Chapter 3 Cyber security
what term describes an action that can damage or compromise an asset?
Threat
what type of attack involves the creation of some deception in order to trick unsuspecting users?
Trojan horse
an attacker has physical presence on a local network and is forging MAC addresses. what type of attack is taking place?
ARP poisoning
what type of loss did the company experience as a result of lost sales?
Opportunity costs
users throughout an organization have been receiving unwanted commercial messages over the organization's instant messaging program. what type of attack is this?
Spim
what is an example of a disclosure threat?
espionage
what type of malicious software masquerades as legitimate software to entice the user to run it?
evil twin
an access point is being broadcasted to another building of an open network. what type of attack is taking place
fabrication
a rootkit uses directed broadcast to create a flood of network traffic for the victim computer.
false
an attacker uses exploit software when wardialing
false
the anti-malware utility is one of the most popular backdoor tools in use today
false
what control is not designed to combat malware?
firewall
a wire tap will monitor communications without making any modifications. what type of wiretap is this?
passive wiretap
what group is the most likely target of a social engineering attack?
receptionists and administrative assistants
what type of attack does the attacker attempt to take over an existing connection between two systems?
session hijacking
An alteration threat violates information integrity.
true
Failing to prevent an attack all but invites an attack.
true
a DoS attack is attack is a coordinated attempt to deny service by occupying a computer to perform large amounts of unnecessary attacks
true
a birthday attack is a type of cryptographic attack that is used to make brute-force attack of one-way hashes easier
true
a man-in-the-middle attack takes advantage of the multihop process used by many types of networks.
true
a phishing email is a fake or bogus email intended to trick the recipient into clicking on an embedded URL link or opening an email attachment
true
what type of attack against a web application uses a newly discover vulnerability that is not patchable?
zero-day attack
an attacker attempting to break into a facility pulls the fire alarm to distract the security guard. what type of social attack is this?
urgency
what type of person attempts to break into the systems belonging to his clients?
white hat hacker
When servers need operating system upgrades or patches, administrators take them offline intentionally so they can perform the necessary work without risking malicious attacks.
true