FISS Chapter 3
Brian notices an attack taking place on his network. When he digs deeper, he realizes that the attacker has a physical presence on the local network and is forging Media Access Control (MAC) addresses. Which type of attack is most likely taking place?
Address Resolution Protocol (ARP) poisoning
Which of the following security countermeasures is best for end-point protection against malware?
Antivirus/anti-malware protection, Data leakage prevention, Standardized workstation and laptop images, Security awareness training
Which password attack is typically used specifically against password files that contain cryptographic hashes?
Birthday attacks
Which type of malware involves extorting the user or organization into paying money to release a decryption key?
Cryptolocker malware
Which of the following impacts availability?
DDoS
Which type of attacks result in legitimate users not having access to a system resource?
DDoS
Which one of the following is an example of a disclosure threat?
Espionage
Barry discovers that an attacker is running an access point in a building adjacent to his company. The access point is broadcasting the security set identifier (SSID) of an open network owned by the coffee shop in his lobby. Which type of attack is likely taking place?
Evil twin
A phishing attack "poisons" a domain name on a domain name server.
False
An attacker uses exploit software when wardialing.
False
The anti-malware utility is one of the most popular backdoor tools in use today.
False
Vishing is a type of wireless network attack.
False
Which control is not designed to combat malware?
Firewalls
Which type of denial of service attack exploits the existence of software flaws to disrupt a service?
Logic attack
Maria's company recently experienced a major system outage due to the failure of a critical component. During that time period, the company did not register any sales through its online site. Which type of loss did the company experience as a result of lost sales?
Opportunity cost
Tony is working with a law enforcement agency to place a wiretap pursuant to a legitimate court corder. The wiretap will monitor communications without making any modifications. What type of wiretap is Tony placing?
Passive wiretap
Which tool can capture the packets transmitted between systems over a network?
Protocol analyzer
Which type of attack involves capturing data packets from a network and transmitting them later to produce an unauthorized effect?
Replay
Which of the following is an example of social engineering?
SQL injection, XML injection, Security design, Impersonation
Which of the following terms best describes a person with very little hacking skills?
Script kiddie
In which type of attack does the attacker attempt to take over an existing connection between two systems?
Session hijacking
A(n) _____ is a software tool that is used to capture packets from a network.
Sniffer
Users throughout Allison's organization have been receiving unwanted commercial messages over the organization's instant messaging program. What type of attack is taking place?
Spim
Which of the following best describes intellectual property?
The items a business has copyrighted, All patents owned by a business, The unique knowledge a business possesses, Customer lists
A(n) _____ is any action that could damage an asset.
Threat
A DOS attack is a coordinated attempt to deny service by occupying a computer to perform large amounts of unnecessary tasks.
True
A SYN flood attack floods a target with invalid or half-open TCP connection requests.
True
An alteration threat violates information integrity.
True
Rootkits are malicious software programs designed to be hidden from normal methods of detection.
True
The main goal of a hacker is to steal or compromise IT assets and potentially steal data.
True
Florian recently purchased a set of domain names that are similar to those of legitimate websites and used the newly purchased sites to host malware. Which type of attack is Florian using?
Typosquatting
An attacker attempting to break into a facility pulls the fire alarm to distract the security guard manning an entry point. Which type of social engineering attack is the attacker using?
Urgency
A(n) _____ is any weakness that makes it possible for a threat to cause harm to a computer or network.
Vulnerability
Which type of malware is a self-contained program that replicates and sends copies of itself to other computers, generally across a network?
Worm
War driving involves looking for open or public wireless networks.
True