Deck 5: Protecting Information Resources

Trojan programs replicate themselves as viruses and worms do.

When using mirror disks,if one of the two disks containing the same data fails,the other disk also fails.

Spoofing is sending fraudulent e-mails that seem to come from legitimate sources,such as a bank or university.

In the context of security,social engineering protects the integrity of information resources.

Part of ensuring integrity is identifying authorized users and granting them access privileges.

Phishing is different from pharming as phishing usually involves hijacking an official Web site address by hacking a Domain Name System server.

After examining an incoming packet,a firewall cannot reject that packet.

When a program containing a virus is used,the virus attaches itself to other files,and the cycle continues.

Viruses can only be transmitted through sharing of infected files directly from one computer to another.

An intrusion detection system (IDS) can protect networks against both external and internal access.

A distributed denial-of-service (DDoS) attack involves hundreds of computers working together to bombard a Web site with thousands of requests for information in a short period.

Hand geometry is an example of a biometric security measure.

If a drive in a redundant array of independent disks (RAID) system fails,data stored on it can be reconstructed from data stored on the remaining drives.

Keystroke loggers can be used for malicious purposes,such as collecting the credit card numbers that users enter while shopping online.

Application-filtering firewalls are less expensive than packet-filtering firewalls.

Level 1 security protects the back-end systems to ensure confidentiality,accuracy,and integrity of data.

A proxy server is often used to help protect the network against unauthorized access from outside the network by hiding the network addresses of internal systems.

Social engineering is an attack that takes advantage of the backdoors in security systems.

Confidentiality,integrity,and availability are collectively referred to as the CIA triangle.

The cost of setting up a virtual private network (VPN) is usually high.

In symmetric encryption,the same key is used to encrypt and decrypt a message.

An intrusion detection system (IDS) cannot prevent denial-of-service (DoS) attacks.

An ideal password should be eight characters or longer.

Data encryption transforms data into a scrambled form called ciphertext.

Terminal resource security is a software feature that erases the screen and signs the user off automatically after a specified length of inactivity.

Backup facilities should never be shared in an attempt to reduce costs.

The main advantage of asymmetric encryption is that it is faster and requires only a small amount of processing power.

Corner bolts are an expensive way to secure a computer to a desktop or a counter.

Symmetric encryption is also called public key encryption.

_____ is software that secretly gathers information about users while they browse the Web.

A(n) _____ is a combination of hardware and software that acts as a filter or barrier between a private network and external computers or networks.

_____ is the unauthorized use of computer data for personal gain,such as transferring money from another's account or charging purchases to someone else's account.

_____ is sending fraudulent e-mails that seem to come from legitimate sources,such as a bank or university.

A(n) _____ is a security threat that combines the characteristics of computer viruses,worms,and other malicious codes with vulnerabilities found on public and private networks.

When planning a comprehensive security system,the first step is designing _____,which use a combination of hardware and software for improving reliability-a way of ensuring availability in case of a system failure.

A(n) _____ consists of self-propagating program code that is triggered by a specified time or event.

_____ is a form of spyware that collects information about a user (without the user's consent) to determine which advertisements to display in the user's Web browser.

_____ is an attempt to gain access to a network by posing as an authorized user in order to find sensitive information,such as passwords and credit card information.

The _____ biometric security measure translates words into digital patterns,which are recorded and examined for tone and pitch.

_____ monitor and record the keys pressed on a keyboard and can be software or hardware devices.

_____ are independent programs that can spread themselves without having to be attached to a host program.

In the context of security,_____ means using "people skills"-such as being a good listener and assuming a friendly,unthreatening air-to trick others into revealing private information.

A(n) _____ contains code intended to disrupt a computer,network,or Web site,and it is usually hidden inside a popular program.

_____ is a software feature that erases the screen and signs the user off automatically after a specified length of inactivity.