CSP_CHap7

Name: ID:

Email:

CSP_CHap7_19

True/False
Indicate whether the statement is true or false.

An original message or file that has not yet been encrypted is referred to as ciphertext.

The single most effective security measure for digital devices is to password protect access to them.

Android devices automatically encrypt data stored on the device when a user activates the login password.

It is not possible to encrypt a Windows hard drive volume.

OS X devices include a utility that automatically encrypts data stored locally.

Brute force attacks methodically try every possible password until the correct one is found.?

Password managers can generate unique passwords that have very good entropy.

In addition to replicating itself, a virus self-distributing.

Viruses spread themselves from one device to another.

10.

Most trojans are not designed to replicate themselves.

11.

Any data entering a digital device could be malware.

12.

Heuristics may produce false positives that mistakenly identify a legitimate file as malware.

13.

RATs can be used to create a backdoor to a victim’s device that takes control of the device’s camera.

14.

A botnet has a server that is controlled by hackers.

15.

Correctly installed antivirus software will prevent all intrusions.

16.

Hackers can use ports to communicate with devices in botnets.

17.

The objective of a MITM attack is for a third party to block communications between two entities.

18.

Social engineering attacks prey on human vulnerabilities.

19.

Most ISPs and email services do not use filtering techniques to block spam.

20.

Blacklist and header filtering is usually performed by email clients and Webmail services.

Multiple Choice
Identify the choice that best completes the statement or answers the question.

21.

Which of the following terms would best match this definition: Transforms a message or data file in such a way that its contents are hidden from unauthorized readers.

a.	authentication
b.	encryption
c.	ciphertext
d.	decryption

22.

. ?Which of the following is not an example of an authentication protocol?

a.	password
b.	PINs
c.	fingerprint scanner
d.	all of the above

23.

Which of the following type of attack uses password-cracking software to generate every possible combination of letters, numerals, and symbols.

a.	entropy?
b.	massive
c.	dictionary
d.	brute force

24.

Which of the following is not a characteristic of a weak password?

a.	Eight characters in length and include one or more uppercase letters, numbers, and symbols.
b.	Uses default passwords such as password, admin, system, and guest.
c.	Any sequence that includes a user name.
d.	Use of words from a dictionary.

25.

If you feel more secure with a totally random and unique password for each of your logins, then a(n) _______________ is an excellent option.

a.	keylogger
b.	encryption key
c.	password manager
d.	personal firewall

26.

What is the process called when an app from a source other than an official app store is installed on a device?

a.	Side-loading
b.	Rootkit
c.	Code injection
d.	Dropper

27.

. ?Which of the following is not a characteristic of a computer worm?

a.	self-replicating
b.	usually standalone executable programs
c.	self-distributing
d.	spread through a process called side-loading

28.

Trojans depend on ________ to spread.

a.	self-replication
b.	social engineering
c.	rootkits
d.	code injection

29.

The best defense against malware is _____________.

a.	encryption
b.	entropy
c.	antivirus software
d.	all of the above

30.

When antivirus software detects malware, which of the following would not be a course of action you could take?

a.	Conduct a heuristic analysis.
b.	Repair the infection
c.	Put the infected file into quarantine
d.	Delete the infected file.

31.

_____________ software shields certain applications against behaviors commonly exhibited by intrusions.

a.	Malware
b.	Anti-exploit
c.	Antivirus
d.	Virus signature

32.

A(n) __________ is a device or software that is designed to block unauthorized access while allowing authorized communications.

a.	Netstat
b.	firewall
c.	Evil Twin
d.	digital certificate

33.

Which of the following can be used to block unauthorized access while allowing authorized communications on a device or network?

a.	network router
b.	personal firewall
c.	hardware that uses a NAT
d.	all of the above

34.

Which of the following would be considered spyware?

a.	a keylogger
b.	firewall software
c.	Antivirus software
d.	all of the above

35.

The current method of encrypting communication between a client and a server depends on a security protocol called _______.

a.	RAT
b.	TLS
c.	PUP
d.	AES

36.

. A social engineering scam called ___________ is when a victim is promised a large sum of money in exchange for a bank account number from which a small advance fee is withdrawn.

a.	advance fee fraud
b.	pharming
c.	address spoofing
d.	Evil Twin

37.

Spam accounts for approximately ______ of all email.

a.	40%
b.	50%
c.	60%
d.	70%

38.

Which of the following is not a type of spam filter?

a.	Content
b.	Permission
c.	Blacklist
d.	Entropy

39.

. ____________ is a service offered by Google that checks URLs against a list of suspicious Web site URLs.

a.	Personal Firewall
b.	Safe Browsing
c.	Heuristic Analysis
d.	SmartScreen Filter

40.

What is the term used to describe unwanted software that installs along with the application software that you originally downloaded and installed?

a.	RAT
b.	PUP
c.	Evil Twin
d.	adware

Matching Extra Credit 5 points

a.	Malware
b.	key
c.	bits
d.	worm
e.	strong

41.

A cryptographic is a word, number, or phrase that must be known to encrypt or decrypt data.?

42.

A password is difficult to hack.

43.

Password entropy is a measure in _______of a password’s unpredictability.

44.

is a self-replicating, self-distributing program designed to carry out unauthorized activity on a victim’s device.

45.

refers to any computer program designed to surreptitiously enter a digital device.