A+ 220-1001 Core 2 Domain 2.5

अब Quizwiz के साथ अपने होमवर्क और परीक्षाओं को एस करें!

A fraudulent email requesting its recipient to reveal sensitive information (e.g. username and password) used later by an attacker for the purpose of identity theft is an example of:

-Phishing -Social engineering

An email sent from unknown source disguised as a trusted source known to the message receiver is an example of:

-Spoofing -Social engineering

An attack against encrypted data that relies heavily on computing power to check all possible password combinations until the correct one is found is known as:

Brute-force attack

Which password attack takes advantage of a predefined list of words?

Dictionary attack

An attempt to flood the bandwidth or resources of a targeted system so that it becomes overwhelmed with false requests and in result doesn't have time or resources to handle legitimate requests is called:

DoS attack

What is tailgating?

Gaining unauthorized access to restricted areas by following another person

What kind of general term is used to describe the process of securing a computer system?

Hardening

What is in the contents of a rainbow table entry?

Hash/Password

Which social engineering attack relies on identity theft?

Impersonation

Which attack relies on intercepting and altering data sent between two networked hosts?

MITM attack

A social engineering technique whereby attackers under disguise of a legitimate request attempt to gain access to confidential information they shouldn't have access to is commonly referred to as:

Phishing

A situation in which an unauthorized person can view someone's display or keyboard to learn their password or other confidential information is referred to as:

Shoulder surfing

An unauthorized practice of obtaining confidential information by manipulating people into disclosing sensitive data is referred to as:

Social engineering

Phishing scams targeting a specific group of people are referred to as:

Spear phishing

As opposed to the simple Denial of Service (DoS) attacks that usually are performed from a single system, a Distributed Denial of Service (DDoS) attack uses multiple compromised computer systems to perform the attack against its target.

True

In computer security, the term "Dumpster diving" is used to describe a practice of sifting through trash for discarded documents containing sensitive data. Found documents containing names and surnames of the employees along with the information about positions held in the company and other data can be used to facilitate social engineering attacks. Having the documents shredded or incinerated before disposal makes dumpster diving less effective and mitigates the risk of social engineering attacks.

True

Network Access Control (NAC) defines a set of rules enforced in a network that the clients attempting to access the network must comply with. With NAC, policies can be enforced before or after end-stations gain access to the network. NAC can be implemented as pre-admission NAC where a host must, for example, be virus free or have patches applied before it can be allowed to connect to the network, and/or post-admission NAC, where a host is being granted/denied permissions based on its actions after it has been provided with the access to the network.

True

Rainbow tables are lookup tables used to speed up the process of password guessing.

True

The intermediary systems used as a platform for a DDoS attack are often referred to as zombies, and collectively as a botnet.

True

Phishing scams targeting people holding high positions in an organization or business are known as:

Whaling

A type of attack aimed at exploiting vulnerability that is present in already released software but unknown to the software developer is called:

Zero-day attack


संबंधित स्टडी सेट्स

FINAL A&P Chapters 12 & 13 MAYBE

View Set

Chapter 18: The Impacts of Government Borrowing

View Set

Individual Life Insurance Contract - Provisions and Options

View Set