Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
IT Fundamentals
Block 5 Unit 1 - 20 April 2023
| Question | Answer |
|---|---|
| A threat is any circumstance or event with the potential to adversely affect a system through unauthorized access, _______________, ______________, modification of ___________, or denial of ___________. | destruction, disclosure, modification of data, or denial of service |
| Define Spoofing | Pretending to be something or someone other than yourself. |
| Define Tampering | Modifying something on a disk, network, memory, or elsewhere. |
| Define Repudiation | Claiming you didn't do something or were not responsible. |
| Define Information disclosure | Providing information to someone not authorized to access it. |
| Define Denial of service | Exhausting resources needed to provide service to the user. |
| Define Elevation of privilege | Allowing someone to do something they are not authorized to do. |
| What kind of threat has authorization to access a system but uses it in a way that is not approved by the party that granted authorization? _______________________________ | Inside Attack |
| A __________ is an aggregation of compromised computers, turning them into __________ to be used by attackers. | Botnet, robots |
| A ___________________ is a flaw or weakness in a system’s design, implementation, or operation and management that could be exploited to violate the system’s security policy. | Vulnerability |
| Attackers may target one or multiple system resources. Name three. | 1. Data stored in an IS 2. Services provided to user 3. System processing power |
| computer network attack is an _________________ act by which an __________________ threat attempts to evade security services and violate the security policy of a system. | intent, point of initiation, and method of delivery |
| __________________________attacks occur when more requests are sent to a machine (host) than it can handle. | Denial of Service |
| _________________ available in the underground community make DoS attacks an easy process. | Toolkits |
| What type of attack involves multiple computers sending requests, usually performed through a botnet? _______________________________________________________________ | Distributed Denial of Service |
| Some measures that can be done to reduce the risk of being stung by a DoS attack include what? ______________________________________________________________________________ | 1. Visible-to-the-world servers 2. Packet filtering 3. OS patches |
| _______________ __________attacks allow access to some resources that your machine should not provide to the attacker. | Unauthorized Access |
| Executing commands illicitly occurs when a/an _______________and ________________ person executes commands on a server. | unknown and untrusted |
| The two types of destructive behavior are ____________________________ and ______________________________. | Data Diddling and Data Destruction |
| The destructive behavior where the attacker changes entries in records is known as _____________________________. | Data Diddling |
| The destructive behavior where the attacker deletes files is known as ______________________________. | Data Destruction |
| Social engineering is a non-technical or low-technology confidence trick involving _______________ or fraud. | trickery |
| _____________ ________________ involves psychological manipulation of people into divulging confidential information or performing other actions beneficial to an attacker. | social engineering |
| The purpose of social engineering can be _______________________, _____________ or _____________________________. | information gathering, fraud, or system access |
| ___________________ techniques attempt to acquire sensitive data, such as bank account numbers, passwords, email accounts, etc. through fraudulent solicitations via email, text messages, websites. | Phishing |
| 5. ______________ phishing is a type of phishing that targets a specific individual, utilizing messaging that appeals to that person. | Spear Phishing |
| _____________ is a specific form of spear phishing targeted at high-value targets. | Whaling |
| _____________ leads a user to perform some action to trigger a trap, such as installing malware or leaving an infected flash drive in a public space? | Baiting |
| Countermeasures against social engineering include what four techniques?__________________________________________________________________________________________________________________________________________________ | 1. Emails and attachments 2. Multifactor Authentication 3. Antivirus/malware, 4. Good Judgement |
| Malicious code is or that is written to intentionally cause undesired effects, security breaches or damage to a system. | software or scripting |
| _____is software designed to infiltrate or damage a computer system without the owner's informed consent. | Malware |
| Malware's most common pathways from criminals to users is through what two methods? | email, and the world wide web |
| Viruses are written by people with intent to do what? | to do harm |
| Viruses are classified into two categories, based on how they propagate themselves: | Boot-sector virus, and File Infector Virus |
| The first type, called a “boot-sector virus,” resides where? | in the first sector of a disk or Universal Serial Bus (USB) drive |
| File infectors operate in memory and infect what kinds of files? | executable |
| Worms can replicate themselves through specific , opening e-mail messages, and flash drives. They may not require user activation. | network protocols |
| One of the most common methods of spreading a virus is through _____ services. | |
| List four common symptoms of computer virus infection. | 1. Computer will not boot 2. Data is scrambled or corrupted 3. computer is erratic, 4. Partition is lost |
| Routine results identifies hosts that are vulnerable to attacks. | scanning |
| Patching is the process of repairing a _______ or a _______ that is identified after the release of an application or a software. | vulnerability or flaw |
| This training informs users of common pitfalls that can cause system vulnerabilities and what they can do to mitigate them | User Awareness |
| A ____ restricts data communication traffic to and from the network it’s connected to. | Firewall |
| Anti- spyware prevents ______ from collecting information about the user. | spyware |
| What device/service provides security, privacy and web filtering? | Proxy Servers/Web Content Filters |
| A mail gateway can be set up to scan and filter out problematic _____, ______ and ______. | file extensions, viruses, and spam |
| ______determine whether or not someone attempted to break into a system, if they were successful, and what they may have done. | Detection measures |
| _______software is your system’s protection against viruses. | Anti-Virus |
| Anti-virus programs inspect the contents of each file, searching for specific patterns that match a malicious profile - called a ________. | Virus Signature |
| An ________ detects suspicious activity on a host or a network, logs it, and alerts system or network administrators. | Intrusion Detection System |
| Administrators should check what daily for signs of security compromise? | Monitor Logs |
| Steps of the response phase of an attack may include items such as what? (name three) | 1. Define the attack 2. Inform users 3. Contain the intrusion |
| Anyone in an organization responding to an incident should follow the organization’s ________. | SOP |
| A _____________________ consists of an entity or multiple entities, such as governments, corporations or small businesses, coordinating to get a product or products to a final destination. | Supply Chain |
| A third party in a supply chain is a ______________ or _______________ individual or company that provides a product or a ___________ in support of the primary objectives of an organization. | intermediary or subcontracted individual or company that provides a product or a service |
| Granting either physical or virtual access to an organization’s information systems, software code or intellectual property can leave these vulnerable to what? | Vulnerable to exploitation through malicious actions or carelessness |
| Ensuring the third party is _______________ data is an important prerequisite when considering cloud computing. | securing |
| When ordering new hardware or software from a vendor, it is good cybersecurity practice to ask many ____________ prior to making any _______________. | questions prior to making any agreements |
Created by:
merrellm
Popular Military sets