Intro to IT Ch 10 Quiz Review

While all the choices sound appropriate, snooping is the term associated with secretly trying to discover information.

Social Engineering is a broader term that covers multiple methods.

Reconnaissance is passive gathering of informatin, and may be secret or overt.

Impersonation is using technology to hijack conversations/data transfers.

Pretexting is just one form of Social Engineering.

Wiretapping is using technology to intercept communication/data transfers.

Phishing is sending email that appears to be from a trusted source, hoping to obtain personal information like usernames and passwords.

Denial of service (DOS) attacks are hard to defend against.

In addition to confidentiality and integrity, IT professionals need to be concerned with the availability of important company data. If employees or customers are unable to access digital resources when they need them, companies lose valuable time and money.

All of the terms except social engineering are about data availability.

Most people expect to have some measure of privacy in their daily lives. Most countries have laws that protect the privacy of their citizens. However, when the internet is involved, privacy is never a certainty. When you use the internet, your data travels through several networking devices is processed by dozens of software programs and protocols, each owned by someone else.

Therefore, it is important to understand that when using digital data, extra measures should be taken to protect information. In addition, it's important for a company to create policies, guidelines and procedures, that outline specific rules for protecting sensitive data. Such topics should include the use of social media, physical security requirements, and access to private information.

Dictionary attacks take advantage of people who use short, common words or combinations of these words as their passwords. It's called a dictionary attack because some hackers can literally try every word in the dictionary! This is quite a long list as there are over one million words in the English language and over 3 million combinations of six letters.

To initiate the attack, the hacker tries a long list of common words, together with numbers before or after them like people often use. They sometimes use company usernames so that they can try passwords based on peoples' names. This type of attack only works when a site or program doesn't lock users out after a certain number of invalid attempts.

Sometimes, a dictionary attack is used to uncover the decryption key so that encrypted data can be decrypted and stolen in a traffic-interruption attack.

A brute force attack is similar to a dictionary attack except the attacker tries to use every possible combination of letters and numbers until the find a password.

For example, they may try aaaaaaa, then aaaaaab, then aaaaaac, and so on. This is a bit like a huge army attacking a fort. The defenses might be able to keep out most attackers, but the sheer numbers will eventually overwhelm them. Hackers need an incredibly large number of attempts because of the astronomical numbers involved.

For example, in an 8-character alphanumeric password that allows both uppercase and lowercase letters, there are over 200 trillion possible combinations! It's easy to see why these kinds of attacks require a great deal of computing power.

During a keylogger attack, a hacker manages to install software on another person's computer to record that person's keystrokes.

To avoid a phishing attack, it's a good idea to avoid clicking on any email links that come from senders you don't know.

When in doubt, call the company's customer service line and ask if they were actually trying to contact you. Reputable companies almost never ask for personal information in an email.