnet is known as a __________. A. zombie shepherd B. rogue IRC C. bot herder D. cyberrobot
C. bot herder
59
Observing someone entering a keypad code from a distance is known as __________. A. shoulder surfing B. piggybacking C. spoofing D. watching
A. shoulder surfing
60
Programs that provide additional functionality to Web browsers.
Add-ons
61
Part of the TCP/IP protocol for determining the MAC address based on the IP address.
Address Resolution Protocol (ARP)
62
An attack that corrupts the ARP cache.
ARP Poisoning
63
Files that are coupled to e-mail messages.
Attachments
64
An attack that occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer.
Buffer Overflow
65
An attack that targets vulnerabilities in client applications that interact with a compromised server or processes malicious data.
Client-Side Attack
66
A file on a local computer in which a server stores user-specific information.
Cookie
67
Injecting and executing commands to execute on a server.
Command Injection
68
An attack that injects scripts into a Web application server to direct attacks at clients.
Cross-Site Scripting (XSS)
69
An attack that attempts to prevent a system from performing its normal functions.
Denial of Service (DoS)
70
An attack that takes advantage of a vulnerability in the Web application program or the Web server software so that a user can move from the root directory to other restricted directories.
Directory Traversal
71
An attack that uses multiple zombie computers (even hundreds or thousands) in a botnet to flood a device with requests.
Distributed Denial of Service (DDoS)
72
An attack that substitutes DNS addresses so that the computer is automatically redirected to another device.
DNS Poisoning
73
A hierarchical name system for matching computer names and numbers.
Domain Name System (DNS)
74
A cookie that is created from the Web site that currently is being viewed.
First-Party Cookie
75
A cookie named after the Adobe Flash player. Also known as local shared objects (LSO's). Flash cookies cannot be deleted through the browser's normal configuration settings as regular cookies can. Typically - they are saved in multiple locations on the hard drive and can take up as much as 100 - 000 bytes of storage per cookie (about 25 times the size of a normal cookie). Flash cookies can also be used to reinstate regular cookies that a user has deleted or blocked.
Flash Cookie
76
A list of the mappings of names to computer numbers.
Host Table
77
Part of HTTP that is composed of fields that contain the different characteristics of the data that is being transmitted.
HTTP Header
78
Modifying HTTP headers to create an attack.
HTTP Header Manipulation
79
An attack that intercepts legitimate communication and forges a fictitious response to the sender.
Man-In-The-Middle
80
A cookie that is recorded on the hard drive of the computer and does not expire when the browser closes.
Persistent Cookie (Tracking Cookie)
81
A utility that sends an ICMP echo request message to a host.
Ping
82
An attack that uses the Internet Control Message Protocol (ICMP) to flood a victim with packets.
Ping Flood
83
An attack that exploits a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining.
Privilege Escalation
84
An attack that makes a copy of the transmission before sending it to the recipient.
Replay
85
A cookie that is only used when a browser is visiting a server using a secure connection.
Secure Cookie
86
A cookie that is stored in Random Access Memory (RAM) - instead of on the hard drive - and only lasts for the duration of visiting a Web site.
Session Cookie
87
An attack in which an attacker attempts to impersonate the user by using his session token.
Session Hijacking
88
A form of verification used when accessing a secure Web application.
Session Token
89
An attack that broadcasts a ping request to all computers on the network yet changes the address from which the request came to that of the target.
Smurf Attack
90
Impersonating another computer or device.
Spoofing
91
An attack that targets SQL servers by injecting commands to be manipulated by the database.
SQL Injection
92
An attack that takes advantage of the procedures for initiating a TCP session.
SYN Flood Attack
93
A cookie that was created by a third party that is different from the primary Web site.
Third-Party Cookies
94
An attack involving using a third party to gain access rights.
Transitive Access
95
A markup language that is designed to carry data instead of indicating how to display it.
XML (Extensible Markup Language)
96
An attack that injects XML tags and data into a database.
XML Injection
97
Attacks that exploit previously unknown vulnerabilities - so victims have not time (zero days) to prepare or defend against the attacks.
Zero Day Attacks
98
A __________ attack exploits previously unknown vulnerabilities.
D. zero day
99
Why can traditional networking security devices NOT be used to block Web application attacks? A. Traditional network security devices ignore the content of HTTP traffic - which is the vehicle of Web application attacks B. Web application attacks use Web browsers that cannot be controlled on a local computer C. Network security devices cannot prevent attacks from Web resources D. The complex nature of TCP/IP allows for too many ping sweeps to be blocked.
A. Traditional network security devices ignore the content of HTTP traffic - which is the vehicle of Web application attacks
100
Attackers use buffer overflows to __________. A. corrupt the kernel so the computer cannot reboot. B. point to another area in data memory that contains the attacker's malware code C. place a virus into the kernel D. erase buffer overflow signature files
B. point to another area in data memory that contains the attacker's malware code

Security (20 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions