CSCI 304 CH 9-10
12. What are the four phases in the social engineering attack cycle?
1) Research. 2) Building trust. 3) Exploit. 4) Exit.
6. Which of these attacks is a form of Wi-Fi DoS attack? a. Rogue DHCP server b. FTP bounce c. Deauthentication attack d. Amplified DRDoS attack
: c. Deauthentication attack
11. What is the difference between a vulnerability and an exploit?
A weakness of a system, process, or architecture that could lead to compromised information or unauthorized access is known as a vulnerability. The act of taking advantage of a vulnerability is known as an exploit.
17. What characteristic of ARP makes it particularly vulnerable to being used in a DoS attack?
ARP performs no authentication
20. Why might organizations be willing to take on the risk of BYOD?
BYOD practices can be cheaper for organizations to implement and tend to improve efficiency and morale for employees and students.
13. List five subtypes of DoS attacks.
Distributed DoS, distributed reflection DoS, amplified DRDoS, permanent DoS, and friendly DoS
14. What type of scanning might identify that Telnet is running on a server?
Port scanning
19. Which form of SHA was developed by private designers?
SHA-3
18. A neighbor hacks into your secured wireless network on a regular basis, but you didn't give him the password. What loophole was most likely left open?
The default password was not changed.
16. What unique characteristic of zero-day exploits make them so dangerous?
The vulnerability is exploited before the software developer has the opportunity to provide a solution for it or before the user applies the published solution.
3. A company accidentally sends a newsletter with a mistyped website address. The address points to a website that has been spoofed by hackers in order to collect information from people who make the same typo. What kind of attack is this? a. Phishing b. Baiting c. Quid pro quo d. Tailgating
a. Phishing
4. A former employee discovers six months after he starts work at a new company that his account credentials still give him access to his old company's servers. He demonstrates his access to several friends to brag about his cleverness and talk badly about the company. What kind of attack is this? a. Principle of least privilege b. Insider threat c. Vulnerability d. Denial of service
b. Insider threat
7. Leading up to the year 2000, many people expected computer systems the world over to fail when clocks turned the date to January 1, 2000. What type of threat was this? a. Ransomware b. Logic bomb c. Virus d. Worm
b. Logic bomb
10. A company wants to have its employees sign a document that details some project-related information that should not be discussed outside the project's team members. What type of document should they use? a. AUP b. NDA c. MDM d. BYOD
b. NDA
9. Which of the following is considered a secure protocol? a. FTP b. SSH c. Telnet d. HTTP
b. SSH
Which type of DoS attack orchestrates an attack using uninfected computers? a. DDoS (Distributed DoS) attack b. Spoofing attack c. DRDoS (Distributed Reflection DoS) attack d. PDoS (Permanent DoS) attack
c. DRDoS (Distributed Reflection DoS) attack
5. A spoofed DNS record spreads to other DNS servers. What is this attack called? a. ARP poisoning b. DHCP snooping c. MitM attack d. DNS poisoning
d. DNS poisoning
8. What kind of attack simulation detects vulnerabilities and attempts to exploit them? a. Red team-blue team exercise b. Vulnerability scanning c. Security audit d. Penetration testing
d. Penetration testing
1. Your organization has just approved a special budget for a network security upgrade. What procedure should you conduct in order to make recommendations for the upgrade priorities? a. Data breach b. Security audit c. Exploitation d. Posture assessment
d. Posture assessment
15. Give an example of biometric detection.
iris color patterns, hand geometry, facial recognition, or fingerprints