CSIT 161 Chapter 3 Quiz
In which type of attack does the attacker attempt to take over an existing connection between two systems?
Session hijacking
Forensics and incident response are examples of __________ controls.
corrective
Purchasing an insurance policy is an example of the ____________ risk management strategy.
transfer
Maria is the risk manager for a large organization and is evaluating whether the organization should purchase a fire suppression system. She consulted a variety of subject matter experts and determined that there is a 1 percent chance that a fire will occur in a given year. If a fire occurred, it would likely cause $2 million in damage to the facility, which has a $10 million value. Given this scenario, what is the annualized loss expectancy (ALE)?
$2,000,000
Maria is the risk manager for a large organization and is evaluating whether the organization should purchase a fire suppression system. She consulted several subject matter experts and determined that there is a 1 percent chance that a fire will occur in a given year. If a fire occurred, it would likely cause $2 million in damage to the facility, which has a $10 million value. If the exposure factor (EF) for a $10 million facility is 20 percent, what is the single loss expectancy (SLE)?
$2,000,000
Maria is the risk manager for a large organization and is evaluating whether the organization should purchase a fire suppression system. She consulted a variety of subject matter experts and determined that there is a 1 percent chance that a fire will occur in a given year. If a fire occurred, it would likely cause $2 million in damage to the facility, which has a $10 million value. Given this scenario, what is the exposure factor (EF)?
20 percent
Brian notices an attack taking place on his network. When he digs deeper, he realizes that the attacker has a physical presence on the local network and is forging Media Access Control (MAC) addresses. Which type of attack is most likely taking place?
Address resolution protocol (ARP) poisoning
Which attack is typically used specifically against password files that contain cryptographic hashes?
Birthday
A hacker has stolen logon IDs and passwords. The hacker is now attempting to gain unauthorized access to a public-facing web application by using the stolen credentials one by one. What type of attack is taking place?
Credential harvesting
Barry discovers that an attacker is running an access point in a building adjacent to his company. The access point is broadcasting the security set identifier (SSID) of an open network owned by the coffee shop in his lobby. Which type of attack is likely taking place?
Evil twin
Which type of attack involves eavesdropping on transmissions and redirecting them for unauthorized use?
Interception
Violet deploys an intrusion prevention system (IPS) on her network as a security control. What type of control has Violet deployed?
Preventive
Aditya is the security manager for a mid-sized business. The company has suffered several serious data losses when laptops were stolen. Aditya decides to implement full disk encryption on all laptops. What risk response did Aditya take?
Reduce
Which type of attack involves capturing data packets from a network and retransmitting them to produce an unauthorized effect? The receipt of duplicate, authenticated Internet Protocol (IP) packets may disrupt service or produce another undesired consequence.
Replay
What term describes the risk that exists after an organization has performed all planned countermeasures and controls?
Residual risk
*What is an example of an alteration threat?
System or data modification
Which term describes an action that can damage or compromise an asset?
Threat
An attacker attempting to break into a facility pulls the fire alarm to distract the security guard manning an entry point. Which type of social engineering attack is the attacker using?
Urgency
Adam is evaluating the security of a web server before it goes live. He believes that an issue in the code allows a cross-site scripting attack against the server. What term describes the issue that Adam discovered?
Vulnerability
What type of attack against a web application uses a newly discovered vulnerability that is not patchable?
Zero-day attack