Midterms Flashcards
(106 cards)
1
Q
this stands for malicious software. it is designed to gain access to a computer without the consent of the user
A
malware
2
Q
they perform unwanted tasks in the host computer for the benefit of a third party
A
malware
3
Q
special type of malware used for forced advertising. supported by the organizations whose products are advertised
A
adware
4
Q
malicious software downloaded along with the free software on the internet and installed in the computer without the user’s knowledge.
A
browser hijacking software
5
Q
this modifies the browsers setting and redirect links to other unintentional sites
A
browser hijacking software
6
Q
installed in the target computer with or without the user permission and is designed to steal sensitive information from the target machine
A
spyware
7
Q
this is a malicious code written to damage/harm the computer by deleting or appending a file, occupying memory space through code replication, slow down the performance of the computer, format the computer, etc…
A
virus
8
Q
true or false: virus can be spread via email attachment, pen drives, digital images, e-greeting, audio, or video clips
A
true
9
Q
true or false: a virus may be present in a computer but it cannot activate itself without human intervention or when the executable file (.exe) is executed
A
true
10
Q
this virus can replicate itself and doesn’t need human intervention to travel over the network and spread from the infected machine to the whole network; can spread through the network, using the loopholes of the OS or via email
A
worms
11
Q
the replication and spreading of the ____ over the network consume the network resources like space and bandwidth and force the network to choke
A
worm
12
Q
this is a malicious code that is installed in the computer by pretending to be useful software. this not only damages the computer but also creates a backdoor in the computer so it can be controlled by a remote computer
A
trojan horse
13
Q
this can become part of botnet (robot-network) or a network of computers infected by malicious code and controlled by a central controller
A
trojan horse
14
Q
the computers infected by trojan horse are known as
A
zombies
15
Q
A
16
Q
true or false: trojans neither infect other computers in the network nor do they replicate
A
true
17
Q
networks of hijacked computer devices used to carry out various scams and cyberattacks. these automate mass attacks, such as data theft, server crashing, and malware distribution
A
botnet
18
Q
botnet is formed using two words
A
robot and network
19
Q
while surfing the internet, suddenly a pop-up alert appears in the screen which warns the presence of dangerous virus, spyware, etc., and urges the user to download the full paid version of the software to fix the problem
A
scareware
20
Q
as the user downloads the malicious code, their computer is held hostage until the ransom is paid. the malicious code can neither be uninstalled nor used until the ransom is paid
A
scareware
21
Q
when was the internet born
A
1960’s; access is limited to scientists, researchers, and the defense only
22
Q
when was the internet launched to the public
A
1996
23
Q
this is used to describe an unlawful activity in which computer or computing devices, such as smartphones, tablets, personal digital assistants are used as a tool for criminal activity
A
cyber crime
23
Q
A
24
this is often committed by the people of destructive and criminal mindset, either for revenge, greed or adventure
cyber crime
25
an attack to the network or computer by some person with authorized system access
insider attack
26
performed by dissatisfied or unhappy inside employees or contractors; motivation can be revenger or greed
insider attack
27
true or false: it is easy for an insider to perform a cyber attack as he is well aware of the policies, processes, IT architecture, and wellness of the security system
true
28
the insider attack could be prevented by planning and installing an _________ (IDS) in the organization
intrusion detection systems
29
the attacker is either hired by an insider or an external entity to the organization
external attack
30
cyber attacks can be classified as?
structure attacks and unstructured attacks base don the level of maturity of the attacker
31
generally performed by amateurs who don't have any predefined motives to perform the cyber attack; they test a tool available on the internet on the network of a random company
unstructured attacks
32
performed by highly skilled and experienced people and the motives are clear in their mind; use tools that can't be noticed by intrusion detection systems
structure attack
33
true or false: cyber crimes have turned out to be low investment, low-risk business with huge returns
true
34
people are motivated towards committing cyber crime to make quick and easy money
money
35
some people try to take revenge with other person/organizations/society/or religion by defaming its reputation or bringing economical or physical loss; comes under the category of cyber terrorism
revenge
36
one can have pride if they hack highly secured networks like defense sites or networks
recognition
37
the anonymity that a cyber space provides motivate cyber crimes; it is easier to get away with criminal activity in cyber space than the real word
anonymity
38
the government itself is involved in cyber trespassing to keep eye on other person/network/country; the reason could be politically, economically, or socially motivated
cyber espionage
39
this is an act of stalking, harassing or threatening someone using internet/computer as a medium; this is often done to defame a person using the internet as it offers anonymity; behavior includes false accusations, threats, sexual exploitation to minors, monitoring, etc...
cyber stalking
40
an act of possessing image or video of a minor (under 18) engaged in sexual conduct
child pornography
41
use of computer to forge or counterfeit a document
forgery and counterfeiting
42
true or false: because of the internet, it is possible to produce counterfeit that matches the original document to such an extent that it is not possible to judge the authenticity of the document without expert judgement
true
43
this is an illegal reproduction and distribution for personal use or business. it comes under crime related to IPR infringement
software piracy and crime related to IPRs
44
it is defined as the use of computer resources to intimidate or coerce government, the civilian population in furtherance of political or social objectives
cyber terrorism
45
process of acquiring personal and sensitive information (identity theft) of an individual via email by disguising as a trustworthy entity in an electronic communication
phishing
46
if a telephone is used as a medium for identity theft, it is known as _______
Vishing
47
This uses SMS to lure customers or steal their personal information
Smishing
48
the act of physical destroying computer resources using physical force or malicious code
computer vandalism
49
practice of modifying computer hardware and software to accomplish a goal outside the creator's original purpose
computer hacking
50
persons who hack the system to find security vulnerabilities of a system and notify to the organizations so that a preventive action can be taken to protect the system from outside hackers; may be paid employee of an organization or a freelancer
white hat
51
white hat are popularly known as
ethical hackers
52
hack the system with ill intentions. they find security loopholes and exploit the system for personal or organizational benefits until the organization who's hacked apply security patches
black hat
53
black hat hackers are popularly known as
crackers
54
they find out security vulnerabilities and report to the site administrators and offer the fix of the security bug for a consultancy fee
grey hat
55
someone outside computer security consulting firms who bug-test a system prior to its launch, looking for exploits so they can be closed
blue hat
56
true or false: the organization can sue the hacker, if found, for the sum of more than or equivalent to the loss borne by the organization
true
57
sending of unsolicited and commercial bulk message over the internet is known as
spamming
58
the email is not targeted to one particular person but to a large number of people
mass mailing
59
the real identity of the person is not known
(spamming)
anonymity
60
the email is neither expected nor requested for the recipient
unsolicited
61
an activity involving injecting a malicious client side script into a trusted website. the information gained can be used for financial benefits or physical access to a system for personal interest
cross-site scripting
62
cyber criminals lure the customers to online auction fraud schemes which often lead to either overpayment of the product or the item is never delivered once the payment is made
online auction fraud
63
an act reserving the domain names of someone else's trademark with intent to sell it afterwards to the organization who is the owner of the trademark at a higher price
cyber squatting
64
malicious code inserted into legitimate software, in which the malicious action is triggered by some specific condition. this can either destroy the information stored in the system or make system unusable
logic bombs
65
hacker gains access to a website of an organization and either blocks it or modify it to serve political, economical, or social interest
web jacking
66
examples of web jacking
- educational institutes were hacked by pakistani hackers and an animation which contains pakistani flags were flashed in the homepage of these websites
- indian hackers hacked website of pakistani railways and flashed indian flag for several hours on the occasion of independencce day of india in 2014
67
hacking the username and password of ISP of an individual and surfing the internet at his cost
internet time theft
68
a cyber attack in which the network is chocked and often collapsed by flooding it with useless traffic and thus preventing the legitimate network traffic
denial of service attack
69
an attack which proceeds with small increments and finally add up to lead to a major attack, like gaining access to online banking of an individual and withdrawing small amounts unnoticed by the owner
salami attack
70
a practice of changing the data before its entry into the computer system.
data diddling
71
DA or the basic salary of the person is changed in the payroll data of an individual for pay calculation. once the salary is calculated and transferred to his account, the total salary is replaced by his actual salary in the report
data diddling
72
a process of changing the header information of an email so that its original source is not identified and it appears to an individual at the receiving end that the email has been originated from source other than the original source
email spoofing
73
a process of identifying an individual and ensuring that the individual is the same who he/she claims to be.
authentication
74
what is the typical method for authentication over the internet
username and password
75
it is a password which can be used one time only and is sent to the user as an SMS or an email at the mobile number/email address that they have specified during the registration process
one time password
76
this is a known two-factor authentication method and requires two type of evidence to authenticate an individual to provide an extra layer of security for authentication
one time password
77
77
biometric data and physical token are examples of
two-way authentication/two-factor authentication
78
the process of giving access to an individual to certain resources based on the credentials of an individual is known as
authorization
79
this combines both the username and password along with hardware security measures like biometric system
hybrid authentication system
80
a method to provide secure access via hybrid security authentication to the company network over the internet
Virtual Private Network (VPN)
81
a technique to convert the data in unreadable form before transmitting it over the internet
encryption
82
a technique to lock the data by converting it to complex codes using mathematical algorithms
encryption
83
the decoding of the complex code to original text using key is known as
decryption
84
if the same key is used to lock and unlock the data, it is known as
symmetric key encryption
85
the key used to encrypt and decrypt data are different; every user possess two keys: public and private key
asymmetric key encryption
86
provide a situational example of asymmetric encryption
A will encrypt the message using B's public key, as the public key is known to everyone. Once the message is encrypted, the message can safely be sent over to B through the internet. As soon as the message is received by B, he will use his private key to decrypt the message and regenerate the original message
87
a technique to validate data and is also used for authentication; this is created by encrypting the data with the private key of the sender, then the encrypted data is attached with the original message. the receiver can decrypt the signature with the public key of the sender, then if the decrypted message is same with the original message, the data is not tampered and the authenticity of the sender is verified
digital signatures
88
a special program designed to protect the system against virus. it not only prevents the malicious code to enter the system but also detects and destroys the malicious code that is installed into the system
antivirus
89
a hardware/software which acts as a shield between an organization's network and the internet and protects it from threats like virus, malware, hackers, etc.; it limits the people who can have access to your network
firewall
90
example of hardware firewalls
routers
91
firewalls installed on the server and client machines and acts as a gateway to the organization's network
software firewalls
92
true or false: the firewalls can be configured to follow rules and policies and based on these defined rules the firewalls can follow the following filtering mechanisms
true
93
all the outbound traffic is routed through these for monitoring and controlling the packet that are routed out of the organization
proxy
94
based on the rules defined in the policies, each packet is filtered by their type, port information, source, and destination information. for example. ip address, domain names, port numbers, protocols
packet filtering
95
the outgoing/incoming packets are judged based on defined characteristics only instead of going through all the field of a packet
stateful inspection
96
a technique of hiding secret messages in a document file, image file, and program or protocol, such that embedded message is invisible and can be retrieved using special software
steganography
97
this is a fundamental system in case of a mishap where data is inadvertently lost or corrupted from original system
data recovery
98
data is backed up on a full-scale and recovered back from the same
full back up
99
only changed or newly added data is backed up subsequently after the last full or incremental backup; recovery is made with the help of last full backup and all incremental backups performed everyday from the date of last full backup
incremental backup
100
only changed or newly added data is backed up after last full or differential backup but changes made in the previous differential backup are updated in the next differential backup
differential backup
101
this defines the threshold limits of a system in terms of time needed to restore an application and allowable limit of data loss
recovery time objective and recovery point objective
102
aob means
age of backup
103
speeds at which data is backed up and restored
time taken to backup and time taken to recover
104
measured in terms of cost for infrastructure, operations, and maintenance
total cost of ownership
