Information Technology /Cyber-Security: Computer Fraud and Abuse
Cyber-Security: Computer Fraud and Abuse
This deck covers key concepts, laws, and certifications related to computer fraud and abuse, including definitions, legal frameworks, and security testing methodologies.
Which federal law amended Chapter 119 of Title 18, U.S. Code?
U.S. PATRIOT Act, Sec. 217: Interception of Computer Trespasser Communications
Tap or swipe ↕ to flip
Swipe ←→Navigate
SSpeak
FFocus
1/30
Key Terms
Term
Definition
Which federal law amended Chapter 119 of Title 18, U.S. Code?
U.S. PATRIOT Act, Sec. 217: Interception of Computer Trespasser Communications
To determine whether scanning is illegal in your area, you should do which of the following?
Refer to State Laws
The U.S. Department of Justice defines a hacker as which of the following?
A person who accesses a computer or network without the owner’s permission
What professional level security certification requires five years of experience and is designed to focus an applicant’s security-related managerial skills?
Certified Information Systems Security Professional
What specific term does the U.S Department of Justice use to label all illegal access to a computer or network systems?
Hacking
A written contract isn’t necessary when a friend recommends a client. True or False?
False
Related Flashcard Decks
Study Tips
- Press F to enter focus mode for distraction-free studying
- Review cards regularly to improve retention
- Try to recall the answer before flipping the card
- Share this deck with friends to study together
| Term | Definition |
|---|---|
Which federal law amended Chapter 119 of Title 18, U.S. Code? | U.S. PATRIOT Act, Sec. 217: Interception of Computer Trespasser Communications |
To determine whether scanning is illegal in your area, you should do which of the following? | Refer to State Laws |
The U.S. Department of Justice defines a hacker as which of the following? | A person who accesses a computer or network without the owner’s permission |
What professional level security certification requires five years of experience and is designed to focus an applicant’s security-related managerial skills? | Certified Information Systems Security Professional |
What specific term does the U.S Department of Justice use to label all illegal access to a computer or network systems? | Hacking |
A written contract isn’t necessary when a friend recommends a client. True or False? | False |
What term best describes a person who hacks computer systems for political or social reasons? | Hacktivist |
What is OSCP? | Offensive Security Certified Professional |
What organization disseminates research documents on the computer and network security worldwide at no cost? | SANS |
Which federal law prohibits intercepting any communication, regardless of how it was transmitted? | Electronic Communication Privacy Act |
If you work for a company as a security professional, you will most likely be placed on a special team that will conduct penetration tests. What is the standard name for a team made up of security professionals? | Red Team |
What policy, provided by a typical ISP, should be read and understood before performing any port scanning outside of your private network? | Acceptable Use Policy |
Which organization issues the Top 25 list of software errors? | SANS institute |
What security certification did the “The International Council of Electronic Commerce Consultants” (EC-Council) develop? | Certified Ethical Hacker (CEH) |
Many experienced penetration testers will write a set of instructions that run in sequence to perform tasks on a computer system. What type of resource are these penetration testers utilizing? | Scripts |
What penetration model should be used when a company’s management team does not wish to disclose that penetration testing is being conducted? | Black Box |
As a security tester, you can make a network impenetrable | False |
What portion of your ISP contract might affect your ability to conduct a penetration test over the Internet? | Acceptable use policy |
Which federal law prohibits unauthorized access of classified information? | Computer Fraud and Abuse Act, Title 18 |
How can you find out which computer crime laws are applicable in your state? | Contact your local law enforcement agencies |
If you run a program in New York City that uses network resources to the extent that a user is denied access to them, what type of law have you violated? | Federal |
What organization designates a person as a CISSP? | ISC2 |
What penetration model should a company use if they only want to allow the penetration testers partial or incomplete information regarding their network system? | Gray Box |
What type of testing procedure involves the testers analyzing the company’s security policy and procedures, and reporting any vulnerabilities to management? | Security Test |
Penetration testing can create ethical, technical, and privacy concerns for a company's management team. What can a security consultant do to ensure the client fully understands the scope of testing that will be performed? | Create a contractual agreement |
A security tester should have which of the following attributes? | Good verbal and written communcation skills |
A penetration tester is which of the following? | A security professional who's hired to break into a network to discover vulnerabilities |
What professional security certification requires applicants to demonstrate hands-on abilities to earn their certificate? | Offensive Security Certified Professional |
What penetration model would likely provide a network diagram showing all the company's router, switches, firewalls, and intrusion detection systems, or give the tester a floor plan detailing the location of computer systems and the OSs running on these systems? | White Box |
What common term is used by security testing professionals to describe vulnerabilities in a network? | Holes |