Fundamentals of IT and Cybersecurity Chapter 3 Study Guide
Which statement describes a distributed denial of service attack
An attacker builds a botnet comprised of zombies
What is a vulnerability that allows criminals to inject scripts into web pages viewed by users?
cross site scripting
What best practices can help defend against social engineering attacks?
educate employees resist the urge do not provide
A cyber criminal sends a series of maliciously formatted packets to the database server. The server cannot parse the packets and the event causes the server crash. What is the type of attack the cyber criminal launches?
Dos
The employees in a company receive an email stating that the account password will expire immediately and requires a password reset within 5 minutes. What would would be the classifification of this malicious email?
It is a hoax
What type of attack will make illegitimate websites higher in a web search result list?
SEO poisoning
What type of attack targets an SQL database using the input field of a user?
SQL injection
What occurs on a computer when data goes beyond the limits of a buffer?
a buffer overflow
What is the meaning of the term logic bomb?
a malicious program that uses a trigger to awaken the malicious code
A computer is presenting a user with a screen requesting payment before the user data is allowed to be accessed by the same user. What type of malware is this?
a type of ransomeware
What is the name for the type of software that generates revenue by generating annoying popups?
adware
What is the name given to a program or program code that bypasses normal authentication?
backdoor
An attacker is sitting in front of a store and wirelessly copies emails and contact lists from nearby unsuspecting user devices. What type of attack is this?
blue snarfing
What type of application attack occurs when data goes beyond the memory areas allocated to the application?
buffer overflow
An executive manager went to an important meeting. The secretary in the office receives a call from a person claiming that the executive manager is about to give an important presentation but the presentation files are corrupted. The caller sternly recommends that the secretary email the presentation right away to a personal email address. The caller also states that the executive is holding the secretary responsible for the success of this presentation. Which type of social engineering tactic would describe this scenario?
intimidation
What are the tactics used by a social engineer to obtain personal information from an unsuspecting target?
intimidation urgancy
What are two ways to protect a computer from malware? (Choose two.)
keep software up to date use anti virus software
A penetration testing service hired by the company has reported that a backdoor was identified on the network. What action should the organization take to find out if systems have been compromised?
look for unauthorized accounts
What does a rootkit modify?
operating system
What is the term used when a malicious party sends a fraudulent email disguised as being from a legitimate, trusted source?
phishing
Users report that the database on the main server cannot be accessed. A database administrator verifies the issue and notices that the database file is now encrypted. The organization receives a threatening email demanding payment for the decryption of the database file. What type of attack has the organization experienced?
ransomware
Which term describes the sending of a short deceptive SMS message used to trick a target into visiting a website?
smishing
What type of attack has an organization experienced when an employee installs an unauthorized device on the network to view network traffic?
sniffing
What is a nontechnical method that a cybercriminal would use to gather sensitive information from an organization?
social engineering
What is the term used to describe an email that is targeting a specific person employed at a financial institution?
spear phishing
What is an impersonation attack that takes advantage of a trusted relationship between two systems?
spoofing
A criminal is using software to obtain information about the computer of a user. What is the name of this type of software?
spyware
What are the common indicators of spam mail?
the email has misspelled words or punctuation errors or both the email has no subject line
What reasons that make WEP is a weak protocol?
the key is transmitted in clear text the key is static and repeats on a congested network
What are the most effective ways to defend against malware?
update the operating system and other application software install and update antivirus software
Users report that the network access is slow. After questioning the employees, the network administrator learned that one employee downloaded a third-party scanning program for the printer. What type of malware might be introduced that causes slow performance of the network?
worm
What is the difference between a virus and a worm?
worms self reproduce while viruses do not