Term
|
Definition
| A ____ attack is a type of attack that uses deception and trickery to convince unsuspecting users to provide sensitive data or to violate security guidelines. |
|
|
Term
|
Definition
| _____ is a human- or software-based attack where the goal is to pretend to be someone else for the purpose of concealing their identity. Spoofing can occur by using IP addresses, network adapter's hardware MAC addresses, and email. |
|
|
Term
|
Definition
| ____ is any type of incorrect or misleading information that is disseminated to multiple users through unofficial channels. |
|
|
Term
|
Definition
| ____ is a human-based attack where an attacker pretends to be someone he is not. |
|
|
Term
|
Definition
| ____ is a human-based attack where the goal is to extract personal, financial, or confidential information from the victim by using services such as the telephone system and IP-based voice messaging services such as VoIP as the communication medium. |
|
|
Term
|
Definition
| ____is a form of phishing that targets individuals who are known to possess a good deal of wealth. |
|
|
Term
|
Definition
| ____ is an email-based threat where the user's inbox is flooded with emails which act as vehicles that carry advertising material for products or promotions for get-rich-quick schemes and can sometimes deliver viruses or malware. |
|
|
Term
|
Definition
| ____ is an IM-based attack similar to spam that is propagated through instant messaging instead of through email. |
|
|
Term
|
Definition
| A ____ attack is a type of software attack where an attacker inserts some type of undesired or unauthorized software, or malware, into a target system. |
|
|
Term
|
Definition
| _____ is a sample of code that spreads from one computer to another by attaching itself to other files. |
|
|
Term
|
Definition
| ____ is a piece of code that spreads from one computer to another on its own, not by attaching itself to another file. |
|
|
Term
|
Definition
| ____ is an insidious type of malware that is itself a software attack and can pave the way for a number of other types of attacks. There is a social engineering component to a Trojan horse attack since the user has to be fooled into executing it. |
|
|
Term
|
Definition
| ____ A piece of code that sits dormant on a target computer until it is triggered by a specific event, such as a specific date. |
|
|
Term
|
Definition
| ___ is surreptitiously installed malicious software that is intended to track and report on the usage of a target system, or collect other data the author wishes to obtain. |
|
|
Term
|
Definition
| ____ isi software that automatically displays or downloads advertisements when it is used. |
|
|
Term
|
Definition
| ____ is code that is intended to take full or partial control of a system at the lowest levels. |
|
|
Term
|
Definition
| ____ is a set of computers that have been infected by a control program called a bot that enables attackers to exploit them and mount attacks. |
|
|
Term
|
Definition
| ____ is malicious code, such as viruses, Trojans, or worms, which is designed to gain unauthorized access to, make unauthorized use of, or damage computer systems and networks. |
|
|
Term
|
Definition
| A ____ is any attack against software resources including operating systems, applications, protocols, and files. |
|
|
Term
|
Definition
| _____ is an attack that targets system vulnerability to cause the device operating system to crash or reboot, and may result in loss of data or execute rogue code on devices. |
|
|
Term
|
Definition
| A ____ attack is any type of attack in which the attacker attempts to obtain and make use of passwords illegitimately. |
|
|
Term
|
Definition
| A ____ attack automates password guessing by comparing encrypted passwords against a predetermined list of possible password values. |
|
|
Term
|
Definition
| In a ____ attack, the attacker uses password-cracking software to attempt every possible alphanumeric password combination. |
|
|
Term
|
Definition
| A ____ attack is the simplest type of password attack and involves an individual making repeated attempts to guess a password by entering different common password values. |
|
|
Term
|
Definition
| An ____ attack is a type of software attack where an attacker creates IP packets with a forged source IP address and uses those packets to gain access to a remote system. |
|
|
Term
|
Definition
| A ____ attack involves exploiting a session to obtain unauthorized access to an organization's network or services. It involves stealing an active session cookie that is used to authenticate a user to a server and controlling the session. |
|
|
Term
|
Definition
| A ____ attack is a type of network attack in which an attacker attempts to disrupt or disable systems that provide network services. |
|
|
Term
|
Definition
| ___ attacks are a type of DoS attack that exploits vulnerabilities in ICMP by overloading a host with ping requests and clogging a network with traffic. Essentially, it creates a false ICMP Echo Request (ping) packet that uses the address of the targeted host as the source and a network broadcast address as the destination. |
|
|
Term
Distributed Denial of Service (DDoS) |
|
Definition
| A ____ attack is a type of DoS attack that uses multiple computers on disparate networks to launch the attack from many simultaneous sources. |
|
|
Term
|
Definition
| A ____ attack is a form of eavesdropping where the attacker makes an independent connection between two victims (two clients or a client and a server) and relays information between the two victims as if they are directly talking to each other over a closed connection, when in reality the attacker is controlling the information that travels between the two victims. |
|
|
Term
|
Definition
| An ____ attack or sniffing attack uses special monitoring software to intercept private network communications, either to steal the content of the communication itself or to obtain user names and passwords for future software attacks. |
|
|
Term
|
Definition
| A ___ attack is a type of network attack where a potential attacker scans the computers and devices that are connected to the Internet or other networks to see which TCP and UDP ports are listening and which services on the system are active. |
|
|
Term
|
Definition
| A ____ attack is a network attack where an attacker captures network traffic and stores it for retransmitting at a later time to gain unauthorized access to a specific host or a network. |
|
|
Term
|
Definition
| An ____ attack targets the FTP vulnerability, which permits connected clients to open other connections on any port on the FTP server. |
|
|
Term
|
Definition
| ____ occurs when an attacker redirects an IP address to the MAC address of a computer that is not the intended recipient. |
|
|
Term
|
Definition
| ___ is an unauthorized wireless access point on a corporate or private network. |
|
|
Term
|
Definition
| ____ are rogue access points on a network that appear to be legitimate. Can be more dangerous than other rogue access points because the user thinks that the wireless signal is genuine. |
|
|
Term
|
Definition
| ____ is a method used by attackers to send out unwanted Bluetooth signals from PDAs, mobile phones, and laptops to other Bluetooth-enabled devices. |
|
|
Term
|
Definition
| ____ is a method in which attackers gain access to unauthorized information on a wireless device using a Bluetooth connection within the 30-foot Bluetooth transmission limit. |
|
|
Term
|
Definition
| ____is the act of searching for instances of wireless networks using wireless tracking devices such as PDAs, mobile phones, or laptops. |
|
|
Term
|
Definition
| ____ is a type of attck where the attacker is able to predict or control the Initialization Vector (IV) of an encryption process. This gives the attacker access to view the encrypted data that is supposed to be hidden from everyone else except for an authentic user of the network. |
|
|
Term
|
Definition
| ____ is a small unit of supplemental code meant to address either a security problem or a functionality flaw in a software package or operating system. |
|
|
Term
|
Definition
| ____ is a patch that is often issued on an emergency basis to address a specific security flaw. |
|
|
Term
|
Definition
| ____ is a collection of previously issued patches and hotfixes, usually meant to be applied to one component of a system, such as the web browser or a particular service. |
|
|
Term
|
Definition
| ____ is a larger compilation of system updates that can include functionality enhancements, new features, and typically all patches, updates, and hotfixes issued up to the point of the release of the service pack. |
|
|
Term
|
Definition
| ____ is the practice of monitoring for obtaining, evaluating, testing, and deploying software patches and updates. |
|
|
Term
|
Definition
| A ____ is a formalized statement that defines how security will be implemented within a particular organization. |
|
|
Term
|
Definition
| ____ are published lists that contain email addresses that are confirmed as spam sources. Mail servers can be configured to scan these lists for addresses and then flag or reject them to avoid spreading spam within an organization. |
|
|
Term
|
Definition
| ____ outlines the plan for the individual security component. |
|
|
Term
|
Definition
| ____ define how to measure the level of adherence to the policy. |
|
|
Term
|
Definition
| ____ are suggestions, recommendations, or best practices for how to meet the policy standard. |
|
|
Term
|
Definition
| ____ are step-by-step instructions that detail how to implement components of the policy. |
|
|
Term
|
Definition
| ____ defines the acceptable use of an organization's physical and intellectual resources. |
|
|
Term
|
Definition
| ____ details the requirements and parameters for risk assessment and audits of the organization's information and resources. |
|
|
Term
|
Definition
| A ____ is a specific instance of a risk event occurring, whether or not it causes damage. |
|
|
Term
|
Definition
| ____ is a systematic way of approving and executing change in order to ensure maximum security, stability, and availability of information technology services. |
|
|
