1601 Quiz 11 Information Security Fundamentals

What file type is least likely to be impacted by a file infector virus?

.docx

What ISO security standard can help guide the creation of an organization's security policy?

27002

The function of homepage hijacking is to change a browser's homepage to point to the attacker's site.

True

The goal of a command injection is to execute commands on a host operating system.

True

The term "web defacement" refers to someone gaining unauthorized access to a web server and altering the index page of a site on the server.

True

Unlike viruses, worms do NOT require a host program in order to survive and replicate.

True

Brian would like to conduct a port scan against his systems to determine how they look from an attacker's viewpoint. What tool can he use for this purpose?

Nmap

Adam discovers a virus on his system that is using encryption to modify itself. The virus escapes detection by signature-based antivirus software. What type of virus has he discovered?

Polymorphic virus

What tool might be used by an attacker during the reconnaissance phase of an attack to glean information about domain registrations?

Whois

What type of malicious software allows an attacker to remotely control a compromised computer?

Remote Access Tool (RAT)

What is NOT a common motivation for attackers?

Revenge wrong

Gwen is investigating an attack. An intruder managed to take over the identity of a user who was legitimately logged into Gwen's company's website by manipulating Hypertext Transfer Protocol (HTTP) headers. Which type of attack likely took place?

Session hijacking

Which type of virus targets computer hardware and software startup functions?

System infector

A successful denial of service (DoS) attack may create so much network congestion that authorized users cannot access network resources.

True

ActiveX is used by developers to create active content.

True

ActiveX is used by developers to create active content.A computer virus is an executable program that attaches to, or infects, other executable programs.

True

An electronic mail bomb is a form of malicious macro attack that typically involves an email attachment that contains macros designed to inflict maximum damage.

True

Backdoor programs are typically more dangerous than computer viruses.

True

Because people inside an organization generally have more detailed knowledge of the IT infrastructure than outsiders do, they can place logic bombs more easily.

True

Defense in depth is the practice of layering defenses to increase overall security and provide more reaction time to respond to incidents.

True

Spyware does NOT use cookies.

False

The four primary types of malicious code attacks are unplanned attacks, planned attacks, direct attacks, and indirect attacks.

False

Trojans are self-contained programs designed to propagate from one host machine to another using the host's own network communications protocols.

False *it's worms*

A smurf attack tricks users into providing logon information on what appears to be a legitimate website but is in fact a website set up by an attacker to obtain this information.

False *phishing*