Information Security Chapter 3
Which one of the following is an example of a disclosure threat? a. espionage b. alteration d. denial c. destruction
a. espionage
Barry discovers that an attacker is running an access point in a building adjacent to his company. The access point is broadcasting the security set identifier (SSID) of an open network owned by the coffee shop in his lobby. Which type of attack is likely taking place? a. evil twin b. wardriving c. bluesnarfing d. replay attack
a. evil twin
Which group is the most likely target of a social engineering attack? a. receptionist and administrative assistants b. info security response team c. internal auditors d. independent contractors
a. receptionist and administrative assistants
An attacker attempting to break into a facility pulls the fire alarm to distract the security guard manning an entry point. Which type of social engineering attack is the attacker using? a. vishing b. urgency c. whaling d. authority
b. urgency
Yuri is a skilled computer security expert who attempts to break into the systems belonging to his clients. He has permission from the clients to perform this testing as part of a paid contract. What type of person is Yuri? a. cracker b. white hat hacker c. black hat hacker d. grey hat hacker
b. white hat hacker
Bob is using a port scanner to identify open ports on a server in his environment. He is scanning a web server that uses Hypertext Transfer Protocol (HTTP). Which port should Bob expect to be open to support this service? a. 21 b. 23 c. 80 d. 443
c. 80
What type of malicious software masquerades as legitimate software to entice the user to run it? a. virus b. worm c. trojan horse d. rootkit
c. Trojan horse
Which password attack is typically used specifically against password files that contain cryptographic hashes? a. Bruit force attacks b. dictionary attacks c. birthday attacks d. social engineering attacks
c. birthday attacks
Which type of attack involves the creation of some deception in order to trick unsuspecting users? a. interception b. interruption c. fabrication d. modification
c. fabrication
Which type of denial of service attack exploits the existence of software flaws to disrupt a service? a. SYN flood attack b. smurf attack c. logic attack d. flooding attack
c. logic attack
In which type of attack does the attacker attempt to take over an existing connection between two systems? a. man in the middle attack b. URL hijacking c. session hijacking d. typosquatting
c. session hijacking
Which tool can capture the packets transmitted between systems over a network? a. wardialer b. OS fringerprinter c. prot scanner d. protocol analyzer
d. protocol analyzer
Users throughout Alison's organization have been receiving unwanted commercial messages over the organization's instant messaging program. What type of attack is taking place? a. spam b. phishing c. social engineering d. spim
d. spim
Which term describes an action that can damage or compromise an asset? a. risk b. vulnerability c. countermeasure d. threat
d. threat
Which type of attack against a web application uses a newly discovered vulnerability that is not patchable? a. SQL injection b. cross site scripting c. cross site request forgery d. zero day attack
d. zero day attack