Chapter 9

Question 1

people attack computers looking for _______ or trying to harm the ________

Answer 1

• valuable data

- computer system

Question 2

6 steps that criminals use to attack info systems:

Answer 2

1) conduct reconnaissance
2) attempt social engineering
3) scan and map the target
4) research
5) execute the attack
6) cover tracks

Question 3

use of deception to obtain unauthorized access to info resources

Answer 3

social engineering

Question 4

involves use of variety of automated tools that identify computers that can be remotely accessed and the type of software they are running

Answer 4

scan and map the target

Question 5

cover tracks by creating _______ they can use to obtain access if their initial attack is discovered

Answer 5

back doors

Question 6

unauthorized access, modifications, or use of an electronic device or some element of a computer system

Answer 6

hacking

Question 7

gaining control of a computer to carry out illicit activities without the user’s knowledge

Answer 7

hijacking

Question 8

short for robot network

Answer 8

botnet

Question 9

is a powerful network of hijacked computers, called zombies, that are used to attack systems and spread malware

Answer 9

botnet

Question 10

installs software that responds to the hacker’s electronic instructions on unwitting PCs

Answer 10

bot herder

Question 11

are delivered in a variety of ways: trojans, emails, instant messages, tweets

Answer 11

bot herder

Question 12

use the combined power of the hijacked computers to mount a variety of internet attacks

Answer 12

bot herder

Question 13

bot toolkits and easy-to-use software are available on the internet, showing hackers how to create their own

Answer 13

botnets

Question 14

botnets are used to perform a _________ which is designed to make a resource unavailable to its users

Answer 14

denial-of-service attack

Question 15

a trial-and-error method that uses software to guess info needed to gain access to a system

Answer 15

brute force attack

Question 16

recovering passwords by trying every combination possible

Answer 16

password cracking

Question 17

software generates user IDs and password guesses using a dictionary of possible user Ids and passwords to reduce number of guesses required

Answer 17

dictionary attacks

Question 18

dictionary attacks are used by

Answer 18

spammers

Question 19

reuses usernames and passwords from other data breaches to try to breaking into other systems

Answer 19

credential recycling

Question 20

the best defense against brute force attacks (4)

Answer 20

1) monitoring system activity
2) longer and more complex passwords
3) limiting # of login attempts
4) using multifactor authentication

Question 21

simultaneously sending the same unsolicited message to many ppl at the same time often in attempt to sell something

Answer 21

spamming

Question 22

reduces the efficiency benefits of emailing and is also a source of many viruses, worms, and spyware programs

Answer 22

spamming

Question 23

making an electronic communication look as if someone else sent it to gain the trust of the recipient

Answer 23

spoofing

Question 24

making an email appear as though it originated from a different source

Answer 24

email spoofing

Question 25

displaying an incorrect number on a caller ID display to hide the caller’s identity

Answer 25

caller ID spoofing

Question 26

creating Internet Protocol (IP) packets with a forged source IP address to conceal the identity of the sender or impersonate another computer system

Answer 26

IP address spoofing

Question 27

using short messages to change the name or number a text message appears to come from

Answer 27

SMS spoofing

Question 28

“phishing” is also referred to as

Answer 28

web-page spoofing

Question 29

potential point of attack bcuz it prob contains flaws

Answer 29

vulnerabilities

Question 30

an attack between the time a new software vulnerability is discovered and the time a software developer releases a patch to fix the problem

Answer 30

zero-day attack

Question 31

a vulnerability in dynamic web pages that allows an attacker to bypass a browser’s security mechanism and instruct the victim’s browser to execute the code

Answer 31

cross-site scripting

Question 32

happens when the amount of data entered into a program is greater than the amount of memory set aside to receive it

Answer 32

buffer overflow attack

Question 33

inserting malicious code in input such that it is passed to and executed by an application program

Answer 33

SQL injection attack

Question 34

the idea is to convince the application to run the code that it was not intended to execute by exploiting a database vulnerability

Answer 34

SQL injection attack

Question 35

places a hacker between a client and a host and intercepts network traffic between them

Answer 35

man-in-the-middle attack

Question 36

man-in-the-middle attacks are often called

Answer 36

session hijacking attack

Question 37

are used to attack public-key encryption systems where sensitive and valuable info is passed back and forth

Answer 37

man-in-the-middle attack

Question 38

pretending to be an authorized user to access a system

Answer 38

masquerading/impersonating

Question 39

using a neighbors wi-fi network is an example of

Answer 39

piggybacking

Question 40

tapping into a communication line and electronically latching onto a legitimate user before the user enters a secure system

Answer 40

piggybacking

Question 41

programming a computer to dial thousands of phone lines searching for dial-up modem lines

Answer 41

war dialing

Question 42

driving around looking for unprotected wireless networks

Answer 42

war driving

Question 43

attacking phone systems

Answer 43

phreaking

Question 44

most common reason for attacking ________ is to obtain free phone line access, transmit malware, and steal and destroy data

Answer 44

phone systems

Question 45

to protect systems from phreakers, use

Answer 45

voice firewalls

Question 46

using a small device with storage capacity to download unauthorized data (ex: iPod)

Answer 46

podslurping

Question 47

used to embezzle money a “salami slice” at a time from many different accounts

Answer 47

salami technique

Question 48

a type of salami technique where all interest calculations are cut at decimal places and excess decimals put into an account the perp controls

Answer 48

round-down fraud

Question 49

the theft of info, trade secrets, and intellectual property

Answer 49

economic espionage

Question 50

using the internet to spread false or misleading info (ex: antivaxxers on FB)

Answer 50

internet misinformation

Question 51

using the internet auction site to defraud another person

Answer 51

internet auction fraud

Question 52

seller using a false identity or partnering with someone to drive up bid prices is an example of

Answer 52

internet auction fraud

Question 53

seller failing to deliver the merchandise or deliver inferior products is an example of

Answer 53

internet auction fraud

Question 54

using the internet to pump up the price of a stock and then selling it

Answer 54

internet pump-and-dump fraud

Question 55

where investors are defrauded in cryptocurrency-related fraud schemes

Answer 55

cryptocurrency fraud

Question 56

fake initial coin offerings and fake exchanges and wallets are examples of

Answer 56

cryptocurrency fraud

Question 57

manipulating clock numbers to inflate advertising bills

Answer 57

click fraud

Question 58

the unauthorized copying or distribution of copyrighted software

Answer 58

software privacy

Question 59

techniques or psychological tricks used to get ppl to comply with the perp’s wishes in order to gain access to building, servers, computers, etc.

Answer 59

social engineering

Question 60

fraudsters take advantage of 7 human traits to entice a person to reveal info:

Answer 60

1) compassion
2) greed
3) sex appeal
4) sloth
5) trust
6) urgency
7) vanity

Question 61

assuming someone’s identity for economic gain

Answer 61

identity theft

Question 62

using an invented scenario to increase the likelihood that a victim will divulge info

Answer 62

pretexting

Question 63

is more than just a lie, as it involves creating legitimacy in the target’s mind that makes impersonation possible

Answer 63

pretexting

Question 64

creating a seemingly legitimate business, collecting personal info while making a sale and never delivering the product

Answer 64

posing

Question 65

sending an electronic message pretending to be an actual company and requesting verification or info, often including a warning with a negative consequence

Answer 65

phishing

Question 66

is similar to phishing, except that the victim enters confidential data by phone

Answer 66

vishing

Question 67

activities performed on stolen credit cards

Answer 67

carding

Question 68

redirecting website traffic to spoofed website

Answer 68

pharming

Question 69

pharming has the ability to target many ppl at a time through

Answer 69

domain spoofing

Question 70

is difficult to detect bcuz the user’s browser shows the correct website (when in reality its a spoofed website)

Answer 70

pharming

Question 71

setting up similarly named websites so that when users make typos, they are sent to an invalid site

Answer 71

Typosquatting / URL hijacking

Question 72

to stop Typosquatting, companies (3)

Answer 72

1) send a cease-and-desist letter
2) purchase the web address
3) file a lawsuit

Question 73

searching documents and records to gain access to confidential info

Answer 73

scavenging / dumpster diving

Question 74

looking over a person’s shoulder in a public place to get info, IDs and passwords

Answer 74

shoulder surfing

Question 75

the perp inserts a sleeve into an ATM that prevents the ATM from ejecting the card then perp approaches victim and pretends to help by tricking person into entering their PIN again

Answer 75

Lebanese looping

Question 76

Double swiping a credit card in a legitimate terminal or covertly swiping a credit card in a small, hidden, handheld card reader that records credit card data for later use

Answer 76

skimming

Question 77

planting a small chip that records transaction data in a legit card reader

Answer 77

chipping

Question 78

any software that is used to do harm

Answer 78

malware

Question 79

is NOT restricted to computers

Answer 79

malware

Question 80

is the result of installation or injection by a remote attacker

Answer 80

malware

Question 81

software secretly monitors and collects personal info about users and sends it to someone else

Answer 81

spyware

Question 82

info is gathered by logging keystrokes, monitoring websites visited, and scanning documents on the computer’s hard drive

Answer 82

spyware

Question 83

is especially problematic for companies with employees who telecommute or remotely access the network

Answer 83

spyware

Question 84

spyware that can pop banner adds on a monitor, collect info about the user’s web-surfing and spending habits, and forward it

Answer 84

adware

Question 85

these companies charge for each computer showing its ads

Answer 85

adware

Question 86

software that is malicious, is no benefit, and is sold using scare tactics

Answer 86

scareware

Question 87

scareware can be spotted by looking for (2)

Answer 87

1) scare tactics

2) poor English

Question 88

threatening to harm a company or person if specified amount of money isn’t paid

Answer 88

cyber-extortion

Question 89

man was threatened that he had to pay $50,000 or his clients info would be released. this is an example of

Answer 89

cyber-extortion

Question 90

locks you out of all your programs and data by encrypting them

Answer 90

ransomware

Question 91

software that records user keystrokes

Answer 91

keylogger

Question 92

a set of malicious computer instructions in an authorized and properly functioning program

Answer 92

Trojan horse

Question 93

parents use this software to monitor their kids’ computer usage and business use it to monitor employee activity

Answer 93

keylogger

Question 94

unlike in viruses and worms, the code doesn’t replicate itself

Answer 94

trojan horse

Question 95

gives the creator the power to control the victim’s computer remotely

Answer 95

trojan

Question 96

is a trojan horse that lies idle until triggered by specified date or time or message sent or not sent

Answer 96

time bomb / logic bomb

Question 97

a set of instructions that allows a user to bypass the system’s normal controls

Answer 97

trap door / back door

Question 98

used so programmers can modify programs during systems development and then remove them before the system is put into operation

Answer 98

trap door

Question 99

capture data from info packets as they travel over networks

Answer 99

packet sniffers

Question 100

used to hide the presence of trap doors, packet sniffers and keyloggers

Answer 100

rootkit

Question 101

a segment of self-replicating, executable code that attaches itself to a file or program

Answer 101

virus

Question 102

during replication, it spreads to other systems when the infected file/program is downloaded or opened

Answer 102

virus

Question 103

a self-replicating computer program similar to a virus

Answer 103

worm

Question 104

A virus is a segment of code hidden in or attached to a host program or executable file, whereas a worm is a

Answer 104

stand-alone program

Question 105

a virus requires a _______ to do something to replicate itself, but a worm ______ to send copies of itself to other network devices

Answer 105

• human

- actively seeks

Question 106

infect and corrupt files or data on a targeted computer

Answer 106

virus

Question 107

harm networks

Answer 107

worms

Question 108

taking control of someone else’s phone to make of listen to calls, texts, forward victims calls, etc

Answer 108

bluebugging

Question 109

stealing contact lists, data, pictures on Bluetooth compatible phones

Answer 109

bluesnarfing