Cybersecurity Essentials Quiz

Questions and Answers

What is one of the purposes cookies serve on websites?

• Store user names or passwords (correct)
• Limit website traffic
• Display ads only
• Increase loading speed

Phishing scams utilize official-looking messages to gather personal information.

True (A)

What is the main function of spyware?

To collect information about the user without their knowledge.

______ is defined as gaining unauthorized access by taking advantage of human trust.

Social engineering

Match the following terms with their definitions:

Phishing = Scam to obtain personal information Clickjacking = Malicious program hidden in a clickable object Adware = Program displaying advertisements Content Filtering = Restricting access to certain materials

What is a botnet?

A group of compromised computers or devices connected to a network (C)

A worm is a type of program that does not replicate itself.

False (B)

What is a cybercrime?

An online illegal act (D)

What do access controls define?

Who can access a computer, device, or network, when they can access it, and what actions they can take.

Which of the following is a method of biometric authentication?

Fingerprints (D)

Malware always requires user knowledge and permission to operate.

False (B)

A device that authenticates identity using personal characteristics is called a __________.

biometric device

Digital forensics is primarily used for personal data recovery.

False (B)

Name one type of malware that collects user information secretly.

Spyware

What is the purpose of encryption?

To convert readable data into encoded characters to prevent unauthorized access.

Which of the following is NOT a method of authentication?

Firewall (B)

A __________ is a program that blocks access to a device until a payment is made.

Ransomware

A __________ verification system uses two different methods to confirm a user's identity.

two-step

Match the types of malware with their descriptions:

Adware = Displays online advertisements Trojan horse = Hides within a legitimate program Virus = Infects a computer by altering its operations Rootkit = Allows remote control of a device

A Distributed DoS attack uses multiple compromised devices to overwhelm a target.

True (A)

Which of the following is NOT a type of malware?

Firewall (D)

Match the following biometric systems to their descriptions:

Fingerprint reader = Identifies users by scanning their fingerprints Face recognition system = Identifies users through facial features Iris recognition system = Identifies users by analyzing their iris patterns Voice verification system = Identifies users via their voice patterns

What is the purpose of an audit trail in access controls?

To record both successful and unsuccessful access attempts.

Internet-transmitted information carries a lower security risk compared to information stored on premises.

False (B)

Which area does NOT typically use digital forensics?

Retail sales (D)

In computer security, what does the term 'malware' refer to?

Malicious software

A cookie is used to store large amounts of personal data on a web server.

False (B)

What is information privacy?

The right of individuals and companies to restrict the collection and use of their information.

Flashcards

Digital Security Risk

Any event or action that could cause a loss of or damage to a computer or mobile device hardware, software, data, information, or processing capability.

Cybercrime

An online or Internet-based illegal act.

Malware

Programs that act without a user's knowledge and deliberately alter the operations of computers and mobile devices.

Adware

A program that displays an online advertisement in a banner, pop-up window, or pop-under window on webpages, email messages, or other Internet services.

Ransomware

A program that blocks or limits access to a computer, phone, or file until the user pays a specified amount of money.

Rootkit

A program that hides in a computer or mobile device and allows someone from a remote location to take full control of the computer or device.

Spyware

A program placed on a computer or mobile device without the user's knowledge that secretly collects information about the user and then communicates the information it collects to some outside source while the user is online.

Trojan horse

A program that hides within or looks like a legitimate program. Unlike a virus or worm, a trojan horse does not replicate itself to other computers or devices.

Botnet

A group of compromised computers or mobile devices connected to a network.

Zombie

A compromised computer or device in a botnet.

Denial of Service (DoS) Attack

An attack that overwhelms a server with requests, making it impossible for legitimate users to access it.

Distributed Denial of Service (DDoS) Attack

A DoS attack that uses a network of compromised computers.

Backdoor

A program or set of instructions that allows unauthorized access to a system.

Spoofing

A technique to disguise a transmission's origin, making it appear legitimate.

Firewall

Hardware or software that protects a network from unauthorized access.

Passphrase

A combination of words (often with mixed capitalization and punctuation) used for authentication.

Fingerprint reader

A method of unlocking a device using a unique scan of the user's finger.

Face recognition system

A system that verifies your identity by recognizing your face.

Hand geometry system

A security system that identifies individuals based on the unique shape and size of their hand.

Iris recognition system

A system that uses a scan of your iris to verify your identity.

Signature verification system

A security measure that validates a user's authenticity by comparing a signature with a stored signature.

Voice verification system

A system that verifies your identity by comparing your voice with a stored voice sample.

Two-step verification

A security measure that requires two distinct forms of authentication to confirm a user's identity.

Digital forensics

The process of collecting and analyzing digital evidence from computers and networks.

What is phishing?

A scam that uses official-looking messages to trick you into giving away your personal or financial information.

What is clickjacking?

A malicious program hidden within a website, used to trick you into clicking on something harmful.

What is spyware?

Software secretly installed on your device without your knowledge, collecting your information and sending it to someone else.

What is adware?

A program that shows advertisements on your computer, often without your permission.

What is social engineering?

Gaining unauthorized access to your information by exploiting your trust and naivety.

Study Notes

Digital Security Risks

• A digital security risk is any event or action that could harm computer or mobile device hardware, software, data, information, or processing capabilities.
• Computer crime is any illegal act involving computers or related devices.
• Cybercrime is an online or internet-based illegal act.

Internet and Network Attacks

• Information transmitted over networks carries a higher security risk than information stored on premises.
• Malware is malicious software that operates without user knowledge and alters computer/mobile device operation.

Common Malware Types

• Adware: Displays online ads on webpages, emails, or other internet services.
• Ransomware: Blocks or limits access to computers, phones, or files until a payment is made.
• Rootkit: Hides in a device and allows remote control.
• Spyware: Secretly collects user information and sends it to an outside source.
• Trojan horse: Appears legitimate but contains malicious code. Does not replicate itself.
• Virus: Damages a computer or device by negatively altering operations without permission.
• Worm: Replicates itself repeatedly, consuming resources and potentially shutting down systems.

Internet and Network Attacks (Continued):

• A botnet is a group of compromised computers/devices in a network.
• A zombie is a compromised computer/device.
• A Denial of Service (DoS) attack disrupts computer access to internet services. A Distributed DoS (DDoS) attack is a coordinated DoS.
• A backdoor is a program that bypasses security controls.
• Spoofing disguises a network/internet transmission to appear legitimate.

Internet and Network Attacks (Continued):

• A firewall is hardware or software that protects a network from intrusion.

Unauthorized Access and Use

• Access controls determine who can access a system, when, and what actions are allowed.
• A system should maintain an audit trail documenting successful and failed access attempts.
• Examples of access controls include: username, password.

Unauthorized Access and Use (Continued)

• A passphrase is a private combination of words, often containing mixed capitalization and punctuation. Used with usernames for access.
• A PIN (personal identification number), sometimes called a passcode, is a numeric password. Assigned by companies or users.
• A possessed object (e.g., token) is required for access to the system.
• Biometric devices use physical or behavioral characteristics to verify identity.

Unauthorized Access and Use (Continued):

• Fingerprint readers, face recognition systems, hand geometry systems, iris recognition systems, and signature/voice verification systems are examples of biometric verification methods.
• Two-step verification uses two separate methods for user identity verification.

Unauthorized Access and Use (Continued):

• Digital forensics is the discovery, collection, and analysis of evidence found on computers and networks.
• Digital forensics is used in many fields, such as law enforcement, criminal prosecutions, military intelligence, insurance, and information security.

Information Theft

• Information theft occurs when someone steals personal or confidential information.
• Encryption converts readable data into encoded characters, preventing unauthorized access.

Ethics and Society

• Technology ethics are moral guidelines that govern the use of computers, mobile devices, information systems, and related technologies.
• Information accuracy is a concern, as not all online information is correct.

Information Privacy

• Information privacy is the right of individuals and companies to control the collection, use, and sharing of information about them.
• Huge databases store large amounts of online data.
• Websites often collect data to customize ads and send personalized emails.
• Some employers monitor computer and email use.

Information Privacy (Continued)

• A cookie is a small text file that a web server stores on a computer. It's used for personalization, storing user information, assisting in online shopping, tracking site visits, and targeting advertisements.

Information Privacy (Continued)

• Phishing is a scam where a perpetrator sends official-looking messages to obtain personal or financial information.
• Clickjacking involves malicious code embedded in a website's clickable elements.

Information Privacy (Continued)

• Spyware secretly collects user information from computers/mobile devices and sends it to an outside source.
• Adware uses banners, pop-ups, or pop-unders to display online advertisements.

Information Privacy (Continued)

• Social engineering involves gaining unauthorized access by exploiting trust and naivety.
• Federal and state laws regulate personal data storage and disclosure due to privacy concerns.

Information Privacy (Continued)

• Content filtering restricts access to specific materials.
• Web filtering software restricts access to certain websites.

Description

Test your knowledge on cybersecurity concepts, including the functions of cookies, types of malware, and methods of authentication. This quiz covers essential topics related to online security measures and cyber threats. Get ready to challenge yourself and learn more about protecting digital information.