Security+ Domain 1 Questions: Threats, Attacks and Vulnerabilities

You suspect that an Xmas tree attack is occurring on a system. Which of the following could result if you do not stop the attack?

A Christmas (Xmas) tree attack (also known as a Christmas tree scan, nastygram, kamikaze, or lamp test segment) conducts reconnaissance by scanning for open ports. It also conducts a DoS attack if sent in large amounts. When it is sent to a target host, the TCP header of a Christmas tree packet has the flags FIN, URG, and PSH. By default, closed ports on the host are required to reply with a TCP connection reset flag (RST). Open ports must ignore the packets, informing the attacker which ports are open. Christmas tree packets require much more processing by network devices compared to typical packets, producing DoS attacks when large amounts are sent to the target host.

Which is a program that appears to be a legitimate application, utility, game, or screensaver and performs malicious activities surreptitiously

A Trojan horse is a program that appears to be a legitimate application, utility, game, or screensaver, but performs malicious activities surreptitiously. Trojan horses are very common on the internet. To keep your systems secure and free from such malicious code, you need to take extreme caution when downloading any type of file from just about any site on the internet. If you don't fully trust the site or service that is offering a file, don't download it

A collection of zombie computers have been set up to collect personal information. What type of malware do the zombie computers represent?

A botnet is a collection of zombie computers that are commanded from a central control infrastructure and propagate spam or to collect usernames and passwords to access secure information.

An attacker sets up 100 drone computers that flood a DNS server with invalid requests. This is an example of which kind of attack

A distributed denial of service (DDoS) attack employs multiple attackers.

Which of the following describes a man-in-the-middle attack?

A false server intercepting communications from a client by impersonating the intended server is a form of a man-in-the-middle attack.

Which of the following describes a logic bomb?

A logic bomb is a program that performs a malicious activity at a specific time or after a triggering event. Logic bombs can be planted by a virus, a Trojan horse, or an intruder. Logic bombs may perform their malicious activity at a specific time and date or when a specific event occurs on the system, such as logging in, accessing an online bank account, or encrypting a file.

Which type of active scan turns off all flags in a TCP header?

A null scan turns off all flags in a TCP header, creating a lack of TCP flags that should never occur in the real world.

Which of the following denial of service (DoS) attacks uses ICMP packets and is only successful if the victim has less bandwidth than the attacker?

A ping flood is where the attacker overwhelms the victim with ICMP Echo Request (ping) packets. In a ping flood, the attack succeeds only if the attacker has more bandwidth than the victim.

You recently discovered that several key files of your antivirus program have been deleted. You suspect that a virus has deleted the files. Which type of virus deletes key antivirus program files?

A retro virus tries to destroy virus countermeasures by deleting key files that antivirus programs use.

Which of the following is undetectable software that allows administrator-level access?

A rootkit is a set of programs that allows attackers to maintain permanent, administrator-level, hidden access to a computer. Is almost invisible software. Resides below regular antivirus software detection. Requires administrator privileges for installation, then maintains those privileges to allow subsequent access. Might not be malicious. Often replaces operating system files with alternate versions that allow hidden access

Which of the following is a characteristic of a virus?

A virus requires a replication mechanism, which is a file that it uses as a host. When the host file is distributed, the virus is also distributed. Viruses typically attach to files with execution capabilities such as .doc, .exe, and .bat extensions. Many viruses are distributed to everyone in your email address book.

What is another name for a logic bomb?

An asynchronous attack. An asynchronous attack is a form of malicious attack where actions taken at one time do not cause their intended, albeit negative, action until a later time.

Piggy Backing

An attacker enters a secured building by following an authorized employee through a secure door without providing identification

Spear phishing

An attacker gathers personal information about the target individual in an organization

Whaling

An attacker gathers personal information about the target individual, who is a CEO

Dumpster diving

An attacker searches through an organization's trash looking for sensitive information

While using the internet, you type the URL of one of your favorite sites in the browser. Instead of going to the correct site, however, the browser displays a completely different website. When you use the IP address of the web server, the correct site is displayed. Which type of attack has likely occurred?

Because the correct site shows when you use the IP address, you know that the main website is still functional and that the problem is likely caused by an incorrect domain name mapping. DNS poisoning occurs when a name server receives malicious or misleading data that incorrectly maps host names and IP addresses. In a DNS poisoning attack: Incorrect DNS data is introduced into the cache of a primary DNS server. The incorrect mapping is made available to client applications through the resolver.

An attacker is conducting passive reconnaissance on a targeted company. Which of the following could he be doing?

Browsing the organization's website is a form of passive reconnaissance. Other forms of passive reconnaissance include putting a sniffer on the wire or eavesdropping on employee conversations.

To tightly control the anti-malware settings on your computer, you elect to update the signature file manually. Even though you vigilantly update the signature file, the machine becomes infected with a new type of malware. Which of the following actions would best prevent this scenario from occurring again?

Configure the software to automatically download the virus definition files as soon as they become available

Which of the following is an example of privilege escalation

Creeping privileges occur when a user's job position changes and they are granted a new set of access privileges for their new work tasks, but their previous access privileges are not removed. As a result, the user accumulates privileges over time that are not necessary for their current work tasks. This is a form of privilege escalation.

What is an example of you not protecting yourself against session hijacking?

DHCP reservations are not a protection against session hijacking. If a valid MAC address can be discovered, then an IP address is handed out freely to the spoofed client by the DHCP server.

Which type of denial of service (DoS) attack occurs when a name server receives malicious or misleading data that incorrectly maps host names and IP addresses?

DNS poisoning occurs when a name server receives malicious or misleading data that incorrectly maps host names and IP addresses. In a DNS poisoning attack: Incorrect DNS data is introduced into a primary DNS server. The incorrect mapping is made available to client applications through the resolver. Traffic is directed to incorrect sites.

Which of the following is a common social engineering attack?

Distributing hoax virus information emails is a social engineering attack. This type of attack preys on email recipients who are fearful and will believe most information if it is presented in a professional manner. The victims of these attacks fail to double-check the information or instructions with a reputable third-party antivirus software vendor before implementing the recommendations. Usually, these hoax messages instruct the reader to delete key system files or download Trojan horse viruses.

Dumpster diving is a low-tech way to gathering information that may be useful in gaining unauthorized access or as a starting point for more advanced attacks. How can a company reduce the risk associated with dumpster diving?

Dumpster diving is best addressed by a document destruction policy. All sensitive documents should be shredded or burned, and employees should be trained on the proper use of disposal equipment and the policies governing disposal of sensitive information.

You have installed anti-virus software on the computers on your network. You update the definition and engine files and configure the software to update those files every day. What else should you do to protect your systems from malware?

Enable account lockout, Schedule regular full system scans

Which of the following are characteristics of a rootkit

Hides itself from detection. Requires administrator-level privileges for installation

Which of the following is the best countermeasure against man-in-the-middle attacks?

IPsec is the best countermeasure against man-in-the middle attacks from the selections listed here. Use IPsec to encrypt data in a VPN tunnel as it passes between two communication partners. Even if someone intercepts the traffic, they will be unable to extract the contents of the messages because they are encrypted.

Which of the following is not a form of social engineering?

Impersonating a user by logging on with stolen credentials is not a social engineering attack. It is an intrusion attack made possible by network packet capturing or obtaining logon credentials through social engineering.

Which of the following is an example of an internal threat?

Internal threats are intentional or accidental acts by employees, including: Malicious acts such as theft, fraud, or sabotage Intentional or unintentional actions that destroy or alter data Disclosing sensitive information by snooping or espionage

Which of the following best describes spyware?

It monitors the actions you take on your machine and sends the information back to its originating source

What is the weakest point in an organization's security infrastructure?

People are usually the weakest point in an organization's security infrastructure.

Which of the following are examples of social engineering?

Social engineering leverages human nature. Internal employees are often the target of trickery, and false trust can quickly lead to a serious breach of information security. Shoulder surfing and dumpster diving are examples of social engineering

What type of malware monitors your actions?

Spyware Spyware monitors the actions performed on a machine and then sends the information back to its originating source

Which type of virus conceals its presence by intercepting system requests and altering service outputs?

Stealth viruses reside in low-level system service functions where they intercept system requests and alter service outputs to conceal their presence. The term rootkit is often used to describe a malicious program that can hide itself and prevent its removal from the system.

Which of the following is the best protection to prevent attacks on mobile phones through the Bluetooth protocol?

The best method to protect against Bluetooth attacks is to disable Bluetooth on the device. If Bluetooth is required, then configure the device for non-discoverable mode. Applying the latest patches and updates also ensures that the device is protected against known vulnerabilities for which patches exist.

What is the goal of a TCP/IP hijacking attack?

The goal of a TCP/IP hijacking attack is to execute commands or access resources on a system the attacker does not otherwise have authorization to access. When an attacker successfully performs TCP/IP hijacking, they take over control of the hijacked communication session. Whatever access the original user had, the attacker can now exploit. However, the attack only grants access within the confines of the hijacked session. Just because a hacker gains the victim's access to a server, it does not automatically grant the attacker the victim's access to a different server.

If your anti-virus software does not detect and remove a virus, what should you try first?

Update your virus detection software - Virus detection software can search only for viruses listed in its known viruses data file. An outdated file can prevent the virus detection software from recognizing a new virus.

Which of the following social engineering attacks use Voice over IP (VoIP) to gain sensitive information?

Vishing is a social engineering attack that uses Voice over IP (VoIP) to gain sensitive information. The term is a combination of voice and phishing.

Which of the following describes the marks attackers place outside a building to identify an open wireless network?

War chalking is marking the outside of buildings to indicate the presence of a wireless network. Attackers might use these marks to alert others of open or secured wireless networks. Businesses might even use these marks to advertise their free wireless networks.

The process of walking around an office building with an 802.11 signal detector is known as what?

War driving is the act of searching for wireless networks (802.11) using a signal detector or a network client (such as a PDA or notebook). While the phrase war driving originated from the action of driving around a city searching for wireless networks, the name currently applies to any method of searching for wireless networks, including walking around.

A senior executive reports that she received a suspicious email concerning a sensitive internal project that is behind production. The email was sent from someone she doesn't know, and he is asking for immediate clarification on several of the project's details so the project can get back on schedule. Which type of an attack best describes the scenario?

Whaling is a social engineering attack that targets senior executives and high profile victims. Social engineering is an attack that exploits human nature by convincing someone to reveal information or perform an activity.

When a malicious user captures authentication traffic and replays it against the network later, what is the security problem you are most concerned about?

When a malicious user captures authentication traffic and replays it against the network later, the security problem you are most concerned about is an unauthorized user gaining access to sensitive resources. Once a replay attack has been successful, the attacker has the same access to the system as the user from whom the authentication traffic was captured.

Scarcity

is an active social engineering technique that attempts to make the people believe that if they don't act quickly, they will miss out on an item, opportunity or experience

Masquerading

is convincing personnel to grant access to sensitive information or protected systems by pretending to be someone who is authorized and/or requires that access. Masquerading passive when compared to impersonating.

You are troubleshooting a wireless connectivity issue in a small office. You determine that the 2.4 GHz cordless phones used in the office are interfering with the wireless network transmissions. If the cordless phones are causing the interference, which of the following wireless standards could the network be using

802.11a, 802.11g Both the 802.11g and Bluetooth wireless standards use the 2.4GHz RF range to transmit data. Cordless phones that operate at the same frequency can cause interference on the wireless network. Other devices, such as microwaves and electrical devices, may also cause interference. 802.11a uses 5GHz radio frequency. Therefore, it would not be affected by the 2.4GHz phones used in the office. Infrared uses a light beam to connect computer and peripheral devices to create a personal area network (PAN).

A SYN attack or SYN flood exploits or alters which element of the TCP three-way handshake?

A SYN attack or SYN flood exploits or attacks the ACK packet of the TCP three-way handshake. By not sending the final ACK packet, the server holds open an incomplete session, consuming system resources. If the attacker can cause the server to open numerous sessions in this manner, all system resources are consumed, and no legitimate connections are established.

What is an example of a denial of service attack?

A SYN attack or a SYN flood is a form of denial of service attack that subverts the TCP three-way handshake process by attempting to open numerous sessions on a victim server but intentionally fails to complete the session by not sending the final required packet.

Which attack form either exploits a software flaw or floods a system with traffic in order to prevent legitimate activities or transactions from occurring?

A denial of service attack either exploits a software flaw or floods a system with traffic in order to prevent legitimate activities or transactions from occurring.

When the TCP/IP session state is manipulated so that a third party is able to insert alternate packets into the communication stream, what type of attack has occurred?

A hijacking attack is one where the TCP/IP session state is manipulated so that a third party is able to insert alternate packets into the communication stream. Session hijacking has become difficult to accomplish due to the use of time stamps and randomized packet sequencing rules employed by modern operating systems.

When a SYN flood is altered so that the SYN packets are spoofed in order to define the source and destination address as a single victim IP address, the attack is now called what?

A land attack is a SYN flood where the source and destination address of the SYN packets are both defined as the victim's IP address.

A SYN packet is received by a server. The SYN packet has the exact same address for both the sender and receiver addresses, which is the address of the server. This is an example of what type of attack?

A land attack is when the SYN packet has the exact same address for both the sender and receiver addresses, which is the address of the server.

Your company security policy states that wireless networks are not to be used because of the potential security risk they present to your network. One day, you find that an employee has connected a wireless access point to the network in his office. What type of security risk is this?

A rogue access point is an unauthorized access point added to a network or an access point that is configured to mimic a valid access point. Examples include: An attacker or an employee with access to the wired network installs a wireless access point on a free port. The access port then provides a way to remotely access the network. An attacker near a valid wireless access point installs an access point with the same (or similar) SSID. The access point is configured to prompt for credentials, allowing the attacker to steal those credentials or use them in a man-in-the-middle attack to connect to the valid wireless access point. An attacker configures a wireless access point in a public location, then monitors traffic to see who connects to the access point.

What is the common name for a program that has no useful purpose, but attempts to spread itself to other systems and often damages resources on the systems where it is found?

A virus is the common name for a program that has no useful purpose, but attempts to spread itself to other systems and often damages resources on the systems where it is found. Viruses are a serious threat to computer systems, especially if they are connected to the internet. It is often a minimal requirement to have an antivirus scanner installed on every machine of a secured network to protect against viruses.

What is the main difference between a worm and a virus?

A worm can replicate itself, while a virus requires a host for distribution.

Which of the following attacks tries to associate an incorrect MAC address with a known IP address?

ARP spoofing/poisoning associates the attacker's MAC address with the IP address of victim devices. When computers send an ARP request to get the MAC address of a known IP address, the attacker's system responds with its MAC address.

While browsing the internet, you notice that the browser displays ads that are targeted towards recent keyword searches you have performed.

Adware monitors actions that denote personal preferences, then sends pop-ups and ads that match those preferences. Is usually passive, Is privacy-invasive software, Is installed on your machine by visiting a particular website or running an application, Is usually more annoying than harmful.

Phishing

An attacker pretending to be from a trusted organization sends an email asking users to access a website to verify personal information.

Vishing

An attacker uses a telephone to convince target individuals to reveal their credit card information

Which of the following best describes an evil twin?

An evil twin is a rogue access point that is configured to mimic a valid access point; in contrast, a rogue access point is any unauthorized access point added to a network. The evil twin may be configured to prompt for credentials, allowing the attacker to steal those credentials or use them in a man-in-the-middle attack to connect to the valid wireless access point.

What are the most common network traffic packets captured and used in a replay attack?

Authentication traffic is the most commonly captured type of network traffic packets in replay attacks. If someone is able to replay the stream of authentication packets successfully, they can gain the same access to the system or network as the original user. Fortunately, many authentication security systems include time stamps or dynamic challenge response mechanisms to prevent authentication packets from being replayed.

The receptionist received a phone call from an individual claiming to be a partner in a high-level project and requesting sensitive information. The individual is engaging in which type of social engineering?

Authority social engineering entails an attacker either lying about having authority or using their high status in a company to force victims to perform actions that exceed their authorization level.

Your organization uses an 802.11g wireless network. Recently, other tenants installed the following equipment in your building: A wireless television distribution system running at 2.4 GHz A wireless phone system running at 5.8 GHz A wireless phone system running at 900 MHz An 802.11n wireless network running in the 5 GHz frequency range. Since this equipment was installed, your wireless network has been experiencing significant interference. Which system is to blame?

Because the 802.11g standard operates within the 2.4 GHz to 2.4835 GHz radio frequency range, the most likely culprit is the wireless TV distribution system.

Which of the following sends unsolicited business cards and messages to a Bluetooth device

Bluejacking is a rather harmless practice that entails an unknown sender sending business cards anonymously to a Bluetooth recipient within a distance of 10-100 meters, depending on the class of the Bluetooth device. The business cards usually include a flirtatious message so the attacker can see a visual reaction from the recipient. Multiple messages ware sent to the device if the attacker thinks there is a chance they will be added as a contact. Bluetooth devices are not susceptible to bluejacking if they are set to non-discoverable mode.

Which of the following best describes Bluesnarfing?

Bluesnarfing is the use of a Bluetooth connection to gain unauthorized access to an existing Bluetooth connection between phones, desktops, laptops, or PDAs. Bluesnarfing allows access to view the calendar, emails, text messages, and contact lists. Many Bluetooth devices have built-in features to prevent bluesnarfing, but it is still a known vulnerability.

Capturing packets as they travel from one host to another with the intent of altering the contents of the packets is a form of which attack type

Capturing packets between two existing communication partners is a form of a man-in-the middle attack. As this attacks type's name implies, traffic is intercepted somewhere in the middle of the communicating partners. The best way to protect against man-in-the middle attacks is to use session encryption or line encryption solutions.

An attacker uses an exploit to push a modified hosts file to client systems. This hosts file redirects traffic from legitimate tax preparation sites to malicious sites to gather personal and financial information. What kind of exploit has been used in this scenario

DNS poisoning (also known as DNS cache poisoning) occurs when a name server receives malicious or misleading data that incorrectly maps host names and IP addresses. In a DNS poisoning attack: Incorrect DNS data is introduced into the cache of a primary DNS server. The incorrect mapping is made available to client applications.

Network packet sniffing is often used to gain the information necessary to conduct more specific and detailed attacks. Which of the following is the best defense against packet sniffing?

Encryption provides the best protection from sniffing attacks. Technologies such as SSL, SSH, and IPSEC provide a level of protection beyond traditional network layout and design countermeasures.

In which of the following denial of service (DoS) attacks does the victim's system rebuild invalid UDP packets, causing the system to crash or reboot?

In a Teardrop attack, fragmented UDP packets with overlapping offsets are sent. Then, when the victim system re-builds the packets, an invalid UDP packet is created, causing the system to crash or reboot.

A user calls to report that she is experiencing intermittent problems while accessing the wireless network from her laptop computer. While she normally works from her office, today she is trying to access the wireless network from a conference room across the hall and next to the elevator. What is the most likely cause of her connectivity problem?

In this scenario, interference from the elevator motor is the most likely cause. Cordless phones and motors can generate interference that affects wireless signals. Interference is a common cause of intermittent problems. Windows clients automatically detect the channel to use. If the SSID had changed or MAC filtering were preventing access, the computer would not be able to connect at all, even from her office.

Which of the following is the most effective protection against IP packet spoofing on a private network

Ingress and egress filters are the most effective protection against IP packet spoofing. Ingress filters examine packets coming into the network, while egress filters examine packets going out of the network. These filters examine packets based on rules that identify any spoofed packets. Any packet suspected of being spoofed on its way into or out of your network is dropped.

You need to enumerate the devices on your network and display the network's configuration details. Which of the following utilities should you use?

Nmap is an open-source security scanner used for network enumeration and to the creation of network maps. Nmap sends specially-crafted packets to the target host and then analyzes the responses to create the map.

Which of the following locations contributes the greatest amount of interference for a wireless access point?

Other wireless transmitting devices (such as cordless phones or microwaves) and generators cause interference for wireless access points.

Which of the following attacks tricks victims into providing confidential information (such as identity information or login credentials) through emails or websites that impersonate an online entity that the victim trusts?

Phishing tricks victims into providing confidential information, such as identity information or logon credentials, through emails or websites that impersonate an online entity that the victim trusts, such as a financial institution or well-known e-commerce site. Phishing is a specific form of social engineering.

You have installed anti-malware software that checks for viruses in email attachments. You configure the software to quarantine any files with problems. You receive an email with an important attachment, but the attachment is not there. Instead, you see a message that the file has been quarantined by the anti-malware software. What has happened to the file?

Quarantine moves the infected file to a secure folder where it cannot be opened or run normally. By configuring the software to quarantine any problem files, you can view, scan, and possibly repair those files. Quarantine does not automatically repair files. Deleting a file is one possible action to take, but this action removes the file from your system.

Which of the following are denial of service attacks?

Smurf and Fraggle attacks are both denial of service attacks. A smurf attack spoofs the source address in ICMP packets and sends the ICMP packets to an amplification network (bounce site). The bounce site responds to the victim site with thousands of messages that he did not send. A Fraggle attack is similar to a Smurf attack, but uses UDP packets directed to port 7 (echo) and port 19 (chargen character generation).

Which of the following is a form of denial of service attack that uses spoofed ICMP packets to flood a victim with echo requests using a bounce/amplification network?

Smurf is a form of denial of service attack that uses spoofed ICMP packets to flood a victim with echo requests using a bounce/amplification network.

Which of the following common network monitoring or diagnostic activities can be used as a passive malicious attack?

Sniffing is a common network monitoring or diagnostic activity that can be used as a passive malicious attack. Sniffing is considered passive because it simply duplicates the packets it sees on the communication medium without altering or interfering with traffic flow. When performed properly, it is impossible to detect true passive sniffing on a network.

Which type of activity changes or falsifies information in order to mislead or re-direct traffic?

Spoofing changes or falsifies information in order to mislead or re-direct traffic.

What is spoofing?

Spoofing is the act of changing or falsifying information in order to mislead or re-direct traffic. For example, an email-based spoofing attack changes the source email address so that it is impossible to back-track the message to its original source. Other spoofing methods include Smurf and Fraggle. These attacks send ICMP or UDP echo requests that have spoofed source addresses to an intermediary system. The echo responses are returned to the stated source address, which is not the real address of the sender, but the address of the intended victim. A land attack is another example of an attack that uses spoofing. A land attack is when a SYN packet, the first packet of the TCP threeway handshake, is sent to a server, but the source address is spoofed as the target server's address.

You've just received an email message explaining that a new and serious malicious code threat is ravaging across the internet. The message contains detailed information about the threat, its source code, and the damage it can inflict. The message states that you can easily detect whether or not you have already been a victim of this threat by the presence of three files in the \Windows\System32 folder. As a countermeasure, the message suggests that you delete these three files from your system. In response to this message, which action should you take first?

The best first step to take after receiving an email message about a new malicious code threat is to verify the information it contains. You can easily verify information by visiting two or more wellknown malicious code threat management websites. These sites can be your anti-virus vendor or a well-known and well-regarded internet security watch group. All too often, messages of this type are hoaxes. It is important not to fall prey to email hoaxes or spread them to others.

What is the greatest threat to the confidentiality of data in most secure organizations

The greatest threat to data confidentiality in most secure organizations is portable devices (including USB devices). There are so many devices that can support file storage that stealing data has become easy, and preventing data theft is difficult.

What is modified in the most common form of spoofing on a typical IP packet?

The most common form of spoofing on a typical IP packet is modification of the source address. In this way, the correct source device address is hidden.

As the victim of a Smurf attack, what protection measure is the most effective during the attack?

The most effective protection measure the victim of a Smurf attack can perform during an attack is to communicate with upstream providers. A simple phone call to request filtering on your behalf can weaken the effectiveness of a Smurf attack.

Which of the following best describes the ping of death?

The ping of death involves an ICMP packet that is larger than 65,536 bytes.

What is the primary distinguishing characteristic between a worm and a logic bomb?

The primary distinguishing characteristic between a worm and a logic bomb is self-replication. Worms are designed to replicate and spread as quickly and as broadly as possible. Logic bombs do not self-replicate. They are designed for a specific single system or type of system. Once planted on a system, it remains there until it is triggered.

Which of the following is the main difference between a DoS attack and a DDoS attack?

The term denial of service (DoS) is a generic term that includes many types of attacks. In a DoS attack, a single attacker directs an attack at a single target, sending packets directly to the target. In a distributed DoS attack (DDoS), multiple PCs attack a victim simultaneously. DDoS compromises a series of computers by scanning computers to find vulnerabilities and capitalizing on the most vulnerable systems. In a DDoS attack: The attacker identifies one of the computers as the master (also known as zombie master or bot herder) . The master uses zombies/bots (compromised machines) to attack. The master directs the zombies to attack the same target.

A router on the border of your network detects a packet with a source address that is from an internal client, but the packet was received on the internet-facing interface. This is an example of what form of attack

This is an example of spoofing. Spoofing is the act of changing or falsifying information in order to mislead or re-direct traffic. In this scenario, a packet received on the inbound interface cannot receive a valid packet with a stated source that is from the internal network.

You have heard about a new malware program that presents itself to users as a virus scanner. When users run the software, it installs itself as a hidden program that has administrator access to various operating system components. The program then tracks system activity and allows an attacker to remotely gain administrator access to the computer.

This program is an example of a rootkit. A rootkit is a set of programs that allow attackers to maintain permanent, administrator-level, and hidden access to a computer. Rootkits require administrator access for installation and typically gain this access using a Trojan horse approach--masquerading as a legitimate program to entice users to install the software.

Anti-virus software should be configured to download updated virus definition files as soon as they become available.

True - Anti-virus software is only effective against new viruses if it has the latest virus definition files installed. You should configure your anti-virus software to automatically download updated virus definition files as soon as they become available

Which of the following measures are you most likely to implement to protect against a worm or Trojan horse

Worms and Trojan horses are types of virus. The best way to protect against them is to ensure that every system on the network has anti-virus software installed and up-to-date virus definitions.

You have just received a generic-looking email that is addressed as coming from the administrator of your company. The email says that, as part of a system upgrade, you are to go to a website and enter your user name and password at a new website so you can manage your email and spam using the new service. What should you do?

You should verify that the email is legitimate and has come from your administrator. It is possible that the network administrator has signed up for a new service. If you ignore the message or delete it, you might not get the benefits the company has signed up for. However, the email might be a phishing attack. An attacker might be trying to capture personal information. By verifying the email with the administrator, you will be able to tell if the email is legitimate.

Urgency

is an active social engineering technique that attempts to make the people believe they must act quickly to avoid imminent damage or suffering.

Spark jamming

is the most effective type of Wi-Fi interference attack. It repeatedly blasts receiving equipment with high-intensity, short-duration RF bursts at a rapid pace. Experienced RF signal technicians can usually identify this type of attack quickly because of the regular nature of the signal.

Random noise jamming

produces radio signals using random amplitudes and frequencies. While not as effective as a spark attack, the random noise attack is harder to identify due to the intermittent jamming it produces and the random nature of the interference. In fact, this type of signal is frequently mistaken for normal background radio noise that occurs naturally

Tailgating

refers to an attacker who enters a secured building by following an authorized employee through a secure door without providing identification.

Random pulse jamming

uses radio signal pulses of random amplitude and frequency to interfere with a Wi-Fi network.