Cyber Security Midterm

Vulnurability

A means by which a threat agent can cause harm

Threat

A potential to do harm

Control

A protective measure that prevents a threat agent from exercising a vulnerability

You are reviewing security controls and their usefulness. You notice that account lockout policies are in place. Which of the following attacks will these policies thwart? (choose two) a. DNS poisoning b. Replay c. Buffer overflow d. Brute force e. Dictionary

Brute Force & Dictionary

The term Trojan Horse comes from

Ancient Greek Times

What part of CIA does DoS/DDoS affect?

Availability

_______ ensures authorized users — persons or computer systems — can access (or use) information without interference or obstruction, and in the required format.

Availability

List two network attacks of each category. 1. Interruption 2. Modification 3. Interception

1. DoS & DDoS 2. DNS poisoning & IP spoofing 3. Session hijacking & SSL hijacking

What percentage of Social Engineering attacks are from human error?

95%

TCP/IP is a set of protocols that operates at both the Network and Transport layers of the OSI Reference Model. (T/F)

True

The investigation phase of the Security Systems Development Life cycle (SecSDLC) begins with a directive from upper management. (T/F)

True

The term "router" describes a device that connects two or more networks and selectively interchanges packets of data between them. (T/F)

True

Which group is the most likely target of a social engineering attack? a. Receptionists and administrative assistants b. Information security response team c. Internal auditors d. Independent contractors

a. Receptionists and administrative assistants

Unlike viruses, worms do NOT require a host program in order to survive and replicate.

True

What Social Engineering attack involves a phone call?

Vishing

Ransomware demands a person to give what to get back their computer?

Money

3 Ways of Control

Procedural, Technical, Educational

The CEO of Kelly's company recently fell victim to an attack. The attackers sent the CEO an email informing him that his company was being sued and he needed to view a subpoena at a court website. When visiting the website, malicious code was downloaded onto the CEO's computer. What type of attack took place? a. Spear phishing b. Pharming c. Adware d. Command injection

a. Spear phishing

In the TCP three-way handshake, what should system A send to system B in step 3? a. ACK b. SYN c. FIN d. RST

a. ACK

You are troubleshooting an intermittent connectivity issue with a web server. After examining the logs, you identify repeated connection attempts from various IP addresses. You realize theses connection attempts are overloading the server, preventing it from responding to other connections. Which of the following is MOST likely occurring? a. DDoS attack b. DoS attack c. Amplificationattack d. IP spoofing attack

a. DDoS attack

Within the context of information security, __________ is the process of using interpersonal skills to convince people to reveal access credentials or other valuable information to the attacker.

Social Engineering

What company took massive damage from Ransomware?

Sony

__________ is a technique used to gain unauthorized access to computers, wherein the intruder sends messages to a computer that has an IP address that indicates that the messages are coming from a trusted host and not the actual source computer.

Spoofing

What is the purpose of a web-based cookie?

Store information in website/servers

What movie sparked conflict between Sony and North Korea?

The Interview

Compare TCP/IP model with OSI model.

The TCP/IP model has 4 layers, is protocol dependent and shows the specific protocols that the internet has developed around. The OSI model has 7 layers, is protocol independent and is a general reference model developed by ISO.

Which term describes an action that can damage or compromise an asset?

Threat

_______ is initiated by upper management with issue policy, procedures, and processes.

Top-Down Approach

A user complains that his system is no longer able to access the Walmart.com site. Instead, his browser goes to a different site. After investigation, you notice the following entries in the user's hosts file: 127.0.0.1 localhost 72.23.231.233 walmart.com What is the BEST explanation for this situation? a. Pharming attack b. Whaling attack c. Session hijacking d. Phishing attack

a. Pharming attack

A phishing email is a fake or bogus email intended to trick the recipient into clicking on an embedded URL link or opening an email attachment.

True

What in the CIA triangle is hurt by Session Hijacking?

Confidentiality

What is NOT a good way to prevent a Man-in-the-Middle attack?

Connect to a hotspot with no password.

A successful denial of service (DoS) attack may create so much network congestion that authorized users cannot access network resources. (T/F)

True

Attacks against confidentiality and privacy, data integrity, and availability of services are always malicious code can threaten businesses.

True

What IP spoofing did Kevin Mitnick use?

DoS

A phishing attack "poisons" a domain name on a domain name server.

False

A worm is a self-contained program that has to trick users into running it. (T/F)

False

DoS uses a botnet of computers (T/F)

False

Hypertext Transfer Protocol (HTTP) encrypts data transfers between secure browsers and secure web pages. (T/F)

False

IP addresses are eight-byte addresses that uniquely identify every device on the network. (T/F)

False

The Transport Layer of the OSI Reference Model creates, maintains, and disconnects communications that take place between processes over the network. (T/F)

False

The main difference between a virus and a worm is that a virus does not need a host program to infect.

False

Threats are always malicious

False

Threats are always targeted

False

Hypertext Transfer Protocol (HTTP) is the communications protocol between web browsers and websites with data in clear text. (T/F)

True

Confidentiality ensures that only those with the rights and privileges to modify information are able to do so. (T/F)

False, Integrity

Which list presents the layers of the OSI model in the correct order? a. Presentation, Application, Session, Transport, Network, Data Link, Physical b. Application, Presentation, Session, Transport, Network, Data Link, Physical c. Presentation, Application, Session, Transport, Data Link, Network, Physical d. Application, Presentation, Session, Network, Transport, Data Link, Physical

b. Application, Presentation, Session, Transport, Network, Data Link, Physical

During troubleshooting, Chris uses the nslookup command to check the IP address of a host he is attempting to connect to. The IP he sees in the response is not the IP that should resolve when the lookup is done. What type of attack has likely been conducted? a. ARP spoofing b. DNS cache poisoning c. Eavesdropping d. SSL hijacking

b. DNS cache poisoning

A(n) ____ is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time. a. Denial-of-service b. Distributed denial-of-service c. Virus d. Spam

b. Distributed denial-of-service

Terry is troubleshooting a network that is experiencing high traffic congestion issues. Which device, if present on the network, should be replaced to alleviate these issues? a. Firewall b. Hub c. Switch d. Router

b. Hub

Of the following malware types, which one is MOST likely to monitor a user's computer? a. Trojan b. Spyware c. Ransomwares d. Adware

b. Spyware

Which is NOT a step in the 3-Way Handshake a. ACK b. SYN c. ACK/Reset d. SYN/ACK

c. ACK/Reset

Which important protocol is responsible for providing human-readable addresses instead of numerical IP addresses? a. TCP b. IP c. DNS d. ARP

c. DNS

An attack that causes a service to fail by exhausting all of a system's resources is what type of attack? a. Worms b. Viruses c. Denial of service attack d. Trojan horses

c. Denial of service attack

A network administrator is attempting to identify all traffic on an internal network. Which of the following tools in the BEST choice? a. Black box test b. Penetration test c. Protocol analyzer d. Baseline review

c. Protocol analyzer

After Tom turned on his computer, he saw a message indicating that unless he made a payment, his hard drive would be formatted. What does this indicate? a. Armored virus b. Backdoor c. Ransomwares d. Trojan

c. Ransomwares

In which type of attack does the attacker attempt to get users' encrypted data by failing the certificate validation process? a. DDoS attack b. Sniffing c. SSL hijacking d. IP spoofing attack

c. SSL hijacking

In which type of attack does the attacker attempt to take over an existing connection between two systems? a. Man-in-the-middle attack b. URL hijacking c. Session hijacking d. Typosquatting

c. Session hijacking

Users in your organization have reported receiving a similar email from the same sender. The email included a link, but after recent training on emerging threats, all the users chose not to click the link. Security investigators determined the link was malicious and was designed to download ransomeware. Which of the following BEST describes the email? a. Phishing b. Spam c. Spear phishing d. Vishing

c. Spear phishing

What type of malicious software masquerades as legitimate software to entice the user to run it? a. Virus b. Worm c. Trojan horse d. Rootkit

c. Trojan Horse

What vulnerabilities do Man-in-the-Middle attacks exploit? a. Confidentiality b. Integrity c. Personal Information d. All of the above

d. All of the above

Which of the following functions does information security perform for an organization? a. Protects the organization's ability to function. b. Enables the safe operation of applications implemented on the organization's IT systems. c. Protects the data the organization collects and uses. d. All of the above.

d. All of the above

HTTP, DNS, and SSL all occur at what layer of the TCP/IP model? a. Layer 1 b. Layer 2 c. Layer 3 d. Layer 4

d. Layer 4

In the well-known ____ attack, an attacker monitors (or sniffs) packets from the network, modifies them, and inserts them back into the network. a. Zombie-in-the-middle b. Sniff-in-the-middle c. Server-in-the-middle d. Man-in-the-middle

d. Man-in-the-middle

Which of the following describes the TCP/IP Model a. Developed by ISO (International organization for standardization) b. 7 layers c. Has presentation layer d. Protocol dependent

d. Protocol dependent

What type of network device normally connects directly to endpoints and uses MAC-based filtering to limit traffic flows? a. Router b. Hub c. Access point d. Switch

d. Switch

During a forensic investigation, Charles is able to determine the Media Access Control address of a system that was connected to a compromised network. Charles knows that MAC addresses are tied back to a manufacturer or vendor and are part of the fingerprint of the system. To which OSI layer does a MAC address belong? a. The application layer b. The session layer c. The physical layer d. The data link layer

d. The data link layer