Chapter 11
Larry recently viewed an auction listing on a website. As a result, his computer executed code that popped up a window that asked for his password. What type of attack has Larry likely encountered? A. SQL injection B. Command injection C. XML injection D. Cross-site scripting (XSS)
D. Cross-site scripting (XSS): Injection Explanation: XSS attacks allow attackers to embed client-side scripts into webpages that users view. When a user views a webpage with a script, the web browser runs the attacking script. These scripts can be used to bypass access controls. XSS effects can pose substantial security risks, depending on how sensitive the data are on the vulnerable site.
What is NOT a common motivation for attackers? A. Money B. Fame C. Revenge D. Fear
D. Fear: What Motivates Attackers? Explanation: The four main motivations for attackers are money, fame, a desire to impose political beliefs on others, and revenge.
Val would like to limit the websites that her users visit to those on an approved list of pre-cleared sites. What type of approach is Val advocating? A. Blacklisting B. Context-based screening C. Packet filtering D. Whitelisting
D. Whitelisting: Staying Ahead of the Attackers Explanation: Whitelisting is maintaining a list of trusted sites. All messages and connection requests from sites not in the whitelist are ignored. Any site that you wish to use must be added to your whitelist before connections are allowed.
Which type of virus targets computer hardware and software startup functions? A. Hardware infector B. System infector C. File infector D. Data infector
B. System infector: Virus Explanation: There are three primary types of viruses. System infectors target computer hardware and software startup functions. File infectors attack and modify executable programs (such as COM, EXE, SYS, and DLL files in Microsoft Windows). Data infectors attack document files containing embedded macro programming capabilities.
What ISO security standard can help guide the creation of an organization's security policy? A. 12333 B. 17259 C. 27002 D. 42053
C. 27002: Implementing Effective Software Best Practices Explanation: Consider implementing an ISO/IEC 27002-compliant security policy. ISO/IEC 27002 is the most widely recognized security standard
Breanne's system was infected by malicious code after she installed an innocent-looking solitaire game that she downloaded from the Internet. What type of malware did she likely encounter? A. Virus B. Worm C. Trojan horse D. Logic bomb
C. Trojan horse: Trojan Horses Explanation: Trojans, or Trojan horse programs, are the largest class of malware. A Trojan is any program that masquerades as a useful program while hiding its malicious intent. The masquerading nature of a Trojan encourages users to download and run the program.
Adam discovers a virus on his system that is using encryption to modify itself. The virus escapes detection by signature-based antivirus software. What type of virus has he discovered? A. Polymorphic virus B. Stealth virus C. Cross-platform virus D. Multipartite virus
A. Polymorphic virus: Other Virus Classifications Explanation: Polymorphic viruses include a separate encryption engine that stores the virus body in encrypted format while duplicating the main body of the virus. The virus exposes only the decryption routine for possible detection. It embeds the control portion of the virus in the decryption routine, which seizes control of the target system and decrypts the main body of the virus so that it can execute.
What is NOT one of the four main purposes of an attack? A. Denial of availability B. Data import C. Data modification D. Launch point
B. Data import: The Purpose of an Attack Explanation: The four main purposes of an attack are denial of availability, data modification, data export, and as a launch point.
Gwen is investigating an attack. An intruder managed to take over the identity of a user who was legitimately logged in to Gwen's company's website by manipulating Hypertext Transfer Protocol (HTTP) headers. Which type of attack likely took place? A. Session hijacking B. XML injection C. Cross-site scripting D. SQL injection
A. Session hijacking: How Can Attackers Attack Web Applications? Explanation: Session hijacking is an attack in which the attacker intercepts network messages between a web server and a web browser. It extracts one or more pieces of data, most commonly a session ID, and uses that to communicate with the web server. The attacker pretends to be an authorized user by taking over the authorized user's session.
The CEO of Kelly's company recently fell victim to an attack. The attackers sent the CEO an email informing him that his company was being sued and he needed to view a subpoena at a court website. When visiting the website, malicious code was downloaded onto the CEO's computer. What type of attack took place? A. Spear phishing B. Pharming C. Adware D. Command injection
A. Spear phishing Explanation: This scenario is a classic example of a spear phishing attack, highly targeted at an individual and including information about the company.
What type of system is intentionally exposed to attackers in an attempt to lure them out? A. Honeypot B. Bastion host C. Web server D. Database server
A. Honeypot Explanation: Honeypots are sacrificial hosts and services deployed at the edges of a network to act as bait for potential hacking attacks. Typically, you configure these systems to appear real.
What tool might be used by an attacker during the reconnaissance phase of an attack to glean information about domain registrations? A. Whois B. Simple Network Management Protocol (SNMP) C. Ping D. Domain Name System (DNS)
A. Whois: DNS, ICMP, and Related Tools Explanation: Whois is a tool that provides information on domain registrations, including the registrar, name servers, and the name of the registering organization
What file type is least likely to be impacted by a file infector virus? A. .exe B. .docx C. .com D. .dll
B. .docx: File (Program) Infectors Explanation: The .docx file type is least likely to be impacted by a file infector virus. File infectors typically attack program files with .com or .exe file extensions.
What program, released in 2013, is an example of ransomware? A. BitLocker B. Crypt0L0cker C. FileVault D. CryptoVault
B. Crypt0L0cker: Ransomware Explanation: One of the first ransomware programs was Crypt0L0cker, which was released in 2013. With ransomware, the attacker generally alerts the users to the restrictions and demands a payment to restore full access. The demand for a payment, or ransom, gives this type of malware its name.
Yolanda would like to prevent attackers from using her network as a relay point for a smurf attack. What protocol should she block? A. Hypertext Transfer Protocol (HTTP) B. Transmission Control Protocol (TCP) C. Internet Control Message Protocol (ICMP) D. User Datagram Protocol (UDP)
C. Internet Control Message Protocol (ICMP): Smurf Attacks Explanation: In a smurf attack, attackers direct forged ICMP echo request packets to IP broadcast addresses from remote locations to generate denial of service (DoS) attacks.
Brian would like to conduct a port scan against his systems to determine how they look from an attacker's viewpoint. What tool can he use for this purpose? A. Ping B. Simple Network Management Protocol (SNMP) agent C. Nmap D. Remote Access Tool (RAT)
C. Nmap: Port-Scanning and Port-Mapping Tools
What type of malicious software allows an attacker to remotely control a compromised computer? A. Worm B. Polymorphic virus C. Remote Access Tool (RAT) D. Armored virus
C. Remote Access Tool (RAT): Maintaining Access Using a Remote Administration Tool Explanation: RAT is a Trojan that, when executed, enables an attacker to remotely control and maintain access to a compromised computer.
Bob is developing a web application that depends upon a database backend. What type of attack could a malicious individual use to send commands through his web application to the database? A. Cross-site scripting (XSS) B. XML injection C. SQL injection D. LDAP injection
C. SQL injection: Injection Explanation: An SQL code injection attacks applications that depend on data stored in databases. SQL statements are inserted into an input field and are executed by the application. SQL injection attacks allow attackers to disclose and modify data, violate data integrity, or even destroy data and manipulate the database server.
What is NOT a typical sign of virus activity on a system? A. Unexplained decrease in available disk space B. Unexpected error messages C. Unexpected power failures D. Sudden sluggishness of applications
C. Unexpected power failures: Evidence of Virus Code Activities Explanation: Unexpected power failures are normally a sign of some type of hardware problem and are not indicative of virus activity on a system.
Alison discovers that a system under her control has been infected with malware, which is using a keylogger to report user keystrokes to a third party. What information security property is this malware attacking? A. Integrity B. Availability C. Accounting D. Confidentiality
D. Confidentiality: Malicious Code and Activity Explanation: Malicious code attacks all three properties of information security. In this case, the keylogger is stealing information, which is a violation of confidentiality.