Chapter 3

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Wardialers are becoming more frequently used given the rise of Voice over IP (VoIP). A. True B. False

B. False

An alteration threat violates information integrity. A. True B. False

A. True

Brian notices an attack taking place on his network. When he digs deeper, he realizes that the attacker has a physical presence on the local network and is forging Media Access Control (MAC) addresses. Which type of attack is most likely taking place? A. Address Resolution Protocol (ARP) poisoning B. Internet Protocol (IP) spoofing C. URL hijacking D. Christmas attack

A. Address Resolution Protocol (ARP) poisoning

Which control is not designed to combat malware? A. Firewalls B. Antivirus software C. Awareness and education efforts D. Quarantine computers

A. Firewalls

A dictionary password attack is a type of attack in which one person, program, or computer disguises itself as another person, program, or computer to gain access to some resource. A. True B. False

B. False

A phishing attack "poisons" a domain name on a domain name server. A. True B. False

B. False

Which tool can capture the packets transmitted between systems over a network? A. Wardialer B. OS fingerprinter C. Port scanner D. Protocol analyzer

D. Protocol analyzer A protocol analyzer, or packet sniffer, is a software program that enables a computer to monitor and capture network traffic, whether on a LAN or a wireless network.

Users throughout Alison's organization have been receiving unwanted commercial messages over the organization's instant messaging program. What type of attack is taking place? A. Spam B. Phishing C. Social engineering D. Spim

D. Spim Spim attacks send unwanted commercial messages over instant messaging. There is no indication in the scenario that the messages are trying to trick users, which would place them into the categories of phishing and/or social engineering.

Which term describes an action that can damage or compromise an asset? A. Risk B. Vulnerability C. Countermeasure D. Threat

D. Threat A threat is any action that can damage or compromise an asset. Risk is the probability that something bad is going to happen. A vulnerability is a weakness, such as in the design of a system or in software code. A countermeasure is an action or control that detects vulnerabilities, prevents attacks, and responds to the effects of successful attacks.

A phishing email is a fake or bogus email intended to trick the recipient into clicking on an embedded URL link or opening an email attachment. A. True B. False

A. True

Failing to prevent an attack all but invites an attack. A. True B. False

A. True

Rootkits are malicious software programs designed to be hidden from normal methods of detection. A. True B. False

A. True

Spyware gathers information about a user through an Internet connection, without his or her knowledge. A. True B. False

A. True

Which one of the following is an example of a disclosure threat? A. Espionage B. Alteration C. Denial D. Destruction

A. Espionage Espionage is an example of a disclosure threat. It is the act of spying to obtain secret information, typically to aid another nation state. Terrorists and enemy agents might well be involved in activities to obtain sensitive government information that they can use to perpetuate future attacks.

Barry discovers that an attacker is running an access point in a building adjacent to his company. The access point is broadcasting the security set identifier (SSID) of an open network owned by the coffee shop in his lobby. Which type of attack is likely taking place? A. Evil twin B. Wardriving C. Bluesnarfing D. Replay attack

A. Evil twin

Which group is the most likely target of a social engineering attack? A. Receptionists and administrative assistants B. Information security response team C. Internal auditors D. Independent contractors

A. Receptionists and administrative assistants

A DoS attack is a coordinated attempt to deny service by occupying a computer to perform large amounts of unnecessary tasks. A. True B. False

A. True

A birthday attack is a type of cryptographic attack that is used to make brute-force attack of one-way hashes easier. A. True B. False

A. True

A man-in-the-middle attack takes advantage of the multihop process used by many types of networks. A. True B. False

A. True

Using a secure logon and authentication process is one of the six steps used to prevent malware. A. True B. False

A. True

When servers need operating system upgrades or patches, administrators take them offline intentionally so they can perform the necessary work without risking malicious attacks. A. True B. False

A. True

A rootkit uses a directed broadcast to create a flood of network traffic for the victim computer. A. True B. False

B. False

An attacker uses exploit software when wardialing. A. True B. False

B. False

Denial of service (DoS) attacks are larger in scope than distributed denial of service (DDoS) attacks. A. True B. False

B. False

Spam is some act intended to deceive or trick the receiver, normally in email messages. A. True B. False

B. False

The anti-malware utility is one of the most popular backdoor tools in use today. A. True B. False

B. False

The main difference between a virus and a worm is that a virus does not need a host program to infect. A. True B. False

B. False

Vishing is a type of wireless network attack. A. True B. False

B. False

Maria's company recently experienced a major system outage due to the failure of a critical component. During that time period, the company did not register any sales through its online site. Which type of loss did the company experience as a result of lost sales? A. Replacement cost B. Opportunity cost C. Manpower cost D. Cost of good sold

B. Opportunity cost

An attacker attempting to break into a facility pulls the fire alarm to distract the security guard manning an entry point. Which type of social engineering attack is the attacker using? A. Vishing B. Urgency C. Whaling D. Authority

B. Urgency

Yuri is a skilled computer security expert who attempts to break into the systems belonging to his clients. He has permission from the clients to perform this testing as part of a paid contract. What type of person is Yuri? A. Cracker B. White-hat hacker C. Black-hat hacker D. Grey-hat hacker

B. White-hat hacker White-hat hackers are information security professionals who have authorization to identify vulnerabilities and perform penetration testing. The difference between white-hat hackers and black-hat hackers is that white-hat hackers will identify weaknesses for the purpose of fixing them, and black-hat hackers find weaknesses just for the fun of it or to exploit them.

. Bob is using a port scanner to identify open ports on a server in his environment. He is scanning a web server that uses Hypertext Transfer Protocol (HTTP). Which port should Bob expect to be open to support this service? A. 21 B. 23 C. 80 D. 443

C. 80 The unencrypted HTTP protocol uses port 80 to support web traffic. Encrypted web traffic uses the HTTPS protocol over port 443.

Which password attack is typically used specifically against password files that contain cryptographic hashes? A. Brute-force attacks B. Dictionary attacks C. Birthday attacks D. Social engineering attacks

C. Birthday attacks

Which type of attack involves the creation of some deception in order to trick unsuspecting users? A. Interception B. Interruption C. Fabrication D. Modification

C. Fabrication

Which type of denial of service attack exploits the existence of software flaws to disrupt a service? A. SYN flood attack B. Smurf attack C. Logic attack D. Flooding attack

C. Logic attack Logic attacks use software flaws to crash or seriously hinder the performance of remote servers. Flooding attacks, such as Smurf and SYN flood attacks, overwhelm the victim computer's CPU, memory, or network resources.

In which type of attack does the attacker attempt to take over an existing connection between two systems? A. Man-in-the-middle attack B. URL hijacking C. Session hijacking D. Typosquatting

C. Session hijacking

What type of malicious software masquerades as legitimate software to entice the user to run it? A. Virus B. Worm C. Trojan horse D. Rootkit

C. Trojan horse

Tony is working with a law enforcement agency to place a wiretap pursuant to a legitimate court order. The wiretap will monitor communications without making any modifications. What type of wiretap is Tony placing? A. Active wiretap B. Between-the-lines wiretap C. Piggyback-entry wiretap D. Passive wiretap

D. Passive wiretap Wiretapping can be active, where the attacker makes modifications to the line, or it can be passive, where an unauthorized user simply listens to the transmission without changing the contents. Between-the-lines wiretaps and piggyback-entry wiretaps are examples of active wiretaps

Florian recently purchased a set of domain names that are similar to those of legitimate websites and used the newly purchased sites to host malware. Which type of attack is Florian using? A. Cross-site scripting B. Session hijacking C. SQL injection D. Typosquatting

D. Typosquatting

Which type of attack against a web application uses a newly discovered vulnerability that is not patchable? A. SQL injection B. Cross-site scripting C. Cross-site request forgery D. Zero-day attack

D. Zero-day attack


Ensembles d'études connexes

How to Read Literature Like a Professor

View Set

World Geography- Chapter 20 Test

View Set

الحضارة وحاضر العالم الإسلامي

View Set

Leadership Theory and Practice, Chapters 9 & 10

View Set

GOVERNMENT: Commonly missed questions on the OST

View Set

PEARSON's CompTIA A+ Core 2 (220-1102) Exam Cram chapters 30-36

View Set

Econ: Business Cycle, Monetary Policy, and Fiscal Policy

View Set