IAS chap 2

Question 1

Items of fact collected by an organization.
raw numbers, facts, and words

Answer 1

Data

Question 2

practice of protecting digital information from unauthorized access, corruption, or theft throughout its entire lifecycle.

Answer 2

Data security

Question 3

an intentional or unintentional act that can damage or otherwise compromise information and the systems that support it.

Answer 3

Attack

Question 4

an object, person, or other entity that represents a constant danger to an asset

Answer 4

Threat

Question 5

the ownership of ideas and control over the tangible or virtual representation of those ideas

Answer 5

Intellectual property (IP)

Question 6

most common IP breach

It is an unauthorized duplication, installation, or distribution of computer software

Answer 6

Software Piracy

Question 7

uses unethical means to collection and analyze the information about an organization’s business competitors

Answer 7

Industrial espionage

Question 7

– protect equipment against spikes, surges and blackouts for a limited period

Answer 7

Uninterruptible power supply (UPS)

Question 7

A document that specifies the expected level of service from a service provider

Answer 7

Service Level Agreement (SLA)

Question 8

an electronic and human activities that can breach the confidentiality of information

Answer 8

Espionage or Trespass

Question 8

analysis of information of other company thru a legal techniques

Answer 8

Competitive intelligence

Question 9

one of the greatest threat in an organization asset

Answer 9

Employee

Question 10

is a broad range of malicious activities accomplished through psychological manipulation of people

Answer 10

Social engineering

Question 11

relies on the curiosity or greed of the victim

Answer 11

Baiting

Question 12

looking over someone’s shoulder to get information

Answer 12

Shoulder Surfing / Pretexting

Question 13

click on links to malicious websites
mainly conducted through emails and phone calls

Answer 13

Phishing

Question 13

more targeted version of phishing, send a customize message to their target (high officials)

Answer 13

Spear Fishing

Question 13

mainly conducted through emails and phone calls

Answer 13

Whaling

Question 14

victim is deceived to think their system is infected to installing fake antivirus

Answer 14

Scareware

Question 15

involve injecting malware that encrypts a victim’s critical data

Answer 15

Ransomware

Question 16

help attacker to gain unauthorized access into an organization physical facilities

Answer 16

Tailgating

Question 17

attacker retrieved discarded information thrown in trash

Answer 17

Dumpster Diving

Question 18

an attack that denies access and offer fee to the victim to return their access

Answer 18

Ransomware

Question 19

computer software specifically designed to perform malicious or unwanted actions.

Answer 19

Malware

Question 20

A type of malware that is capable of activation and replication without being attached to an existing program.

Answer 20

Worms

Question 21

is a computer program that attaches itself to an executable file or application.

Answer 21

Virus

Question 22

A malware program that hides its true nature and reveals its designed behavior only when activated.

Answer 22

Trojan Horses

Question 23

changing its size and other external file characteristics to elude detection by antivirus software programs.

Answer 23

Polymorphic Threats

Question 24

time and money are spent resolving virus hoaxes.

Answer 24

Virus and Worm Hoaxes -

Question 25

A malware payload that provides access to a system by bypassing normal access controls.

Answer 25

Back Doors

Question 26

an attack that attempts to overwhelm a computer target’s ability to handle incoming communications, prohibiting legitimate users from accessing those systems.

Answer 26

DoS (Denial of Service)

Question 27

Spam is unsolicited commercial e-mail

Answer 27

Email Attacks

Question 28

attack designed to overwhelm the receiver with excessive quantities of e-mail

Answer 28

Mail bomb

Question 29

technique for gaining unauthorized access to computers using a forged or modified source IP address to give the perception that messages are coming from a trusted host.

Answer 29

Spoofing

Question 30

The redirection of legitimate user Web traffic to illegitimate Web sites with the intent to collect personal information.

Answer 30

Pharming

Question 31

A group of attacks whereby a person intercepts a communications stream and insert himself in the conversation to convince each of the legitimate parties that he is the other communications partner.

Answer 31

Man-in-the-Middle -