ITSY 1300 Chapters1-5 Review
The tasks of securing information that is in a digital format, whether it be manipulated by
a microprocessor, preserved on a storage device, or transmitted over a network is
called: - answer Information Security
What are the three protections that must be extended over information? – answer CIA-
Confidentiality, Integrity, Availability
__________ ensures that only authorized parties can view the information. - answer
Confidentiality
__________ ensures that the information is correct and no unauthorized person or
malicious software has altered the data. - answer Integrity
__________ ensures that the data is accessible to authorized users. -
answerAvailability
An _________ is an item that has value. - answerAsset
A type of action that has the potential to cause harm is known as a: - answerThreat
A flaw or weakness that allows a threat agent to bypass security is a: -
answerVulnerability
A situation that involves exposure to some type of danger is a: - answerRisk
What are the 4 responses to risks? - answerAccept
Transfer
Avoid
Mitigate
To __________ risk simply means that the risk is acknowledged but no steps are taken
to address it. - answerAccept
A response to risk that allows a 3rd party to assume the responsibility of the risk is
known as risk: - answerTransfer
To __________ risks, involves identifying the risk but making the decision to not engage
in the activity. - answerAvoid
,To __________ risk is the attempt to address risk by making risk less serious. -
answerMitigate
Healthcare enterprises must guard protected healthcare information and implement
policies and procedures to safeguard it, whether in paper or electronic format: -
answerHIPAA
Health Insurance Portability and Accountability Act 1996
Set of security standards that all companies that process, store, or transmit credit or
debit card information must follow: - answerPCI DSS
Payment Card Industry Data Security Standard
__________ is attacks that are intended to cause panic or provoke violence among
citizens, attacks directed at the banking industry, military installations, power plants, air
traffic control centers, and water systems. - answerCyberterrorism
Individuals who want to attack computers yet they lack the knowledge of computers and
networks needed to do so are: - answerScript Kiddies
Freely available automated attack software used by Script Kiddies is known as: -
answerOpen-Source Intelligence
A group of threat actors that is strongly motivated by ideology are known as: -
answerHactivists
Protest or Retaliatory attacks
A new class of attack that uses innovative attack tools to infect a system and then
silently extracts data over an extended period is known as: - answerAPT
Advanced Persistent Threat
APTs are most commonly associated with: - answerNation State Actors
State sponsored attackers employed by a government for launching computer attacks
against their foes are known as: - answerNation State Actors
When the U.S. hired the Israel government to help infiltrate the Iranian nuclear program,
or if they hired Logan's Exodus to do it, they would be known as: - answerNation State
Actors
What are the 5 fundamental security principles for defense? - answerLayering
Limiting
Diversity
, Obscurity
Simplicity
Creating multiple obstacles of security defenses through which an attacker must
penetrate is known as: - answerLayering
__________ means that only the personnel who MUST use the data, have access to it.
- answerLimiting
Closely related to layering, as it is important to protect data with layers of security, the
layers themselves must also be: - answerDiverse (Diversity)
Information that is concealed, making it more difficult to attack a system, since nothing
is known about it and it is hidden from the outside is referring to: - answerObscurity
Keeping a system easy to know and work on from the inside, but complex on the
outside to attackers refers to: - answerSimplicity
Software that enters a computer system without the user's knowledge or consent and
then performs an unwanted and usually harmful action is known as: - answerMalware
What are the two types of malware? - answerViruses
Worms
What are the primary traits that malware possesses? - answerCirculation
Infection
Concealment
Payload Capabilities
Malicious computer code that reproduces itself on the same computer is known as a: -
answerVirus
A series of instructions that can be grouped together as a single command and are
often used to automate a complex set of tasks or a repeated series of tasks are known
as __________, which are a part of a data file such as in Excel .xlsx or Word .docx. -
answerMacros
What actions do viruses perform? - answerUnloads a payload to perform malicious
action
Reproduce itself by inserting its code into another file
A malicious program that uses a computer network to replicate is known as: -
answerWorm
What's the difference between a virus and a worm? - answerVirus infects program or
data file, can only be transferred by user
The tasks of securing information that is in a digital format, whether it be manipulated by
a microprocessor, preserved on a storage device, or transmitted over a network is
called: - answer Information Security
What are the three protections that must be extended over information? – answer CIA-
Confidentiality, Integrity, Availability
__________ ensures that only authorized parties can view the information. - answer
Confidentiality
__________ ensures that the information is correct and no unauthorized person or
malicious software has altered the data. - answer Integrity
__________ ensures that the data is accessible to authorized users. -
answerAvailability
An _________ is an item that has value. - answerAsset
A type of action that has the potential to cause harm is known as a: - answerThreat
A flaw or weakness that allows a threat agent to bypass security is a: -
answerVulnerability
A situation that involves exposure to some type of danger is a: - answerRisk
What are the 4 responses to risks? - answerAccept
Transfer
Avoid
Mitigate
To __________ risk simply means that the risk is acknowledged but no steps are taken
to address it. - answerAccept
A response to risk that allows a 3rd party to assume the responsibility of the risk is
known as risk: - answerTransfer
To __________ risks, involves identifying the risk but making the decision to not engage
in the activity. - answerAvoid
,To __________ risk is the attempt to address risk by making risk less serious. -
answerMitigate
Healthcare enterprises must guard protected healthcare information and implement
policies and procedures to safeguard it, whether in paper or electronic format: -
answerHIPAA
Health Insurance Portability and Accountability Act 1996
Set of security standards that all companies that process, store, or transmit credit or
debit card information must follow: - answerPCI DSS
Payment Card Industry Data Security Standard
__________ is attacks that are intended to cause panic or provoke violence among
citizens, attacks directed at the banking industry, military installations, power plants, air
traffic control centers, and water systems. - answerCyberterrorism
Individuals who want to attack computers yet they lack the knowledge of computers and
networks needed to do so are: - answerScript Kiddies
Freely available automated attack software used by Script Kiddies is known as: -
answerOpen-Source Intelligence
A group of threat actors that is strongly motivated by ideology are known as: -
answerHactivists
Protest or Retaliatory attacks
A new class of attack that uses innovative attack tools to infect a system and then
silently extracts data over an extended period is known as: - answerAPT
Advanced Persistent Threat
APTs are most commonly associated with: - answerNation State Actors
State sponsored attackers employed by a government for launching computer attacks
against their foes are known as: - answerNation State Actors
When the U.S. hired the Israel government to help infiltrate the Iranian nuclear program,
or if they hired Logan's Exodus to do it, they would be known as: - answerNation State
Actors
What are the 5 fundamental security principles for defense? - answerLayering
Limiting
Diversity
, Obscurity
Simplicity
Creating multiple obstacles of security defenses through which an attacker must
penetrate is known as: - answerLayering
__________ means that only the personnel who MUST use the data, have access to it.
- answerLimiting
Closely related to layering, as it is important to protect data with layers of security, the
layers themselves must also be: - answerDiverse (Diversity)
Information that is concealed, making it more difficult to attack a system, since nothing
is known about it and it is hidden from the outside is referring to: - answerObscurity
Keeping a system easy to know and work on from the inside, but complex on the
outside to attackers refers to: - answerSimplicity
Software that enters a computer system without the user's knowledge or consent and
then performs an unwanted and usually harmful action is known as: - answerMalware
What are the two types of malware? - answerViruses
Worms
What are the primary traits that malware possesses? - answerCirculation
Infection
Concealment
Payload Capabilities
Malicious computer code that reproduces itself on the same computer is known as a: -
answerVirus
A series of instructions that can be grouped together as a single command and are
often used to automate a complex set of tasks or a repeated series of tasks are known
as __________, which are a part of a data file such as in Excel .xlsx or Word .docx. -
answerMacros
What actions do viruses perform? - answerUnloads a payload to perform malicious
action
Reproduce itself by inserting its code into another file
A malicious program that uses a computer network to replicate is known as: -
answerWorm
What's the difference between a virus and a worm? - answerVirus infects program or
data file, can only be transferred by user
