Information Security Terminology Quiz
24 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

Which of the following describes a phishing attack?

  • An attempt to recover sensitive financial information using fake URLs in unsolicited emails. (correct)
  • A method where an attacker hijacks a session between a host and a server to gain unauthorized access.
  • A process of redirecting traffic from one website to another without user consent.
  • An attack that exploits a weakness in a remote system to make it unavailable.
  • What is the main goal of a 'Man-in-the-Middle' attack?

  • To redirect website traffic to malicious sites.
  • To flood a server with false requests and make it unavailable.
  • To reset a router using physical access to the target system.
  • To intercept and benefit from data exchanged between network components. (correct)
  • Which type of Denial of Service attack involves flooding a machine with false requests?

  • Denial of service by saturation (correct)
  • Pharming attack
  • Man-in-the-Middle attack
  • Session hijacking
  • What distinguishes a DDoS attack from a regular DoS attack?

    <p>It is executed from multiple geographically dispersed computers.</p> Signup and view all the answers

    What does the term 'spoofing' refer to in the context of network attacks?

    <p>Disguising communication as coming from a trusted source.</p> Signup and view all the answers

    Which of the following actions could qualify as a close proximity attack?

    <p>Using physical access to reset a router or manipulate a server.</p> Signup and view all the answers

    What technique do attackers most commonly exploit to gain control of a network machine?

    <p>Approval relationships between machines and peripherals</p> Signup and view all the answers

    Which method is often used in mixed attacks to collect user information?

    <p>Combining characteristics of viruses and worms.</p> Signup and view all the answers

    Which of the following is not a recommended network security measure?

    <p>Open all user permissions</p> Signup and view all the answers

    What is a characteristic of a pharming attack?

    <p>Redirecting a user's requests from a legitimate site to a malicious one.</p> Signup and view all the answers

    What does the least privilege rule emphasize regarding user access?

    <p>Each user must have only the minimal level of access necessary for their tasks</p> Signup and view all the answers

    Which measure is part of vulnerability audit measures aimed at stopping breaches?

    <p>Preventive measures</p> Signup and view all the answers

    What is the primary purpose of reconnaissance attacks?

    <p>To gather information about vulnerabilities in a target network</p> Signup and view all the answers

    What is the role of detective measures in a computer network audit?

    <p>To identify and record information about intrusions</p> Signup and view all the answers

    Which method is specifically used in password attacks to try every possible combination of characters?

    <p>Brute force attack</p> Signup and view all the answers

    Which of the following actions best exemplifies recovery measures after a security incident?

    <p>Restoring systems to operational status</p> Signup and view all the answers

    What are access attacks primarily aimed at recovering?

    <p>Sensitive information about network components</p> Signup and view all the answers

    Which method specifically discourages individuals from attempting to breach network security?

    <p>Deterrence measures</p> Signup and view all the answers

    In a dictionary attack, what is utilized to find passwords?

    <p>A targeted list of commonly used passwords</p> Signup and view all the answers

    What security benefit is achieved by separating sensitive data into different security zones?

    <p>Minimization of unauthorized access and attacks</p> Signup and view all the answers

    What does packet sniffing allow an attacker to capture?

    <p>Data being transmitted over a network</p> Signup and view all the answers

    Which of the following is NOT a common method used in password attacks?

    <p>Phishing attack</p> Signup and view all the answers

    The aim of which attack is to collect information on services running on a target computer?

    <p>Port scanning</p> Signup and view all the answers

    Which of the following best describes intrusion prevention systems (IPS)?

    <p>They monitor network traffic and take action against potential threats</p> Signup and view all the answers

    Study Notes

    Information Security Terminology

    • Resource: Any valuable object needing protection.
    • Vulnerability: A system weakness exploitable by a threat.
    • Threat: Potential danger to a resource or network.
    • Attack: Action intended to harm a resource.
    • Risk: Likelihood of loss, modification, or destruction of a resource due to a threat exploiting a vulnerability.
    • Risk = Resource + Threat + Vulnerability
    • Countermeasure: Protection mitigating a threat or risk.

    Types of Hackers

    • Hackers: Individuals fascinated by network systems.
    • White Hat Hackers: Ethical hackers performing security audits to improve systems.
    • Black Hat Hackers: Unethical hackers aiming for illicit purposes, like data theft.
    • Gray Hat Hackers: Individuals with a mix of white and black hat characteristics.
    • Blue Hat Hackers: Individuals testing software applications for bugs.
    • Script Kiddies: Novice hackers using scripts to launch attacks without in-depth knowledge.
    • Hacktivists: Hackers motivated by ideological causes.
    • Phreakers: Experts in attacking telephonic systems.
    • Carders: Hackers specializing in attacking smart card systems.

    Malicious Codes (Malware)

    • Virus: Program attaching to software to perform unintended actions. Requires user activation; can be programmed to run passively.
    • Worms: Standalone programs that exploit vulnerabilities to spread throughout a network rapidly. Do not require user interaction.
    • Spyware: Software tracking user activity and collecting information. Often used for targeted advertising or unauthorized data gathering.
    • Adware: Software displaying advertisements, often pop-up windows.
    • Scaryware: Software designed to convince users their system is infected and promote solutions, often for profit.
    • Trojan Horse: Program with seemingly useful functionality but hidden malicious actions, often leading to unauthorized access.
    • Ransomware: Malware blocking access to a system until a payment is made.

    Network Security

    • Physical Security: Protecting the physical environment where resources are located, including server rooms, networks equipment, preventing accidents, and uninterrupted power supply.
    • Logical Security: Implementing policies using software to control access. Includes using strong passwords, access models (authentication, authorization, and traceability), configuring firewalls, implementing Intrusion Prevention Systems (IPS), and using Virtual Private Networks (VPNs).
    • Administrative Security: Rules and procedures used by an organization to monitor and control its network, including preventing errors and fraud, defining responsibilities of staff, and protecting property.

    Types of Network Attacks

    • Reconnaissance Attacks (Passive): Goal is to gather info about the target network. Techniques like ping sweeps (identifying active hosts), port scanning (determining open ports), and packet sniffing (capturing network traffic).
    • Password Attacks: Goal is to discover usernames and passwords. Approaches include dictionary attacks (using a list of common words) and brute-force attacks (trying all possible combinations).
    • Access Attacks: Goal is to gain unauthorized access. Techniques like phishing (sending fraudulent emails), pharming (redirecting traffic), man-in-the-middle attacks (intercepting communication), and spoofing (making a system appear legitimate).
    • Network Attacks against Availability: Goal is to render a network resource unavailable. Methods include denial-of-service (DoS) attacks, flooding the system with requests, and distributed denial-of-service (DDoS) attacks using multiple sources.
    • Close Attacks: Attacker is physically present at the target system.
    • Attacks on Approval Relationships: Exploiting approval relationships between network devices to gain greater control.

    Network Security Measures

    • Separation of Resources: Categorizing resources into different security zones, such as DMZ.
    • Deep Protection: Deploying security devices strategically across a network.
    • Least Privilege: Limiting access rights to the minimum necessary.
    • Adequate Protection: Implementing strong protection mechanisms at all network levels.
    • Restricting Information: Limiting access based on employee roles and tasks.
    • Separation of Tasks/Job Rotation: Reducing vulnerabilities caused by individuals having too much responsibility.

    Vulnerability Audit Measures

    • Preventive Measures: Precautions to reduce the possibility of an attack.
    • Detective Measures: Identifying security violations using logs and monitoring tools.
    • Corrective Measures: Rectifying security breaches or weaknesses.
    • Recovery Measures: Procedures to restore network functionality after an incident.
    • Deterrence Measures: Discouraging potential attackers.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Related Documents

    Description

    Test your knowledge on key information security terms and types of hackers. This quiz covers essential vocabulary such as vulnerabilities, threats, and countermeasures, as well as different categories of hackers. Challenge yourself and learn more about the landscape of cybersecurity!

    More Like This

    Information Security Quiz
    80 questions
    Introduction to Information Security
    30 questions
    Use Quizgecko on...
    Browser
    Browser