Charter 3: Security 284

What is a vulnerability that allows criminals to inject scripts into web pages viewed by users?

Cross-site scripting Cross-site scripting (XSS) allows criminals to inject scripts that contain malicious code into web applications.

What type of attack targets an SQL database using the input field of a user?

SQL injection A criminal can insert a malicious SQL statement in an entry field on a website where the system does not filter the user input correctly.

What are two common indicators of spam mail? (Choose two.)

The email has misspelled words or punctuation errors or both. The email has no subject line. Spam is a common method of advertising through the use of unsolicited email and may contain malware.

Which two reasons describe why WEP is a weak protocol? (Choose two.)

The key is static and repeats on a congested network. The key is transmitted in clear text. The initialization vector (IV) of WEP is as follows: Is a 24-bit field, which is too small Is cleartext and readable Is static and causes identical key streams to repeat on a busy network

What are two ways to protect a computer from malware? (Choose two.)

Use antivirus software. Keep software up to date. At a minimum, a computer should use antivirus software and have all software up to date to defend against malware.

What is the difference between a virus and a worm?

Worms self-replicate but viruses do not. Worms are able to self-replicate and exploit vulnerabilities on computer networks without user participation.

What occurs on a computer when data goes beyond the limits of a buffer?

a buffer overflow A buffer overflow occurs by changing data beyond the boundaries of a buffer and can lead to a system crash, data compromise, or cause escalation of privileges.

What is the meaning of the term logic bomb?

a malicious program that uses a trigger to awaken the malicious code A logic bomb remains inactive until a trigger event occurs. Once activated, a logic bomb runs malicious code that causes harm to a computer.

A computer is presenting a user with a screen requesting payment before the user data is allowed to be accessed by the same user. What type of malware is this?

a type of ransomware Ransomware commonly encrypts data on a computer and makes the data unavailable until the computer user pays a specific sum of money.

What is the name for the type of software that generates revenue by generating annoying pop-ups?

adware Adware is a type of malware that displays pop-ups on a computer to generate revenue for the creator of the malware.

What is the name given to a program or program code that bypasses normal authentication?

backdoor A backdoor is a program or program code implemented by a criminal to bypass the normal authentication that is used to access a system.

An attacker is sitting in front of a store and wirelessly copies emails and contact lists from nearby unsuspecting user devices. What type of attack is this?

bluesnarfing Blusnarfing is the copying of user information through unauthorized Bluetooth transmissions.

What are two of the tactics used by a social engineer to obtain personal information from an unsuspecting target? (Choose two.)

intimidation urgency Social engineering tactics include the following: Authority Intimidation Consensus/Social Proof Scarcity Urgency Familiarity/Liking Trust

What does a rootkit modify?

operating system A rootkit commonly modifies an operating system to create a backdoor to bypass normal authentication mechanisms.

What is the term used when a malicious party sends a fraudulent email disguised as being from a legitimate, trusted source?

phishing Phishing is used by malicious parties who create fraudulent messages that attempt to trick a user into either sharing sensitive information or installing malware.

Which term describes the sending of a short deceptive SMS message used to trick a target into visiting a website?

smishing Smishing is also known as SMS phishing and is used to send deceptive text messages to trick a user into calling a phone number or visiting a specific website.

What is the term used to describe an email that is targeting a specific person employed at a financial institution?

spear phishing Spear phishing is a phishing attack customized to reach a specific person or target.

A criminal is using software to obtain information about the computer of a user. What is the name of this type of software?

spyware Spyware is software that tracks the activity of a user and obtains information about that user.