Quiz 6: B: Extension: A Information Security

Legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident are called insiders.

Insiders are illegitimate users who purposely or accidentally misuse their access to the environment to do business.

Information security policies detail how an organization will implement the information security plan.

Dumpster diving, another security breach for companies, occurs when people not associated with the company jump into the company's outside garbage bins and try to gather and steal any valuable company products they can resell on eBay.

Organizations address security risks through two lines of defense.The first is people and the second is technology.

Pretexting is a form of social engineering in which one individual lies to obtain confidential data about another individual.

Ransomware is a form of social engineering in which one individual lies to obtain confidential data about another individual.

Through social engineering, hackers use their social skills to trick people into revealing access credentials or other valuable information.

Through pretexting, hackers use their social skills to trick people into revealing access credentials or other valuable information.

The three primary information security areas are (1) authentication and authorization, (2) policies and rewards, and (3) detection and response.

Tokens are small electronic devices that change user passwords automatically.

The technique to gain personal information for the purpose of identity theft, often through fraudulent emails that look as though they came from legitimate businesses, is called phishing.

A process of providing a user with permission including access levels and abilities such as file access, hours of access, and amount of allocated storage space is called authentication.

One of the most ineffective ways to set up authentication techniques is by setting up user IDs and passwords.

Biometrics is the identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting.

A firewall scrambles information into an alternative form that requires a key or password to decrypt.

Identity theft is the forging of someone's identity for the purpose of fraud.

Identity theft is the category of computer security that addresses the protection of data from unauthorized disclosure and confirmation of data source authenticity.

A phishing expedition is a masquerading attack that combines spam with spoofing.The perpetrator sends millions of spam emails that appear to be from a respectable company.The emails contain a link to a website that is designed to look exactly like the company's website.The victim is encouraged to enter his or her username, password, and sometimes credit card information.

Spear phishing is a phishing expedition in which the emails are carefully designed to target a particular person or organization.

Spear phishing is a phone scam that attempts to defraud people by asking them to call a bogus telephone number to "confirm" their account information.

Phishing reroutes requests for legitimate websites to false websites.

A zombie is a program that secretly takes over another computer for the purpose of launching attacks on other computers.

A zombie farm is a group of computers on which a hacker has planted zombie programs.

A pharming attack uses a zombie farm, often by an organized crime association, to launch a massive phishing attack.

Worms are computer viruses that wait for a specific date before executing their instructions.

To decrypt information is to decode it and is the opposite of encrypt.

Cryptography is the science that studies encryption, which is the hiding of messages so that only the sender and receiver can read them.

A certificate authority is a trusted third party, such as VeriSign, that validates user identities by means of digital certificates.

A certificate authority is a data file that identifies individuals or organizations online and is comparable to a digital signature.

A voiceprint is a data file that identifies individuals or organizations online and is comparable to a digital signature.

A voiceprint is a set of measurable characteristics of a human voice that uniquely identifies an individual.These characteristics, which are based on the physical configuration of a speaker's mouth and throat, can be expressed as a mathematical formula.Unfortunately, biometric authentication such as voiceprints can be costly and intrusive.

Single-factor authentication is the traditional security process, which requires a user name and password.

Two-factor authentication requires the user to provide two means of authentication, what the user knows (password) and what the user has (security token).

Multifactor authentication requires more than two means of authentication such as what the user knows (password), what the user has (security token), and what the user is (biometric verification).

Multifactor authentication is the traditional security process, which requires a user name and password.

Single-factor authentication requires more than two means of authentication such as what the user knows (password), what the user has (security token), and what the user is (biometric verification).

Single-factor authentication requires the user to provide two means of authentication, what the user knows (password) and what the user has (security token).

The goal of multifactor authentication is to make it difficult for an unauthorized person to gain access to a system because, if one security level is broken, the attacker will still have to break through additional levels.

What are the first two lines of defense a company should take when addressing security risks? A)Technology first, customers second. B)Technology first, people second. C)Innovation first, technology second. D)People first, technology second.

Which of the following represents the biggest problem of information security breaches? A)People misusing organizational information. B)Technology failures. C)Customers misusing organizational systems. D)Company departments missing sales goals.

Angela works for an identity protection company that maintains large amounts of sensitive customer information such as usernames, passwords, personal information, and social security numbers.Angela and a coworker decide to use the sensitive information to open credit cards in a few of her customer's names.This is a classic example of which of the following security breaches? A)A social engineer B)An insider C)A spammer D)A dumpster diver

Using one's social skills to trick people into revealing access credentials or other valuable information is called ______________. A)Social engineering B)Social media C)Social viruses D)Social processes

What is it called when a hacker looks through your trash to find personal information? A)Striker bunny B)Dumpster diving C)Trash retrieval D)Approved consent

What is a form of social engineering in which one individual lies to obtain confidential data about another individual? A)Dumpster texting B)Dumpster diving C)Trash retrieval D)Pretexting

What is pretexting? A)A form of social engineering in which one individual lies to obtain confidential data about another individual. B)A hacker looks through your trash to find personal information. C)Legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident. D)Malicious agents designed by spammers and other Internet attackers to farm email addresses off websites or deposit spyware on machines.

What is dumpster diving? A)A form of social engineering in which one individual lies to obtain confidential data about another individual. B)A hacker looking through your trash to find personal information. C)Legitimate users purposely or accidentally misusing their access to the environment and causing some kind of business-affecting incident. D)Malicious agents designed by spammers and other Internet attackers to farm email addresses off websites or deposit spyware on machines.

What is an insider? A)A form of social engineering in which one individual lies to obtain confidential data about another individual. B)A hacker looking through your trash to find personal information. C)Legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident. D)Malicious agents designed by spammers and other Internet attackers to farm email addresses off websites or deposit spyware on machines.

What is a destructive agent? A)A form of social engineering in which one individual lies to obtain confidential data about another individual. B)Hackers looking through your trash to find personal information. C)Legitimate users who purposely or accidentally misuses their access to the environment and cause some kind of business-affecting incident. D)Malicious agents designed by spammers and other Internet attackers to farm email addresses off websites or deposit spyware on machines.

Working at a ski resort in the mountains has its own unique security issues.Kenny is the chief information officer for Sundance Ski Resort, and he is faced with both physical and information security threats every month.Since the resort implemented a new software system, they have been having larger number of threats and breaches of company information.He suspects that this may be the cause of an internal employee.He needs to clarify and establish what type of plan to help reduce further problems? A)An information security plan B)An ethical information policy C)An anti-virus plan D)None of these

eBay is an example of an online company that has been faced with numerous security issues.For example, imagine you purchase a digital camera on eBay.Three months later you might receive an email asking you to log in to the system to update your credit card or PayPal information.Of course, this email is not actually from eBay and as soon as you log in your information will be stolen.What type of information security breach would you consider this to be? A)An Insider B)Dumpster diving C)Social engineering D)Phishing

Which of the following is an example of a way to maintain information security that a company should include in its information security policies? A)Requiring computer users to log off before leaving for lunch B)Never sharing user or password information with anyone C)Changing passwords every 30 to 60 days D)All of these

Janet is a financial aid counselor at a local community college and she shares an office with her three coworkers.Janet feels safe in her office environment and frequently leaves her username and password on a sticky note next to her computer.Without realizing it Janet is creating the potential for which type of information security breach to occur? A)Insiders to hack into the college system. B)Dumpster diving to find usernames and passwords. C)Viruses and worms to spread through the college system. D)All of these.

Applications allowed to be placed on the corporate network, like IM software, and corporate computer equipment used for personal reason on personal networks are two areas that should be addressed by managers in which of the following company policies? A)Information ethics policy B)Information security policies C)Information technology plan D)All of these

Which of the following represents the three areas where technology can aid in the defense against information security attacks? A)Authentication and authorization, prevention and resistance, prevention and response B)Authentication and authorization, prevention and response, detection and response C)Analyzing and authenticating, prevention and repositioning, detection and response D)Authentication and authorization, prevention and resistance, detection and response

What is forging of someone's identity for the purpose of fraud? A)Identity crisis B)Identity theft C)Ediscovery D)All of these

What is the difference between phishing and pharming? A)Phishing is not illegal, pharming is illegal. B)Phishing is the right of the company, where pharming is the right of the individual. C)Phishing is a technique to gain personal information for the purpose of identity theft, and pharming reroutes requests for legitimate websites to false websites. D)All of these.

Imagine you accidently mistype the URL for your bank and you are redirected to a fake website that collects your information.What type of identity theft were you just a victim of? A)Pharming B)Worm holes C)Phishing D)Insider hacking

What area of information security focuses on preventing identity theft, phishing, and pharming scams? A)Prevention and resistance B)Detection and authorizing C)Detection and response D)Authentication and authorization

What is the process that provides a user with permission including access levels and abilities such as file access, hours of access, and amount of allocated storage space? A)Pharming B)Authentication C)Authorization D)Programming

What is a method for confirming users' identities? A)Phishing B)Authentication C)Authorization D)Programming

The most secure procedures combine which of the following authentication and authorization techniques? A)Something the user knows, such as a user ID and password B)Something the user has, such as a smart card or token C)Something that is part of the user, such as a fingerprint or voice signature D)All of these

A smart card is a device, the size of a credit card that contains embedded technology that stores information and small amounts of software, and can act as __________________. A)Identification instruments B)A form of digital cash C)A data storage device D)All of these

The best and most effective way to manage authentication is through ___________. A)Smart technology card B)Tokens C)Biometrics D)Passwords

Which of the following is not considered a form of biometrics? A)Iris scan B)Password C)Fingerprint D)Handwriting

Which of the following is the main drawback of biometrics? A)It is considered illegal. B)It is viewed as an invasion of privacy. C)It can be costly and intrusive. D)It requires constant monitoring and upgrading.

How do prevention and resistance technologies stop intruders from accessing and reading sensitive information? A)Content filtering, encryption, and firewalls B)Calculating, locking, and firewalls C)Content prohibiting, and cookies D)None of these

Which of the following occurs when organizations use software that filters content, such as email, to prevent the accidental or malicious transmission of unauthorized information? A)Antivirus software B)Content filtering C)Encryption D)Firewalls

What prevention technique scrambles information into an alternative form that requires a key or password to decrypt? A)Encryption B)Content filtering C)Firewalls D)Antivirus software

What can encryption technology perform? A)Switch the order of characters. B)Replace characters with other characters. C)Insert or remove characters. D)All of these.

What type of encryption technology uses multiple keys, one for public and one for private? A)Private key encryption B)Policy key encryption C)Public key encryption D)Protective key code

What is a data file that identifies individuals or organizations online and is comparable to a digital signature? A)Digital code B)Digital sign C)Digital certificate D)Digital card

Charles Mott works for a company called VeriSign that acts a trusted third party to verify information.One of Charles's largest clients is CheckMd, which holds and authenticates customer reviews of doctors and dentists online.Having a third party validating the reviews is critical to CheckMd's success.What type of authentication technique is VeriSign providing for CheckMd? A)Firewall B)Certificate authority C)Online certificate D)Digital content certificate

What is hardware or software that guards a private network by analyzing incoming and outgoing information for the correct markings? A)Firewall B)Certificate authority C)Online certificate D)Digital certificate

Which of the following protection techniques scans and searches hard drives to prevent, detect, and remove known viruses, adware, and spyware? A)Firewall B)Digital certificate C)Virus software D)Antivirus software

What must you do with antivirus software to make it protect effectively? A)Must never upgrade or change vendors. B)Must download a portable button for it to activate. C)Must frequently update it to protect against viruses. D)All of these.

Which of the following systems is designed with full-time monitoring tools that search for patterns in network traffic to identify intruders and to protect against suspicious network traffic which attempts to access files and data? A)Interconnected data software (IDS) B)Intrusion detection software (IDS) C)Security Information system (SIS) D)Internet detection scanner (IDS)

What is the most secure type of authentication? A)Something the user knows such as a user ID and password B)Something the user has such as a smart card or token C)Something that is part of the user such as a fingerprint or voice signature D)Combination of all of these

What is a device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing? A)Token B)Password C)Smart card D)Biometrics

What is the identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting? A)Smart card B)Token C)Biometrics D)Content filtering

Which of the following is considered a type of biometrics? A)Voice B)Face C)Iris D)All of these

What is a set of measurable characteristics of a human voice that uniquely identifies an individual? A)Voiceprint B)Face C)Iris D)All of these

What is single-factor authentication? A)The traditional security process that requires a user name and password. B)A process that requires the user to provide two means of authentication, what the user knows (password) and what the user has (security token). C)A process that requires more than two means of authentication such as what the user knows (password), what the user has (security token), and what the user is (biometric verification). D)The identification of a user based on a physical characteristic such as a fingerprint, iris, face, voice or handwriting.

What is multifactor authentication? A)The traditional security process that requires a user name and password. B)A process that requires the user to provide two means of authentication, what the user knows (password) and what the user has (security token). C)A process that requires more than two means of authentication such as what the user knows (password), what the user has (security token), and what the user is (biometric verification). D)The identification of a user based on physical characteristic such as a fingerprint, iris, face, voice or handwriting.

What is two-factor authentication? A)The traditional security process that requires a user name and password. B)A process that requires the user to provide two means of authentication, what the user knows (password) and what the user has (security token). C)A process that requires more than two means of authentication such as what the user knows (password), what the user has (security token), and what the user is (biometric verification). D)The identification of a user based on physical characteristic such as a fingerprint, iris, face, voice or handwriting.

What is the traditional security process that requires a user name and password? A)Single-factor authentication B)Two-factor authentication C)Multi-factor authentication D)Biometrics

What requires more than two means of authentication such as what the user knows (password), what the user has (security token), and what the user is (biometric verification)? A)Single-factor authentication B)Two-factor authentication C)Multifactor authentication D)Biometrics

What requires the user to provide two means of authentication, what the user knows (password) and what the user has (security token)? A)Single-factor authentication B)Two-factor authentication C)Multi-factor authentication D)Biometrics

What are biometrics? A)The traditional security process that requires a user name and password. B)A process that requires the user to provide two means of authentication, what the user knows (password) and what the user has (security token). C)A process that requires more than two means of authentication such as what the user knows (password), what the user has (security token), and what the user is (biometric verification). D)The identification of a user based on physical characteristic such as a fingerprint, iris, face, voice or handwriting.

Which of the following authentication methods is 100 percent accurate? A)Smart card B)Fingerprint authentication C)User ID D)None of these

Where do organizations typically place firewalls? A)Between a personal computer and the server. B)Between a personal computer and a printer. C)Between the server and the content filtering software. D)Between the server and the Internet.

What is the category of computer security that addresses the protection of data from unauthorized disclosure and confirmation of data source authenticity? A)Information secrecy B)Phishing C)Phishing expedition D)Spear phishing

What is a technique to gain personal information for the purpose of identity theft, usually by means of fraudulent emails that look as though they came from legitimate businesses? A)Pharming B)Phishing C)Phishing expedition D)Spear phishing

What is a masquerading attack that combines spam with spoofing? A)Pharming B)Phishing C)Phishing expedition D)Spear phishing

What is a phone scam that attempts to defraud people by asking them to call a bogus telephone number to "confirm" their account information? A)Pharming B)Phishing C)Phishing expedition D)Vishing

What reroutes requests for legitimate websites to false website? A)Pharming B)Phishing C)Phishing expedition D)Spear phishing

What is information secrecy? A)The category of computer security that addresses the protection of data from unauthorized disclosure and confirmation of data source authenticity. B)A technique to gain personal information for the purpose of identity theft, usually by means of fraudulent emails that look as though they came from legitimate businesses. C)A masquerading attack that combines spam with spoofing. D)A phishing expedition in which the emails are carefully designed to target a particular person or organization.

What is phishing? A)A rerouting of requests for legitimate websites to false websites. B)A technique to gain personal information for the purpose of identity theft, usually by means of fraudulent emails that look as though they came from legitimate businesses. C)A masquerading attack that combines spam with spoofing. D)A phishing expedition in which the emails are carefully designed to target a particular person or organization.

What is a phishing expedition? A)A rerouting of requests for legitimate websites to false websites. B)A technique to gain personal information for the purpose of identity theft, usually by means of fraudulent emails that look as though they came from legitimate businesses. C)A masquerading attack that combines spam with spoofing. D)A phishing expedition in which the emails are carefully designed to target a particular person or organization.

What is spear phishing? A)A rerouting of requests for legitimate websites to false websites. B)A technique to gain personal information for the purpose of identity theft, usually by means of fraudulent emails that look as though they came from legitimate businesses. C)A masquerading attack that combines spam with spoofing. D)A phishing expedition in which the emails are carefully designed to target a particular person or organization.

What is vishing? A)A rerouting of requests for legitimate websites to false websites. B)A technique to gain personal information for the purpose of identity theft, usually by means of fraudulent emails that look as though they came from legitimate businesses. C)A masquerading attack that combines spam with spoofing. D)A phone scam that attempts to defraud people by asking them to call a bogus telephone number to "confirm" their account information.

What is pharming? A)A rerouting of requests for legitimate websites to false websites. B)A technique to gain personal information for the purpose of identity theft, usually by means of fraudulent emails that look as though they came from legitimate businesses. C)A masquerading attack that combines spam with spoofing. D)A phone scam that attempts to defraud people by asking them to call a bogus telephone number to "confirm" their account information.

What reroutes requests for legitimate websites to false websites? A)Zombie B)Zombie farm C)Pharming attack D)Pharming

What is a program that secretly takes over another computer for the purpose of launching attacks on other computers? A)Zombie B)Zombie farm C)Pharming attack D)Time bomb

What is a group of computers on which a hacker has planted zombie programs? A)Zombie B)Zombie farm C)Pharming attack D)Time bomb

What uses a zombie farm, often by an organized crime association, to launch a massive phishing attack? A)Zombie B)Zombie farm C)Pharming attack D)Time bomb

What are computer viruses that wait for a specific date before executing their instructions? A)Zombie B)Zombie farm C)Pharming attack D)Time bomb

What is a data file that identifies individuals or organizations online and is comparable to a digital signature? A)Digital certificate B)Encryption C)Decrypt D)Cryptography

What scrambles information into an alternative form that requires a key or password to decrypt? A)Digital certificate B)Encryption C)Decrypt D)Cryptography

What decodes information? A)Digital certificate B)Encryption C)Decryption D)Cryptography

What is the science that studies encryption, which is the hiding of messages so that only the sender and receiver can read them? A)Digital certificate B)Encryption C)Decrypt D)Cryptography

Describe the relationship between information security policies and an information security plan.

Provide an example of each of the three primary information security areas: (1) authentication and authorization, (2) prevention and resistance, and (3) detection and response.