Deck 4: Network Security

A) malware
B) social engineering
C) both A and B
D) neither A nor B

A) DoS
B) Hacking
C) Ransomware
D) Malware

A) installing a patch
B) using an antivirus program
C) both A and B
D) neither A nor B

A) Viruses
B) Worms
C) both A and B
D) neither A nor B

A) Target
B) banks
C) consumers
D) retailers

A) viruses
B) worms
C) Trojan horses
D) downloaders

A) viruses
B) worms
C) both A and B
D) neither A nor B

A) credit card companies
B) retailers
C) both A and B
D) neither A nor B

A) Directly from the POS terminals
B) From the vendor service server
C) From the POS software download server
D) none of the above.

A) crimeware shops
B) card shops
C) card counterfeiters
D) all of the above

A) networking
B) security
C) both A and B
D) neither A nor B

A) They received no compensation.
B) They received compensation from Target.
C) The credit card companies did not charge them for fraudulent purchasers.
D) The United States Treasury compensated them from an insurance fund.

A) social engineering
B) exploiting vulnerabilities
C) both A and B
D) neither A nor B

A) an individual
B) a group
C) everyone
D) all of the above

A) indefensible
B) stealth
C) malware
D) zero-day

A) low-level Target employee
B) Target IT employee
C) Target security employee
D) employee in a firm outside Target

A) directly-propagating viruses
B) directly-propagating worms
C) both A and B
D) neither A nor B

A) A virus
B) Malware
C) A security fault
D) A vulnerability

A) virus
B) worm
C) malware
D) all of the above

A) e-mailing themselves to victim computers
B) directly propagating to victim computers
C) both A and B
D) neither A nor B

A) virus
B) DoS
C) ransom
D) lock

A) A keystroke logger
B) Data mining software
C) both A and B
D) neither A nor B

A) bots
B) sock puppets
C) both A and B
D) neither A nor B

A) yes
B) no
C) We cannot say from the information given.

A) A keystroke logger
B) Anti-privacy software
C) Spyware
D) Data mining software

A) hack a computer
B) reduce the availability of a computer
C) steal information from a computer
D) delete files on a computer

A) botmaster
B) bot
C) command and control server
D) all of the above

A) identity theft
B) credit card number theft
C) both A and B
D) neither A nor B

A) yes
B) no
C) We cannot say from the information given.

A) inexpensive for the attacker
B) extremely dangerous for the victim
C) both A and B
D) neither A nor B

A) to intentionally use a computer resource without authorization
B) to intentionally use a computer on which you have an account but use it for unauthorized purposes
C) both A and B
D) neither A nor B

A) identity theft
B) credit card number theft
C) both A and B are about equally harmful

A) viruses
B) scripts
C) root malware
D) Trojan horses

A) Trojan horses
B) bots
C) viruses
D) worms

A) yes
B) no
C) We cannot say from the information given.

A) bots
B) the intended victim of the DoS attack
C) a DOS server
D) none of the above

A) vulnerabilities
B) exploits
C) compromises
D) payloads

A) yes
B) no
C) We cannot say from the information given.

A) Disgruntled employee
B) Cybercriminal
C) both A and B
D) neither A nor B

A) criminal attackers
B) hackers driven by curiosity
C) employees and ex-employees
D) national governments

A) national governments
B) cybercriminals
C) both A and B
D) neither A nor B

A) confidentiality
B) authentication
C) message integrity
D) all of the above

A) employees
B) many contractors working for the company
C) both A and B
D) neither A nor B

A) financial employees
B) manufacturing employees
C) IT security employees
D) former employees

A) the cipher
B) the key
C) both A and B
D) neither A nor B

A) code
B) schema
C) key method
D) cipher

A) They are technically sophisticated.
B) They are trusted.
C) both A and B
D) neither A nor B

A) authentication
B) confidentiality
C) both A and B
D) neither A nor B

A) DDoS
B) Malware
C) APT
D) Spear phishing

A) disgruntled employees and ex-employees
B) career criminals
C) hackers motivated by a sense of power
D) cyberterrorists

A) 128 bits
B) 128 bytes
C) 1,280 bits
D) 1,280 bytes

A) Their accounts should be disabled instantly
B) They should be given no prior notice that they are being released
C) both A and B
D) neither A nor B

A) major cybercriminal gangs
B) national governments
C) both A and B
D) neither A nor B

A) for revenge
B) for money
C) both A and B
D) neither A nor B

A) message integrity
B) message encryption
C) both A and B
D) neither A nor B

A) share the same transmission lines used by other VPNs
B) are encrypted
C) both A and B
D) neither A nor B

A) Web applications
B) almost all applications
C) both A and B
D) neither A nor B

A) authentication
B) confidentiality
C) both A and B
D) neither A nor B

A) the supplicant's private key
B) the true party's private key
C) the supplicant's public key
D) the true party's public key

A) it can be fooled very easily
B) it can be used surreptitiously
C) both A and B
D) neither A nor B

A) laptops
B) corporate databases
C) resources involving private information about customers
D) all of the above

A) is essentially free to use
B) offers the strongest possible cryptographic protections
C) both A and B
D) neither A nor B

A) the supplicant's private key
B) the verifier's private key
C) the true party's private key
D) none of the above

A) the true party
B) an impostor
C) either A or B
D) neither A nor B

A) as strong as possible
B) appropriate for a specific resource
C) the same for all resources
D) different for every different resource

A) supplicant
B) verifier
C) true party
D) all of the above

A) should be especially long
B) should contain a truly complex mixture of characters
C) should be difficult to remember
D) should not be used

A) the true party
B) an impostor
C) either A or B
D) neither A nor B

A) low cost
B) precision
C) both A and B
D) neither A nor B

A) supplicant
B) verifier
C) true party
D) certificate authority

A) entirely lower-case passwords
B) the use of the same password at different sites
C) both A and B
D) neither A nor B

A) confidentiality
B) authentication
C) authorization
D) both B and C

A) credentials
B) authorizations
C) digital certificates
D) all of the above

A) should have a mix of characters (uppercase and lowercase letters, digits, other keyboard characters)
B) should be easy to remember
C) both A and B
D) neither A nor B

A) that passwords be easy to remember
B) that passwords should be changed monthly
C) both A and B
D) neither A nor B

A) illegal
B) biometrics
C) mandatory for good security
D) all of the above

A) that passwords be easy to remember
B) that passwords be long phrases instead of being about 8-12 characters long
C) both A and B
D) neither A nor B