ISTA 161
ISTA 161 FINAL EXAM 2025
Hacker - -People who gain unauthorized access to computers and computer networks
3 techniques that Hackers use - -
Eavesdropping
Dumpster Diving
Social Engineering
Eavesdropping - -Looking over the shoulder of a legitimate computer user to learn his
login name & password
Dumpster Diving - -Looking through garbage for interesting bits of information
Social Engineering - -Refers to the manipulation of a person inside the organization to
gain access to confidential information
Electronic Communications Privacy Act - -Makes it illegal to intercept telephone
conversations, email, or any other data transmissions
Wire Fraud Act (National Stolen Property Act) - -Prosecuting the use of the Internet to
commit fraud or transmit funds
Identity Theft and Assumption Deterrence Act - -Prosecuting adopting the identity of
another person to carry out an illegal activity
Encryption - -The process of protecting information by transforming it into a form that
cannot be understood by anyone who does not possess the key
Sidejacking - -Hijacking of an open Web session by the capturing of a user's cookies,
giving the attacker the same privileges as the user on that website
Malware - -Malicious software that is active on your computer
Virus - -Piece of self-replicating code embedded within another program called the host
Worm - -Self-containing program that spreads through a computer network by exploiting
security holes in the computers connected to the network
Cross-site Scripting - -Malware that gets on your computer system via websites that
allow people to view what other people have written
Drive-by-Download - -When malware gets on your computer system simply by visiting a
website
ISTA 161
, ISTA 161
Trojan Horse - -Program with a benign capability that conceals a sinister purpose
Backdoor Trojan - -Trojan horse that gives the attacker access to the victim's computer
Rootkit - -Set of programs that provide privileged access to a computer
Spyware - -Program that communicates over an Internet connection without the user's
knowledge or consent
Adware - -Type of spyware that displays pop-up advertisements related to what the user
is doing
Bot - -Type of backdoor Trojan that responds to commands sent by a command &
control program located on a external computer
Botnet - -Collection of bot-infected computers
Bot Herder - -Person who controls a botnet
3 Defensive Measures v. Malware - -
Security Patches
Antimalware
Firewall
Security Patches - -Software makers' updates to remove vulnerabilities that have been
uncovered
Antimalware - -Software that scans & deletes malware from a computers' hard drive
Firewall - -Software application installed on a computer that can selectively block
network traffic to and from that computer
Phishing - -Attack on a large-scale effort to gain sensitive information from gullible
computer users
Spear Phishing - -Variant of phishing in which the attacker selects email addresses that
target a particular group of recipients
SQL Injection - -Method of attacking a database-driven Web application that has
improper security
Denial-of-Service Attack (DoS) - -Intentional action designed to prevent legitimate users
from making use of a computer service
The goal is not to steal information, but to disrupt a computer server's ability to respond
to its clients
ISTA 161
ISTA 161 FINAL EXAM 2025
Hacker - -People who gain unauthorized access to computers and computer networks
3 techniques that Hackers use - -
Eavesdropping
Dumpster Diving
Social Engineering
Eavesdropping - -Looking over the shoulder of a legitimate computer user to learn his
login name & password
Dumpster Diving - -Looking through garbage for interesting bits of information
Social Engineering - -Refers to the manipulation of a person inside the organization to
gain access to confidential information
Electronic Communications Privacy Act - -Makes it illegal to intercept telephone
conversations, email, or any other data transmissions
Wire Fraud Act (National Stolen Property Act) - -Prosecuting the use of the Internet to
commit fraud or transmit funds
Identity Theft and Assumption Deterrence Act - -Prosecuting adopting the identity of
another person to carry out an illegal activity
Encryption - -The process of protecting information by transforming it into a form that
cannot be understood by anyone who does not possess the key
Sidejacking - -Hijacking of an open Web session by the capturing of a user's cookies,
giving the attacker the same privileges as the user on that website
Malware - -Malicious software that is active on your computer
Virus - -Piece of self-replicating code embedded within another program called the host
Worm - -Self-containing program that spreads through a computer network by exploiting
security holes in the computers connected to the network
Cross-site Scripting - -Malware that gets on your computer system via websites that
allow people to view what other people have written
Drive-by-Download - -When malware gets on your computer system simply by visiting a
website
ISTA 161
, ISTA 161
Trojan Horse - -Program with a benign capability that conceals a sinister purpose
Backdoor Trojan - -Trojan horse that gives the attacker access to the victim's computer
Rootkit - -Set of programs that provide privileged access to a computer
Spyware - -Program that communicates over an Internet connection without the user's
knowledge or consent
Adware - -Type of spyware that displays pop-up advertisements related to what the user
is doing
Bot - -Type of backdoor Trojan that responds to commands sent by a command &
control program located on a external computer
Botnet - -Collection of bot-infected computers
Bot Herder - -Person who controls a botnet
3 Defensive Measures v. Malware - -
Security Patches
Antimalware
Firewall
Security Patches - -Software makers' updates to remove vulnerabilities that have been
uncovered
Antimalware - -Software that scans & deletes malware from a computers' hard drive
Firewall - -Software application installed on a computer that can selectively block
network traffic to and from that computer
Phishing - -Attack on a large-scale effort to gain sensitive information from gullible
computer users
Spear Phishing - -Variant of phishing in which the attacker selects email addresses that
target a particular group of recipients
SQL Injection - -Method of attacking a database-driven Web application that has
improper security
Denial-of-Service Attack (DoS) - -Intentional action designed to prevent legitimate users
from making use of a computer service
The goal is not to steal information, but to disrupt a computer server's ability to respond
to its clients
ISTA 161
