Terms Flashcards
(162 cards)
1
Q
What is adware?
A
Software that collects consumer surfing and purchasing data.
2
Q
What is a botnet?
A
A network of hijacked computers.
3
Q
What is a bot herder?
A
Hackers that control hijacked computers.
4
Q
What is click fraud?
A
Inflating advertising revenue by clicking online ads numerous times.
5
Q
What does DoS stand for?
A
Using the Internet to disrupt communications and e-commerce.
6
Q
What are e-mail threats?
A
Sending an e-mail instructing the recipient to do something or else suffer adverse consequences.
7
Q
What is hijacking?
A
Gaining control of a computer to carry out unauthorized illicit activities.
8
Q
What is Internet misinformation?
A
Circulating lies or misleading information using the world’s largest network.
9
Q
What is a key logger?
A
Use of spyware to record a user’s keystrokes.
10
Q
What is Pharming?
A
Diverting traffic from a legitimate website to a hacker’s website to gain access to personal and confidential information.
11
Q
What is phishing?
A
E-mails that look like they came from a legitimate source but are actually from a hacker who is trying to get the user to divulge personal information.
12
Q
What is spamming?
A
E-mailing an unsolicited message to many people at the same time.
13
Q
What is spyware?
A
Software that monitors and reports a user’s computing habits.
14
Q
What is spoofing?
A
Making an e-mail look like it came from someone else.
15
Q
What is typosquatting?
A
Creating websites with names similar to real websites so users making errors while entering a website name are sent to a hacker’s site.
16
Q
What is packet sniffing?
A
Intercepting Internet and other network transmissions.
17
Q
What is round-down fraud?
A
Placing truncated decimal places in an account controlled by the perpetrator.
18
Q
What is bluebugging?
A
Making phone calls and sending text messages using another user’s phone without physically holding that phone.
19
Q
What is scavenging?
A
Searching through garbage for confidential data.
20
Q
What is chipping?
A
Inserting a chip that captures financial data in a legitimate credit card reader.
21
Q
What is eavesdropping?
A
Intercepting and/or listening in on private voice and data transmissions.
22
Q
What is the salami technique?
A
Embezzling small fractions of funds over time.
23
Q
What is an evil twin?
A
A rogue wireless access point masquerading as a legitimate access point.
24
Q
What is war dialing?
A
Searching for modems on unprotected phone lines in order to access the attached computer and gain access to the network(s) to which it is attached.
25
What is vishing?
E-mails instructing a user to call a phone number where they are asked to divulge personal information.
26
What is Phreaking?
Using telephone lines to transmit viruses and to access, steal, and destroy data.
27
What is piggybacking?
Gaining access to a protected system by latching onto a legitimate user.
28
What is war driving?
Searching for unprotected wireless networks in a vehicle.
29
What is bluesnarfing?
Capturing data from devices that use Bluetooth technology.
30
What is identity theft?
Illegally obtaining confidential information, such as Social Security number, about another person so that it can be used for financial gain.
31
What is a dictionary attack?
Guessing user IDs and passwords using a dictionary of user IDs and passwords.
32
What is hacking?
Gaining access to a computer system without permission.
33
What is a logic bomb?
Software that sits idle until a specified circumstance or time triggers it.
34
What is malware?
Software used to do harm.
35
What is masquerading?
Pretending to be a legitimate user, thereby gaining access to a system and all the rights and privileges of the legitimate user.
36
What is password cracking?
Recovering passwords by trying every possible combination of characters and comparing them to a cryptographic hash of the password.
37
What is piggybacking in the context of wireless networks?
Using a wireless network without permission.
38
What is posing?
Creating a seemingly legitimate business, collecting personal information while making a sale, and never delivering the item sold.
39
What is pretexting?
Acting under false pretenses to gain confidential information.
40
What is a rootkit?
Software that conceals processes, files, network connections, and system data from the operating system and other programs.
41
What is shoulder surfing?
Observing or listening to users as they divulge personal information.
42
What is skimming?
Covertly swiping a credit card in a card reader that records the data for later use.
43
What is Social Engineering?
Methods used to trick someone into divulging personal information.
44
What is software piracy?
Unauthorized copying or distribution of copyrighted software.
45
What is steganography?
Concealing data within a large MP3 file.
46
What is a trap door?
Special code or password that bypasses security features.
47
What is a Trojan horse?
Unauthorized code in an authorized and properly functioning program.
48
What is a virus?
Segment of executable code that attaches itself to software.
49
What is a worm?
Program that can replicate itself and travel over networks.
50
What is a zero-day attack?
Attack occurring between the discovery of a software vulnerability and the release of a patch to fix the problem.
51
What is a buffer overflow attack?
So much input data that storage is exceeded; excess input contains code that takes control of the computer.
52
What is carding?
Verifying credit card validity.
53
What is caller ID spoofing?
Displaying an incorrect phone number to hide the caller's identity.
54
What is cyber-extortion?
Demand for payment to ensure a hacker does not harm a computer.
55
What is cyber-bullying?
Using social networking to harass another person.
56
What is economic espionage?
Theft of trade secrets and intellectual property.
57
What is e-mail spoofing?
Making an electronic communication appear as though it originated from a different source.
58
What is IP address spoofing?
Creating packets with a forged address to impersonate another computing system.
59
What is Internet auction fraud?
Using a site that sells to the highest bidder to defraud another person.
60
What is Internet pump-and-dump fraud?
Using the Internet to inflate a stock price so it can be sold for a profit.
61
What is Lebanese looping?
Inserting a sleeve to trap a card in an ATM, pretending to help the owner to obtain his PIN, and using the card and PIN to drain the account.
62
What is a man-in-the-middle (MITM) attack?
A hacker placing himself between a client and a host to intercept network traffic.
63
What is podslurping?
Using a small storage device to download unauthorized data from a computer.
64
What is ransomware?
Software that encrypts programs and data until a payment is made to remove it.
65
What is scareware?
Malicious software that people are frightened into buying.
66
What is sexting?
Exchanging explicit messages and pictures by telephone.
67
What is SQL injection?
Inserting a malicious database query in input in a way that it can be executed by an application program.
68
What is SMS spoofing?
Changing the name or number a text message appears to come from.
69
What is an XSS attack?
Link containing malicious code that takes a victim to a vulnerable website where the victim's browser executes the malicious code embedded in the link.
70
What is inherent risk?
Susceptibility of accounts or transactions to control problems in absence of internal control.
71
What is general authorization?
Given to employees to handle routine transactions without special approval.
72
What is a control environment?
Company culture that is the foundation for all other internal control components.
73
What are corrective controls?
Controls that identify and correct problems and recover from resulting errors.
74
What is risk appetite?
Amount of risk company is willing to accept to achieve its goals and objectives.
75
What are application controls?
Controls that prevent, detect, and correct transaction errors and fraud in transaction processing programs.
76
What is a systems integrator?
Outside party hired to manage systems development effort.
77
What is utilization?
Percentage of time a system is used.
78
What is security management?
Makes sure systems are secure and protected from internal and external threats.
79
What is a strategic master plan?
Multiple year plan of projects company must complete to achieve long-range goals.
80
What is specific authorization?
Special approval needed to handle a transaction.
81
What is collusion?
Cooperation between two or more people to thwart internal controls.
82
What is throughput?
Amount of work performed during a given time period.
83
What is a systems administrator?
Responsible for making sure a system operates smoothly and efficiently.
84
What is residual risk?
Risk that remains after management implements internal controls or some other response to risk.
85
What is data control?
Ensures source data is approved, monitors work flow, and handles input errors.
86
What is likelihood?
Probability that a threat will come to pass.
87
What is an analytical review?
Examining relationships between different sets of data.
88
What is exposure?
Potential dollar loss if a threat becomes a reality.
89
What are systems analysts?
Help users determine their information needs and design systems to meet those needs.
90
What is an audit trail?
Path used to trace a transaction from origin to output or from output to origin.
91
What is an audit committee?
Outside, independent directors responsible for financial reporting, regulatory compliance, and internal control.
92
What is a digital signature?
Electronically signing a document with data that cannot be forged.
93
What is a vulnerability?
Flaw or weakness in a program.
94
What is an exploit?
Software code that can be used to take advantage of a flaw and compromise a system.
95
What is authentication?
Verification of claimed identity.
96
What is authorization?
Restricting the actions a user is permitted to perform.
97
What is a demilitarized zone (DMZ)?
Subnetwork accessible from the Internet but separate from the organization's internal network.
98
What is deep packet inspection?
Firewall technique that filters traffic by examining not just packet header information but also the contents of a packet.
99
What is a router?
Device that uses the Internet Protocol (IP) to send packets across networks.
100
What is a honeypot?
Device that has no real function, but merely serves as a decoy.
101
What is a firewall?
Device that provides perimeter security by filtering packets.
102
What is hardening?
Improving security by removing or disabling unnecessary programs and features.
103
What is CIRT?
Set of employees assigned responsibility for resolving problems and incidents.
104
What is a patch?
Code that corrects a flaw in a program.
105
What is change control and change management?
Plan that ensures modifications to an information system do not reduce its security.
106
What is packet filtering?
Firewall technique that filters traffic by examining only the information in packet headers to the rules in an ACL.
107
What is a border router?
Device that connects an organization to the Internet.
108
What is a vulnerability scan?
Detective control that identifies weaknesses in devices or software.
109
What is a penetration test?
Test that determines the time it takes to detect and respond to an attack.
110
What is patch management?
Process of applying code supplied by a vendor to fix a problem in that vendor's software.
111
What is a virtual private network (VPN)?
Encrypted tunnel used to transmit information securely across the Internet.
112
What is data loss prevention (DLP)?
Procedure to filter outgoing traffic to prevent confidential information from leaving.
113
What is a digital signature?
A hash encrypted with the creator's private key.
114
What is a digital certificate?
Used to store an entity's public key, often found on websites.
115
What is data masking?
Replacing real data with fake data.
116
What is symmetric encryption?
Encryption process that uses the same key to both encrypt and decrypt.
117
What is blockchain?
Distributed ledger of hashed documents.
118
What is plaintext?
Document or file that can be read by anyone who accesses it.
119
What is hashing?
Process that transforms a document or file into a fixed-length string of data.
120
What is ciphertext?
Document or file that must be decrypted to be read.
121
What is information rights management (IRM)?
Software that limits what actions (read, copy, print, etc.) can be performed by users granted access to a file or document.
122
What is a certificate authority?
Company that issues pairs of public and private keys and verifies the identity of the owner of those keys.
123
What is nonrepudiation?
Inability to unilaterally deny having created a document or file or having agreed to perform a transaction.
124
What is a digital watermark?
Secret mark used to identify proprietary information.
125
What is asymmetric encryption?
Encryption process that uses a pair of matched keys, one public and the other private; either key can encrypt something, but only the other key in that pair can decrypt.
126
What is key escrow?
Copy of an encryption key stored securely to enable decryption if the original encryption key becomes unavailable.
127
What is a nonce?
Random number used to validate a new block in a blockchain.
128
What is a business continuity plan (BCP)?
Plan that describes how to resume business operations after a major calamity.
129
What is a completeness check?
Application control that verifies that the quantity ordered is greater than 0.
130
What is a hash total?
Batch total that does not have any intrinsic meaning.
131
What is an incremental daily backup?
Daily backup procedure that copies only the activity that occurred on that particular day.
132
What is an archive?
File used to store information for long periods of time.
133
What is a field check?
Data entry application control that could be used to verify that only numeric data are entered into a field.
134
What is a sign check?
Application control that tests whether a customer is 18 or older.
135
What is a cold site?
Plan that, in the event the organization's data center is unavailable, contracts for use of an alternate site prewired for Internet connectivity but has no computing or network equipment.
136
What is a limit check?
Application control that ensures a customer's ship-to address is entered in a sales order.
137
What is a zero-balance test?
Application control that involves use of an account that should not have a balance after processing.
138
What is a recovery point objective (RPO)?
Measure of the amount of data an organization is willing to reenter or possibly lose in the event of a disaster.
139
What is a recovery time objective (RTO)?
Measure of the length of time an organization is willing to function without its information system.
140
What is a record count?
Batch total that represents the number of transactions processed.
141
What is a validity check?
Application control that validates the correctness of one data item in a transaction record by comparing it to the value of another data item in that transaction record.
142
What is check digit verification?
Data entry application control that verifies the accuracy of an account number by recalculating the last number as a function of the preceding numbers.
143
What is closed-loop verification?
Data entry application control in which the system displays the value of a data item and asks the user.
144
What is closed-loop verification?
Data entry application control in which the system displays the value of a data item and asks the user to verify that the system has accessed the correct record.
145
What is parity checking?
Control that counts the number of odd or even bits in order to verify that all data were transmitted correctly.
146
What is a reasonableness test?
Application control that tests whether a customer is 18 or older.
147
What is a financial total?
Batch total that represents the total dollar value of a set of transactions.
148
What is a CRM system?
System that contains customer-related data organized in a manner to facilitate customer service, sales, and retention.
149
What is the open-invoice method?
Method of maintaining customer accounts that generates payments for each individual sales transaction.
150
What is a credit memo?
Document used to authorize reducing the balance in a customer account.
151
What is a credit limit?
Maximum possible account balance for a customer.
152
What is cycle billing?
Process of dividing customer account master file into subsets and preparing invoices for one subset at a time.
153
What is FEDI?
System that integrates EFT and EDI information.
154
What is remittance advice?
Turnaround document returned by customers with payments.
155
What is a lockbox?
Post Office box to which customers send payments.
156
What is a back order?
Document used to indicate stockouts exist.
157
What is a picking ticket?
Document that authorizes removal of merchandise from inventory.
158
What is a bill of lading?
Document used to establish responsibility for shipping goods via a third party.
159
What is factoring?
Selling accounts receivable to a firm that specializes in collecting past due accounts.
160
What is an accounts receivable aging report?
Document that shows the amounts of accounts receivable that are current and past due.
161
What is EFT?
Electronic transfer of funds.
162
What is UPIC?
Number other than the company's real bank account number that customers can use to remit payments to a company's bank account.
