ISDS 4070 Midterm Quiz Review Questions

Polymorphic Virus

Adam discovers a virus on his system that is using encryption to modify itself. The virus escapes detection by signature-based antivirus software. What type of virus has he discovered?

Confidentiality

Alison discovers that a system under her control has been infected with malware, which is using a key logger to report user keystrokes to a third party. What information security property is this malware attacking?

Evil Twin

Barry discovers that an attacker is running an access point in a building adjacent to his company. The access point is broadcasting the security set identifier (SSID) of an open network owned by the coffee shop in his lobby. Which type of attack is likely taking place?

SQL Injection

Bob is developing a web application that depends upon a database backend. What type of attack could a malicious individual use to send commands through his web application to the database?

Health Insurance Portability and Accountability Act (HIPAA)

Bob recently accepted a position as the information security and compliance manager for a medical practice. Which regulation is likely to most directly apply to Bob's employer?

Trojan Horse

Breanne's system was infected by malicious code after she installed an innocent-looking solitaire game that she downloaded from the Internet. What type of malware did she likely encounter?

False

Connectivity is one of the five critical challenges that the Internet of Things (IoT) has to overcome.

False

Cryptography is the process of transforming data from cleartext to ciphertext. True/ False

Typosquatting (URL Hijacking)

Florian recently purchased a set of domain names that are similar to those of legitimate websites and used the newly purchased sites to host malware. Which type of attack is Florian using?

Security risks will increase

From a security perspective, what should organizations expect will occur as they become more dependent upon the Internet of Things (IoT)?

Payment Card Industry Data Security Standard (PCI DSS)

Gwen's company is planning to accept credit cards over the Internet. Which one of the following governs this type of activity and includes provisions that Gwen should implement before accepting credit card transactions?

False

Hypertext Transfer Protocol (HTTP) encrypts data transfers between secure browsers and secure web pages. True/False

False. IP address - A 32-bit (IPv4) or 128-bit (IPv6) number that uniquely identifies a device, such as a computer, on a network. ADVERTISEMENT

IP addresses are eight-byte addresses that uniquely identify every device on the network.

Session Hijacking

In which type of attack does the attacker attempt to take over an existing connection between two systems?

96.67% = [29 days uptime/(29 days uptime + 1 day downtime)}

Juan's web server was down for an entire day last September. It experienced no other downtime during that month. Which one of the following represents the web server uptime for that month? A. 96.67% B. 3.33% C. 99.96% D. 0.04%

Captive Portal

Karen would like to use a wireless authentication technology similar to that found in hotels where users are redirected to a webpage when they connect to the network. What technology should she deploy?

Cross-site scripting

Larry recently viewed an auction listing on a website. As a result, his computer executed code that popped up a window that asked for his password. What type of attack has Larry likely encountered?

Opportunity Cost

Maria's company recently experienced a major system outage due to the failure of a critical component. During that time period, the company did not register any sales through its online site. Which type of loss did the company experience as a result of lost sales?

Application Proxying

Norm recently joined a new organization. He noticed that the firewall technology used by his new firm opens separate connections between the devices on both sides of the firewall. What type of technology is being used?

Bring Your Own Device (BYOD)

Ron is the IT director at a medium-sized company and is constantly bombarded by requests from users who want to select customized mobile devices. He decides to allow users to purchase their own devices. Which type of policy should Ron implement to include the requirements and security controls for this arrangement?

Spear Phishing

The CEO of Kelly's company recently fell victim to an attack. The attackers sent the CEO an email informing him that his company was being sued and he needed to view a subpoena at a court website. When visiting the website, malicious code was downloaded onto the CEO's computer. What type of attack took place?

Virtual LAN (VLAN)

Val would like to isolate several systems belonging to the product development group from other systems on the network, without adding new hardware. What technology can she use?

Whitelisting

Val would like to limit the websites that her users visit to those on an approved list of pre-cleared sites. What type of approach is Val advocating?

Content Filter

What is NOT a common endpoint for a virtual private network (VPN) connection used for remote network access A. Laptop B. Firewall C. Router D. Content Filter

Wireless network access

What is NOT a service commonly offered by unified threat Management (UTM) devices?

Data Import

What is NOT one of the four main purposes of an attack?

255

What is the maximum value for any octet in an IPv4 IP address?

Dynamic Host Configuration Protocol (DHCP)

What protocol is responsible for assigning IP addresses to hosts on most networks?

Flood Guard

What type of firewall security feature limits the volume of traffic from individual hosts?

Remote Access Tool (RAT)

What type of malicious software allows an attacker to remotely control a compromised computer?

Wide area network (WAN)

What type of network connects systems over the largest geographic area?

Honeypot

What type of system is intentionally exposed to attackers in an attempt to lure them out?

Wired Equivalent Privacy (WEP)

What wireless security technology contains significant flaws and should never be used?

Interoperability

Which Internet of Things (IoT) challenge involves the difficulty of developing and implementing protocols that allow devices to communicate in a standard fashion?

Applying security updates promptly

Which action is the best step to protect Internet of Things (IoT) devices from becoming the entry point for security vulnerabilities into a network while still meeting business requirements?

Password Protection

Which mitigation plan is most appropriate to limit the risk of unauthorized access to workstations? A. Password Protection B. Antivirus Software C. Deactivating USB Ports D. Vulnerability Scanning

Identification Number

Which one of the following is NOT a good technique for performing authentication of an end user? A. Password B. Biometric Scan C. Identification Number D. Token

Global adoption of non-IP networking

Which one of the following is NOT a market driver for the Internet of Things (IoT)?

E-commerce

Which one of the following is NOT an area of critical infrastructure where the Internet of Things (IoT) is likely to spur economic development in less developed countries?

Health Monitoring

Which one of the following is an example of a business-to-consumer (B2C) application of the Internet of Things (IoT)?

Espionage

Which one of the following is an example of a disclosure threat?

Mean time to repair (MTTR)

Which one of the following measures the average amount of time that it takes to repair a system, application, or component?

Birthday Attacks

Which password attack is typically used specifically against password files that contain cryptographic hashes?

Applying strong encryption

Which security control is most helpful in protecting against eavesdropping on wireless LAN (WLAN) data transmissions that would jeopardize confidentiality?

Deidentification

Which technology can be used to protect the privacy rights of individuals and simultaneously allow organizations to analyze data in aggregate?

Threat

Which term describes any action that could damage an asset?

Protocol Analyzer (Packet Sniffer or just Sniffer)

Which tool can capture the packets transmitted between systems over a network?

Zero-Day Attack

Which type of attack against a web application uses a newly discovered vulnerability that is not patchable?

Fabrication

Which type of attack involves the creation of some deception in order to trick unsuspecting users?

White-Hat Hacker

Yuri is a skilled computer security expert who attempts to break into the systems belonging to his clients. He has permission from the clients to perform this testing as part of a paid contract. What type of person is Yuri?