Week 1 - Understanding Security Threats

¡Supera tus tareas y exámenes ahora con Quizwiz!

What is it called when a hacker is able to get into a system through a secret entryway in order to maintain remote access to the computer?

A backdoor

Which of these sends tons of packets to a system in order to crash it or prevents services from being available? Check all that apply. An Evil Twin Ping flood Ping of Death (POD) SYN flood

Ping flood SYN flood

What could potentially decrease the availability of security and also test the preparedness of data loss? Adware Keylogger Spyware Ransomware

Ransomware

An unhappy Systems Administrator wrote a malware program to bring down the company's services after a certain event occurred. What type of malware does this describe? Ransomware Spyware A logic bomb A rootkit

A logic bomb

Botnets are designed to steal _____ from the victim. Credit card information Money Username and passwords Computing resources

Computing resources

An end-user received an email stating his bank account was compromised, and that he needs to click a link to reset his password. When the user visited the site, he recognized it as legitimate and entered his credentials which were captured by a hacker. What type of social engineering attack does this describe? A baiting attack A phishing attack A SQL injection attack A tailgating attack

A phishing attack

Phishing, baiting, and tailgating are examples of ________ attacks. Malware Password Social engineering Network

Social engineering

The practice of tricking someone into providing information they shouldn't is called ________. Man-in-the-middle attacks Brute force attacks Eavesdropping Social engineering

Social engineering

An attack that would allow someone to intercept your data as it's being sent or received is called a(n) _________ attack. Injection Denial of Service SYN flood Man-in-the-middle

Man-in-the-middle

If a hacker can steal your passwords by installing malware that captures all the messages you type, what kind of malware did the hacker install? Check all that apply. A rootkit Spyware A keylogger A logic bomb

Spyware A keylogger

Which of these is an example of the confidentiality principle that can help keep your data hidden from unwanted eyes? Preventing data loss Making sure the data hasn't been tampered with Preventing an unwanted download Protecting online accounts with password protection

Protecting online accounts with password protection

The best defense against injection attacks is to ______. Use antimalware software Use input validation Use strong passwords Use a firewall

Use input validation

The best defense against password attacks is using strong _______. Firewall configs Passwords Encryption Antimalware software

Passwords

When cleaning up a system after a compromise, you should look closely for any ______ that may have been installed by the attacker. Backdoors Poisoned DNS caches Injection attacks Rogue APs

Backdoors

Which of these is true of blackhat and whitehat hackers? Blackhats are malicious. Whitehats exploit weakness to help mitigate threats. Blackhats work with owners to fix problems. Whitehats are just trying to get into a system. Blackhats try to find weaknesses, but whitehats don't. Blackhats and whitehats shouldn't be trusted.

Blackhats are malicious. Whitehats exploit weakness to help mitigate threats.

How can injection attacks be prevented? Check all that apply. Input validation Flood guards Log analysis systems Data sanitization

Input validation Data sanitization

What type of attack can a hacker perform that involves injecting malicious code into a website to hijack a session cookie? Cross-site Scripting (XSS) A password attack SQL injection Ping flood

Cross-site Scripting (XSS)

An attacker could redirect your browser to a fake website login page using what kind of attack? Injection attack DNS cache poisoning attack DDoS attack SYN flood attack

DNS cache poisoning attack

You receive a legitimate-looking email from a sender that you recognize asking you to click a funny link. But, once you do, malware installs on your computer. What is most likely the reason you got infected? The sender's email address was spoofed. The sender's email password was used in a DNS Cache Poisoning attack. The sender's email password was cracked. The sender's email has been hacked.

The sender's email password was used in a DNS Cache Poisoning attack.

What can occur during a ping of death (POD) attack? Check all that apply. A Denial-of-Service (DoS) A buffer overflow Baiting Remote code execution

A Denial-of-Service (DoS) A buffer overflow Remote code execution

A network-based attack where one attacking machine overwhelms a target with traffic is a(n) _______ attack. Injection Denial of Service Brute force password Malware

Denial of Service

A(n) _____ attack is meant to prevent legitimate traffic from reaching a service. Injection Password Denial of Service DNS Cache poisoning

Denial of Service

What is it called if a hacker takes down multiple services very quickly with the help of botnets? Cross-site Scripting (XSS) A password attack Distributed denial-of-service (DDoS) A SQL injection

Distributed denial-of-service (DDoS)

If a hacker targets a vulnerable website by running commands that delete the website's data in its database, what type of attack did the hacker perform? SQL injection A Denial-of-Service (DoS) attack Cross-site Scripting (XSS) A dictionary attack

SQL injection

A SYN flood occurs when the attacker overwhelms a server with ______. SYN packets ACK packets Malware Injection attacks

SYN packets

An attacker, acting as a postal worker, used social engineering tactics to trick an employee into thinking she was legitimately delivering packages. The attacker was then able to gain physical access to a restricted area by following behind the employee into the building. What type of attack did the attacker perform? Check all that apply. Phishing Social engineering Tailgating Spoofing

Social engineering Tailgating

How can you increase the strength of your passwords? Check all that apply. Use a mix of capital and lowercase letters. Exclude dictionary words. Incorporate symbols and numbers. Use passwords from a precompiled list.

Use a mix of capital and lowercase letters. Exclude dictionary words. Incorporate symbols and numbers.

Which of these is an example of the integrity principle that can ensure your data is accurate and untampered with? Keeping a symmetric key secret Using MACs (Message Authentication Codes) Implementing flood guards Using Encapsulating Security Payload

Using MACs (Message Authentication Codes) Using Encapsulating Security Payload

What's the difference between a virus and a worm? Viruses replicate through files, but worms live on their own. Viruses do not replicate like worms do. Worms replicate, viruses do not. Worms replicate through files, but viruses live on their own.

Viruses replicate through files, but worms live on their own.

Which of the following are examples of injection attacks? Check all that apply. SQL injection attack Social engineering attack XSS attack SYN flood attack

SQL injection attack XSS attack

A hacker stood outside a building and spun up a wireless network without anyone's knowledge. At that point, the hacker was able to gain unauthorized access to a secure corporate network. Which of these is the name of this type of attack? A DNS Cache Poisoning attack A Denial-of-Service (DoS) attack A Rogue AP (Access Point) attack SYN flood attack

A Rogue AP (Access Point) attack

Which of these is a characteristic of Trojan malware? A Trojan may get installed without the user's consent. A Trojan is basically backdoor malware. A Trojan infection needs to be installed by the user. A Trojan is the same thing as a rootkit.

A Trojan infection needs to be installed by the user.

Which of these is where a victim connects to a network that the victim thinks is legitimate, but is really an identical network controlled by a hacker to monitor traffic? Evil Twin A logic bomb DNS Cache Poisoning A Denial of Service (DoS)

Evil Twin

If there are cyber threats and vulnerabilities to your system, what does that expose you to? Check all that apply. Tailgating Exploits Attacks The CIA triad

Exploits Attacks

What makes a DDoS attack different from a DoS attack? Check all that apply. A DoS attack has attack traffic coming from one source. A DDoS attack has attack traffic coming from one source. A DDoS attack has attack traffic coming from many different sources. A DoS attack has attack traffic coming from many different sources.

A DoS attack has attack traffic coming from one source. A DDoS attack has attack traffic coming from many different sources.

A hacker infected your computer to steal your Internet connection and used your machine's resources to mine Bitcoin. What is the name of this kind of attack? Ransomware Adware Spyware A bot

A bot

Which of these is true of vulnerabilities? Check all that apply. A vulnerability is a flaw in the code of an application that can be exploited. An exploit is the possibility of taking advantage of a vulnerability bug in code. A vulnerability is the possibility of suffering a loss in the event of an attack. An exploit takes advantage of bugs and vulnerabilities.

A vulnerability is a flaw in the code of an application that can be exploited. An exploit takes advantage of bugs and vulnerabilities.

Which of these are ways a hacker can establish a man-in-the-middle attack? Check all that apply. Evil Twin Tailgating Session hijacking Rogue Access Point (AP)

Evil Twin Session hijacking Rogue Access Point (AP)

Which of these is a way to help prevent brute-force attacks? Check all that apply. Strong passwords Password crackers Captchas Using a precompiled list of common passwords

Strong passwords Captchas


Conjuntos de estudio relacionados

pf insurance (Personal Finance 12)

View Set

World History: The Age of Revolution

View Set

Con 317 Midterm, CON 317 Final (quizzes only)

View Set

Sterile Compounding PE Section 4

View Set

BIOL 1610 Mitosis & Meiosis Quiz

View Set

Clinical Decision Making / Clinical Judgment PrepU

View Set

GASTROINTESSTINAL- DETECTION, ORGANISM PATHOGENICITY, SEROTYPING, DIRECT

View Set