Quiz 3 Information Security Fundamentals
Wardialers are becoming more frequently used given the rise of Voice over IP (VoIP).
False
A dictionary password attack is a type of attack in which one person, program, or computer disguises itself as another person, program, or computer to gain access to some resource.
False
A phishing attack "poisons" a domain name on a domain name server.
False
An attacker uses exploit software when wardialing.
False
Bob is using a port scanner to identify open ports on a server in his environment. He is scanning a web server that uses Hypertext Transfer Protocol (HTTP). Which port should Bob expect to be open to support this service?
80
Which password attack is typically used specifically against password files that contain cryptographic hashes?
Birthday attacks
Barry discovers that an attacker is running an access point in a building adjacent to his company. The access point is broadcasting the security set identifier (SSID) of an open network owned by the coffee shop in his lobby. Which type of attack is likely taking place?
Evil twin
Which type of attack involves the creation of some deception in order to trick unsuspecting users?
Fabrication
Which type of denial of service attack exploits the existence of software flaws to disrupt a service?
Logic attack
Maria's company recently experienced a major system outage due to the failure of a critical component. During that time period, the company did not register any sales through its online site. Which type of loss did the company experience as a result of lost sales?
Opportunity cost
A DoS attack is a coordinated attempt to deny service by occupying a computer to perform large amounts of unnecessary tasks.
True
A birthday attack is a type of cryptographic attack that is used to make brute-force attack of one-way hashes easier.
True
A phishing email is a fake or bogus email intended to trick the recipient into clicking on an embedded URL link or opening an email attachment.
True
An alteration threat violates information integrity.
True
Failing to prevent an attack all but invites an attack.
True
Rootkits are malicious software programs designed to be hidden from normal methods of detection.
True
Spyware gathers information about a user through an Internet connection, without his or her knowledge.
True
Using a secure logon and authentication process is one of the six steps used to prevent malware.
True
An attacker attempting to break into a facility pulls the fire alarm to distract the security guard manning an entry point. Which type of social engineering attack is the attacker using?
Urgency
Which type of attack against a web application uses a newly discovered vulnerability that is not patchable?
Zero-day attack
Vishing is a type of wireless network attack.
False
A rootkit uses a directed broadcast to create a flood of network traffic for the victim computer.
False
Which group is the most likely target of a social engineering attack?
Receptionists and administrative assistants
Spam is some act intended to deceive or trick the receiver, normally in email messages.
False
The anti-malware utility is one of the most popular backdoor tools in use today.
False
The main difference between a virus and a worm is that a virus does not need a host program to infect.
False