Info System Security Chapter 13 – Flashcards
Unlock all answers in this set
Unlock answersquestion
tricking or coercing people into revealing information or violating security practices
answer
social engineering
question
type of information security attack that depends primarily on some type of human interaction in an effort to prey on human weakness
answer
social engineering
question
social engineering attacks can be ___ and or ____
answer
physical or psychological
question
social engineering attack common way to father information
answer
phone based attacks
question
searching trash containers for valuable information or documents
answer
dumpster diving
question
attackers observing victims as they enter codes at a bank cash machine or gas pump
answer
shoulder surfing
question
has made loss of control of that information through social media a great concern
answer
social media
question
psychological attack where an attacker using friendliness, trust, impersonation, and empathy to get a victim to do what they want him or her to do
answer
persuasion/coercion
question
an attacker sets up such a realistic persona that the victim volunteers information to
answer
reverse social engineering
question
-popup blocker -unsafe site warnings -integration with - antivirus software -automatic updates -private browsing capability -keep unnecessary plugins and add ons from the cluttering browser
answer
browser defenses against social engineering
question
-use separate passwords for different types of accounts -not easy to guess -use variations on a single base password -invest in password manager -change passwords often
answer
best practice with passwords
question
____ have become more and more of a target for cybercriminals
answer
social networking sites
question
web sites that contain personal information about people
answer
-spokeo -facebook -intellius -zabasearch -people search
question
-use one password for all accounts -share too much information -engage in tweet rage
answer
don't
question
-use privacy features offered by the site -allow only known contacts -use strong passwords
answer
do
question
__ of companies have implemented a social networking policy
answer
40%
question
T or F: by law company policies can discuss the usage of social media and networking sites at work
answer
true
question
for many businesses, _____ is a key part of the corporate communications strategy
answer
social media presence
question
can damage the employer by revealing intellectual property
answer
over-sharing company activities
question
security practitioners work to encourage people to use _______ for both professional activities and their personal activities
answer
separate social networks
question
___ and ____you share with friends and family on social media may be inappropriate on the professional side of your life
answer
language, images
question
accumulating as many connections as possible on social media makes it more likely that you will link or friend a scam artist or an identify
answer
connecting too many connections
question
Refers to any sofware that is inherently hostile, intrusive, or annoying in its operation
answer
malware
question
Which law was originally passed to address federal computer related offenses and the cracking of computer systems
answer
computer fraud and abuse act of 1986
question
Which is not a type of malware? gameware, adware, scareware, worm
answer
gameware
question
type of malware which a piece of code or software that spreads from system to system by attaching itself to other files and is activated when the file is accessed
answer
virus
question
part of hard drive or removable media that is used to boot programs
answer
boot sector
question
software development kit specifically designed to facilitate the design and development of trojans is called
answer
trojan construction kit
question
section of hard drive record responsible for assisting in locating the operating system to boot the computer is called
answer
master boot records(MBRs)
question
which is us department of defense standard that sets basic requirements for assessing the effectiveness of computer securuity controls built into a computer system
answer
TCSEC
question
process where communications are redirected to different ports than they would normally be destined for
answer
port redirection
question
T or F: Social networking means tricking or coercing people into revealing information or violating normal security practices
answer
false
question
T or f: social engineering is a type of information security attack that depends primarily on some type of human interaction in an effort to prey on human weakness
answer
true
question
T or F: for many decades a common way to gather information has been to simply use the phone
answer
true
question
T or F: The popularity of services such as Facebook, LinkedIn, and Twitter has made the loss of information or loss of control of that information through social media less of a concern.
answer
false
question
T or F: A persuasion/coercion attack is considered psychological.
answer
True
question
T or F: For many businesses, a social media presence is a key part of the corporate communications strategy.
answer
True
question
T or F:Whenever possible, security practitioners work to encourage people to use their social network for both their professional activities and their personal activities.
answer
false
question
T or F: The language and images you share with friends and family on social media may be inappropriate on the professional side of your life.
answer
true
question
T or F: Accumulating as many connections as possible on social media (seeking quantity over quality) makes it less likely that you will link or "friend" a scam artist or an identity thief.
answer
False
question
T or f: Private information on Facebook is truly private.
answer
False
question
Tricking or coercing people into revealing information or violating normal security practices is referred to as:
answer
social engineering
question
Which of the following statements is NOT true regarding social engineering? A. Social engineering attacks can be physical and/or psychological. B. It is common for social engineering to involve technical tools. C. Social engineering has different goals and objectives than other types of hacking. D. Social engineering targets can include anyone or anything that may have the information that the attacker may find valuable.
answer
C
question
Searching trash containers for valuable information or documents is referred to as:
answer
dumpster diving
question
Attackers observing victims as they enter codes at a bank cash machine or a gas pump are participating in:
answer
shoulder surfing
question
An attacker using friendliness, trust, impersonation, and empathy, to get a victim to do what they want him or her to do is participating in:
answer
persuasion/coercion
question
When people go online and see something they don't like and immediately blast out an angry response, they are said to be engaging in:
answer
tweet rage
question
Which of the following is NOT considered a sensible guideline to follow when using social networking sites? A. Don't let peer pressure push you into doing something you're not comfortable with. B. Set up an e-mail account that uses your real name. C. Keep your profile closed and allow only friends to view it. D. Remember that what goes online stays online.
answer
B
question
Which of the following allows Facebook users to see how a piece of information appears to others? A. Privacy link B. Preview my profile button C. Options button D. Limited friends option
answer
B
question
Which of the following gives Facebook users flexibility as to who is allowed to see which portions of a profile? A. Limited Profile Settings B. Preview my profile button C. Options settings D. Privacy settings`
answer
A
question
Which of the following is NOT a step in establishing a limited profile on Facebook? A. Decide what profile information you want to include in a limited profile. B. Check and uncheck the appropriate boxes. C. Search through the Facebook system in order to compile a list of people who will be granted the limited view of a profile. D. Be sure to use the profile default position.
answer
D
question
Which of the following statements is NOT true about firewall policy? A. A policy is not necessary if the firewall is configured in the way the administrator wants. B. A policy is lays out the rules on what traffic is allowed and what is not. C. The policy will specifically define the IP addresses, address ranges, protocol types, applications that will be evaluated and granted or denied access to the network. D. The policy will provide guidance on how changes to traffic and requirements are to be dealt with.
answer
A
question
A single computer that is configured to attract attackers to it and act as a decoy is called a(n):
answer
honeypot
question
A group of computers or a network configured to attract attackers is called a(n):
answer
honeynet
question
Which of the following controls fit in the area of policy and procedure? A. Administrative B. Physical C. Technical D. Equipment
answer
A
question
The principle that individuals will be given only the level of access that is appropriate for their specific job role or function is called:
answer
least privilege