ITE 100 Chapter 11 Computer Security Review
____ 1.
Once it gets a foothold within corporate networks, _____ is
programmed to spread across
local area networks. The worm also spreads between infected USB
flash drives and
Windows PCs. Compromised Windows PCs are turned into drones in a botnet,
programmed to phone home through a changing series of servers.
Nearly 10 million computers
were infected in January of 2009. It was programmed to phone home
on April 1, 2009.
|
a. |
Love Bug |
c. |
Conficker |
|
b. |
Blaster |
d. |
Slammer |
____ 2. __________ are important software tools for analyzing network traffic. This software monitors all
of the communications traffic seen on the network port of a
computer and keeps a copy for later
analysis. One of the most
commonly used software packages is
tcpdump for UNIX/Linux and
WinDump for the Windows operating system. (from Chapter 11, page
616)
|
a. |
POP3 analyzers |
c. |
ISP log analyzers |
|
b. |
Packet sniffers |
d. |
Chat log analyzers |
____ 3. A ____ is a malicious-logic program that
hides within or looks like a legitimate program and usually is triggered
by a certain condition or action. It usually does not replicate to other computers. It can deliver spyware or a bot as a payload.
|
a. |
computer virus |
c. |
Trojan horse |
|
b. |
worm |
d. |
Keystroke logger |
____ 4. ____ is the discovery, collection, and
analysis of evidence found on computers and servers on computer networks. The evidence may be in memory or on storage
media.
|
a. |
Digital Hacking |
c. |
Crime Scene Investigation (CSI) |
|
b. |
Digital Investigation |
d. |
Computer Forensics |
____ 5. Computer viruses, worms, and Trojan
horses do their damage on a computer when a user ____.
|
a. |
opens an infected file |
|
b. |
runs an infected program |
|
c. |
boots the computer from an infected
hard disk |
|
d. |
all of the above |
____ 6. Some viruses are hidden in ____, which are
instructions saved in an application such as a word processing or
spreadsheet programs such as Microsoft Word, Access, or Excel.
|
a. |
macros |
c. |
cookies |
|
b. |
portable document files (*.pdf) |
d. |
text files (*.txt files) |
____ 7. To ____ a program file, means that an
antivirus program records information such as the file size and file
creation date in a separate file. [Hint: hospital or medical term]
|
a. |
quarantine |
c. |
document |
|
b. |
decrypt |
d. |
innoculate |
____ 8. A ____ is a separate area or folder of a hard
disk that holds an infected file (virus) until the infection (virus) can be
removed. [Hint: medical or hospital
term]
|
a. |
quarantine |
c. |
firewall |
|
b. |
payload |
d. |
honeypot |
____ 9. A ________ does not have good technical
skills and knowledge and often uses prewritten hacking software programs to
break into computers and networks.
|
a. |
script kiddie |
c. |
cracker |
|
b. |
cyber burglar |
d. |
cyberterrorist |
____ 10. In addition to intrusion detection software,
some companies have installed honeypot software. A honeypot is a computer program designed to
____.
|
a. |
negatively affect the way a computer
works |
|
b. |
entice an intruder to hack into a computer
which is safely off the company network |
|
c. |
identify and remove computer viruses
found in memory |
|
d. |
secretly collect information about a
user |
____ 11. Each character added to a password significantly
____ it might take for someone or for a hacker’s computer to guess the
password. [Note: 10 characters is more secure than 8 characters !]
|
a. |
reduces the number of combinations and
the length of time |
|
b. |
reduces the number of combinations but
increases the length of time |
|
c. |
increases the number of combinations
but reduces the length of time |
|
d. |
increases the number of combinations
and increases the length of time |
____ 12. Examples of biometric devices and systems
include all of the following except ____.
|
a. |
fingerprint scanners and hand geometry
systems |
|
b. |
face recognition systems and voice
recognition systems |
|
c. |
signature verification systems and
iris recognition systems |
|
d. |
personal identification numbers (PINs)
for credit cards and login passwords |
____ 13. To help reduce the chance of ____, physical
controls such as locked doors and computer tie-down cables usually are adequate
to protect equipment.
|
a. |
software piracy |
c. |
system failure |
|
b. |
hardware theft |
d. |
unauthorized access |
____ 14. Some notebook and laptop computers use ____ as
methods of security.
|
a. |
passwords |
c. |
biometrics |
|
b. |
possessed objects magnetic strip
readers) |
d. |
all of the above |
____ 15. When users purchase software, a single-user
license agreement permits users to do any of the following except
____.
|
a. |
install the software on only one
computer |
|
b. |
rent or lease the software |
|
c. |
make one copy of the software as
backup |
|
d. |
give or sell the software to another
individual if the software is removed from the user’s computer first |
____ 16. It is now more difficult to convict child
pornographers because they are using software such as _________ to alter images
and construct fake images.
|
a. |
Microsoft Paintbrush |
|
b. |
Windows Fax and Image Viewer |
|
c. |
Adobe Photoshop |
|
d. |
Notepad++ |
____ 17. Software piracy continues for all of the
following reasons except ____.
|
a. |
software piracy reduces the price of
software for all users |
|
b. |
in some countries, legal protection
for software does not exist |
|
c. |
software piracy is a fairly simple
crime to commit |
|
d. |
many buyers believe they have the right
to copy software they have paid for |
____ 18. To promote a better understanding of software
piracy problems and, if necessary, to take legal action, a number of major
worldwide software companies formed the ____.
|
a. |
Computer Emergency Response Team
(CERT/CC) from Carnegie Mellon Univ, PA |
|
b. |
Business Software Alliance (BSA) |
|
c. |
Underwriters Electrical Laboratory
(UL) |
|
d. |
Microsoft Developers Network (MSDN) |
____ 19. In its simplest form, a(n) ____ is a programmed
formula that the recipient of encrypted data uses to decrypt the ciphertext.
|
a. |
encryption key |
c. |
digital certificate |
|
b. |
virus signature |
d. |
session cookie |
____ 20. When a mobile user connects to a main office
using a standard Internet connection, a ____ provides the mobile user with a secure
connection to the company network server.
|
a. |
value added network (VAN) |
c. |
virtual private network (VPN) |
|
b. |
local area network (LAN) |
d. |
wide area network (WAN) |
____ 21. With _____cache
poisoning, an attacker attempts to insert a fake address record for an
Internet domain into the ____ cache. If the ___ server accepts the fake record,
the cache
is poisoned and subsequent requests for the address of the domain
are answered with the
address of a server controlled by the attacker. [Chapter 11 PowerPoint Slides]
|
a. |
URL |
c. |
Web |
|
b. |
DNS |
d. |
Router |
____ 22.
You should also
be aware of new mobile device risks like ______, the
act of someone using a
portable device to
download large quantities of data by directly plugging it into a computer or
server where data
resides, which can be a serious risk to your organization
|
a. |
Blue Snarfing |
c. |
Cell phone data extraction |
|
b. |
Pod slurping |
d. |
none of the above |
____ 23. A ______ allows a hacker to become the infected computer’s
administrator and can change the PC’s settings or use the computer as an
administrator.
This type of malware
is especially tricky because it hides the hacker’s tracks. Hijacked computers are often used as zombies
which means someone else can run the computer remotely.
|
a. |
Root kits in the Windows OS |
c. |
macro virus |
|
b. |
Keystroke logger |
d. |
Trojan worm |
____ 24. A _______ hitches a
ride on network traffic such as emails and dig their way throughout a
network. It can spread faster and more widely and infect more computers this way.
|
a. |
virus |
c. |
Trojan horse |
|
b. |
keystroke logger |
d. |
worm |
____ 25. A(n) ____ copies all of the files in a
computer to external storage media.
|
a. |
full backup |
c. |
differential backup |
|
b. |
incremental backup |
d. |
selective backup |
____ 26. With a(n) ____, users choose which
folders and files to include in a backup.
|
a. |
full backup |
c. |
differential backup |
|
b. |
incremental backup |
d. |
selective backup |
____ 27. With a three-generation backup policy, the grandparent
file is the ____.
|
a. |
most recent copy of the file |
c. |
oldest copy of the file |
|
b. |
second oldest copy of the file |
d. |
original file |
____ 28. With a three-generation backup policy, the parent
is the ____.
|
a. |
most recent copy of the file |
c. |
oldest copy of the file |
|
b. |
second oldest copy of the file |
d. |
original file |
____ 29. To prevent the loss of data from your hard disk
drive on your computer, you should back up your data files regularly on high
quality media such as:
|
a. |
External hard drives |
c. |
CD-ROM disks |
|
b. |
Zip disks |
d. |
DVD-ROM disks |
____ 30. The computer that a hacker uses to execute a DoS
(Denial of Service) or DDoS (Distributed DoS) attack, known as a ____,
is completely unaware that it is being used to attack other systems. In the
past, DDoS attacks have stopped operations at Web sites such as Yahoo!,
CNN.com, Amazon.com and eBay.
|
a. |
FTP server |
c. |
zombie |
|
b. |
proxy server |
d. |
POP3 server |
____ 31. ____, which provides encryption of all data
that passes between a client and an Internet server, requires only that the
client has a digital certificate.
|
a. |
Secure Sockets Layer (SSL) |
|
b. |
Secure HTTP (S-HTTP) |
|
c. |
Secure Electronics Transactions (SET™)
Specifications |
|
d. |
Pretty Good Privacy (PGP) |
____ 32. ____, which allows users to choose an
encryption scheme that passes between a client and a server, requires that both
the client and server have digital certificates.
|
a. |
Secure Sockets Layer (SSL) |
|
b. |
Secure HTTP (S-HTTP) |
|
c. |
Secure Electronics Transactions (SET™)
Specifications |
|
d. |
Pretty Good Privacy (PGP) |
____ 33. The ____ uses encryption to secure financial
transactions on the Internet such as payment by credit card.
|
a. |
Secure Sockets Layer (SSL) |
|
b. |
Secure HTTP (S-HTTP) |
|
c. |
Secure Electronics Transactions (SET™)
Specifications |
|
d. |
Pretty Good Privacy (PGP) |
____ 34. A ____ is a mathematical formula that generates
a code from the contents of an e-mail message.
|
a. |
simple checksum |
c. |
password |
|
b. |
macro |
d. |
hash |
____ 35. To make personal data more private and prevent
identity theft, users should:
|
a. |
install anti-adware and anti-spyware
software on their computers |
|
b. |
avoid shopping clubs and buyer cards
and shred paperwork with id information on it |
|
c. |
fill in only the necessary information
on rebate, warranty, and registration forms |
|
d. |
all of the above |
____ 36. A ____ is a small text file that a Web server stores on a user’s
computer. These small text files typically contain data about you such as your
name, your viewing preferences of a company’s Web pages, and how often you
visit the Web site. There are 3 or 4 types.
|
a. |
worm |
c. |
cookie |
|
b. |
spike |
d. |
payload |
____ 37. ________ cookies are
stored on the hard drive of your computer even after you close your
Web browser. The next time you visit
the Web site, your Web browser accesses the this cookie from your hard drive to
customize your Web page or automatically log you in. A Web site can read data
only from its own cookie file. It
cannot access or view any other data on your hard drive, including another
cookie.
|
a. |
persistent |
|
b. |
session |
|
c. |
temporary |
|
d. |
third-party |
____ 38. Internet advertising firms often use
spyware, called ____, to collect information about user’s Web browsing habits.
Cookies are NOT considered spyware because you know they exist in the Cookies
folder on the hard disk.
|
a. |
comware |
c. |
adware |
|
b. |
busware |
d. |
netware |
____ 39. A ____, like that shown in the accompanying figure,
is an unsolicited e-mail message or newsgroup posting sent to many recipients
or newsgroups at once.
|
a. |
hash |
c. |
worm |
|
b. |
spam |
d. |
spike |
____ 40. To avoid junk like that shown in the accompanying
figure, users can sign up for ____, which is a service form an Internet service
provider that filters e-mail and blocks e-mail messages from designated
sources.
|
a. |
an anti-spam program |
c. |
an antivirus program |
|
b. |
e-mail encryption |
d. |
e-mail filtering |
____ 41. A(n) ________ is a computer security system
consisting of hardware and/or software that prevents unauthorized access to
data, information, and storage media on a network. Some operating systems such as Windows XP or
Vista include a personal _______ If your computer accesses the Internet
with FiOS, cable or DSL you must install
one of these.
|
a. |
firewall |
|
b. |
anti-spyware manager |
|
c. |
cookie manager |
|
d. |
virtual private network |
____ 42. ______________ involves the use of computers to
observe, record and review an employee’s use of a computer including
communications such as email messages, Web sites visited and keyboard
activity..
|
a. |
Computer spying |
|
b. |
Content filtering |
|
c. |
Computer Fraud |
|
d. |
Employee work monitoring |
____ 43. _______is an Internet attack that threatens much larger groups
of victims and continues to be a concern for IT organizations. As
many users as possible are directed away from legitimate commercial web sites
that the users intended to visit and leading them to fake web sites that
are designed to steal sensitive information.
|
a. |
Phorcing |
|
b. |
Phishing |
|
c. |
Pharming |
|
d. |
Phaking |
____ 44. One of the more popular e-mail encryption
software programs is called______________
|
a. |
Exceptional Email Privacy (EEP) |
|
b. |
Pretty Good Privacy (PGP) |
|
c. |
Secure Email Privacy (SEP) |
|
d. |
None of the above |
____ 45. A(n) ________ certificate is a notice that
guarantees a user or a Web site is legitimate. Electronic commerce applications
commonly use these certificates.
|
a. |
information technology |
c. |
digital |
|
b. |
education |
d. |
birth |
____ 46. _______is the art and science
of writing hidden messages (covered writing) in such a way that no one apart
from the intended recipient knows of the existence of the message; this is in
contrast to cryptography, where the
existence of the message itself is not disguised, but the content is obscured.
|
a. |
pornography |
|
b. |
steganography |
|
c. |
geography |
|
d. |
lithography |
____ 47. With Windows Vista’s Encrypting File System, you
can easily encrypt the contents of files and folders. Vista also includes a feature called _______
that allows you to encrypt all files on a drive.
|
a. |
BitLocker |
c. |
FileLocker |
|
b. |
GymLocker |
d. |
FootLocker |
____ 48. _____ is a scam in which a perpetrator sends an
official looking e-mail that attempts to obtain a user’s personal and financial
information.
|
a. |
Adware |
c. |
personal email |
|
b. |
SPIT (Spam over Internet Telephony |
d. |
Phishing |
____ 49. This type of attack involves the use of multiple
applications found on several
network resources to crash
one or more systems. Network security experts believe that by the year 2010, a
one-million node ____ zombie attack on computer networks is expected. (Chapter
11 PowerPoint lecture slides)
|
a. |
Drunk |
c. |
Trojan horse |
|
b. |
DoS (Denial of Service) |
d. |
DDoS
( Distributed DoS ) |
____ 50. With over 180,000 known computer viruses
(some IT security companies say at least 5.5 million viruses)
running around the Internet, one of the best ways to prevent your
computer or another computers from becoming infected with destructive malware computer programs is to:
|
a. |
never open any email attachments sent
from unknown email senders |
c. |
always keep your Java software updated |
|
b. |
open personal emails from friends |
d. |
always keep Windows updated |