Deck 5: Protecting Information Resources

A) Keystroke loggers
B) Spyware
C) Firmware
D) Script loggers

A) back-end systems
B) external databases
C) private networks
D) front-end servers

A) McCumber cube
B) Six Sigma model
C) Bohr model
D) SWOT analysis

A) It involves monitoring and recording keystrokes.
B) It involves sending fraudulent e-mails that seem to come from legitimate sources.
C) It consists of self-propagating program code that is triggered by a specified time or event.
D) It prevents the disclosure of information to anyone who is not authorized to access it.

A) sniffing
B) phishing
C) bombing
D) pharming

A) an illegitimate program poses as a legitimate one.
B) keystrokes are monitored and recorded.
C) a word is converted into a digital pattern.
D) a firewall rejects the incoming data packets.

A) spoofing
B) phishing
C) baiting
D) pharming

A) Sabotage
B) Dumpster diving
C) Bombing
D) Keystroke logging

A) It travels from computer to computer in a network, but it does not usually erase data.
B) It attaches itself to a host program to spread to other files in a computer.
C) It is a programming routine built into a system by its designer to bypass system security and sneak back into the system later to access data.
D) It floods a network or server with service requests to prevent legitimate users' access to the system.

A) in spear phishing, the attack is targeted toward a specific person or a group.
B) spear phishing involves monitoring and recording keystrokes.
C) in spear phishing, hackers capture and record network traffic.
D) spear phishing involves collecting sensitive information via phone calls.

A) reliability
B) confidentiality
C) integrity
D) availability

A) integrity
B) confidentiality
C) validity
D) availability

A) back-end server
B) corporate network
C) user's work station
D) front-end server

A) It is an independent program that can spread itself without attaching itself to a host program.
B) It floods a network or server with service requests to prevent legitimate users' access to the system.
C) It is usually hidden inside a popular program, but it is not capable of replicating itself.
D) It enables a system designer to bypass the security of a system and sneak back into the system later to access files.

A) validity
B) confidentiality
C) integrity
D) availability

A) the system's disk access is fast
B) system updates are recommended often
C) some programs suddenly increase in size
D) the available memory space remains constant

A) validity
B) confidentiality
C) integrity
D) availability

A) sniffing
B) screening
C) pharming
D) cybersquatting

A) availability
B) confidentiality
C) integrity
D) validity

A) users' workstations
B) back-end systems
C) internal database servers
D) front-end servers

A) It is software that secretly gathers information about users while they browse the Web.
B) It is an attack that floods a server with service requests to prevent legitimate users' access to the system.
C) It is encryption security that manages transmission security on the Internet.
D) It is a programming routine built into a system by its designer to bypass system security and sneak back into the system later to access programs or files.

A) Trojan programs
B) worms
C) viruses
D) McCumber cubes

A) disk mirroring
B) weblogging
C) voice recognition
D) social engineering

A) A physical security measure
B) A firewall security measure
C) An e-commerce security measure
D) A biometric security measure

A) Electronic trackers
B) Passwords
C) Firewalls
D) Identification badges

A) Hand geometry
B) Fingerprint recognition
C) Vein analysis
D) Palm prints

A) logic bomb
B) proxy server
C) firewall
D) backdoor

A) They protect against external access, but they leave networks unprotected from internal intrusions.
B) They can identify attack signatures, trace patterns, and generate alarms for a network administrator.
C) They monitor network traffic and use the "prevent, detect, and react" approach to security.
D) They cause routers to terminate connections with suspicious sources.

A) A logic bomb
B) Dumpster diving
C) A blended threat
D) Shoulder surfing

A) Intrusion detection systems
B) Proxy servers
C) Identification badges
D) Virtual private networks

A) Electronic trackers
B) Retinal scanning
C) Callback modems
D) Signature analysis

A) Corner bolts
B) Identification badges
C) Callback modems
D) Electronic trackers

A) biometric security network
B) intrusion detection network
C) virtual private network
D) terminal resource network

A) Terminal resource security
B) A corner bolt
C) A callback modem
D) Signature analysis

A) They are less secure than packet-filtering firewalls.
B) They filter viruses less effectively than packet-filtering firewalls.
C) They filter faster than packet-filtering firewalls.
D) They are more expensive than packet-filtering firewalls.

A) logic bomb
B) callback modem
C) proxy server
D) block multiplexer

A) latch
B) proxy server
C) backdoor
D) corner bolt

A) blended threat
B) mirror disk
C) backdoor threat
D) firewall

A) blended threat
B) denial-of-service attack
C) keystroke logging attack
D) backdoor threat

A) Nonbiometric security measures
B) Virtual security measures
C) Biometric security measures
D) Physical security measures

A) electronic trackers are attached to a computer at the power outlet
B) passwords are used to restrict access to computers
C) firewalls are used to filter data packets
D) a user's signature is verified before granting accessibility

A) A public key infrastructure
B) Open key encryption
C) Secret key encryption
D) A private key infrastructure

A) Keystroke loggers
B) Key chain planners
C) Key punchers
D) Key performers

A) a system quickly recovers in the event of a system failure or disaster.
B) the person using a credit card number is the card's legitimate owner.
C) the accuracy of information resources within an organization is maintained.
D) a system can easily be restored to operational status.

A) STOPzilla
B) AndroZip
C) Tumblr
D) Dogpile

A) fault-tolerant systems
B) vulnerability-evade systems
C) primary-defense systems
D) database-resilient systems

A) Application Layer
B) Secure Sockets Layer
C) Transmission Control Protocol
D) User Datagram Protocol

A) It uses two different keys to encrypt and decrypt a message.
B) It requires more processing power than asymmetric encryption.
C) It is difficult to share a key over the Internet in symmetric encryption.
D) It is impossible to create digital signatures using symmetric encryption.

A) risk assessment plan
B) systems engineering plan
C) disaster recovery plan
D) security compliance plan

A) User Datagram Protocol
B) Transmission Control Protocol
C) Internet Control Message Protocol
D) Layer Two Tunneling Protocol

A) Computer fraud
B) Denial-of-service
C) Keystroke logging
D) Social engineering

A) provide level 1 security
B) restrict access controls to unauthorized personnel
C) provide information on security incidents
D) create backdoors to bypass security protocols

A) Plaintext
B) Cleartext
C) Teletext
D) Ciphertext

A) Secure Sockets Layer
B) Transport Layer Security
C) User Datagram Protocol
D) Transmission Control Protocol

A) Transport Layer Security
B) Terminal Resource Security
C) Transmission Control Security
D) User Datagram Security

A) Symmetric encryption
B) Auto key generation
C) Public key cryptography
D) Message authentication

A) Adware
B) Silverware
C) Freeware
D) Hardware

A) It uses the same key to encrypt and decrypt a message.
B) It requires a large amount of processing power.
C) It can easily share a key over the Internet.
D) It needs the shared key to be a secret between the sender and the receiver.

A) Spoofing
B) Keystroke logging
C) Phishing
D) Pharming

A) Symmetric encryption
B) Asymmetric encryption
C) Remote key encryption
D) Secret key encryption

A) An access control system
B) Business continuity planning
C) An intrusion detection system
D) Terminal resource security