Chapter 8
True or False? A rootkit is a type of malware that modifies or replaces one or more existing programs to hide the fact that a computer has been compromised. True False
True
Lin installed a time-management utility that she downloaded from the Internet. Now several applications are not responding to normal commands. What type of malware did she likely encounter? Trojan horse Worm Virus Ransomware
Trojan horse A Trojan is any program that masquerades as a useful program while hiding its malicious intent. The masquerading nature of a Trojan encourages users to download and run the program. Unresponsiveness of applications to normal commands is one telltale sign of a Trojan infection.
True or False? A backdoor is a hidden way to bypass access controls and allow access to a system or resource. True False
True
True or False? Attackers have established thousands of botnets, which they use to distribute malware and spam and to launch denial of service (DoS) attacks against organizations or even countries. True False
True
True or False? Attacks against confidentiality and privacy, data integrity, and availability of services are all ways malicious code can threaten businesses. True False
True
True or False? Because people inside an organization generally have more detailed knowledge of the IT infrastructure than outsiders do, they can place logic bombs more easily. True False
True
True or False? Defense in depth is the practice of layering defenses to increase overall security and provide more reaction time to respond to incidents. True False
True
True or False? The function of homepage hijacking is to change a browser's homepage to point to the attacker's site. True False
True
Hacking groups create ___ to launch attacks whereby they infect vulnerable machines with agents that perform various functions at the command of the controller. ransomware logic bombs honeypots botnets
botnets
True or False? A smurf attack tricks users into providing logon information on what appears to be a legitimate website but is in fact a website set up by an attacker to obtain this information. True False
False A phishing attack tricks users into providing logon information on what appears to be a legitimate website but is in fact a website set up by an attacker to obtain this information. In a smurf attack, attackers direct forged Internet Control Message Protocol (ICMP) echo request packets to Internet Protocol (IP) broadcast addresses from remote locations to generate a denial of service (DoS) attacks.
True or False? A port-scanning tool enables an attacker to escalate privileges on a network server. True False
False A port-scanning tool enables an attacker to discover and identify hosts on a network.
True or False? System infectors are viruses that attack document files containing embedded macro programming capabilities. True False
False Data infectors are viruses that attack document files containing embedded macro programming capabilities. System infectors are viruses that target computer and device hardware and software startup functions.
True or False? Hijacking refers to the use of social engineering to obtain access credentials, such as usernames and passwords. True False
False Pharming refers to the use of social engineering to obtain access credentials, such as usernames and passwords.
True or False? Spyware does not use cookies. True False
False Spyware cookies are cookies that share information across sites. Spyware cookies include those containing text such as 24/7 media, admonitor, and valueclick in their names.
Alison is a security professional. A user reports that, after opening an email attachment, every document he saves is in a template format and other Microsoft Word documents will not open. After investigating the issue, Alison determines that the user's Microsoft Office normal.dot template has been damaged, as well as many Word files. What type of virus is the most likely cause? Retro virus Macro virus Polymorphic virus Cross-platform virus
Macro virus With a macro virus, one of the most effective ways to damage many documents is to infect a template such as the normal.dot template, which most Microsoft Word documents include.
Devaki is investigating an attack. An intruder managed to take over the identity of a user who was legitimately logged in to Devaki's company's website by manipulating Hypertext Transfer Protocol (HTTP) headers. Which type of attack likely took place? Session hijacking Structured Query Language (SQL) Injection Extensible Markup Language (XML) Injection Cross-site scripting (XSS)
Session hijacking Session hijacking is an attack in which the attacker intercepts network messages between a web server and a web browser. It extracts one or more pieces of data, most commonly a session ID, and uses that to communicate with the web server. The attacker pretends to be an authorized user by taking over the authorized user's session.
Arturo discovers a virus on his system that resides only in the computer's memory and not in a file. What type of virus has he discovered? Retro virus Slow virus Multipartite virus Cross-platform virus
Slow virus Slow viruses, also called fileless viruses, counter the ability of antivirus programs to detect changes in infected files. This class of virus resides in only the computer's memory and not in a file, so antivirus software has a harder time detecting it.
The chief executive officer (CEO) of a company recently fell victim to an attack. The attackers sent the CEO an email that appeared to come from the company's attorney. The email informed the CEO that his company was being sued and he needed to view a subpoena at a court website. When visiting the website, malicious code was downloaded onto the CEO's computer. What type of attack took place? Command injection Spear phishing Pharming Ransomware
Spear phishing This scenario is a classic example of a spear phishing attack, highly targeted at an individual and including information about the company.
Bob is developing a web application that depends on a backend database. What type of attack could a malicious individual use to send commands through his web application to the database? Lightweight Directory Access Protocol (LDAP) injection Structured Query Language (SQL) injection Cross-site scripting (XSS) Extensible Markup Language (XML) injection
Structured Query Language (SQL) injection An SQL code injection attacks applications that depend on data stored in databases. SQL statements are inserted into an input field and are executed by the application. SQL injection attacks allow attackers to disclose and modify data, violate data integrity, or even destroy data and manipulate the database server.
Larry recently viewed an auction listing on a website. As a result, his computer executed code that popped up a window that asked for his password. What type of attack has Larry likely encountered? Structured Query Language (SQL) injection Cross-site scripting (XSS) Command injection Extensible Markup Language (XML) injection
Cross-site scripting (XSS) XSS attacks allow attackers to embed client-side scripts into webpages that users view. When a user views a webpage with a script, the web browser runs the attacking script. These scripts can be used to bypass access controls. XSS effects can pose substantial security risks, depending on how sensitive the data is on the vulnerable site.