Deck 28: Securing Computers

Not all __________ access is malicious, but it should still be prevented; for example, a user may poke around a network share and see sensitive information.

The tool used to set local policies on an individual system is _______________.

When you open or install new software, you must agree to abide by the use and sharing guidelines stipulated by the software copyright holder.This agreement is called the _______________ Agreement.

_______________ reduce the viewing angle of a monitor, making it impossible for anyone to read the screen except those directly in front of it.

A common _______________ attack is where an attacker uses the telephone and convinces a user to give up secure information.

When configured to do so, Windows will create an entry in the Security Log when someone tries to access a certain file or folder-this is called _______________ auditing.

The term _______________ refers to any program or code that's designed to do something on a system or a network that the user does not want done.

Security _______________ are devices that store some unique information that the user carries on his or her person.

Access control is the process of implementing methods to ensure unauthorized users can't access your system.Two primary methods are physical security and _______________.

The tool used to apply policy settings to multiple computers in an Active Directory domain is _______________.

Those who configure permissions to accounts must follow the principle of _______________.

A device that can prove who you are based on your fingerprint is known as a(n) _______________ device.

Following someone through the door is an example of _______________.

The list of virus signatures that your antivirus program can recognize is called the _______________.

A(n) _______________ is a device or software (or combination of both) used to protect an internal network from unauthorized access from the Internet.

The authentication encryption used in Windows network operating systems is _______________.

A complete program that travels from machine to machine through computer networks and can cause so much activity that it can overload a network is a(n) _______________.

Unsolicited e-mail is more commonly known as _______________.

Classic _______________ (a form of malware) often sneaks onto systems by being bundled with legitimate software.

A(n) _______________ is an attack on a vulnerability that wasn't already known to software developers.

List the four interlinked topics that should be considered when implementing access control.

_______________ is a form of malware that encrypts all the data it can get access to on a system, and then asks for money to decrypt your data.

The scrambling code used to attempt to modify a(n) _______________ virus to prevent detection is actually used as the signature to detect the virus.

A digital certificate is signed by a trusted _______________ that guarantees that the public key you are about to get is actually from the Web server and not from some evil person trying to pretend to be the Web server.

Some free anti-malware applications are actually malware and are commonly referred to as _______________.

Many security appliances include a context-based set of rules called _______________ to help companies avoid accidental leakage of data.

In a(n) _______________ attach, an attacker taps into communications between two systems, covertly intercepting traffic thought to be only between those systems.

Define social engineering.

Unwanted, unknown, or unplanned file downloads are called _______________ downloads.

A(n) _______________ is a program that takes advantage of very low-level operating system functions to hide itself from all but the most aggressive of anti-malware tools.

A(n) _______________ is the code pattern of a known virus.

Boot sector viruses that use various methods to hide from antivirus software are known as _______________ viruses.

Surprise browser windows that appear automatically when you visit a Web site are known as _______________.

What is spoofing?

What is the difference between a man-in-the-middle (MITM) attack and session hijacking?

Describe a security token and an RSA token.

How is the Guest account a security risk?

How does an anti-virus program act as a sword (i.e., in active seek-and-destroy mode) in protecting a PC?

What is a botnet?

What is the difference between a virus and a worm?

What tool is used to set security policies on an individual system?

Define malware and list some types of malware.

How can a technician identify an action or content as prohibited?

What are the benefits of incidence reporting?

Describe a smart card.

What is a rootkit?

What is a polymorph virus?

How can rogue applications (rogue anti-malware) be avoided?

What is a Trojan horse?

Define effective permissions.

What is a form of authentication where a user must use two or more factors to prove his or her identity?

What can be used to set security policies for users or computers in a network?

In the context of viruses, what is a signature?