14.4.2 Module 14 Common Threats and Attacks Quiz
Which is an example of social engineering? A. An unidentified person claiming to be a technician collecting user information from employees. B. A computer displaying unauthorized pop-ups and adware. C. The infection of a computer by a virus carried by a Trojan. D. An anonymous programmer directing a DDoS attack on a data center.
A. An unidentified person claiming to be a technician collecting user information from employees.
Which access attack method involves a software program that attempts to discover a system password by the use of an electronic dictionary? A. Brute-force attack B. Packet sniffer attack C. IP spoofing attack D. DoS attack E. Port redirection attack F. Buffer overflow attack
A. Brute-force attack
What is the term used when a malicious party sends a fraudulent email disguised as being from a legitimate, trusted source? A. Phishing B. Backdoor C. Vishing D. Trojan
A. Phishing
When describing malware, what is a difference between a virus and a worm? A. A virus can be used to launch a DoS attack (but not a DDoS), but a worm can be used to launch both DoS and DDoS attacks. B. A virus replicates itself by attaching to another file, whereas a worm can replicate itself independently. C. A virus focuses on gaining privileged access to a device, whereas a worm does not. D. A virus can be used to deliver advertisements without user consent, whereas a worm cannot.
B. A virus replicates itself by attaching to another file, whereas a worm can replicate itself independently.
Which tool is used to provide a list of open ports on network devices? A. Whois B. Nmap C. Tracert D. Ping
B. Nmap
In what way are zombies used in security attacks? A. They are maliciously formed code segments used to replace legitimate applications. B. They are infected machines that carry out a DDoS attack. C. They probe a group of machines for open ports to learn which services are running. D. They target specific individuals to gain corporate or personal information.
B. They are infected machines that carry out a DDoS attack.
What is the purpose of a rootkit? A. To deliver advertisements without user consent. B. To gain privileged access to a device while concealing itself. C. To replicate itself independently of any other programs. D. To masquerade as a legitimate program.
B. To gain privileged access to a device while concealing itself.
What is the primary goal of a DoS attack? A. To scan the data on the target server. B. To prevent the target server from being able to handle additional requests. C. To obtain all addresses in the address book within the server. D. To facilitate access to external networks.
B. To prevent the target server from being able to handle additional requests.
What is the purpose of a reconnaissance attack on a computer network? A. To redirect data traffic so that it can be monitored. B. To steal data from the network servers. C. To gather information about the target network and system. D. To prevent users from accessing network resources.
C. To gather information about the target network and system.
What is a significant characteristic of virus malware? A. A virus can execute independently of the host system. B. Virus malware is only distributed over the Internet. C. Once installed on a host system, a virus will automatically propagate itself to other systems. D. A virus is triggered by an event on the host system.
D. A virus is triggered by an event on the host system.
To which category of security attacks does man-in-the-middle belong? A. Social engineering B. DoS C. Reconnaissance D. Access
D. Access
What is the best description of Trojan horse malware? A. it is malware that can only be distributed over the Internet. B. It is software that causes only be distributed over the Internet. C. It is the most easily detected form of malware. D. It appears as useful software but hides malicious code.
D. It appears as useful software but hides malicious code.
What is the main goal of using different evasion techniques by threat actors? A. To gain the trust of a corporate employee in an effort to obtain credentials. B. To identify vulnerabilities of target systems. C. To launch DDoS attacks on targets. D. To prevent detection by network and host defenses.
D. To prevent detection by network and host defenses.