Chapter 9 Review Questions
Which type of attack denies authorized users access to network resources? A. DoS B. Worm C. Logic bomb D. Social engineering
A. A DoS attack is intended to prevent access to network resources by overwhelming or flooding a service or network.
Your system has just stopped responding to keyboard commands. You noticed that this occurred when a spreadsheet was open and you connected to the Internet. Which kind of attack has probably occurred? A. Logic bomb B. Worm C. Virus D. ACK attack
A. A logic bomb notifies an attacker when a certain set of circumstances has occurred. This may in turn trigger an attack on your system.
An administrator at a sister company calls to report a new threat that is making the rounds. According to him, the latest danger is an attack that attempts to intervene in a communications session by inserting a computer between the two systems that are communicating. Which of the following types of attacks does this constitute? A. Man-in-the-middle attack B. Backdoor attack C. Worm D. TCP/IP hijacking
A. A man-in-the-middle attack attempts to fool both ends of a communications session into believing that the system in the middle is the other end.
You're explaining the basics of security to upper management in an attempt to obtain an increase in the networking budget. One of the members of the management team mentions that they've heard of a threat from a virus that attempts to mask itself by hiding code from antivirus software. What type of virus is she referring to? A. Armored virus B. Malevolent virus C. Worm D. Stealth virus
A. An armored virus is designed to hide the signature of the virus behind code that confuses the antivirus software or blocks it from detecting the virus.
An attacker has placed an opaque layer over the Request A Catalog button on your web page. This layer tricks visitors into going to a form on a different website and giving their contact information to another party when their intention was to give it to you. What type of attack is this known as? A. Clickjacking B. Man-in-the-middle C. XSRF D. Zero-day
A. Clickjacking involves an attacker using multiple transparent or opaque layers to trick a user into clicking a button or link on another page when they were intending to click the top-level page.
Karl from Accounting is in a panic. He is convinced that he has identified malware on the servers—a type of man-in-the-middle attack in which a Trojan horse manipulates calls between the browser and yet still displays back the user's intended transaction. What type of attack could he have stumbled on? A. Man-in-the-browser B. Man-in-the-castle C. Man-in-the-code D. Man-in-the-business
A. Man-in-the-browser is a type of man-in-the-middle attack in which a Trojan horse manipulates calls between the browser and its security mechanisms yet still displaying back the user's intended transaction.
As the security administrator for your organization, you must be aware of all types of attacks that can occur and plan for them. Which type of attack uses more than one computer to attack the victim? A. DoS B. DDoS C. Worm D. UDP attack
B. A DDoS attack uses multiple computer systems to attack a server or host in the network.
What kind of virus could attach itself to the boot sector of your disk to avoid detection and report false information about file sizes? A. Trojan horse virus B. Stealth virus C. Worm D. Polymorphic virus
B. A stealth virus reports false information to hide itself from antivirus software. Stealth viruses often attach themselves to the boot sector of an operating system.
Pass-the-hash attacks take advantage of a weak encryption routine associated with which protocols? A. NetBEUI and NetBIOS B. NTLM and LanMan C. Telnet and TFTP D. Chargen and DNS
B. Pass-the-hash attacks take advantage of a weak encryption routine associated with NTLM and LanMan protocols.
The command monlist can be used with which protocol as part of an amplification attack? A. SMTP B. NTP C. SNMP D. ICMP
B. The command monlist can be used with an NTP amplification attack to send details of the last 600 people who requested network time.
You've discovered that an expired certificate is being used repeatedly to gain logon privileges. Which type of attack is this most likely to be? A. Man-in-the-middle attack B. Backdoor attack C. Replay attack D. TCP/IP hijacking
C. A replay attack attempts to replay the results of a previously successful session to gain access.
An alert signals you that a server in your network has a program running on it that bypasses authorization. Which type of attack has occurred? A. DoS B. DDoS C. Backdoor D. Social engineering
C. In a backdoor attack, a program or service is placed on a server to bypass normal security procedures.
The new head of software engineering has demanded that all code be tested to identify the design flow and then modified, as needed, to clean up routines without changing the code's visible behavior. What is this process known as? A. Straightening B. Sanitizing C. Refactoring D. Uncluttering
C. Refactoring involves testing to identify the design flow and then modifying, as needed, to clean up routines without changing the code's visible behavior.
What term describes when the item used to validate a user's session, such as a cookie, is stolen and used by another to establish a session with a host that thinks it is still communicating with the first party? A. Patch infiltration B. XML injection C. Session hijacking D. DTB exploitation
C. Session hijacking occurs when the item used to validate a user's session, such as a cookie, is stolen and used by another to establish a session with a host that thinks it is still communicating with the first party.
With which of the following is the DNS server given information about a name server that it thinks is legitimate when it isn't? A. DNS tagging B. DNS kiting C. DNS poisoning D. DNS foxing
C. With DNS poisoning, also known as DNS spoofing, the DNS server is given information about a name server that it thinks is legitimate when it isn't.
Which of the following is a small library that is created to intercept API calls transparently? A. Chock B. Wedge C. Refactor D. Shim
D. A shim is a small library that is created to intercept API calls transparently.
What is it known as when an attacker manipulates the database code to take advantage of a weakness in it? A. SQL tearing B. SQL manipulation C. SQL cracking D. SQL injection
D. SQL injection occurs when an attacker manipulates the database code to take advantage of a weakness in it.
It has been brought to your attention that a would-be attacker in Indiana has been buying up domains based on common misspellings of your company's name with the sole intent of creating websites that resemble yours and prey on those who mistakenly stumble onto these pages. What type of attack is this known as? A. Watering hole B. Poisoned well C. Faulty tower D. Typo squatting
D. Typo squatting involves creating domains that are based on the misspelling of another.
When a hole is found in a web browser or other software, and attackers begin exploiting it before the developer can respond, what type of attack is it known as? A. Polymorphic B. Xmas C. Malicious insider D. Zero-day
D. When a hole is found in a web browser or other software, and attackers begin exploiting it the very day it is discovered by the developer (bypassing the one-to-two-day response time that many software providers need to put out a patch once the hole has been found), it is known as a zero-day attack.
Which of the following involves unauthorized commands coming from a trusted user to the website? A. ZDT B. HSM C. TT3 D. XSRF
D. XSRF involves unauthorized commands coming from a trusted user to the website. This is often done without the user's knowledge, and it employs some type of social networking to pull it off.