Safe Computing
Home Students Faculty and Staff IT Security Community

CS101 Final Exam

1.
You receive an e-mail from a university provost and executive vice president about the potential legal problems that can arise with peer-to-peer (P2P) file-sharing technology. You should:
Educate yourself about the appropriate use of P2P technologies by visiting BAYU (Be Aware You're Uploading)
Call a lawyer. You're in big trouble.
Reply to the e-mail and rat out your roommate.
Buy a fresh new laptop.
That's not the best option. Try again!
This is correct! Even if you think you are taking measures to do the right thing, you might still be at risk-- some programs automatically reset themselves every time you reboot, even if you've set your file-sharing software to download only.

To be on the safe side, get rid of your P2P software and get your media only from fully licensed websites like iTunes™ or Real Rhapsody™, or directly from the artist's web page. Visit safecomputing.umich.edu/copyright to learn more about what U-M is doing to educate students on P2P file sharing.

 



2.
The university often contacts users with urgent e-mails written in broken English with typos stating that your web e-mail account is about to be suspended unless you click a link or e-mail your uniqname and password immediately.
True
False

Really? Try again.

Correct! Any e-mail which asks you to click a link or e-mail your password should be viewed with suspicion. Visit http://safecomputing.umich.edu/main/phishing_alerts/ for known examples of recent phishing e-mails, or call 764-HELP if you have questions.

 



3.
You receive an urgent message on Facebook™ from a friend. She is travelling overseas, her wallet was stolen, and she needs to borrow money fast. You:
Really? Try again.
Correct! They say there's a sucker born every minute. Don't be one of them. Scammers can do a lot of damage with just a little bit of information–a lot of which is available on Facebook™. Be careful about what you post on social networking sites: don't post a lot of specific information (high school attended and year of graduation; complete birth date; home address), or use the privacy settings so that just your friends can see it.

 



4.
Computer viruses–and other malicious programs–are spread:

As attachments to e-mails.
As downloads on malicious websites.
Directly over the Internet from one computer to another (a 'worm').
All of the above.
True, but keep reading.
An infected computer can send out tens of thousands of e-mails, each carrying the virus. Often it will use your e-mail address book to find new people to attack by pretending to be something they're not (a 'trojan'), for example, a file that looks like it contains a picture of a celebrity.

An infected computer can also scan the Internet looking for computers that are vulnerable to attack and send them a copy of the virus.
(Source: http://www.getsafeonline.org/)

 



5.
When browsing the Internet with your Windows™ computer, you should always:

Use an account with the least amount of privilege.
Wear protection.
Use the buddy system.
Turn on all the lights.
You could, but it won't protect you from picking up a computer virus.
To protect your Windows™ computer, it's good practice to set up an account with reduced rights for browsing the Internet. This limits the amount of damage that a virus picked up from the Internet can inflict on your computer. Under Win7/Vista, use the User Access Control feature, which will prompt you for your Admin password when you need to perform other tasks. Under XP, either right-click the application and select [Run As] and run as admin, or use the DropMyRights application from Microsoft.

 



6.
You receive a text message that isn't from anyone you know. You should:

Forward it to your best friend and ask what to do.
Delete it.
Respond because your friend may have given your number to that one person who was asking about you.
Google the phone number.
Tempting, but no.
Text messages can contain files that could corrupt your phone, which is particularly harmful if you have a smart phone. It's hard not to be curious about a text sent from an unfamiliar phone number, but do yourself a favor and don't respond, just delete.

 



7.
It's okay to use my UMICH password for other online accounts.

True
False
Try again
If you use your UMICH password for another online account and it's breached, then the attacker can use that password to access your U-M account. It really happens.

 



8.
Which is a good way to identify a "phishing" message?

In the body of the message, the letter "f" is always replaced by a "ph."
The messages offer helpful hints about keeping an aquarium.
The messages always ask for private information, like a password or account number, or include a link to click on.
They're usually from someone looking for a "hook-up."
Are you kidding?
The university will NEVER ask for private information, like a password or account number, in an e-mail.

 



9.
A pop-up appears in the corner of your screen with the message that your computer has been compromised and you should run your anti-virus program immediately. You should:
Click on it, duh.
Click on it, and then pay for the upgraded AV package. It's only $40 after all.
Click on it, change your mind, and then try to close it by continuing to click.
Open Task Manager and select End Task to close your browser.
Think again.
This is correct! Even though they may look legit, those pop-up windows are just cleverly disguised malware. The very best way to handle this situation is to back out of the browser without clicking anywhere–even clicking the small x in the upper right corner of the window that typically closes it could trigger an infection. To close out of your browser:
  • For Windows™, right-click the title bar of your browser window and select "Close."
  • On a Mac™, press Command-W to close the active window.
  • To be safe, run an anti-virus scan afterwards.

 



10.
Reviewing your free credit report at annualcreditreport.com will help you:

Identify fraudulent information.
Protect your credit, even if you don't have much money.
Understand how to place a "fraud alert" on your report, making it more difficult for someone to get credit in your name if you are a victim of identity theft.
All of the above
True, but you can find a better reply!
Even if you don't have much money to steal, someone just a few years out of high school has a valuable identity that can be stolen and used to obtain new lines of credit. By reviewing your report annually, you can protect yourself by acting quickly if something is amiss. Another good habit to practice is shredding credit card offers if your name is pre-printed on the application.

 



11.
You can protect your smart phone by:

Disguising it as a Walkman.
Setting a PIN code to lock it.
Spraying it with water repellant.
Connecting it to your pants with a wallet chain.
Really? Try again.
Smart phones are rapidly becoming the preferred way to access the web. They are also vulnerable to the same kinds of security threats such as malicious e-mail attachments and a lot easier to lose than a laptop. So treat your smart phone the same way you would a laptop: set a PIN code to lock the screen in case you lose it, and install security apps to provide protection against malware.

 



12.
To protect your identity online, you should:

Use the privacy settings on Facebook™.
Choose passwords with at LEAST nine characters (numbers, mixed-case letters, and punctuation), and use a different password for every website you visit.
Never give out your social security number or passwords to anyone.
All of the above.
True, but that's not the best answer!
This is correct! There are a number of privacy settings that you can use on Facebook™ to control who can see your information. When you're logged into Facebook™, check under Account > Privacy Settings > Controlling How You Share to learn more.

Also, complex passwords take much longer to crack than simple ones–in some cases, millennia. The university recommends using at LEAST nine characters, with numbers, mixed-case letters and punctuation thrown in. And whatever you do, please don't use your UMICH password for any other website!