Exam 17: Information Security: Barbarians at the Gateway and Just About Everywhere Else

Which of the following statements holds true for the term spoof?

A black hat hacker looks for weaknesses in security mechanisms, with a view to help plug the holes that might be exploited by cyber-criminals.

Multiple administrators jointly controlling key systems are an unnecessary burden that adds to the complexity of managing security in an organization.

_____ are highly restrictive programs that permit communication only with approved entities and/or in an approved manner.

What type of tool enforces access privileges and helps verify that systems are not being accessed by the unauthorized, or in suspicious ways?

Organized crime networks now have their own R&D labs and are engaged in sophisticated development efforts to piece together methods to thwart current security measures.

Which of the following are considered sources of information that can potentially be used by social engineers?

URL-shortening services such as bit.ly limit the impact of phishing posts since the shortened URL will clearly reveal the destination arrived at when clicked on.

Information security policies would be ineffective without _____ and _____.

A(n) _____ is someone who uncovers computer weaknesses and reveals them to manufacturers or system owners, without exploiting these vulnerabilities.

The term ISO 27000 refers to a series of standards representing the set of best practices for implementing, maintaining and improving organizational security.

A team working on organizational security should include representatives from general counsel, audit, public relations, and human resources, in addition to those from specialized security and broader technology and infrastructure functions.

Because of Moore's Law, widely-used encryption programs currently employed by banks and ecommerce sites are now easily penetrated by brute-force attacks that can be employed by hackers using just a handful of simple desktop computers.

One of the major problems with the Heartbleed bug in OpenSSL software is that:

Computer systems are often infected with malware by means of exploits that sneak in masquerading as something they are not. These exploits are called:

Public wireless networks are often vulnerable to monitoring and attack. The use of _______ software can limit threats by encrypting network transmissions over a network.

Briefly explain the steps one should take to ensure that their highest priority accounts are not compromised easily by hackers.

A bank customer receives a message, ostensibly from the bank's Web site, asking her to provide her login information. Assuming the message is intended to defraud the customer, what type of infiltration technique is being used here?

The virtual shutdown of websites by way of overloading them with seemingly legitimate requests sent simultaneously from thousands of machines is termed as _____ attacks.

Conforming to industry-standard guidelines and frameworks for organizational security ensures continued immunity from attacks on an organization's information.