Chapter 3 Quiz

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

True or False? A social engineering consensus tactic relies on the position that "everyone else has been doing it" as proof that it is okay or acceptable to do.

true

True or False? An alteration threat violates information integrity.

true

Which attack is typically used specifically against password files that contain cryptographic hashes?

birthday

True or False? A dictionary password attack is a type of attack in which one person, program, or computer disguises itself as another person, program, or computer to gain access to some resource.

false

True or False? A smishing attack is a type of phishing attack involving voice communication.

false

Which type of attack involves eavesdropping on transmissions and redirecting them for unauthorized use?

interception

Which type of attack involves capturing data packets from a network and retransmitting them to produce an unauthorized effect? The receipt of duplicate, authenticated Internet Protocol (IP) packets may disrupt service or produce another undesired consequence.

replay

Which term describes an action that can damage or compromise an asset?

threat

Purchasing an insurance policy is an example of the ____________ risk management strategy.

transfer

True or False? A man-in-the-middle attack takes advantage of the multihop process used by many types of networks.

true

True or False? A phishing attack "poisons" a domain name on a domain name server (DNS).

true

True or False? A phishing email is a fake or bogus email intended to trick the recipient into clicking on an embedded link or opening an email attachment.

true

True or False? Anti-malware programs and firewalls cannot detect most phishing scams because the scams do not contain suspect code.

true

What type of attack against a web application uses a newly discovered vulnerability that is not patchable?

zero-day attack

In which type of attack does the attacker attempt to take over an existing connection between two systems?

Session Hijacking

Maria is the risk manager for a large organization and is evaluating whether the organization should purchase a fire suppression system. She consulted several subject matter experts and determined that there is a 1 percent chance that a fire will occur in a given year. If a fire occurred, it would likely cause $2 million in damage to the facility, which has a $10 million value. If the exposure factor (EF) for a $10 million facility is 20 percent, what is the single loss expectancy (SLE)?

2,000,000

Maria is the risk manager for a large organization and is evaluating whether the organization should purchase a fire suppression system. She consulted a variety of subject matter experts and determined that there is a 1 percent chance that a fire will occur in a given year. If a fire occurred, it would likely cause $2 million in damage to the facility, which has a $10 million value. Given this scenario, what is the exposure factor (EF)?

20 %

Maria is the risk manager for a large organization and is evaluating whether the organization should purchase a fire suppression system. She consulted a variety of subject matter experts and determined that there is a 1 percent chance that a fire will occur in a given year. If a fire occurred, it would likely cause $2 million in damage to the facility, which has a $10 million value. Given this scenario, what is the annualized loss expectancy (ALE)?

20,000

Brian notices an attack taking place on his network. When he digs deeper, he realizes that the attacker has a physical presence on the local network and is forging Media Access Control (MAC) addresses. Which type of attack is most likely taking place?

ARP Poisoning

Forensics and incident response are examples of __________ controls.

Corrective

A hacker has stolen logon IDs and passwords. The hacker is now attempting to gain unauthorized access to a public-facing web application by using the stolen credentials one by one. What type of attack is taking place?

Credential Harvesting

Barry discovers that an attacker is running an access point in a building adjacent to his company. The access point is broadcasting the security set identifier (SSID) of an open network owned by the coffee shop in his lobby. Which type of attack is likely taking place?

Evil Twin

True or False? Bluejacking is an attack in which wireless traffic is sniffed between Bluetooth devices.

False

True or False? Corrective controls are implemented to address a threat in place that does not have a straightforward risk-mitigating solution.

False

True or False? Preventive controls merely attempt to suggest that a subject not take a specific action, whereas corrective controls do not allow the action to occur.

False

Violet deploys an intrusion prevention system (IPS) on her network as a security control. What type of control has Violet deployed?

Preventive

Aditya is the security manager for a mid-sized business. The company has suffered several serious data losses when laptops were stolen. Aditya decides to implement full disk encryption on all laptops. What risk response did Aditya take?

Reduce

What term describes the risk that exists after an organization has performed all planned countermeasures and controls?

Residual Risk

What is an example of an alteration threat?

System or Data Modification

True or False? Impact refers to the amount of risk or harm caused by a threat or vulnerability that is exploited by a perpetrator.

True

True or False? In a browser or uniform resource locator (URL) hijacking attack, users are directed to websites other than what they requested, usually to fake pages that attackers have created.

True

True or False? In a masquerade attack, one user or computer pretends to be another user or computer.

True

True or False? In a watering-hole attack, a targeted user is lured to a commonly visited website on which malicious code has been planted.

True

True or False? Not all risks are inherently bad; some risks can lead to positive results.

True

True or False? Safeguards address gaps or weaknesses in the controls that could otherwise lead to a realized threat.

True

True or False? Theft of intellectual property and its release to competitors or to the public can nullify an organization's competitive advantage.

True

True or False? Transmitting private or sensitive data unencrypted is a risk in both the Local Area Network (LAN) and Wide Area Network (WAN) Domains of a typical IT infrastructure.

True

True or False? When servers need operating system upgrades or patches, administrators take them offline intentionally so they can perform the necessary work without risking malicious attacks.

True

An attacker attempting to break into a facility pulls the fire alarm to distract the security guard manning an entry point. Which type of social engineering attack is the attacker using?

Urgency

Adam is evaluating the security of a web server before it goes live. He believes that an issue in the code allows a cross-site scripting attack against the server. What term describes the issue that Adam discovered?

Vulnerability


Ensembles d'études connexes

BUS137-03IN Principle of Management, CH 9, 10, 11

View Set

Heart Failure / Myocardial Infarction

View Set

AGEC Week 12-14 Quizzes (test 3/final exam)

View Set

The Role of the Federal Government

View Set

Root Word Review: "term" meaning boundary, limit, end

View Set

CH 1 Health and Accident Insurance

View Set

Bus 101-116 chapter 10 achieving world -class operational management

View Set

Romeo & Juliet - Figurative language in Act 2 Scene 2

View Set