Vous êtes sur la page 1sur 8

Security + Computer System Security

Name: Shaamim Ahmed

DCOM 258 E31

Chapter 02
I.

Define the following, list the source and/or page # of the definition: (20 points)
I.

Malware:
Answer: Malicious software: Known as malware, this includes
computer viruses, worms, Trojan horses, spyware, rootkits, adware, and
other types of unwanted software. Everyone has heard of a scenario in
which a users computer was compromised to some extent due to
malicious software.
Source: Prowse, David L. CompTIA Security+ SY0-401 Approved Cert Guide,
Academic Edition, Page No. 5

II.

Adware:
Answer: Adware is a form of software that downloads or displays unwanted ads when a
user is online, collects marketing data and other information without the user's knowledge
or redirects search requests to certain advertising websites. Adware that does not notify
the user and attains his or her consent is regarded as malicious.
Source:
center/threats/adware#.Vz9lIpErLIU

III.

https://usa.kaspersky.com/internet-security-

Grayware:
Answer: Grayware is another general term that describes applications that are behaving
improp- erly but without serious consequences. It is associated with spyware, adware,
and joke programs.
Source: Prowse, David L. CompTIA Security+ SY0-401 Approved Cert Guide,
Academic Edition, Page No. 15

IV.
Threat vector:
Answer: Threat vector, the method a threat uses to gain access to a target computer.
Source: Prowse, David L. CompTIA Security+ SY0-401 Approved Cert Guide,
Academic Edition, Page No. 477

V.
Attack vector:
Answer: "attack vector means by which an attacker gains access to a computer.
Source: Prowse, David L. CompTIA Security+ SY0-401 Approved Cert Guide,
Academic Edition, Page No. 463

VI.

Typosquatting:
Answer: Typosquatting also known as URL hijacking, a method used by attackers that
takes advantage of user typos when accessing websites. Instead of the expected website,
the user ends up at a website with a similar name but often malicious content.
Source: Prowse, David L. CompTIA Security+ SY0-401 Approved Cert Guide,
Academic Edition, Page No. 478

Security + Computer System Security


Name: Shaamim Ahmed
VII.

DCOM 258 E31

Botnet:
Answer: A group of compromised computers used to distribute malware across the
Internet; the members are usually zombies.
Source: Prowse, David L. CompTIA Security+ SY0-401 Approved Cert Guide,
Academic Edition, Page No. 464

VIII.

Zombie:
Answer: A zombie is an individual compromised computer connected to the Internet. The
owner is unaware that the computer has been installed with malware. The zombie can be
updated and controlled remotely from a master computer at a control center. This master
computer controls the entire botnet or group of compromised computers. A virus is code
that runs on a computer without the users knowledge, infecting files. A worm is similar
to a virus but has the capability to self-replicate to other systems. Spam is unwanted, or
unsolicited, e-mail.
Source: Prowse, David L. CompTIA Security+ SY0-401 Approved Cert Guide,
Academic Edition, Page No. C-4

IX.

Program virus:
Answer: A program virus becomes active when the program file (usually with extensions
.BIN, .COM, .EXE, .OVL, .DRV) carrying the virus is opened. Once active, the virus will
make copies of itself and will infect other programs on the computer.
Source: http://vidarbhastudents.com/note/computer-virus/

X.
Active Interception:
Answer: Active interception normally includes a computer placed between the sender
and the receiver to capture information
Source: Prowse, David L. CompTIA Security+ SY0-401 Approved Cert Guide,
Academic Edition, Page No. A-2

XI.

Privilege escalation:
Answer: Signature-based: "Privilege escalation is the act of exploiting a bug or design
flaw in a software or firmware application to gain access to resources that normally
wouldve been protected from an application or user. This results in a user gaining
additional privileges, more than were originally intended by the developer of the
application; for example, if a regular user gains administrative control, or if a particular
user can read another users e-mail without authorization."
Source: Prowse, David L. CompTIA Security+ SY0-401 Approved Cert Guide,
Academic Edition, Page No. 19

XII.

Backdoors:
Answer: Backdoors are used by programmers and hackers to gain access to software,
operating systems, and devices without having to provide proper authentication. One
example, Back Orifice, uses backdoors to enable the remote control of Windows
computers.
Source: Prowse, David L. CompTIA Security+ SY0-401 Approved Cert Guide,
Academic Edition, Page No. C-2

XIII.

Logic bomb:

Security + Computer System Security


Name: Shaamim Ahmed

DCOM 258 E31

Answer: logic bomb is a Code that has, in some way, been inserted into software; it is
meant to initiate some type of malicious function when specific criteria are met.
Source: Prowse, David L. CompTIA Security+ SY0-401 Approved Cert Guide,
Academic Edition, Page No. 470

XIV.
Statistical Anomaly:
Answer: It establishes a performance baseline based on normal network traffic evaluations, and then compares current network traffic activity with the baseline to detect
whether it is within baseline parameters. If the sampled traffic is outside baseline
parameters, an alarm is triggered and sent to the administrator.
Source: Prowse, David L. CompTIA Security+ SY0-401 Approved Cert Guide,
Academic Edition, Page No. 30

XV.
Time bomb:
Answer: Time bomb is a Trojan set off on a certain date.
Source: Prowse, David L. CompTIA Security+ SY0-401 Approved Cert Guide,
Academic Edition, Page No. 477

XVI.

Polymorphic virus:
Answer: A polymorphic virus is a complicated computer virus that affects data types and
functions. It is a self-encrypted virus designed to avoid detection by a scanner. Upon
infection, the polymorphic virus duplicates itself by creating usable, albeit slightly
modified, copies of itself.
Source: https://www.techopedia.com/definition/4055/polymorphic-virus
Page A-3
Source: Prowse, David L. CompTIA Security+ SY0-401 Approved Cert Guide,
Academic Edition, Page No. A-3

XVII.

Easter egg:
Answer: A platonic extra added to an OS or application as a sort of joke; the harmless
cousin of the logic bomb.
Source: Prowse, David L. CompTIA Security+ SY0-401 Approved Cert Guide,
Academic Edition, Page No. 466

XVIII.

Open mail relay:


Answer: open mail relay
Also known as an SMTP open relay, enables anyone on the
Internet to send e-mail through an SMTP server.
Source: Prowse, David L. CompTIA Security+ SY0-401 Approved Cert Guide,
Academic Edition, Page No. 472

XIX.

Host-based intrusion detection system (HIDS):


Answer: Host-based intrusion detection systems (HIDSs) run within the operating
system of a computer. Because of this, they can slow a computers performance. Most
HIDS do not detect network attacks well (if at all). However, a HIDS can detect operating
system attacks and will usually have a high level of detection for those attacks.
Source: Prowse, David L. CompTIA Security+ SY0-401 Approved Cert Guide,
Academic Edition, Page No. A-2

XX.

Personal firewall:

Security + Computer System Security


Name: Shaamim Ahmed

DCOM 258 E31

Answer: A personal firewall is an application which controls network traffic to and from
a computer, permitting or denying communications based on a security policy. Typically
it works as an application layer firewall.
Source: https://en.wikipedia.org/wiki/Personal_firewall

XXI.

Pop-up blocker:
Answer: Pop-up blockers are associated with web browsers. They are used to block
unwanted advertisements common to many websites. Personal firewalls are software
installed to an operating system to protect it from the Internet and from other networked
computers. Anti- spyware programs are installed to prevent the installation of spyware.
Spyware is software that tracks what a person is doing on the Internet. Service packs are
collections of patches installed at one time to an operating system.
Source: Prowse, David L. CompTIA Security+ SY0-401 Approved Cert Guide,
Academic Edition, Page No. C-4

XXII.

Ad filtering:
Answer: Ad filtering, the ways of blocking and filtering out unwanted advertisements;
pop-up blockers and content filters are considered to be ad filtering methods.
Source: Prowse, David L. CompTIA Security+ SY0-401 Approved Cert Guide,
Academic Edition, Page No. 462

XXIII.

Boot sector virus:


Answer: "Boot sector, initially loads into the first sector of the hard drive; when the
computer boots, the virus then loads into memory"
Source: Prowse, David L. CompTIA Security+ SY0-401 Approved Cert Guide,
Academic Edition, Page No. 14

XXIV.
Content filters:
Answer: Content Filter also known as information filtering) is the use of a program to
screen and exclude from access or availability Web pages or e-mail that is deemed
objectionable.
Source: www.searchsecurity.techtarget.com/definition/content-filtering

XXV.
Hardware security module:
Answer: Hardware security modules (HSMs) and USB encryption require addi- tional
hardware. A host-based intrusion detection system requires either additional software or
hardware.
Source: Prowse, David L. CompTIA Security+ SY0-401 Approved Cert Guide,
Academic Edition, Page No. A-4

XXVI.

Trusted platform module:


Answer: Trusted platform module (TPM)A chip residing on the motherboard that
actually stores the encrypted keys.
Source: Prowse, David L. CompTIA Security+ SY0-401 Approved Cert Guide,
Academic Edition, Page No. 36

XXVII.

Bluejacking:

Security + Computer System Security


Name: Shaamim Ahmed

DCOM 258 E31

Answer: Bluejacking is the sending of unsolicited messages to Bluetooth-enabled


devices such as mobile phones. Bluejacking can be stopped by setting the affected
Bluetooth device to undiscoverable or by turning off Bluetooth altogether."
Source: Prowse, David L. CompTIA Security+ SY0-401 Approved Cert Guide,
Academic Edition, Page No. 39

XXVIII.

Stealth virus:
Answer: Stealth viruses attempt to avoid detection by antivirus software altogether.
Source: Prowse, David L. CompTIA Security+ SY0-401 Approved Cert Guide,
Academic Edition, Page No. A-3

XXIX.

Bluesnarfing:
Answer: Bluesnarfing is the unauthorized access of information from a wireless device
through a Bluetooth connection. Generally, bluesnarfing is the theft of data (calendar
information, phonebook contacts, and so on).
Source: Prowse, David L. CompTIA Security+ SY0-401 Approved Cert Guide,
Academic Edition, Page No. 39

XXX.

Application white-listing:
Answer: Application white-listing
applications.

method

of

restricting

users

to

specific

Source: Prowse, David L. CompTIA Security+ SY0-401 Approved Cert Guide,


Academic Edition, Page No. 463

XXXI.

Storage segmentation:
Answer: Storage segmentation is a clear separation of organizational and personal
information, applications, and other content.
Source: Prowse, David L. CompTIA Security+ SY0-401 Approved Cert Guide,
Academic Edition, Page No. 476

XXXII.

Armored Virus:
Answer: Armored virus attempts to make disassembly difficult for an antivirus software
pro- gram. It thwarts attempts at code examination. Stealth viruses attempt to avoid
detection by antivirus software altogether. Polymorphic viruses change every time they
run. Worms are not viruses.
Source: Prowse, David L. CompTIA Security+ SY0-401 Approved Cert Guide,
Academic Edition, Page No. A-3

Security + Computer System Security


Name: Shaamim Ahmed

XXXIII.

DCOM 258 E31

Mobile device management (MDM):


Answer: Mobile Device Management or MDM, a system that enables a security
administrator to configure, update, and secure multiple mobile devices from a central
location."
Source: Prowse, David L. CompTIA Security+ SY0-401 Approved Cert Guide,
Academic Edition, Page No. A-4

XXXIV.
System failures:
Answer: System failure means computer crashes or individual application failure. This
can happen due to several reasons, including user error, malicious activity, or hardware
failure.
Source: Prowse, David L. CompTIA Security+ SY0-401 Approved Cert Guide,
Academic Edition, Page No. 5

XXXV.
Social engineering:
Answer: Social engineering, the act of manipulating users into revealing confidential
information or performing other actions detrimental to the user. Almost everyone gets emails nowadays from unknown entities making false claims or asking for personal
information (or money!); this is one example of social engineering.
Source: Prowse, David L. CompTIA Security+ SY0-401 Approved Cert Guide,
Academic Edition, Page No. 5

XXXVI.

Virus:
Answer: Virus, a kind code that runs on a computer without the users knowledge; it
infects the computer when the code is accessed and executed.
Source: Prowse, David L. CompTIA Security+ SY0-401 Approved Cert Guide,
Academic Edition, Page No. 17

XXXVII.

Worm:
Answer: A worm is much like a virus except that it self-replicates, whereas a virus does
not. Worms take advantage of security holes in operating systems and applications
(including backdoors, which we discuss later). They look for other systems on the
network or through the Internet that are running the same applications and replicate to
those other systems.
Source: Prowse, David L. CompTIA Security+ SY0-401 Approved Cert Guide,
Academic Edition, Page No. 14

XXXVIII.

Trojan horse:
Answer: A Trojan horse disguises itself as a legitimate program but conducts malicious
activity behind the scenes. Logic bombs are code designed to set off at a particular time.
They may set off viruses or worms that can cause additional damage to the system. The
only one of the answers that actually disguises itself is a Trojan horse.
Source: Prowse, David L. CompTIA Security+ SY0-401 Approved Cert Guide,
Academic Edition, Page No. C-17

XXXIX.

False positive:

Security + Computer System Security


Name: Shaamim Ahmed

DCOM 258 E31

Answer: False positive is a system authenticates a user who should not


be allowed access to the systemfor example, when an IDS/IPS blocks
legitimate traffic from passing on to the network.
Source: Prowse, David L. CompTIA Security+ SY0-401 Approved Cert Guide,
Academic Edition, Page No. 467

XL.

Ransomware:
Answer: Ransomware
is a type of malware that restricts access to a computer
system, and demands a ransom be paid.
Source: Prowse, David L. CompTIA Security+ SY0-401 Approved Cert Guide,
Academic Edition, Page No. 474

XLI.

Spyware:
Answer: Spyware is a type of malicious software either downloaded unwittingly from a
website or installed along with some other third-party software. Usually, this malware
collects information about the user without the users consent. Spyware could be as
simple as a piece of code that logs what websites you access, or go as far as a program
that records your keystrokes (known as keyloggers).
Source: Prowse, David L. CompTIA Security+ SY0-401 Approved Cert Guide,
Academic Edition, Page No. 15

XLII.

False negative:
Answer: False negative is a system denies a user who actually should be allowed access
to the system, for example, when an IDS/IPS fails to block an attack, thinking it is
legitimate traffic.
Source: Prowse, David L. CompTIA Security+ SY0-401 Approved Cert Guide,
Academic Edition, Page No. 467

XLIII.

Rootkits:
Answer: A rootkit is a type of software designed to gain administrator-level control over
a computer system without being detected. The term is a combination of the words root
(meaning the root user in a Unix/Linux system or administrator in a Windows system)
and kit (meaning software kit).
Source: Prowse, David L. CompTIA Security+ SY0-401 Approved Cert Guide,
Academic Edition, Page No. 16

XLIV.
Multipartite virus:
Answer: Multipartite virus a kind of hybrid boot and program viruses that attacks the
boot sector or system files first and then attacks the other files on the system.
Source: Prowse, David L. CompTIA Security+ SY0-401 Approved Cert Guide,
Academic Edition, Page No. 14

Security + Computer System Security


Name: Shaamim Ahmed

DCOM 258 E31

XLV.
Spam:
Answer: Spam e-mail can be prevented in several ways. By closing open mail relays,
also known as SMTP relays, only properly authenticated users can use those e-mail
servers. A virus is code that runs on a computer without the users consent.
Source: Prowse, David L. CompTIA Security+ SY0-401 Approved Cert Guide,
Academic Edition, Page No. C-2

XLVI.

Network intrusion detection system (NIDS):


Answer: NIDS, or network intrusion detection system, cannot proactively detect
computer anomalies. It is deployed to the entire network and looks for a network
intrusion, not intrusions to individual computers. HIPS (host-based intrusion prevention
system), antivirus software, and personal software firewalls can all be loaded on an
individual computer and can be updated as well. These can proactively detect computer
anomalies.
Source: Prowse, David L. CompTIA Security+ SY0-401 Approved Cert Guide,
Academic Edition, Page No. C-7

XLVII.

Macro virus:
Answer: Macro virus usually placed in documents and e-mailed to users in the hopes that
the users will open the document, thus executing the virus.
Source: Prowse, David L. CompTIA Security+ SY0-401 Approved Cert Guide,
Academic Edition, Page No. 14