University of Michigan | ITS | Safe Computing

banner_blue

Protect Your Computer
and Data

Report an IT Security
Incident

Services

Sensitive Data Guide

Digital Copyright
Compliance

Home

Computer Security 101

Computer Security 101 Final Exam Answers

Question 1

'Phishing' is:

A		Something to do with the jam band Phish.
B		A fancy book-learnin’ way to spell "fishing," a recreational sport that requires a fishing pole, bait and a body of water.
C		A fraudulent e-mail designed to trick you into sharing personal information.
D		A spyware attack.

'Phishing' is the term for e-mails sent by spammers who are trying to trick readers into clicking on links and/or giving them personal information. These e-mails often look and sound like they are coming from official agencies. On safecomputing.umich.edu, under 'Latest Alerts', you can view the latest phishing attempts. This is an excellent tool to use to compare against fishy e-mails you receive.

Question 2

How can I distinguish a phishing e-mail from a legitimate request? Choose one:

A		Phishing e-mails often have misspellings.
B		Phishing e-mails typically ask you to respond with private information, like your user name, password, birthday or social security number.
C		There is an urgent tone to the message, often asking the reader to respond quickly.
D		All of the above.

This is correct! A legitimate organization will never ask for private personal information in this manner. Scam artists use social engineering techniques to trick users into opening an attachment that installs malware, or to misdirect users to malicious web sites. Others will pose as legitimate businesses or services you may use (ex. eBay™, PayPal™, your bank), asking for private personal information.

If you are unsure, it is always best to check safecomputing.umich.edu and compare the validity of the email you received against reported phishing attempts. If you know it is fraudulent, delete it.

Question 3

I received an email with this link:

www.umich.edu

Should I trust it to take me to the U-M web site?

A		Yes
B		No

You can check the destination of a hyperlink by positioning your mouse over the link and checking the status bar at the bottom of the page. Better yet, don't trust the link at all, and type the URL into the location field yourself!

Make this a habit in order to avoid being directed to a malicious or fraudulent webpage.

Question 4

After receiving the following e-mail, what should I do?

From: U-M ITCS Webmail [mailto:webmaster@umich.edu]
Sent: Thursday, October 29, 2009 10:57 PM
Subject: Information Technology Central Services - Account Upgrade Notification :

This is to inform you that your email address is about to be closed.

click on the link below in order to upgrade your webmail service so as to avoid your account from being suspended :
www.itcs.umich.edu
ITCS logo

A		Click on the link and follow the instructions.
B		Report it to abuse@umich.edu and delete it.
C		Reply to the e-mail to ask, "Is this for real"?
D		Forward it to everyone in your address book, asking if they got the e-mail too.

This is an example of a real phishing e-mail that targeted U-M students. The link went to an exact copy of the U-M login screen where passwords were harvested.

Phishing e-mails are getting more sophisticated, and sometimes forge umich.edu addresses in the From field.

Any e-mail which asks you to "upgrade" or "verify" your account should be viewed with suspicion. Visit safecomputing.umich.edu for known examples of recent phishing e-mails or call 764-HELP if you have questions.

Question 5

College students are at risk for identity theft because:

A		Students are a blank slate, with little or no established credit history.
B		Students often post personal information like birthdays and addresses on social networking sites.
C		Students receive many credit card offers in the mail, which can be pulled from the trash and filled out by someone else.
D		All of the above.

Even if you don't have much money to steal, someone just a few years out of high school has an identity that can be stolen and used to obtain new lines of credit. Be careful about what you post on social networking sites: don't post a lot of specific information (high school attended and year of graduation; complete birth date; home address). Another good habit to practice is shredding credit card offers if your name is pre-printed on the application.

Question 6

A good password:

A		Is a long string of numbers, punctuation and upper- and lower-case letters.
B		Is short, simple, and easy to remember, like your middle name.
C		Is the same for every single account you have so you don’t have to remember too many.
D		Is so funny that you tell your best friend so she can appreciate how clever you are.

That is correct: a long string of numbers, punctuation and upper- and lower-case letters. It takes just under two minutes to crack a five-character password with lower-case letters only. To crack a 10-character password with mixed-case letters takes 45.8 millennia.

Figures are taken from the University of Wyoming Information Technology, http://uwadmnweb.uwyo.edu/InfoTech/security/passwords.htm.

Follow these guidelines for creating a secure UMICH password:

Use 9 or more characters.
Do NOT use plain dictionary words.
Include at least 3 of the following:

Lowercase letters
Uppercase letters
Numerals
Punctuation (do not create a space with the space bar as the first or last character)

TIP: Make a strong and memorable password by using the first letter of the words in a phrase, in combination with the other stated criteria. For example, "Four score and seven years ago our fathers brought forth" becomes "4S&7yaofb4th"

Question 7

Using peer-to-peer file-sharing software could put my computer's security at risk because:

A		I may be allowing my computer to act as an illegal file-sharing server without my knowledge.
B		The stuff that I download could disguise a program designed to hijack my system.
C		I could accidentally expose sensitive information stored on my computer, like my bank records, photos, or tax documents.
D		All of the above.

Even if you think you are taking measures to do the right thing, you might still be at risk.

Peer-to-peer file-sharing is a common method to distribute malware. Your anti-virus software won't always protect you.

Sometimes scam artists will, for a fee, provide access to a library of music, while using your computer as a file-sharing server to unlawfully share music with others.

Also, even if you’ve set your file-sharing software to download only, some programs automatically reset themselves every time you reboot.

To be safe, get rid of your P2P software and only get your media from fully licensed web sites like iTunes™ or Real Rhapsody™, or directly from the artist's web page. Visit safecomputing.umich.edu/copyright to learn more about what UM is doing to educate students on P2P file sharing.

Question 8

The Residence Halls Computing Program (ResComp) offers the following services to all residents of University Housing, Northwood Community Apartments, and the Lawyers Club:

A		Free virus, adware and spyware scanning for all laptops.
B		Free pizza on Sundays.
C		Free laundry services during exam week.
D		Free online dating services.

This is correct! For more information on the services ResComp offers, visit http://rescomp.housing.umich.edu/tech.help/cvc#services. There you can learn more about the Center for Vulnerability Control (CVC), a service center in South Quad where residents can take their computers throughout the academic year for help with computer security issues.

Question 9

A firewall is a program designed to:

A		Help shield your computer from remote intruders and unwanted data.
B		Boost file download speeds.
C		Keep your ex from finding you online.
D		Protect your laptop in case of a fire.

The purpose of installing a firewall on your computer is to protect you from threats, such as viruses, worms, and hacking. These threats are prevalent on the internet. If you disable your firewall for even just a short time, your computer is immediately vulnerable.

Most modern operating systems, including Macintosh™ and Windows™, include a basic firewall. Make sure yours is turned on!

Question 10

I should enable automatic security updates on my computer, in order to:

A		Improve the results of my research projects.
B		Make programs easier to use.
C		Correct flaws and resolve vulnerabilities in installed programs.
D		Boost vendors' profits.

While there are many things that can be done to improve the security of home computers and networks, most security experts agree that regardless of the operating system you use (Macintosh™, Windows™ or Linux), keeping software up-to-date is fundamental. Learn how to enable automatic updates on your Windows™ computer by visiting http://safecomputing.umich.edu/tools/SS-3SecEssentialsPC.html

It is also important to keep your application software up to date.

Question 11

I can control my privacy on Facebook™ by:

A		Creating lists of friends to restrict who sees what.
B		Previewing tagged photos of me before the rest of your friends see them.
C		Removing myself from Facebook™ search results.
D		All of the above

This is correct! There are a number of privacy settings that you can use on Facebook™ to control who can see your information. Visit http://www.safecomputing.umich.edu/students.php to learn more.

By the way, please don't use the same password for both U-M and Facebook™!

Question 12

A friend has sent me an attachment with an *.exe file and urged me to run it. She is not online right now so I can't check in with her. What should I do?

A		Trust my friend and click the attachment.
B		Trust my firewall and anti-virus software to block the file if it's malicious.
C		Save the attachment on a thumb drive so you can open it on your roommate's computer instead of yours.
D		Delete it, or wait until you can ask her what it is and if she really sent it.

Executable e-mail attachments are suspicious.

Executable files include codes to instruct your computer to perform a task, which could turn out to be something you really don’t want to happen. Like turn your computer into a hacker's credit card number and password-stealing robot.

You should never run an .exe file (or executable file) you receive in an e-mail, even if it appears to come from someone you know.

The From field of an e-mail is easily forged. Or your friend's e-mail account may have been hijacked.

Question 13

I am searching the Internet with my PC, and a flashing window with a message that I have been infected with spyware pops up in my browser. What should I do?

A		Assume that it’s a message from the anti-virus software that came with the computer, and click on it for further instruction.
B		Clean the laptop thoroughly with alcohol-based cleaning wipes.
C		Stay calm and close out of the browser.
D		Click on the pop-up where it says "Cancel."

This is correct! There may be more than one way to do this, under different operating systems.

For Windows™, right-click the title bar of your browser window and select "Close".

On a Mac™, press Command-W to close the active window.

To be safe, run an anti-virus scan afterwards.