2 Flashcards
(23 cards)
Which of the following configuration changes does NOT reduce the attack surface?
A. Removing unwanted and unnecessary software
B. Closing unnecessary network ports
C. Disabling unused OS features and services
D. Configuring data back-ups in case ransomware encrypts the file system
D. Configuring data back-ups in case ransomware encrypts the file system
What is the main difference between virus and worm malware?
A virus propagates in memory and over computer networks whereas a worm has to infect a file.
How might malware hosted on a website be able to infect your computer simply by you browsing the site?
A. By exploiting a human vulnerability related to deception
B. By exploiting outdated hardware installed in the computer chassis
C. By exploiting an improperly configured firewall
D. By exploiting a vulnerability in software installed on your computer
D. By exploiting a vulnerability in software installed on your computer
What does SSL stand for?
Secure Socket Layer
How is spyware usually leveraged to steal passowrds?
By monitoring keystrokes or stealing a password database.
What is the main means by which anti-virus software identifies infected files?
Using definitions or signatures of know virus code.
What are the two main ways that spam might expose recipients to hazardous content?
attachments
hyperlinks
Your friend sent you an email link, which you have opened, and now the browser is asking whether you should install a plug-in to view all the content on the page. What should you do next?
Check whether your friend actually sent the link in good faith first.
What is a reputable source of management software and drivers for a particular system?
An OEM website
What does OEM stand for?
Original equipment manufacturer.
What is the set of technical controls that govern how subjects may interact with objects?
access control system
What do you call users or software processes or anything else that can request and be granted access to a resource?
subjects
In computer security, the basis of access control is usually an __________.
ACL
What does ACL stand for?
Access Control List
An ACL is a list of subjects and the rights or __________ they have been granted on the object.
permissions
An access control system is usually described in terms of four main processes: what are they?
identification
authentication
authorization
accounting
There are four main access control system processes ( accounting, authorization authentication, identification) which is being described below?
Determining what rights or permissions subjects should have on each resource and enforcing those rights.
authorization
There are four main access control system processes ( accounting, authorization authentication, identification) which is being described below?
Tracking authorized and unauthorized usage of a resource or use of rights by a subject.
accounting
There are four main access control system processes ( accounting, authorization authentication, identification) which is being described below?
Proving that a subject is who or what it claims to be when it attempts to access the resource.
authentication
There are four main access control system processes ( accounting, authorization authentication, identification) which is being described below?
Creating an account or ID that identifies the user or process on the computer system.
identification
What principle means that a user should be granted rights necessary to perform their job and no more?
least privilege
What principle means that unless there is a rule specifying that access should be granted, any request for access is denied?
implicit deny
