banner_blue
Safe Computing
Home Students Faculty and Staff IT Security Community
Protect Your Computer
and Data
Report an IT Security
Incident
Services
Sensitive Data Guide
Digital Copyright
Compliance
Training
IT Security Events
F.A.Q.
About IIA
Help
left navigation bottom border

Home arrow Computer Security 101

Computer Security 101 Final Exam Answers

Question 1

'Phishing' is:

A

 

A fancy book-learnin’ way to spell “fishing,” a recreational sport that requires a fishing pole, bait and a body of water.

B

 

Something to do with the jam band Phish.

C

A fraudulent e-mail designed to trick you into sharing personal information.

D

 

A spyware attack.

'Phishing' is the term for e-mails sent by spammers who are trying to trick readers into clicking on links and/or giving them personal information. These e-mails often look and sound like they are coming from official agencies. On safecomputing.umich.edu, under 'Latest Alerts', you can view the latest phishing attempts. This is an excellent tool to use to compare against fishy e-mails you receive.

Question 2

After receiving the following e-mail, what should I do?

From: UMICH Email Support Team <updateaccount@umich.edu>
Reply-to: accountupdatesupport1@live.com
To: undisclosed-recipients: ;
Subject: Comfirm Your UMICH.EDU Email Account Immediately!!!
Attn: Subscriber(UMICH.EDU),
This mail is to inform all our UMICH.EDU users that we will be upgrading our site in a couple of days from now. So you as a Subscriber of our site you are required to send us your Email account details so as to enable us know if you are still making use of your mail box. Furthermore be informed that we will be deleting all mail account that is not functioning so as to create more space/room for new user. so you are to send us your original mail account details which are as follows:
User name:
Password:
Failure to do this will immediately render your email address/account deactivated from our database.
Thank you for using UMICH.EDU Email Account!
Yours In Service.
The UMICH.EDU Email Support Team Webmail Admin Service.

A  

Do what it asks and send my password, even though no legitimate organization will ever ask someone to do that.

B

 

Reply to the e-mail to ask "is this for real"?

C

 

Forward it to a friend, asking if they got the e-mail too.

D

Delete it.

The e-mail is fraudulent. Never, ever send your password, username or other private, personal information via e-mail.

Beware that the From field of an e-mail is easy to forge, and may not indicate where an e-mail really came from.

Also pay attention to Reply-to fields. Most e-mail programs, by default, will use the Reply-to field when you reply.

Scam artists use social engineering techniques to trick users into opening an attachment that installs malware, or to misdirect users to malicious web sites. Others will pose as legitimate businesses or services you may use (ex. eBay™, PayPal™, your bank), asking for private personal information. A legitimate organization will never ask for private personal information in this manner. If you are unsure, it is always best to check safecomputing.umich.edu and compare the validity of the email you received against reported phishing attempts. If you know it is fraudulent, delete it.

If you are unsure if an e-mail you receive is fraudulent, check the safecomputing.umich.edu website and compare the validity of the e-mail you received against reported phishing attempts.

Question 3

Should I trust this link to take me to the U-M web site?

www.umich.edu

A  

Yes

B

No

You can check the destination of a hyperlink by positioning your mouse over the link and checking the status bar at the bottom of the page. This is an important habit to get into. By doing so, you can save yourself and your computer from being directed to a malicious or fraudulent webpage.

Question 4

College students are at risk for identity theft because:

A  

Students are a blank slate, with little or no established credit history.

B

 

Students often post personal information like birthdays and addresses on social networking sites.

C

 

Students receive many credit card offers in the mail, which can be pulled from the trash and filled out by someone else.

D

All of the above.

Even if you don't have much money to steal, someone just a few years out of high school has an identity that can be stolen and used to obtain new lines of credit. Be careful about what you post on social networking sites: don't post a lot of specific information (high school attended & year of graduation; complete birth date; home address). Another good habit to practice is shredding credit card offers with your name pre-printed on the application.

Question 5

Which of the following is NOT a good practice when choosing a password:

A  

Use a long, unique sentence (passphrase), i.e. "I eat fried buckeyes for breakfast!"

B

Re-use the same password I've already used elsewhere.

C

 

Use a lengthy combination of upper and lower case letters, numbers, and symbols, ie "Unc@BunkaDink3DOC?"

D

 

Use a utility like Password Safe™ to randomly generate and manage your passwords.

A strong password is long, complex, and unique.

You should always use different passwords every time you need to create a password. Never ever use your UMICH password for any other accounts.

For information about Password Safe™ and other computer security topics please see http://www.safecomputing.umich.edu/tools/security_shorts.html

Question 6

It takes just under 2 minutes to crack a five-character password with lower case letters only (abc). How long would it take to crack versus a 10-letter password using both upper and lower case letters (AaBbCc)?*

*The table below is calculated by assuming 100,000 encryption operations per second. Figures are taken from the University of Wyoming Information Technology, http://uwadmnweb.uwyo.edu/InfoTech/security/passwords.htm.

A  

46 hours

B

 

46 months

C

 

46 years

D

46 millenia

This goes to show how effective a long string of complex characters can be when creating a password. It’s also really important to create new password for every account you have.
The best passwords are made up. Use the first letter of words in a phrase and include numbers and punctuation; for example, “Do you know the way to San Jose on US-12?” becomes “DyktwtSJoUS-12?” Passphrases are also very effective, such as MaryHad4LittleLamb. Create a nonsense phrase like “!bunca*dinckDOc?” (Of course, don't use any examples shown here!)

Question 7

Which of the following activities could I probably do safely without fear of a virus infection?

A  

Running a screensaver downloaded from the Internet without first checking it for viruses.

B

 

Double-clicking an e-mail attachment.

C

 

Allowing an e-mail program to download and display embedded content included in html e-mails.

D

None of the above.

Activities A, B and C all put you at risk of acquiring a virus. It is important to use good judgment when downloading from the Internet. In other words, do not download from untrustworthy sources. Additionally, it is important to make sure you keep all security patches up-to-date (patches are small packages of software designed to update or fix problems with a computer program or its supporting data) and to use a firewall.

Question 8

Where can I get help if I think my computer has a virus?

A  

Visit safecomputing.umich.edu/anitvirus for free anti-virus software and documentation.

B

 

Call the consultants at 764-HELP

C

 

Go to the U-M Computer Showcase, which offers virus removal services for a fee.

D

 

Visit the Center for Vulnerability Control (CVC), where students can get free guidance as they remove computer viruses from their own computers (University Housing residents only).

E

All of the above.

All of these resources are available to University of Michigan students.



The 764-HELP (764-4357) computer helpdesk is open between 8am-7pm Monday through Thursday, 8am-5pm Friday, and 1pm-5pm Sunday. The consultants can also be reached by email: online.consulting@umich.edu.

The Computer Showcase is located in the lower level of the Michigan Union. There is also a new location on the main concourse of Pierpont Commons. Call 647-SALES or visit http://showcase.itcs.umich.edu/ for more information.

The Centers for Vulnerability Control (CVC) are for Housing residents only, and are located on-campus within South Quad and Bursley. To learn more, including hours of operation, visit: http://rescomp.umich.edu/tech.help/cvc.

Question 9

How should I protect my laptop and data while traveling?

A  

Back up important files before leaving. Write down the serial number and store it in a safe place at home.

B

 

Keep the laptop in sight and use a laptop lock cord.

C

 

Use the encryption feature available on both Windows™ PCs and Macintosh™ computers to encrypt sensitive documents.

D

All of the above.

The number one and best way to keep your laptop, and the information on it, safe while travelling is to keep it on you at all times. To protect your data inside your computer in case it is lost or stolen, use the built-in encryption feature in your Mac or PC. For more information on encryption, visit http://safecomputing.umich.edu/tools/security_shorts.html.

Question 10

Using peer-to-peer file-sharing software could put my computer's security at risk because:

A  

Some p2p file-sharing could secretly install spyware or adware.

B

 

I may be allowing my computer to act as an illegal file-sharing server without my knowledge.

C

 

The stuff that you download could disguise a program designed to hijack my system.

D

All of the above

Even if you think you are taking measures to do the right thing, you might still be at risk. For example, scam artists will, for a fee, provide access to a library of music, while using your computer as a file-sharing server to unlawfully share music with others. Also, even if you’ve set your file-sharing software to download only, some programs automatically reset themselves every time you reboot. To be safe, get rid of your P2P software and only get your media from fully licensed web sites like iTunes or Real Rhapsody, or directly from the artist's web page. Visit safecomputing.umich.edu/copyright to learn more about what UM is doing to educate students on P2P file sharing.

Question 11

An easy and free way to protect my laptop from online threats is to:

A  

Enable my computer to automatically receive free software updates.

B

 

Use a host-based firewall.

C

 

Install anti-virus software.

D

All of the above.

Make sure you have the big four security tools in place:

  • Configure your system to automatically receive free software updates that keep your computer and operating system updated with the latest patches.
  • Anti-virus software will scan your system and kill viruses that could disable or destroy your operating system.
  • Anti-spyware software looks for evidence of malware that would allow others to watch your Internet activity or potentially even take over your system for their own use.
  • Firewalls protect your computer by creating a virtual barrier against hackers who can exploit security vulnerabilities to access your computer and steal your information or worse.

Easy directions for putting all these measures into place can be found at: http://www.safecomputing.umich.edu/tools/download/securityshorts_essentials_homepc.pdf

Question 12

Would you be interested in participating in a focus group on IT Security issues? (The answer to this question will not improve your chances of winning a prize in this quiz!)

A

Yes

B

 

No

Thank you!

Last modified January 17, 2013