Information Security and Threats Quiz

Questions and Answers

What is the primary function of antivirus software?

• To speed up your computer's performance
• To manage your internet connection
• To repair hardware issues
• To detect and block viruses (correct)

What should you do to protect your accounts online?

• Create strong, unique passwords (correct)
• Use the same password for all accounts
• Avoid using any passwords
• Share your passwords with friends

What risk is associated with downloading pirated software?

• Improving software features
• Unintended software updates
• Potential exposure to malware (correct)
• No risk at all

What action can help prevent data loss due to viruses?

Regularly back up your data (C)

Which of the following is a common source of computer viruses?

Opening emails from unknown sources (C)

What is a characteristic of the “Rabbit” virus from the mid-1970s?

It spread quickly and caused significant damage (D)

What is the safest approach when you receive a suspicious email?

Delete the email without opening it (A)

What should you do to ensure your operating system is secure?

Keep your operating system and apps up to date (D)

What is the primary purpose of information assurance (IA)?

Prevent theft and damage to system resources (C)

Which of the following components is NOT part of Raggad’s taxonomy of information security?

Encryption (C)

At which level does IA focus primarily on physical resources?

Physical level (D)

What type of threats do terrorists generally pose towards information infrastructure?

Politically motivated attacks (A)

Which of the following best describes a Denial of Service (DoS) attack?

An attempt to disrupt service availability (B)

Which of the following is a common type of malware that disguises itself as legitimate software?

Trojan (A)

What does the term 'non-repudiation' refer to in information assurance?

Preventing denial of an action by the sender or receiver (D)

What type of attack involves tricking users into providing sensitive information?

Phishing (C)

What is the primary goal of black hat hackers?

To gain unauthorized access for malicious purposes (A)

Which type of hacker typically works with permission to enhance security measures?

White hat hackers (C)

What method do tracking cookies use to gather information?

They monitor web browsing activities (B)

What distinguishes gray hat hackers from black hat hackers?

Gray hat hackers hack without permission but do not intend harm (B)

Which of the following is a function of keyloggers?

To capture keystrokes and sensitive input (C)

What role do system scanners play in cybersecurity?

They scan for specific information in system files (A)

What is a common characteristic of malicious hackers?

They seek to exploit system vulnerabilities (D)

What is the technique used by spyware to ensure activation at startup?

Embedding in startup processes (A)

What characterizes a DDOS attack compared to a DOS attack?

It uses multiple compromised systems to overwhelm a target. (C)

What is a common symptom of a server being overwhelmed by a DDOS attack?

Websites or services becoming unusually slow or unresponsive. (D)

Which error message typically indicates a server under stress due to excessive requests?

503 Service Unavailable (D)

How can one identify unusual traffic patterns that may indicate a DDOS attack?

Using network monitoring tools to track traffic. (A)

Which method can provide insights into potential DDOS attack patterns?

Regularly examining server and network logs. (B)

Which best describes a botnet in the context of a DDOS attack?

A network of compromised systems controlled by an attacker. (D)

What volume of traffic usually indicates a potential DDOS attack?

Sudden spikes much higher than usual. (B)

What is an essential tool for detecting abnormal traffic patterns?

Intrusion detection systems (IDS). (B)

What is a logic bomb primarily defined as?

A set of instructions secretly inserted into a system to cause damage. (A)

Which type of logic bomb is activated by specific events occurring within the system?

Event-triggered bombs (D)

What term is synonymous with logic bombs, highlighting their hidden nature?

Slag code (C)

What do password attacks primarily aim to achieve?

To gain unauthorized access by discovering or guessing passwords. (D)

Which of the following is an example of a user-activated bomb?

A bomb that detonates when a certain application is launched. (A)

What are potential outcomes of an activated logic bomb?

Harmful impacts including data breaches and financial losses. (C)

What is crucial for preventing password attacks?

Implementing proactive security measures. (B)

How does a time-based bomb operate?

Delivers its payload at a specific date and time. (B)

Study Notes

Information Security

• Information security aims to protect the availability, integrity, confidentiality, authentication, and non-repudiation of system resources.
• Information security encompasses computer and information security, as well as protecting information at physical, information infrastructure, and perceptual levels.
• The physical level of information security focuses on securing computers, physical networks, telecommunications systems, and supporting systems like power, facilities, and environmental controls.

Threats and Attacks

• Computer Virus: Self-replicating programs that can spread to other computers, corrupting files or slowing down performance.
• Computer Worm: Similar to viruses but can spread independently, often through networks.
• Trojan Horse: Malware disguised as legitimate software that allows unauthorized access to a system.
• Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS): Attacks designed to overwhelm a server or network with traffic, making it unavailable to legitimate users.
• Phishing: Deceptive attempts to acquire sensitive information like passwords and credit card details through fake emails or websites.
• Spyware: Software secretly installed on a computer to monitor user activity and transmit information to a third party.

History of Computer Viruses

• The “Creeper system,” the first computer virus, appeared in 1971.
• The "Rabbit" virus, which replicated quickly and caused significant damage, emerged in the mid-1970s
• "Elk Cloner" was created in 1982 and spread through floppy disks containing a game.

Identifying DoS and DDoS Attacks

• Unusual Traffic Patterns: Sudden, large increases in traffic, particularly from a large number of IP addresses.
• Slow Performance: Websites or services become unusually slow or unresponsive.
• Error Messages: Increased frequency of error messages such as "503 Service Unavailable" or "Server Too Busy."

Preventing Virus Attacks

• Install Antivirus Software: Antivirus software helps detect and block viruses before they infect a system.
• Update Regularly: Keep operating systems, software, and apps updated to patch security vulnerabilities.
• Be Cautious with Emails and Downloads: Don’t open emails or download attachments from unknown sources.
• Use Strong Passwords: Protect accounts with strong, unique passwords.
• Backup Data: Regularly back up data to an external drive or cloud storage.

Understanding Logic Bombs

• Logic Bombs: A set of instructions secretly inserted into a computer system to cause damage when specific conditions are met.
• Types:
  • Event-triggered bombs: Triggered by specific events within the system.
  • User-activated bombs: Activated by specific user actions.
  • Time-based bombs: Execute at a specific date and time.

Understanding Password Attacks

• Password Attacks: Attempts to gain unauthorized access by discovering or guessing passwords.

Protecting Against Future Attacks

• Long-term Solutions: Proactive approach and robust security practices to prevent future attacks.
• Robust security practices: Important for preventing future attacks.

Description

Test your knowledge on the fundamentals of information security and recognize various threats and attacks that can compromise system resources. This quiz covers key concepts such as computer viruses, worms, trojan horses, and denial-of-service attacks. Understand the importance of maintaining the integrity and confidentiality of information.