ACING MIS 562 EXAMS: FUNDAMENTALS OF INFORMATION
SYSTEMS SECURITY WITH AN A+ QUESTIONS AND ANSWERS
BREAKDOWN
Adware
A software program that collects information about Internet usage and uses it to present
targeted advertisements to users.
Application attacks
Attacks, usually in the form of intrusive penetration tests, directed at public-facing web
servers, applications, and back-end databases.
Arbitrary code execution
An exploit that allows a hacker to run unauthorized command line functions on a
compromised system. Buffer overflow attacks and SQL injection attacks can often allow
arbitrary code execution.
Armored virus
A virus that attempts to conceal itself from discovery, reverse engineering, or removal.
Address Resolution Protocol (ARP) poisoning
An attack that convinces the network that the attacker's MAC address is the one
associated with an allowed address so that traffic is wrongly sent to the attacker's
machine
Asset
Any item that has value to an organization or a person.
Attack
An attempt to exploit a vulnerability on an IT hardware asset or application.
Backdoor
An undocumented and often unauthorized access method to a computer resource that
bypasses normal access controls.
Birthday attack
A cryptographic attack on hash collisions (different text with same key), so named after
the surprisingly high probability of any two classroom students (or any members in a
group) sharing a birthday.
, Black-hat hacker
A computer attacker who tries to break IT security for the challenge and to prove
technical prowess.
Bluejacking
Sending unsolicited messages to another device using Bluetooth to get the recipient to
open them and potentially infect the recipient device.
Bluesnarfing
Accessing a Bluetooth-enabled device with the intention of stealing data.
Botnets
Robotically controlled network. A botnet consists of a network of compromised
computers that attackers use to launch attacks and spread malware.
Brute-force password attack
A method used to attempt to compromise logon and password access controls by
attempting every input combination. Brute-force password attacks usually follow a
specific attack plan, including the use of social engineering to obtain user information.
Buffer overflow
A condition in which a memory buffer exceeds its capacity and extends its contents into
adjacent memory. Often used as an attack against poor programming techniques or
poor software quality control. Hackers can inject more data into a memory buffer than it
can hold, which may result in the additional data overflowing into the next area of
memory. If the overflow extends to the next memory segment designated for code
execution, a skilled attacker can insert arbitrary code that will execute with the same
privileges as the current program. Improperly formatted overflow data may also result in
a system crash.
Christmas attack (Xmas)
An old attack of sending a deliberately malformed network packet with hopes the
receiving network device responds unexpectedly, e.g., rebooting or crashing. The
malformed packet includes several TCP header bits set to "1," or turned on, like the
lights of a Christmas tree.
Client-side attack
SYSTEMS SECURITY WITH AN A+ QUESTIONS AND ANSWERS
BREAKDOWN
Adware
A software program that collects information about Internet usage and uses it to present
targeted advertisements to users.
Application attacks
Attacks, usually in the form of intrusive penetration tests, directed at public-facing web
servers, applications, and back-end databases.
Arbitrary code execution
An exploit that allows a hacker to run unauthorized command line functions on a
compromised system. Buffer overflow attacks and SQL injection attacks can often allow
arbitrary code execution.
Armored virus
A virus that attempts to conceal itself from discovery, reverse engineering, or removal.
Address Resolution Protocol (ARP) poisoning
An attack that convinces the network that the attacker's MAC address is the one
associated with an allowed address so that traffic is wrongly sent to the attacker's
machine
Asset
Any item that has value to an organization or a person.
Attack
An attempt to exploit a vulnerability on an IT hardware asset or application.
Backdoor
An undocumented and often unauthorized access method to a computer resource that
bypasses normal access controls.
Birthday attack
A cryptographic attack on hash collisions (different text with same key), so named after
the surprisingly high probability of any two classroom students (or any members in a
group) sharing a birthday.
, Black-hat hacker
A computer attacker who tries to break IT security for the challenge and to prove
technical prowess.
Bluejacking
Sending unsolicited messages to another device using Bluetooth to get the recipient to
open them and potentially infect the recipient device.
Bluesnarfing
Accessing a Bluetooth-enabled device with the intention of stealing data.
Botnets
Robotically controlled network. A botnet consists of a network of compromised
computers that attackers use to launch attacks and spread malware.
Brute-force password attack
A method used to attempt to compromise logon and password access controls by
attempting every input combination. Brute-force password attacks usually follow a
specific attack plan, including the use of social engineering to obtain user information.
Buffer overflow
A condition in which a memory buffer exceeds its capacity and extends its contents into
adjacent memory. Often used as an attack against poor programming techniques or
poor software quality control. Hackers can inject more data into a memory buffer than it
can hold, which may result in the additional data overflowing into the next area of
memory. If the overflow extends to the next memory segment designated for code
execution, a skilled attacker can insert arbitrary code that will execute with the same
privileges as the current program. Improperly formatted overflow data may also result in
a system crash.
Christmas attack (Xmas)
An old attack of sending a deliberately malformed network packet with hopes the
receiving network device responds unexpectedly, e.g., rebooting or crashing. The
malformed packet includes several TCP header bits set to "1," or turned on, like the
lights of a Christmas tree.
Client-side attack
