CSIT 161 Chapter 3 Quiz

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

In which type of attack does the attacker attempt to take over an existing connection between two systems?

Session hijacking

Forensics and incident response are examples of __________ controls.

corrective

Purchasing an insurance policy is an example of the ____________ risk management strategy.

transfer

Maria is the risk manager for a large organization and is evaluating whether the organization should purchase a fire suppression system. She consulted a variety of subject matter experts and determined that there is a 1 percent chance that a fire will occur in a given year. If a fire occurred, it would likely cause $2 million in damage to the facility, which has a $10 million value. Given this scenario, what is the annualized loss expectancy (ALE)?

$2,000,000

Maria is the risk manager for a large organization and is evaluating whether the organization should purchase a fire suppression system. She consulted several subject matter experts and determined that there is a 1 percent chance that a fire will occur in a given year. If a fire occurred, it would likely cause $2 million in damage to the facility, which has a $10 million value. If the exposure factor (EF) for a $10 million facility is 20 percent, what is the single loss expectancy (SLE)?

$2,000,000

Maria is the risk manager for a large organization and is evaluating whether the organization should purchase a fire suppression system. She consulted a variety of subject matter experts and determined that there is a 1 percent chance that a fire will occur in a given year. If a fire occurred, it would likely cause $2 million in damage to the facility, which has a $10 million value. Given this scenario, what is the exposure factor (EF)?

20 percent

Brian notices an attack taking place on his network. When he digs deeper, he realizes that the attacker has a physical presence on the local network and is forging Media Access Control (MAC) addresses. Which type of attack is most likely taking place?

Address resolution protocol (ARP) poisoning

Which attack is typically used specifically against password files that contain cryptographic hashes?

Birthday

A hacker has stolen logon IDs and passwords. The hacker is now attempting to gain unauthorized access to a public-facing web application by using the stolen credentials one by one. What type of attack is taking place?

Credential harvesting

Barry discovers that an attacker is running an access point in a building adjacent to his company. The access point is broadcasting the security set identifier (SSID) of an open network owned by the coffee shop in his lobby. Which type of attack is likely taking place?

Evil twin

Which type of attack involves eavesdropping on transmissions and redirecting them for unauthorized use?

Interception

Violet deploys an intrusion prevention system (IPS) on her network as a security control. What type of control has Violet deployed?

Preventive

Aditya is the security manager for a mid-sized business. The company has suffered several serious data losses when laptops were stolen. Aditya decides to implement full disk encryption on all laptops. What risk response did Aditya take?

Reduce

Which type of attack involves capturing data packets from a network and retransmitting them to produce an unauthorized effect? The receipt of duplicate, authenticated Internet Protocol (IP) packets may disrupt service or produce another undesired consequence.

Replay

What term describes the risk that exists after an organization has performed all planned countermeasures and controls?

Residual risk

*What is an example of an alteration threat?

System or data modification

Which term describes an action that can damage or compromise an asset?

Threat

An attacker attempting to break into a facility pulls the fire alarm to distract the security guard manning an entry point. Which type of social engineering attack is the attacker using?

Urgency

Adam is evaluating the security of a web server before it goes live. He believes that an issue in the code allows a cross-site scripting attack against the server. What term describes the issue that Adam discovered?

Vulnerability

What type of attack against a web application uses a newly discovered vulnerability that is not patchable?

Zero-day attack


Ensembles d'études connexes

LEBO Myers Psychology for AP- Unit 1

View Set

Ap European History Chapter 14 Study Guide

View Set

International/Intercultural Final

View Set

Chapter 11 - Human Resource Management: Finding and Keeping the Best employees

View Set