Quiz #14: Risks, Security, and Disaster Recovery
Show all answers
Hide all answers
Completion
- UPS stands for __________.
Answer
Uninterruptible Power Supply
- SSL stands for ___________.
Answer
Secure Socket Layer
- DoS stands for ___________.
Answer
Denial of Service
- DDoS stands for ___________.
Answer
Distributed Denial of Service
Short answer
- Define the term downtime.
Answer
Downtime is the time during which resources are unavailable.
- Define the term brownout.
Answer
A brownout is a reduction in voltage, which can be much more dangerous for electronics than a blackout.
- Define the term blackout.
Answer
A blackout is a loss of power.
- Define the term vandalism.
Answer
Vandalism is when humans deliberately damage or destroy resources
just because they want to.
- What is HTTPS?
Answer
HTTPS is a secure version of HTTP
- Define the term social engineering.
Answer
Social engineering is using human weaknesses to gain access to confidential
information
- Define the term keystroke logging.
Answer
Keystroke logging is intercepting keystrokes and either storing them or
sending them someplace on the Internet (very useful for stealing
usernames, passwords, account information, etc.).
- Define the term keylogger.
Answer
Hardware or software which secretly records keystrokes.
- Define the term phishing.
Answer
Phishing is done by sending fraudulent messages (typically emails) which lure recipients into
going to a fake website to try to get them to enter confidential information.
- Define the term vishing.
Answer
Vishing is similar to phishing, but the attack takes place using a fraudulent phone call
directing the person to call a malicious number where personal information will be gathered.
- Define the term pharming.
Answer
Pharming is replacing a real website with an imposter to try to get people to
enter confidential information.
- Define the term tarpit.
Answer
A tarpit is a host on the network designed to expect attacks and respond very
slowly, allowing the attacker to not get much done and spend enough time on the
machine to be tracked.
- Define the term honeypot.
Answer
A honeypot is a host on the network designed to lure attackers in so waiting
monitors can attempt to track the attacker.
- Define the term honeytoken.
Answer
A honeytoken is a piece of data which is extremely unlikely to be accessed legitimately,
but which an attacker is likely to access; it has special monitoring to immediately
alert system administrators when it is accessed with information about where the
access request originated.
- Define the term virus.
Answer
A virus is software designed to spread from one computer to another based on something
a user does, such as open a file.
- Define the term worm.
Answer
A worm is software that can spread itself through a network without human intervention.
- Define the term Trojan horse.
Answer
A Trojan horse is a malicious program disguised as a potentially helpful or useful
program; the program may even appear to be carrying out useful tasks while the
malicious part of the code silently carries out its tasks or waits for the right
time to spring into action. Trojans horses are a form of virus.
- Explain the difference between virus, worm, and Trojan horse malware.
Answer
Malware these days often combines all three within its design. A virus is malware
which is contained within another type of file, such as a PDF, Word document, etc. It infects other
files when the document that contains the virus is opened. A Trojan horse is similar, but is contained
within software that appears useful so that victims are lured into installing the software, and thus
the malware contained within. Worms are malware that sends messages to other machines on the network
hoping to find some weakness in the other machines that allows it to infect them. Worms often operate
in the background, even when users are not actively using a machine, and users often don't even know
that their machine is sending out or receiving malicious messages.
- Define the term logic bomb.
Answer
A logic bomb is a program where malicious code lies dormant waiting for a specific time or
set of conditions to become active and cause damage.
- Define the term zombie.
Answer
A zombie is a machine which has been attacked and has been infected with
malicious software which awaits commands to carry out DDoS attacks. The user is
usually unaware of the problem.
- Define the term hijacking as it relates to computers.
Answer
Hijacking is taking control of a computer or website without the owners consent
(generally remotely). Zombies are hijacked computers.
- Define the term atomic transaction.
Answer
An atomic transaction is a transaction that is guaranteed to not be only partially
recorded. It is either completely recorded or dropped. Atomic transactions are
generally made up from a group of transactions.
- Define the term audit trail.
Answer
An audit trail is a recorded series of details which log transactions, times, and
the people involved. An audit trail can be used to find out where errors or abuses
happened. This helps deter abuses.
- Define the term firewall.
Answer
A firewall is hardware and/or software that blocks unauthorized access to a system by blocking unrequested incoming messages and blocking outgoing messages that the computer should not be generating.
- Define the term proxy server.
Answer
A proxy server is a machine that represents all the machines within a network to the
external world. This helps focus where security and other control measures are
most important.
- Define the term encryption.
Answer
Encryption is translating a message into an unreadable form for all but the recipient (and
possibly the sender).
- Define the term decryption.
Answer
Decryption is translating a message from unreadable ciphertext back into its
original plaintext message.
- Define the term plaintext.
Answer
Plaintext is a message before it is encrypted (or after it is decrypted).
- Define the term ciphertext.
Answer
Ciphertext is a message which has been encrypted.
- Define the term symmetric encryption.
Answer
Symmetric encryption is when the encryption key and decryption key are the same.
- Define the term asymmetric encryption.
Answer
Asymmetric encryption is when the encryption key and decryption key are
different. Each participant has a public and a private key. Someone can encrypt a message
using the recipient's public key, which only the recipient can decrypt using their private key.
- Define the term private key encryption.
Answer
Private key encryption is a synonym for symmetric encryption. Symmetric
encryption is when the encryption key and decryption key are the same.
- Define the term public key encryption.
Answer
Public key encryption is a synonym for asymmetric encryption. Asymmetric
encryption is when the encryption key and decryption key are
different. Each participant has a public and a private key. Someone can encrypt a message
using the recipient's public key, which only the recipient can decrypt using their private key.