Network Security Threats and Encryption

Questions and Answers

Which of the following scenarios exemplifies a threat stemming from human error?

• An employee intentionally destroying data and system components.
• A virus and worm writer infecting computer systems.
• A hacker breaking into a system to steal for financial gain.
• An employee inadvertently installing an old database on top of the current one. (correct)

Which of the following technologies enables a browser to access websites without requiring repeated logins?

• Cookies (correct)
• Public keys
• Payloads
• Botnets

Why should establishing a security policy be addressed by the senior management of an organization?

• To avoid the use of perimeter firewalls.
• To ensure IS security software programs are created.
• To share the private key with all systems connected to the network.
• To provide a framework for consistent security practices across the organization. (correct)

Which encryption method involves the sender and receiver using different keys to transmit a message?

Asymmetric encryption (A)

Which of the following statements accurately describes Secure Sockets Layer (SSL)?

It is used to send sensitive data such as credit card numbers. (D)

Which of the following network security devices examines each part of a message and determines whether to let that part pass?

Packet-filtering firewall (C)

Which term describes a broad category of malicious software that includes viruses, spyware, and adware?

Malware (A)

In the context of malware protection, what is the term for the program code that carries out unwanted or harmful actions?

Payload (B)

Which type of malicious software disguises itself as useful programs or files to trick users into installing it?

Trojan horses (C)

What kind of virus self-propagates across the Internet or other computer networks?

Worm (D)

Flashcards

What are Cookies?

Small files that a browser uses to access websites without needing to sign in every time, improving user experience.

What is Establishing the security policy?

A critical security function involving the creation, communication, and enforcement of rules that dictate how data and systems are protected.

What is asymmetric encryption?

A method of encrypting data where the sender and receiver use different keys, enhancing security by requiring two different keys.

What is Malware?

A broad category of malicious software that encompasses viruses, spyware, and adware.

What is a payload?

The part of malware code that performs unwanted or harmful actions on a system.

What are Trojan horses?

Malicious programs that disguise themselves as useful software to trick users into installing them.

What is a worm?

A type of virus that can self-replicate and spread across the Internet or other networks, exploiting vulnerabilities to propagate.

What is Pretexting?

A type of attack where someone deceives others by pretending to be someone else to gain access or information.

What is Hardening?

A website measure to reduce a systems vulnerability using special versions of an operating system.

What are Honeypots?

False targets set up to attract computer criminals, allowing organizations to study attack methods and gather intelligence.

Study Notes

• Human error can cause threats, such as an employee installing an old database over a current one.
• Cookies are small files used by browsers to access websites without requiring a sign-in each time.
• Establishing a security policy is a critical security function for senior management to address.
• Asymmetric encryption involves the sender and receiver transmitting a message using different keys.
• The Secure Sockets Layer (SSL) is used to send sensitive data, like credit card numbers.
• A packet-filtering firewall examines each part of a message to decide whether to allow it to pass.
• Malware is a broad category of software that includes viruses, spyware, and adware.
• In malware protection, the program code that causes unwanted actions is called the payload
• Trojan horses are viruses that masquerade as useful programs or files
• A worm is a type of virus that self-propagates using the Internet or other computer networks.
• SQL injection is likely to be accepted by a poorly designed application, leading to improper disclosure of data.
• Pretexting occurs when someone deceives by pretending to be someone else.
• Data safeguards protect databases and other organizational data.
• Human safeguards involve the people and procedure components of information systems.
• When terminating an employee, IS administrators should receive advance notice to remove the user account and password.
• Hardening a website involves taking extraordinary measures to reduce a system's vulnerability using special versions of the operating system.
• Passwords are the primary means of authentication for a user's computer and other networks and servers.
• Honeypots are false targets for computer criminals to attack.
• A phisher pretends to be a legitimate company and sends an email requesting confidential data.
• Sniffing is a technique for intercepting computer communications through a physical connection to a network or without a physical connection in the case of wireless networks.
• Hacking involves breaking into a network to steal data such as customer lists, product inventory data, employee data, and other proprietary and confidential data.
• An unauthorized transaction from a user's credit card is most likely the result of hacking.
• Usurpation occurs when computer criminals invade a computer system and replace legitimate programs with their own, unauthorized ones that shut down legitimate applications.
• A malicious denial-of-service attack typically involves a hacker flooding a Web server with millions of bogus service requests.
• Hackers present the largest risk for an organization's infrastructure loss.
• A chief information security officer manages security for all of the organization's assets.
• Adapting the IS to new versions of business processes is complex and time-consuming, which is a limitation of aligning information systems with organizational strategy.
• High unit cost forever is a loss of control risk.
• Outsourcing is done to cap an organization's financial exposure.
• Outsourcing saves both direct and indirect management time.
• Paying another organization to arrange for employee travel is an example of outsourcing an entire business function.
• The chief information officer at Atlanta has control over prioritizing issues related to software changes needed.
• A risk of outsourcing information systems is the potential loss of intellectual capital.
• Obtaining full-time services is a reason to outsource.
• Every information systems (IS) user has the right to a secure computing environment, meaning the organization should protect their computer and files.
• Users of information systems are generally responsible for following security and backup procedures.
• The information technology department is frustrated by repetitive training.
• Developing, operating, and maintaining an organization's computing infrastructure is a major function of the information systems department.
• Setting IS priorities is a function of the steering committee for the information systems (IS) department.
• Outsourcing is the process of hiring another organization to perform a service.
• Outsourcing saves direct and indirect management time.
• An outsource vendor changing its strategic direction can be associated with loss of control.
• Acquiring licensed software is a form of outsourcing.
• A risk of outsourcing information systems (IS)/information technology (IT) functions is the potential loss of intellectual capital.
• The right to receive effective training is a right of users of information systems.
• Every information system has at least one application.
• Systems analysts are information system (IS) professionals who understand both business and information technology.
• A business process is a network of activities, repositories, roles, resources, and flows that interact to accomplish a business function.
• In a business process, an inventory or a database is an example of a repository.
• In a business process, a role refers to a collection of activities.