ITN263 ch4

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

man-in-the-middle

A ________ attack occurs when a hacker intervenes in a communication session between a client and a server. The attack usually involves fooling or tricking the client into initiating the session with the hacker's computer instead of with the intended server.

Trojan

A ________ is a mechanism of distribution or delivery more than a specific type of malware.

Replay

A hacker captures and retransmits authentication packets against the same server in order to gain interactive or session access to a system. This describes which type of attack?

Hijacking

A hacker eavesdrops on a session to learn details, such as the addresses of the session endpoints and the sequencing numbers. With this information, the hacker desynchronizes the client, takes on the client's addresses, and then injects crafted packets into the data stream. Which type of attack is being described?

Social engineering

A hacker posing as a contract IT consultant tricks an employee into stating his network user name and password. Which type of attack is being described?

Insertion

An attack is composed of four packets: A, B, C, and D. The IDS signature is a packet stream of ABCD. The hacker transmits the attack as AXBCYD, where X and Y are invalid packets. The IDS doesn't recognize the pattern, and the target discards X and Y, enabling the ABCD attack to occur. Which type of attack has been described?

The hacker doesn't have to be physically close to a wireless network to launch an attack.

From the perspective of a hacker, what is a primary difference between wired and wireless networks?

Reconnaissance

During which phase of the hacking process does footprinting take place?

Scanning

During which phase of the hacking process does war dialing, war driving, or ping sweeps take place?

Both A and B

What is a type of social engineering technique?

Reconnaissance

What is usually the first activity in the hacking process?

Buffer overflow

What type of attack can result in arbitrary code execution with system-level privileges?

Insertion

SQL injection is considered to be which type of attack?

User Domain

Which IT domain is most vulnerable to social engineering?

Fragmentation

Which of the following attacks must take maximum transmission units (MTUs) into account?

Traffic filtering

Which of the following is effective against traffic generation DoS attacks?

Creating an acceptable user policy

Which of the following is not a common hacking tool countermeasure?

Man in the middle

in which type of attack does the hacker fool clients into initiating sessions with the hacker's computer instead of the target server?

Cross-site scripting

A person receives a phishing e-mail, clicks the link in the e-mail (without understanding the risks), and is directed to a malicious Web site. The site downloads and installs a Trojan horse program and keystroke logger on the user's computer without the user's knowledge. What type of attack has occurred?

session hijacking

Any host that uses TCP/IP without encryption is vulnerable to ____________.


Ensembles d'études connexes

[AP Bio 10]: Diffusion + Osmosis Lab ~RN

View Set

The inheritance of complex traits part 3

View Set

Cardiac Output and Stroke Volume

View Set

Organizational Behavior Final Exam

View Set

Chapter 54: Drugs Acting on the Upper Respiratory Tract,

View Set

Real Estate Practices - Chapter 3: Agency and other Mandatory Disclosures

View Set

OLS-34200 Interview Strat Orgn - Midterm

View Set