• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/95

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

95 Cards in this Set

  • Front
  • Back
What is a person or element that has the power to carry out a threat?
Threat agent
What is a flaw or weakness that allows a threat agent to bypass security?
Vulnerability
What is the likelihood that the threat agent will exploit the vulnerability?
Risk
What term is frequently used to describe the tasks of securing information that is in a digital format?
Information security
What are some of the challenges of securing information?
Universally connected devices
Increased speed of attacks
Greater sophistication of attacks
Availability and simplicity of attack tools
Faster detection of vulnerabilities
Delays in patching
Weak patch distribution
Distributed attacks
User confusion
What are the 3 types of information security?
CIA
Confidentiality
Integrity
Availability
What are 3 types of protections implemented to secure information?
AAA
Authentication
Authorization
Accounting
What are the options that you have associated with risk?
Accept the risk
Diminish the risk
Transfer the risk
The goals of information security include what?
Preventing data theft
thwarting identity theft
avoiding legal consequences of unsecure information
maintaining productivity
foiling cyberterrorism
What legislative act is an attempt to fight corporate corruption by reporting requirements and internal controls on electronic financial reporting systems?
Sarbanes-Oxley Act
What legislative act requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information?
Gramm-Leach-Bliley Act
What legislative act requires businesses to inform California residents within 48 hours if a breach of personal information has or is believed to have occurred?
California's Database security breach notification act
What term describes any premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against non-combatant targets by sub-national groups or clandestine agents?
Cyberterrorism
What term refers to a person who uses advanced computer skills to attack computers?
Hacker aka attacker
What term refers to individuals who want to break into computers to create damage but lack the advanced knowledge of computers and networks needed to do so and use downloaded automated attack software?
Script kiddies
What term refers to a person who has been hired to break into a computer and steal information without drawing attention to their actions?
Spy
What term describes employees, contractors, and business partners of an organization that attempt to attack information?
Insiders
What is a network of attackers, identity thieves, spammers, and financial fraudsters that exploit vulnerabilities to steal information or launch attacks that can generate income?
Cybercriminals
Targeted attacks against financial networks, unauthorized access to information, and the theft of personal information is known as what?
Cybercrime
What term describes ideology motivated attacks to spread propaganda, deny service to legitimate computer users, and commit unauthorized intrusions into systems and networks that result in critical infrastructure outages?
Cyberterrorists
What are the steps that make up an attack?
1. Probe for information
2. Penetrate any defenses
3. Modify security settings
4. Circulate to other systems
5. Paralyze networks and devices
What are the fundamental defenses against attacks?
Layering
Limiting
Diversity
Obscurity
Simplicity
CHAPTER 2********************
CHAPTER 2******************************
What is software that enters a computer system without the user's knowledge or consent and then performs an unwanted, and usually harmful, action?
Malware
What are two types of malware that have the primary objective of spreading?
Viruses
Worms
What is a malicious computer code that reproduces itself on the same computer?
Virus
What is a malicious program designed to take advantage of a vulnerability in an application or an operating system in order to enter a computer and then searches for another computer with the same vulnerability?
Worm
What kind of virus infects a programs executable file?
Program virus
What kind of virus is written in a script with a series of instructions that can be grouped together as a single command?
Macro virus
What kind of virus infects the master boot record of a hard disk?
Boot virus
What kind of virus adds a program to the operating system that is a malicious copycat version to a legitimate program?
Companion virus
What kind of malware uses a network to send copies of itself to other devices?
Worms
What is an executable program advertised as performing one activity, but actually does something else?
Trojan
What is a set of software tools used by an attacker to hide the actions or presence of other types of malicious software by hiding or removing traces of log0in records, log entries, and related processes to change the operating system to force or ignore any malicious activity?
Rootkits
What is the only foolproof way to remove a rootkit infection?
Reformat the hard drive
What is a computer code that lies dormant until it is triggered by a specific logical event, once triggered it can perform any number of malicious activities?
Logic bomb
Are logic bombs easy, or difficult to detect before they are activated?
difficult
What is software code that gives access to a program or service that circumvents any normal security protections?
Backdoor
What kinds of malware are designed to profit attackers?
Botnets
Spyware
Adware
Keyloggers
What is created when multiple computers are infected and remotely controlled by the attacker that turn the hosts into zombies and the user is completely unaware?
Botnet
Early botnets used what to remotely control zombies?
Internet Relay Chat (IRC)
What protocol is now widely used to remotely control botnet zombies?
HTTP
T or F, botnets are recognized as the primary source of sending spam e-mail?
True
What are some of the advantages of botnets from an attackers view point?
Operate in background
Conceal actions of attacker
Remain active for years
Large number of zombies are accessible at a given time
What type of attacks are botnets capable of performing?
Spamming
Spreading malware
Attacking IRC networks
Manipulating online polls
Denial of service
What term describes software that spies on users by gathering information without consent, thus violating their privacy?
Spyware
What are some of the negative consequences of spyware?
Slow performance
System instability
Instal new browser menus or toolbars
Instal new shortcuts
Hijack homepage
Increased pop-ups
What is a software program that delivers advertising content in a manner that is unexpected and unwanted by the user such as banners, pop-ups, or opens new web browsers intermittently?
Adware
Downsides of adware for users include what?
Display objectionable content
Lost productivity from pop-ups
Slow system performance
What type of program captures and stores each keystroke that a user types on the computer's keyboard which can be later retrieved by the attacker?
Keylogger
What type of attack involves relying on the weakness of individuals?
Social engineering attack
What kind of social engineering attack is sending an email or displaying a web announcment that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information?
Phishing
What variation of phishing automatically redirects the user to a fake site?
Pharming
What variation of phishing involves targeting only a specific user?
Spear phishing
What variation of phishing is where an attacker calls a victim, who upon answering, hears a recorded message that pretends to be from the user's bank?
Vishing
What is unsolicited email?
Spam
Spam that targets instant messaging users instead of email users is known as what?
Spim
One of the primary vehicles for distributing malware is what?
Spam
CHAPTER 3***********
CHAPTER 3**********************
What is an attack that targets applications by exploiting previously unknown vulnerabilities so victims have no time to prepare or defend against the attacks?
Zero day attacks
What are the 2 approaches to securing web applications?
Hardening the Web server
Protecting the network
What are some common Web application attacks?
Cross-site scripting (XSS)
SQL injection
XML injection
Command injection
What type of application attack injects scripts into a Web application server that will then direct attacks at clients, it doesn't attack the server but uses it as a platform to launch attacks from?
Cross-site scripting
What are the 2 requirements of the targeted web site needed to perform an XXS attack?
Accepts user input without validation
Uses input in a response without encoding it
What application attack targets SQL servers by injecting commands used to manipulate data stored in relational databases?
SQL injection
What type of application attack is similar to SQL injection but uses XML instead?
XML injection
XML injection uses ___________________ inection
XPath
___________ directory is a specific directory on a Web server's file system that users are typically restricted to using and can only access directories directly below
Root
What command can be used to enter text-based commands in windows based root directories?
Cmd.exe
What linux command can be used to access user account information in the root directory?
passwd
What kind of attack takes advantage of vulnerability in the Web application program or the Web server software that a user can move from the root directory to other restricted directories?
Directory traversal
Directory traversal could enable an attacker to gain access to confidential files or even enter ________________ which executes commands on a server.
Command injection
________________ attacks targets vulnerabilities in client applications that interact with a compromised server or process malicious data. In this case the client initiates the connection with the server that could result in an attack.
Client side
What kind of client side attacks generate a zero pixel frame to avoid visual detection and embeds an html document inside the main document?
Drive-by download
Changing a web page header is a form of what kind of attack?
HTTP header manipulation
User-specific information from previously visited web pages that are stored on the local computer are know as what?
cookies
T or F, once a cookie is created on your computer, then only the Web site that created the cookie can read it.
True
This kind of cookie is created from the web site that a user is currently viewing.
First-party cookie
This kind of cookie comes from advertisements on the site that record the users preferences to tailor advertising.
Third-party cookie
This kind of cookie is stored in RAM and only lasts for the duration of visiting a Web site and expires when the browser is closed or the user has not interacted with the site in a given period of time.
Session cookie
This kind of cookie is recorded on the hard drive of the computer and does not expire when the browser closes.
Persistent cookie
This kind of cookie is only used when a browser is visiting a server using an encrypted connection.
Secure cookie
This kind of cookie is named after an Adobe app, can be very large (100,000 bytes), saved in multiple locations on the hard drive, and cannot be deleted through a browsers normal configuration settings.
Flash cookie
What are the security risks related to cookies?
May be stolen and used to impersonate user
Used to tailor advertising
Can be exploited by attackers
What is an attack which an attacker attempts to impersonate the user by using his session token cookie or attempting to guess it, and purchase goods online with it?
Session hijacking
What are programs that provide additional functionality to Web browsers by providing multimedia or interactive Web content?
Add-ons
What kind of attack is when a process attempts to store data in RAM beyond boundaries of fixed-length storage and overflows into adjacent memory locations that may cause the computer to stop functioning or redirect to memory address containing malware code?
Buffer overflow
What type of attack attempts to prevent a system from performing its normal functions?
DoS
What type of DoS attack uses ICMP ping to send a large number of echo requests to the victim to overwhelm it?
Ping flood attack
What type of DoS attack uses a ping request to all computers but spoofs the address of the target computer to which all the network hosts reply thereby overwhelming the target machine?
Smurf attack
What type of DoS attack takes advantage of TCP/IP procedures for establishing a connection with hosts that do not exist and hang the server up waiting for aknowledgements?
SYN flood attack
What type of DoS attack uses zombie hosts to execute a SYN flood attack?
Distributed denial of service
Intercepting legit communication and forging a fictitious response to the sender is what kind of an attack?
Man-in-the-Middle
What kind of attack is similar to a man-in-the-middle attack except the attacker makes a copy of the transmission and uses it at a later time?
Replay attack
An attacker modifies the MAC address in the ARP cache to point to a different computer. This is what kind of an attack?
ARP poisoning