Curriculum Section

IT Essentials Module 9 Fundamentals of Security Study Guide
Curricu Question Answer

lum
Section
9.0 1. Technicians need to understand
Computer and Network Security
2. Failure to implement proper security Users, Computers and general public
procedures can have an impact on
9.1 3. Computer and network security help to Keep data and equipment functioning and to provide
access to appropriate people
4. _________, _________, and Theft
__________ are some of the ways a network Loss
or computer can be harmed. Network Intrusion
5. Repairing and replacing equipment can Time and Money
cost the company
6. Poorly implemented security measures to Physical connectivity is not necessary for unauthorized
wireless network devices demonstrate that access by intruders
7. The primary responsibilities of a Data and Network Security
technician include
8. You may also be asked to instruct users Maintain good security practices
how to
9.2 9. List the two type of threat that a Physical and Data
technician must understand:
10. Threats to security can come from The inside or outside of organization
11. Internal Threats include: Malicious threats by employees, or accidents caused by

the employees
12. External Threats include: Users who are outside the organization who use code to
help attack
13. Threats against data are constantly Attackers find new ways to gain entry
changing as
14. After completing this section, you will  Define viruses, worms, and Trojans.
meet these objectives:  Explain web security.
 Define adware, spyware, and grayware.
 Explain Denial of Service (DoS).
 Describe spam and popup windows.
 Explain social engineering.
 Explain TCP/IP attacks.
 Explain hardware deconstruction and recycling.
9.2.1 15. Computer viruses are deliberately Created and sent out by attackers
16. A virus is a program written with Malicious intent and send out by attacker
17. The virus is transferred to another E-mail, file transfers, and instant messaging.
computer through
18. How does a virus work? A virus has the potential to corrupt or even delete files on
your computer, use your e-mail to spread itself to other
computers, or even erase your entire hard drive
19. The most damaging type of virus is used Record keystrokes
to
20. That allows these viruses to be used by Passwords or credit card numbers
attackers to harvest sensitive information,
such as
21. A worm is a A self-replicating program
22. How is a worm different from a virus? It does not need to attach to a program to infect a
computer
23. Even if the worm does not damage data It consumes the bandwidth
or applications on the hosts it infects, it is
harmful to networks because it
24. A Trojan threat is hidden in software that Pretends to be a useful program
25. Trojans are often disguised as Useful programs
26. Virus protection software, known Anti-Virus Software

as___________, is software designed Detect, disable and remove viruses, worms and Trojans
specifically to _____ before they infect a
computer.
9.2.2 27. Web security is important because Numerous people visit the World Wide Web everyday
28. examples of web tools: (just list) ActiveX
Java
JavaScript
29. Attackers may use any of these tools to Install a program on the computer
9.2.3 30. Adware, spyware, and grayware are Without knowledge of the user
usually installed on a computer
31. Adware is a software program that Displays adverstising

32. Grayware or malware is Potentially harmful to computer
33. Spyware monitors__________. The Activity on computer
spyware then sends this information to An organization resoponsible for launching spyware
________.
34. Phishing is Where the attacker pretends to represent a legitimate
outside organization
9.2.4 35. _____________ is a form of attack that E-mail Bomb
prevents users from accessing normal
services, such as e-mail and a web server.
36. It is caused by Attackers sending numerous E-mails
37. Common DoS attacks include: Ping of Death
Email Bomb
38. Distributed DoS (DDoS) is another form Zombies
of attack that uses many infected computers,
called ________, to launch an attack.
9.2.5 39. Spam, also known as junk mail, is ____, Unsolicited e-mail
40. When used as an attack method, spam Harmful websites

may include links to ________or an Deceptive content
_______.
41. Spam may include links to an infected Popups
website or an attachment that could infect a
computer. These links or attachments may
result in lots of windows designed to capture
your attention and lead you to advertising
sites. These windows are called________.
42. Common SPAM indications:  No subject line
 Incomplete return address
 Computer generated e-mail
 Return e-mail not sent by the user
9.2.6 43. A _______is a person who is able to gain Social Engineer

access to equipment or a network by tricking
people into providing the necessary access
information.
44. Basic precautions to help protect against  Never give out your password.
social engineering:  Always ask for the ID of unknown persons.
 Restrict access of unexpected visitors.
 Escort all visitors.
 Never post your password in your work area.
 Lock your computer when you leave your desk.
 Do not let anyone follow you through a door that
requires an access card.
9.2.7 Define these common attacks:

45. SYN Flood Randomly opens up TCP ports
46. DoS Sends large amounts of request for some service
47. DDoS Uses Zombies to hide the position of DoS
48. Spoofing Gains access by pretending to be a trusted computer
49. Man-in-the-Middle Inserts false information between two computers
50. Replay Uses network sniffers to find usernames and passwords
51. DNS Poisoning Changes the DNS on a server
9.2.8 52. ______ is the process of removing Hardware destruction
sensitive data from hardware and software
before recycling or discarding.
53. The only way to fully ensure that data Carefully shatter the platters with a hammer and safely
cannot be recovered from a hard drive is to dispose of the pieces
54. Media like CDs and floppy disks must Shredding machine designed for this task
also be destroyed. Use a
9.3 55. A security plan should be used to What should be done in a critical situation
determine
56. Part of the process of ensuring security is Determine areas that are weak
to conduct tests to
9.3.1 57. Though local security policies may vary  What assets require protection?
between organizations, there are questions all  What are the possible threats?
organizations should ask:  What to do in the event of a security breach?
58. List 4 security issues that a company

must address.
9.3.2 59. ______is as important as data security. Physical Security
60. List 3 methods of physically protecting  Keep telecommunication rooms locked.

computer equipment  Fit equipment with security screws.
 Use security cages around equipment.
9.3.3 61. The value of physical equipment is often Value of the data it contains
far less than the
62. Losses may result in

Lack of confidence
63. All computers should be. Locked with a password
64. Two levels of password protection are BIOS and Login
recommended:
65. List Password rules:  Passwords should expire after a specific period of
time.
 Passwords should contain a mixture of letters and
numbers so that they cannot easily be broken.
 Password standards should prevent users from writing
down passwords and exposing them to public view.
 Rules about password expiration and lockout should
be defined. Lockout rules apply when an unsuccessful
attempt has been made to access the system or when
a specific change has been detected in the system
configuration.
66. Encrypting data uses Codes and ciphers

67. Virtual Private Network (VPN) uses Encryption
_____ to protect data.
68. Every communication using TCP/IP is Port number
associated with a
69. __________ procedures should be Data Backup
included in a security plan.
70. 3 considerations for backup include: Frequency of Backup
Storage of Backup
Security of Backup
71. All file systems keep track of resources, Journals
but only file systems with ______ can log
access by user, date, and time.
9.3.4 72. Since traffic flows through radio waves Monitor and attack data
in wireless networks, it is easy for attackers to
73. A technician needs to know how to To know how to configure access points and wireless
NICs to an appropriate level of security
74. An attacker can access data as it travels Wireless encryption

over the radio signal. A ________ system can
be used to prevent unwanted capture and use
of data by encoding the information that is
sent.
75. Wired Equivalent Privacy (WEP) – the First generation security standard for wireless
76. Wi-Fi Protected Access (WPA) – an Improved version of WEP
77. Lightweight Extensible Authentication A wireless security protocol created by Cisco to address
Protocol (LEAP), also called EAP-Cisco the weaknesses in WEP and WPA
78. Wireless Transport Layer Security Security layer used in mobile devices
(WTLS) is a
9.4 79. __________is a constantly changing Security Strategies
process and technology
80. Software manufacturers have to regularly New Patches
create and issue
9.4.1 81. Threats to security from ______and Viruses and Worms
______ are always present.
82. Virus, spyware, and adware detection Patterns in programming code
programs look for
83. Code patterns are called Signatures
84. To avoid creating too much traffic at a Mirror Sites
single website, some manufacturers distribute
their signature files for download to multiple
download sites. These download sites are
called__________.
9.4.2 85. From time to time, manufacturers Service Pack
combine patches and upgrades into a
comprehensive update application called a
86. If you use the Automatic setting you can 3 a.m.
schedule the time and day. Otherwise, new
updates are installed at _______ by default.
9.5 87. The troubleshooting process is used to Resolve security issues.
help
88. List the troubleshooting steps. Identify Problem
Establish a Theory
Determine Cause
Implement Solution
Verify Solution
Document Finding
9.5.1 89. List 3 open ended questions When did problem start?
What Problems are you experiencing?
Who else has used your computer recently?
90. List 3 closed ended questions Is your security software up to date?
Did you open any suspicious
91. List 3 things to verify obvious issues.
92. List 3 quick try solutions.
9.6 93. Security protects


Curriculum Section

Uploaded by

Copyright:

Available Formats

You might also like

Curriculum Section

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Curriculum Section

Uploaded by

Copyright:

Available Formats

IT Essentials Module 9 Fundamentals of Security Study Guide

Curricu Question Answer

11. Internal Threats include: Malicious threats by employees, or accidents caused by

26. Virus protection software, known Anti-Virus Software

31. Adware is a software program that Displays adverstising

40. When used as an attack method, spam Harmful websites

9.2.6 43. A _______is a person who is able to gain Social Engineer

9.2.7 Define these common attacks:

58. List 4 security issues that a company

60. List 3 methods of physically protecting  Keep telecommunication rooms locked.

62. Losses may result in

66. Encrypting data uses Codes and ciphers

74. An attacker can access data as it travels Wireless encryption

91. List 3 things to verify obvious issues.

92. List 3 quick try solutions.

9.6 93. Security protects

You might also like