Chapter 9 Malware, Vulnerabilities, and Threats (Review Questions & Answers)
Which type of attack denies authorized users access to network resources? A. DoS B. Worm C. Logic bomb D. Social engineering
A. A DoS attack is intended to prevent access to network resources by overwhelming or flooding a service or network.
What is a system that is intended or designed to be broken into by an attacker called? A. Honeypot B. Honeybucket C. Decoy D. Spoofing system
A. A honeypot is a system that is intended to be sacrificed in the name of knowledge. Honeypot systems allow investigators to evaluate and analyze the attack strategies used. Law enforcement agencies use honeypots to gather evidence for prosecution.
Your system has just stopped responding to keyboard commands. You noticed that this occurred when a spreadsheet was open and you connected to the Internet. Which kind of attack has probably occurred? A. Logic bomb B. Worm C. Virus D. ACK attack
A. A logic bomb notifies an attacker when a certain set of circumstances has occurred. This may in turn trigger an attack on your system.
An administrator at a sister company calls to report a new threat that is making the rounds. According to him, the latest danger is an attack that attempts to intervene in a communications session by inserting a computer between the two systems that are communicating. Which of the following types of attacks does this constitute? A. Man-in-the-middle attack B. Backdoor attack C. Worm D. TCP/IP hijacking
A. A man-in-the-middle attack attempts to fool both ends of a communications session into believing that the system in the middle is the other end.
Your system log files report an ongoing attempt to gain access to a single account. This attempt has been unsuccessful to this point. What type of attack are you most likely experiencing? A. Password-guessing attack B. Backdoor attack C. Worm attack D. TCP/IP hijacking
A. A password-guessing attack occurs when a user account is repeatedly attacked using a variety of passwords.
You're explaining the basics of security to upper management in an attempt to obtain an increase in the networking budget. One of the members of the management team mentions that they've heard of a threat from a virus that attempts to mask itself by hiding code from antivirus software. What type of virus is she referring to? A. Armored virus B. Polymorphic virus C. Worm D. Stealth virus
A. An armored virus is designed to hide the signature of the virus behind code that confuses the antivirus software or blocks it from detecting the virus.
As the security administrator for your organization, you must be aware of all types of attacks that can occur and plan for them. Which type of attack uses more than one computer to attack the victim? A. DoS B. DDoS C. Worm D. UDP attack
B. A DDoS attack uses multiple computer systems to attack a server or host in the network.
What kind of virus could attach itself to the boot sector of your disk to avoid detection and report false information about file sizes? A. Trojan horse virus B. Stealth virus C. Worm D. Polymorphic virus
B. A stealth virus reports false information to hide itself from antivirus software. Stealth viruses often attach themselves to the boot sector of an operating system.
What type of attack uses other methods (hijacking, cross-site forgery, and so forth) to change values in HTTP headers and falsify access? A. Enticement B. Header Manipulation C. Class Helper D. UTM
B. Header manipulation attacks use other methods (hijacking, cross-site forgery, and so forth) to change values in HTTP headers and falsify access.
If an attacker is able to gain access to restricted directories (such as the root directory) through HTTP, it is known as: A. Cross-site forgery B. Directory traversal C. Root hardening D. Trusted platform corruption
B. If an attacker is able to gain access to restricted directories (such as the root directory) through HTTP, it is known as directory traversal.
Which type of tool would best describe Nmap? A. Port scanner B. Vulnerability scanner C. Banner grabber D. Honeynet
B. Nmap can be used for multiple purposes, but of the options given, it is best described as a vulnerability scanner.
You are the senior administrator for a bank. A user calls you on the telephone and says that they were notified to contact you but couldn't find your information on the company website. Two days ago, an email told them that there was something wrong with their account and that they needed to click a link in the email to fix the problem. They clicked the link and filled in the information, but now their account is showing a large number of transactions that they did not authorize. They were likely the victims of what type of attack? A. Spimming B. Phishing C. Pharming D. Escalating
B. Sending an email with a misleading link to collect information is a phishing attack.
You've discovered that an expired certificate is being used repeatedly to gain logon privileges. Which type of attack is this most likely to be? A. Man-in-the-middle attack B. Backdoor attack C. Replay attack D. TCP/IP hijacking
C. A replay attack attempts to replay the results of a previously successful session to gain access.
Which of the following is the name used for looking at the header information sent with data to find out what operating system a host is running? A. Port scanning B. Vishing C. Banner grabbing D. Transitive attack
C. Banner grabbing looks at the banner, or header, information messages sent with data to find out about the system(s).
An alert signals you that a server in your network has a program running on it that bypasses authorization. Which type of attack has occurred? A. DoS B. DDoS C. Backdoor D. Social engineering
C. In a backdoor attack, a program or service is placed on a server to bypass normal security procedures.
What term describes when the item used to validate a user's session, such as a cookie, is stolen and used by another to establish a session with a host that thinks it is still communicating with the first party? A. Patch infiltration B. XML injection C. Session hijacking D. DTB exploitation
C. Session hijacking occurs when the item used to validate a user's session, such as a cookie, is stolen and used by another to establish a session with a host that thinks it is still communicating with the first party.
A smurf attack attempts to use a broadcast ping on a network; the return address of the ping may be a valid system in your network. Which protocol does a smurf attack use to conduct the attack? A. TCP B. IP C. UDP D. ICMP
D. A smurf attack attempts to use a broadcast ping (ICMP) on a network. The return address of the ping may be a valid system in your network. This system will be flooded with responses in a large network.
What is it known as when an attacker manipulates the database code to take advantage of a weakness in it? A. SQL tearing B. SQL manipulation C. SQL cracking D. SQL injection
D. SQL injection occurs when an attacker manipulates the database code to take advantage of a weakness in it.
When a hole is found in a web browser or other software, and attackers begin exploiting it the very day it is discovered by the developer, what type of attack is it known as? A. Polymorphic B. Xmas C. Malicious insider D. Zero-day
D. When a hole is found in a web browser or other software and attackers begin exploiting it the very day it is discovered by the developer (bypassing the one-to-two-day response time that many software providers need to put out a patch once the hole has been found), it is known as a zero-day attack.
Which of the following involves unauthorized commands coming from a trusted user to the website? A. ZDT B. HSM C. TT3 D. XSRF
D. XSRF involves unauthorized commands coming from a trusted user to the website. This is often done without the user's knowledge, and it employs some type of social networking to pull it off.