TestOut Network Pro 12.5 Network Threats and Attacks
What is the main difference between a worm and a virus?
A worm can replicate itself, while a virus requires a host for distribution. - A worm is a self-replicating program that uses a network to replicate itself to other systems. A worm does not require a host system to replicate. Both viruses and worms can cause damage to data and systems, and both spread from system to system, although a worm can spread itself, while a virus attaches itself to a host for distribution.
While browsing the internet, you notice that the browser displays ads linked to recent keyword searches you performed. Which attack type is this an example of?
Adware - Adware monitors actions that denote personal preferences and sends pop-ups and ads that match those preferences. Adware: Is usually passive. Is privacy-invasive software. Is installed on your machine when you visit a particular website or run an application. Is usually more annoying than harmful. A logic bomb is designed to execute only under predefined conditions and lays dormant until the condition is met. A worm is a self-replicating virus. A zombie is a computer that's infected with malware in order to allow remote software updates and control by a command and control center, which is called a zombie master.
Which of the following BEST describes the key difference between DoS and DDoS?
Attackers use numerous computers and connections. - he DoS attacks that you probably hear the most about are distributed denial-of-service attacks (DDoS attacks). The key difference is these attacks use numerous computers and numerous internet connections across the world to overload the target systems. DDoS attacks are usually executed through a network of devices that the attacker has gained control of. DoS attacks use a single connection to attack a single target. With all DoS attacks, the attacker sends a large number of legitimate-looking requests to the server in a way that the server cannot determine which requests are valid and which are not. This barrage of requests overwhelms the system to the point that the server cannot manage the capacity, resulting in the server being inaccessible to other users.
You are using a password attack that tests every possible keystroke for each single key in a password until the correct one is found. Which of the following technical password attacks are you using?
Brute force attack - In a brute force attack, every password is eventually found because the technique is to test every possible keystroke for each single key in a password until the correct one is found. Keyloggers log or record every keystroke on the computer keyboard to obtain passwords and other important data. A pass-the-hash attack is a hacking technique where an attacker uses an underlying NTLM (New Technology LAN Manager) or hash of a user's password to gain access to a server without ever using the actual plaintext password. Password sniffing is a passive way for attackers to gain access to an account. The sniffer collects data that is in transit on a LAN. If access is gained on one system on a LAN, data can be gathered from traffic being sent from any other system on the network. The sniffer runs in the background, making it undetectable.
Which of the following is a text file that a website stores on a client's hard drive to track and record information about the user?
Cookie - A cookie is a text file that a website provides to a client. It is stored on a user's hard drive to track and record information about the user. Mobile code is self-contained software that is transferred to a web client to be executed. It allows client-side execution of web applications. A certificate is a digital proof of identity used to establish or verify a user's identity over a network or the internet. A digital signature is a cryptographic tool that is used to prove who a message is from and that the contents of the message did not change or become altered while in transit.
Which type of denial-of-service (DoS) attack occurs when a name server receives malicious or misleading data that incorrectly maps hostnames to IP addresses?
DNS poisoning - DNS poisoning occurs when a name server receives malicious or misleading data that incorrectly maps hostnames to IP addresses. In a DNS poisoning attack: Incorrect DNS data is introduced into a primary DNS server. The incorrect mapping is made available to client applications through the resolver. Traffic is directed to incorrect sites. ARP poisoning corrupts the ARP cache or sends incorrect ARP data that spoofs MAC addresses, causing devices to send frames to the wrong host or an unreachable host. Spam sent in great amounts can consume bandwidth or fill a mailbox, leaving no room for legitimate traffic. The SYN flood exploits the TCP three-way handshake.
Which of the following is an attack that either exploits a software flaw or floods a system with traffic in order to prevent legitimate activities or transactions from occurring?
Denial-of-service attack - A denial-of-service attack either exploits a software flaw or floods a system with traffic in order to prevent legitimate activities or transactions from occurring. A brute force attack tries every valid key or code sequence in an attempt to discover a password or encryption key. Brute force attacks will always be successful given enough time (however, enough time could be millennia). An on-path attack involves a third party placing themselves between two legitimate communication partners in order to intercept and alter their transmissions. Privilege escalation is a user stealing or obtaining high-level privileges on a computer system.
You are cleaning your desk at work. You toss several stacks of paper in the trash, including a sticky note with your password written on it. Which of the following types of non-technical password attacks have you enabled?
Dumpster diving - Dumpster diving relies on finding sensitive information that has been discarded in garbage cans, dumpsters, or other unsecure places that create access for attackers. Shoulder surfing is watching and recording a password, pin, or access code that is being entered by someone nearby. Social engineering relies on human error. It works by feigning trustworthiness to convince someone to give the attacker access. Password guessing happens when someone is able to easily guess a password, typically because it is very common, like a pet's name or a hobby.
As you are helping a user with a computer problem, you notice that she has written her password on a note stuck to her computer monitor. You check your company's Password Policy and find that the following settings are currently required: Minimum password length = 10 Minimum password age = 4 Maximum password age = 30 Password history = 6 Account lockout clipping level = 3 Require complex passwords that include numbers and symbols Which of the following is the best action to take to make remembering passwords easier so that the user no longer has to write their password down?
Implement end user training. - The best solution is to implement end user training. Instruct users on the importance of security and teach them how to create and remember complex passwords. Making any other changes would violate the Password Policy and reduce every password's overall security.
Which of the following best describes spyware?
It monitors the actions you take on your machine and sends the information back to its originating source. - Spyware monitors the actions you take on your machine and sends the information back to its originating source. Adware monitors user actions that denote personal preferences and then sends pop-ups and ads to the user that match their taste. A virus is a program that attempts to damage a computer system and replicate itself to other computer systems. A Trojan horse is a malicious program that is disguised as legitimate software.
What should you try first if your antivirus software does not detect and remove a virus?
Update your virus detection software. - Virus detection software can only search for viruses listed in its known virus data file. An outdated file can prevent the virus detection software from recognizing a new virus.