Fundamental Information Security Chapter 11: Malicious Code and Activity

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

What file type is least likely to be impacted by a file infector virus? .exe .docx .com .dll

.docx

Spyware does NOT use cookies. True False

False

Backdoor programs are typically more dangerous than computer viruses. True False

True

The function of homepage hijacking is to change a browser's homepage to point to the attacker's site. True False

True

The term "web defacement" refers to someone gaining unauthorized access to a web server and altering the index page of a site on the server. True False

True

Unlike viruses, worms do NOT require a host program in order to survive and replicate. True False

True

What is NOT a typical sign of virus activity on a system? Unexplained decrease in available disk space Unexpected error messages Unexpected power failures Sudden sluggishness of applications

Unexpected power failures

What is NOT one of the four main purposes of an attack? Denial of availability Data import Data modification Launch point

Data import

Alison discovers that a system under her control has been infected with malware, which is using a key logger to report user keystrokes to a third party. What information security property is this malware attacking? Integrity Availability Accounting Confidentiality

Confidentiality

Larry recently viewed an auction listing on a website. As a result, his computer executed code that popped up a window that asked for his password. What type of attack has Larry likely encountered? SQL injection Command injection XML injection Cross-site scripting (XSS)

Cross-site scripting (XSS)

What program, released in 2013, is an example of ransomware? BitLocker Crypt0L0cker FileVault CryptoVault

Crypt0L0cker

A worm is a self-contained program that has to trick users into running it. True False

False

Retro viruses counter the ability of antivirus programs to detect changes in infected files. True False

False

System infectors are viruses that attack document files containing embedded macro programming capabilities. True False

False

The four primary types of malicious code attacks are unplanned attacks, planned attacks, direct attacks, and indirect attacks. True False

False

Trojans are self-contained programs designed to propagate from one host machine to another using the host's own network communications protocols. True False

False

What is NOT a common motivation for attackers? Answers: Money Fame Revenge Fear

Fear

What type of system is intentionally exposed to attackers in an attempt to lure them out? Honeypot Bastion host Web server Database server

Honeypot

Bob is developing a web application that depends upon a database backend. What type of attack could a malicious individual use to send commands through his web application to the database? Cross-site scripting (XSS) XML injection SQL injection LDAP injection

SQL injection

It is common for rootkits to modify parts of the operating system to conceal traces of their presence. True False

True

Yolanda would like to prevent attackers from using her network as a relay point for a smurf attack. What protocol should she block? Hypertext Transfer Protocol (HTTP) Transmission Control Protocol (TCP) Internet Control Message Protocol (ICMP) User Datagram Protocol (UDP)

Internet Control Message Protocol (ICMP)

Brian would like to conduct a port scan against his systems to determine how they look from an attacker's viewpoint. What tool can he use for this purpose? Ping Simple Network Management Protocol (SNMP) agent Nmap Remote Access Tool (RAT)

Nmap

Adam discovers a virus on his system that is using encryption to modify itself. The virus escapes detection by signature-based antivirus software. What type of virus has he discovered? Answers: Polymorphic virus Stealth virus Cross-platform virus Multipartite virus

Polymorphic virus

What type of malicious software allows an attacker to remotely control a compromised computer? Worm Polymorphic virus Remote Access Tool (RAT) Armored virus

Remote Access Tool (RAT)

Gwen is investigating an attack. An intruder managed to take over the identity of a user who was legitimately logged into Gwen's company's website by manipulating Hypertext Transfer Protocol (HTTP) headers. Which type of attack likely took place? Session hijacking XML injection Cross-site scripting SQL injection

Session hijacking

The CEO of Kelly's company recently fell victim to an attack. The attackers sent the CEO an email informing him that his company was being sued and he needed to view a subpoena at a court website. When visiting the website, malicious code was downloaded onto the CEO's computer. What type of attack took place? Spear phishing Pharming Adware Command injection

Spear phishing

Which type of virus targets computer hardware and software startup functions? Hardware infector System infector File infector Data infector

System infector

Breanne's system was infected by malicious code after she installed an innocent-looking solitaire game that she downloaded from the Internet. What type of malware did she likely encounter? Virus Worm Trojan horse Logic bomb

Trojan horse

A computer virus is an executable program that attaches to, or infects, other executable programs. True False

True

A successful denial of service (DoS) attack may create so much network congestion that authorized users cannot access network resources. True False

True

An electronic mail bomb is a form of malicious macro attack that typically involves an email attachment that contains macros designed to inflict maximum damage. True False

True

Attacks against confidentiality and privacy, data integrity, and availability of services are all ways malicious code can threaten businesses. True False

True

Because people inside an organization generally have more detailed knowledge of the IT infrastructure than outsiders do, they can place logic bombs more easily. True False

True

Defense in depth is the practice of layering defenses to increase overall security and provide more reaction time to respond to incidents. True False

True

What ISO security standard can help guide the creation of an organization's security policy? 12333 17259 27002 42053

27002

Val would like to limit the websites that her users visit to those on an approved list of pre-cleared sites. What type of approach is Val advocating? Blacklisting Context-based screening Packet filtering Whitelisting

Whitelisting

What tool might be used by an attacker during the reconnaissance phase of an attack to glean information about domain registrations? Whois Simple Network Management Protocol (SNMP) Ping Domain Name System (DN

Whois


Kaugnay na mga set ng pag-aaral

Chapter 13-14 Test - AP American Gov

View Set

Starting out with Python Chapter 2 checkpoints

View Set

Business Statistics Ch 1 (Week 1)

View Set

6246 Ch.10 Sample readiness questions

View Set

AP Computer Science Principles Programming (Khan Academy)

View Set

Chapter 7: Interest rates and Bond Valuation

View Set