Question 1

Which of the following statements holds true for the term encryption?

Accepted Answer

Encryption is the process of converting information or data into a code, especially to prevent unauthorized access. This involves using a cipher to transform readable data (plaintext) into a format that cannot be understood without the appropriate key (ciphertext).

Question 2

Technologies that measure and analyze human body characteristics for identification or authentication are known as _____.

Accepted Answer

Biometrics refers to the measurement and statistical analysis of people's unique physical and behavioral characteristics. This technology is primarily used for identification and access control, or for identifying individuals who are under surveillance.

Question 3

Which of the following types of infiltration techniques does one open up to by posting sensitive personal information and details about one's workplace on social networking sites?

Accepted Answer

Posting sensitive personal information and details about one's workplace on social networking sites can make one vulnerable to social engineering attacks. Social engineering involves manipulating individuals into divulging confidential or personal information that may be used for fraudulent purposes. By sharing too much information online, individuals can inadvertently provide attackers with the data needed to craft convincing scams or impersonations.

Question 4

Some of the most common guidelines issued by Web sites when designing a secure password include:

Accepted Answer

The correct choice is A because it outlines a common guideline for creating a secure password, which includes making it at least eight characters long and incorporating numbers and non-alphabet characters to increase complexity and security. Choices B, C, D, and E suggest practices that would actually weaken password security.

Question 5

Which of the following statements holds true for the term spoof?

Accepted Answer

Spoofing involves altering email transmissions or packets to make them appear as if they originated from a different source.

Question 6

Viruses are programs that infect other software or files and require:

Accepted Answer

Viruses are designed to attach themselves to executable programs. When the infected program runs, the virus gets a chance to execute and spread. They do not necessarily require large file sizes, a specific operating system like Windows, a disk-based operating system, or the computer to be shut down to spread.

Question 7

Computer systems are often infected with malware by means of exploits that sneak in masquerading as something they are not. These exploits are called:

Accepted Answer

Trojans are malicious programs that disguise themselves as legitimate software, or are hidden within legitimate software, to trick users into executing them, thus allowing malware to be installed on the system.

Question 8

The phrase __________________ refers to security schemes that automatically send one-time use representations of a credit card that can be received and processed by banking and transaction firms at the time of payment. They are in use in ApplePay and Android Wallet.

Accepted Answer

The answer of The phrase __________________ refers to security schemes...

Question 9

Briefly explain the steps one should take to ensure that their highest priority accounts are not compromised easily by hackers.

Accepted Answer

The answer of Briefly explain the steps one should take...

Question 10

The use of public wireless connections can increase a user's vulnerability to monitoring and compromise. ____________ software can be used to encrypt transmissions over public networks, making it more difficult for a user's PC to be penetrated.

Accepted Answer

VPN (Virtual Private Network) software encrypts a user's internet traffic, thereby securing their data over public networks and reducing the risk of monitoring and compromise.

Question 11

Sifting through trash in an effort to uncover valuable data or insights that can be stolen or used to launch a security attack is known as:

Accepted Answer

Dumpster diving refers to the practice of sifting through trash to find valuable data or insights that can be used for malicious purposes, such as launching security attacks or stealing information.

Question 12

Attacks that exhaust all possible password combinations in order to break into an account are called _____ attacks.

Accepted Answer

Brute-force attacks involve trying all possible combinations of passwords or encryption keys until the correct one is found.

Question 13

A bank customer receives a message, ostensibly from the bank's Web site, asking her to provide her login information. Assuming the message is intended to defraud the customer, what type of infiltration technique is being used here?

Accepted Answer

This scenario describes phishing, where fraudulent communication is used to trick individuals into providing sensitive information by masquerading as a trustworthy entity.

Question 14

The e-mail password of a senior employee in an organization was compromised by someone observing this user as the employee accessed his account. This is most likely a case of:

Accepted Answer

Shoulder surfing involves directly observing someone's credentials or sensitive information by looking over their shoulder, which matches the scenario described.

Question 15

The phrase ______________ refers to security where identity is proven by presenting more than one item for proof of credentials. Multiple factors often include a password and some other identifier such as a unique code sent via e-mail or mobile phone text, a biometric reading (e.g. fingerprint or iris scan), a swipe or tap card, or other form if identification

Accepted Answer

The answer of The phrase ______________ refers to security where...

Question 16

One of the major problems with the Heartbleed bug in OpenSSL software is that:

Accepted Answer

The Heartbleed bug in OpenSSL software was particularly problematic because it was embedded in many hardware products, making it difficult to patch through automatic software updates. This widespread and deeply integrated presence meant that fixing the vulnerability required manual updates or replacements in many cases, posing significant challenges for security and IT teams.

Question 17

Describe briefly a few of the physical threats posed by hackers to information security with examples for each.

Accepted Answer

The answer of Describe briefly a few of the physical...

Question 18

Which of the following are considered sources of information that can potentially be used by social engineers?

Accepted Answer

All of the options listed (LinkedIn, corporate directories, social media posts, contests or surveys) are potential sources of information for social engineers. They use such platforms to gather personal or organizational information that can be exploited for malicious purposes.

Question 19

_____ can be either software-based or deployed via ware, such as a recording "dongle" that is plugged in between a keyboard and a PC.

Accepted Answer

Keyloggers are designed to record and monitor the keystrokes on a computer or mobile device. They can be implemented as software applications or as hardware devices, such as a dongle that is connected between a keyboard and a computer.

Question 20

Attacks that are so new that they have not been clearly identified, and so have not made it into security screening systems are called _____.

Accepted Answer

Zero-day exploits are attacks that take advantage of a security vulnerability on the same day that the vulnerability becomes generally known, meaning there is no prior knowledge or defense against the attack.

Quiz 17: Information Security: Barbarians at the Gateway and Just About Everywhere Else