Chapter 3 Test Bank
Which one of the following is an example of a disclosure threat? A. Espionage B. Alteration C. Denial D. Destruction
A. Espionage Reference: Disclosure Threats Explanation: Espionage is an example of a disclosure threat. It is the act of spying to obtain secret information, typically to aid another nation state. Terrorists and enemy agents might well be involved in activities to obtain sensitive government information that they can use to perpetuate future attacks.
Maria's company recently experienced a major system outage due to the failure of a critical component. During that time period, the company did not register any sales through its online site. Which type of loss did the company experience as a result of lost sales? A. Replacement cost B. Opportunity cost C. Manpower cost D. Cost of good sold
B. Opportunity cost Reference: Service Availability and Productivity Explanation: Opportunity cost is the amount of money a company loses due to downtime. Downtime can be either intentional or unintentional, but either kind directly affects system availability.
Yuri is a skilled computer security expert who attempts to break into the systems belonging to his clients. He has permission from the clients to perform this testing as part of a paid contract. What type of person is Yuri? A. Cracker C. Black-hat hacker D. Grey-hat hacker
B. White-hat hacker Reference: Whom Are You Trying to Catch? Explanation: White-hat hackers are information security professionals who have authorization to identify vulnerabilities and perform penetration testing. The difference between white-hat hackers and black-hat hackers is that white-hat hackers will identify weaknesses for the purpose of fixing them, and black-hat hackers find weaknesses just for the fun of it or to exploit them.
Bob is using a port scanner to identify open ports on a server in his environment. He is scanning a web server that uses Hypertext Transfer Protocol (HTTP). Which port should Bob expect to be open to support this service? A. 21 B. 23 C. 80 D. 443
C. 80 Reference: Port Scanners Explanation: The unencrypted HTTP protocol uses port 80 to support web traffic. Encrypted web traffic uses the HTTPS protocol over port 443.
Which password attack is typically used specifically against password files that contain cryptographic hashes? A. Brute-force attacks B. Dictionary attacks C. Birthday attacks D. Social engineering attacks
C. Birthday attacks Reference: Birthday Attacks Explanation: While all of the attack types mentioned may be used against passwords, only the birthday attack specifically targets the cryptographic hashes stored in a system's password file.
Which type of attack involves the creation of some deception in order to trick unsuspecting users? A. Interception B. Interruption C. Fabrication D. Modification
C. Fabrication Reference: What Is a Malicious Attack? Explanation: The four general categories of attack are fabrications, interceptions, interruptions, and modifications. Fabrications involve the creation of some deception in order to trick unsuspecting users.
Which type of denial of service attack exploits the existence of software flaws to disrupt a service? A. SYN flood attack B. Smurf attack C. Logic attack D. Flooding attack
C. Logic attack Reference: Denial-of-Service Attacks Explanation: Logic attacks use software flaws to crash or seriously hinder the performance of remote servers. Flooding attacks, such as Smurf and SYN flood attacks, overwhelm the victim computer's CPU, memory, or network resources.
In which type of attack does the attacker attempt to take over an existing connection between two systems? A. Man-in-the-middle attack B. URL hijacking C. Session hijacking D. Typosquatting
C. Session hijacking Reference: Hijacking Explanation: In a session hijacking attack, the attacker attempts to take over an existing connection between two network computers.
Tony is working with a law enforcement agency to place a wiretap pursuant to a legitimate court order. The wiretap will monitor communications without making any modifications. What type of wiretap is Tony placing? A. Active wiretap B. Between-the-lines wiretap C. Piggyback-entry wiretap D. Passive wiretap
D. Passive wiretap Reference: Wiretapping Explanation: Wiretapping can be active, where the attacker makes modifications to the line, or it can be passive, where an unauthorized user simply listens to the transmission without changing the contents. Between-the-lines wiretaps and piggyback-entry wiretaps are examples of active wiretaps.
Which tool can capture the packets transmitted between systems over a network? A. Wardialer B. OS fingerprinter C. Port scanner D. Protocol analyzer
D. Protocol analyzer Reference: Attack tools Explanation: A protocol analyzer, or packet sniffer, is a software program that enables a computer to monitor and capture network traffic, whether on a LAN or a wireless network.
Users throughout Alison's organization have been receiving unwanted commercial messages over the organization's instant messaging program. What type of attack is taking place? A. Spam B. Phishing C. Social engineering D. Spim
D. Spim Reference: Spam and Spim Explanation: Spim attacks send unwanted commercial messages over instant messaging. There is no indication in the scenario that the messages are trying to trick users, which would place them into the categories of phishing and/or social engineering.
Which term describes an action that can damage or compromise an asset? A. Risk B. Vulnerability C. Countermeasure D. Threat
D. Threat Reference: What Are Risks, Threats, and Vulnerabilities? Explanation: A threat is any action that can damage or compromise an asset. Risk is the probability that something bad is going to happen. A vulnerability is a weakness, such as in the design of a system or in software code. A countermeasure is an action or control that detects vulnerabilities, prevents attacks, and responds to the effects of successful attacks.
Brian notices an attack taking place on his network. When he digs deeper, he realizes that the attacker has a physical presence on the local network and is forging Media Access Control (MAC) addresses. Which type of attack is most likely taking place? A. Address Resolution Protocol (ARP) poisoning B. Internet Protocol (IP) spoofing C. URL hijacking D. Christmas attack
A. Address Resolution Protocol (ARP) poisoning Reference: IP Address Spoofing Explanation: ARP poisoning is an example of a spoofing attack. In this attack, the attacker spoofs the MAC address of a targeted device, such as a server, by sending false ARP resolution responses with a different MAC address. This causes duplicate network traffic to be sent from the server.