Security Policies and Implementation Issues
Password Vulnerabilities
Introduction to Computer Security
Computer Threat Landscape
Security Hodgepodge
200

This practice involves ensuring that the actions of individual information system users can be uniquely tied to those individuals for accountability purposes.

What is Audit and Accountability?

200

This type of attack involves a hacker trying combinations from a pre-arranged list of values, often derived from words in a dictionary, against encrypted passwords.

What is an Offline Dictionary Attack?

200

This type of attack tries to learn or use information from a system without affecting its resources.

What is a Passive attack?

200

This term is used to describe a network of compromised computers used to perform coordinated attacks.

What is a Botnet?

200

These types of attackers initiate threats from outside the perimeter, like from the internet.

What are "outsiders" or "external attackers"?

400

These are detailed plans or recommendations which aim to control how a system or organization offers security services to safeguard sensitive resources.

What are Security Policies?

400

This attack relies on trying passwords like "123456" or "password" because of their common usage.

What is a Popular Password Attack?

400

This type of attack comes from someone who already has system access but uses it in a non-approved manner.

What is an Inside attack?

400

This attack involves an attacker intercepting communication between two parties without detection.

What is a Man-in-the-Middle (MitM) attack?

400

This principle advocates giving users the minimal levels of access needed for their tasks.

What is the Principle of Least Privilege (PoLP)?

600

The action of establishing and enforcing security configuration settings for IT products used within organizational information systems falls under this category.

What is Configuration Management?

600

In this attack, the intruder takes advantage of a momentarily unattended machine that is logged into a network or service.

What is Workstation Hijacking?

600

A measure considering both the adverse impacts of a potential circumstance and its chance of happening.

What is Risk?

600

A clandestine method of bypassing normal authentication to gain unauthorized control of a system.

What is Privilege Escalation?

600

The act of ensuring that data sent or received has not been altered during transit.

What is Data Integrity?

800

These plans are made to ensure the availability of critical information resources and continuity of operations in emergency scenarios.

What is Contingency Planning?

800

If an attacker knows the username of an administrator, they might employ this type of attack to break into their account.

What is a Specific Account Attack?

800

This term describes any situation or event with the potential to harm organizational operations through an information system.

What is Threat?

800

This is the term for when software or an application runs code from an untrusted source without the user's knowledge.

What is Code Injection?

800

This entity, often hierarchical, in Public Key Infrastructure (PKI) verifies the authenticity of digital certificates.

What is a Certificate Authority (CA)?

1000

A system's vulnerability points, including open ports on servers, services inside a firewall, and employees susceptible to social engineering attacks, collectively form this concept.

What is an Attack Surface?

1000

Due to the convenience, many users fall into the trap of password reuse, opening them up to this type of exploit.

What is Exploiting Multiple Password Use?

1000

This term defines the action or intent by an individual or group to harm information systems or the data within.

What is an Attack?

1000

Describing the practice of digitally eavesdropping on network communications, it's a pervasive threat on unsecured Wi-Fi networks.

What is Sniffing or Packet Sniffing?

1000

This term describes the potential harm to a computer system's asset like corrupting, leaking, or making it unavailable.

What is Vulnerability?

M
e
n
u