WGU C954 - LATEST
INFORMATION
TECHNOLOGY
MANAGEMENT
A phone scam that attempts to defraud people by asking them to
call a bogus telephone number to confirm their account information
Vishing (or voice phishing)
A group of computers on which a hacker has planted zombie
programs
Zombie farm
Small electronic devices that change user passwords automatically
Token
A device that is around the same size as credit card containing
embedded technologies that can store information and small amount
of software to perform some limited processing
Smart card
The traditional security process which requires a username and
password
Single factor authentication
requires the user to provide two means of authentication, what the
user knows (password) and what the user has (security token)
Two factor authentication
END OF
PAGE
1
, WGU C954 - LATEST
INFORMATION
TECHNOLOGY
MANAGEMENT
Requires more than two means of authentication such as what the
user knows (password) what the user has security token and what
the user is biometric verification
Multifactor authentication
A network intrusion attack that takes advantage of programming
errors or design flaws to grant the attacker elevated access to the
network and its associated data and applications
Privilage escalation
Attackers grant themselves a higher access level such as
administrator allowing the attacker to perform illegal actions such
as running unauthorized code or deleting data
Vertical privilege escalation
Attacker grants themselves the same access levels they already have
but assumes the identity of another user
Horizontal privilege escalation
Computer viruses that wait for a specific date before executing
instructions
Time bombs
END OF
PAGE
2
, WGU C954 - LATEST
INFORMATION
TECHNOLOGY
MANAGEMENT
Occurs when organizations use software that filters content to
prevent the transmission of unauthorized information
Content filtering
The science that studies encryption which is the hiding of messages
so that only the sender and receiver can read them
Cryptography
Introduced by the national institute of standards and technology
(NIST), it is an encryption standard that uses a symmetric type of
encryption (it uses the same key to encrypt and decrypt) to keep
government information secure
Advanced encryption standard (AES)
Encryption system that uses two keys, the public key that everyone
can have, and a private key for only the recipient
Public key encryption (PKE)
A trusted third-party such as Verisign that validates users' identities
by means of digital certificates
Certificate authority
END OF
PAGE
3
, WGU C954 - LATEST
INFORMATION
TECHNOLOGY
MANAGEMENT
A data file that identifies individuals or organizations online and is
comparable to a digital signature
Digital certificate
An organized attempt by a country's military to disrupt or destroy
information and communication systems for another country
Cyberwar
The use of computer and networking technologies against persons
or property to intimidate or coerce governments individuals or any
segment of social to attain political religious or ideological goals
Cyberterrorism
Features full time monitoring tools that search for patterns in
network traffic to identify intruders
Intrusion detection software (IDS)
A set of measurable characteristics of a human voice that uniquely
identifies as individual
Voiceprint
Technique to gain personal information for the purpose of identity
theft usually by means of fraudulent email
END OF
PAGE
4
INFORMATION
TECHNOLOGY
MANAGEMENT
A phone scam that attempts to defraud people by asking them to
call a bogus telephone number to confirm their account information
Vishing (or voice phishing)
A group of computers on which a hacker has planted zombie
programs
Zombie farm
Small electronic devices that change user passwords automatically
Token
A device that is around the same size as credit card containing
embedded technologies that can store information and small amount
of software to perform some limited processing
Smart card
The traditional security process which requires a username and
password
Single factor authentication
requires the user to provide two means of authentication, what the
user knows (password) and what the user has (security token)
Two factor authentication
END OF
PAGE
1
, WGU C954 - LATEST
INFORMATION
TECHNOLOGY
MANAGEMENT
Requires more than two means of authentication such as what the
user knows (password) what the user has security token and what
the user is biometric verification
Multifactor authentication
A network intrusion attack that takes advantage of programming
errors or design flaws to grant the attacker elevated access to the
network and its associated data and applications
Privilage escalation
Attackers grant themselves a higher access level such as
administrator allowing the attacker to perform illegal actions such
as running unauthorized code or deleting data
Vertical privilege escalation
Attacker grants themselves the same access levels they already have
but assumes the identity of another user
Horizontal privilege escalation
Computer viruses that wait for a specific date before executing
instructions
Time bombs
END OF
PAGE
2
, WGU C954 - LATEST
INFORMATION
TECHNOLOGY
MANAGEMENT
Occurs when organizations use software that filters content to
prevent the transmission of unauthorized information
Content filtering
The science that studies encryption which is the hiding of messages
so that only the sender and receiver can read them
Cryptography
Introduced by the national institute of standards and technology
(NIST), it is an encryption standard that uses a symmetric type of
encryption (it uses the same key to encrypt and decrypt) to keep
government information secure
Advanced encryption standard (AES)
Encryption system that uses two keys, the public key that everyone
can have, and a private key for only the recipient
Public key encryption (PKE)
A trusted third-party such as Verisign that validates users' identities
by means of digital certificates
Certificate authority
END OF
PAGE
3
, WGU C954 - LATEST
INFORMATION
TECHNOLOGY
MANAGEMENT
A data file that identifies individuals or organizations online and is
comparable to a digital signature
Digital certificate
An organized attempt by a country's military to disrupt or destroy
information and communication systems for another country
Cyberwar
The use of computer and networking technologies against persons
or property to intimidate or coerce governments individuals or any
segment of social to attain political religious or ideological goals
Cyberterrorism
Features full time monitoring tools that search for patterns in
network traffic to identify intruders
Intrusion detection software (IDS)
A set of measurable characteristics of a human voice that uniquely
identifies as individual
Voiceprint
Technique to gain personal information for the purpose of identity
theft usually by means of fraudulent email
END OF
PAGE
4
