funsec4e_CH08_TB
What file type is least likely to be impacted by a file infector virus?
.docx
Worms operate by encrypting important files or even the entire storage device and making them inaccessible.
False
Hijacking refers to the use of social engineering to obtain access credentials, such as usernames and passwords.
False
What type of system is intentionally exposed to attackers in an attempt to lure them out?
Honeypot
rue or False? A backdoor is a hidden way to bypass access controls and allow access to a system or resource.
True
Spyware does not use cookies.
False
Hacking groups create _______ to launch attacks whereby they infect vulnerable machines with agents that perform various functions at the command of the controller.
botnets
Tonya would like to protect her users and the network when users browse to known dangerous sites. She plans to maintain a list of those sites and drop messages from those websites. What type of approach is Tonya advocating?
Blacklisting
Because people inside an organization generally have more detailed knowledge of the IT infrastructure than outsiders do, they can place logic bombs more easily.
True
Defense in depth is the practice of layering defenses to increase overall security and provide more reaction time to respond to incidents.
True
The function of homepage hijacking is to change a browser's homepage to point to the attacker's site.
True
What type of attack occurs in real time and is often conducted against a specific target?
Direct
A port-scanning tool enables an attacker to escalate privileges on a network server.
False
A smurf attack tricks users into providing logon information on what appears to be a legitimate website but is in fact a website set up by an attacker to obtain this information.
False
Stealth viruses attack countermeasures, such as antivirus signature files or integrity databases, by searching for these data files and deleting or altering them.
False
System infectors are viruses that attack document files containing embedded macro programming capabilities.
False
Yolanda would like to prevent attackers from using her network as a relay point for a smurf attack. What protocol should she filter?
Internet Control Message Protocol (ICMP)
Devaki is investigating an attack. An intruder managed to take over the identity of a user who was legitimately logged in to Devaki's company's website by manipulating Hypertext Transfer Protocol (HTTP) headers. Which type of attack likely took place?
Session hijacking
Arturo discovers a virus on his system that resides only in the computer's memory and not in a file. What type of virus has he discovered?
Slow virus
The chief executive officer (CEO) of a company recently fell victim to an attack. The attackers sent the CEO an email that appeared to come from the company's attorney. The email informed the CEO that his company was being sued and he needed to view a subpoena at a court website. When visiting the website, malicious code was downloaded onto the CEO's computer. What type of attack took place?
Spear phishing
Bob is developing a web application that depends on a backend database. What type of attack could a malicious individual use to send commands through his web application to the database?
Structured Query Language (SQL) injection
Which of the following is a type of denial of service (DoS) attack?
Synchronize (SYN) flood
Which type of virus targets computer hardware and software startup functions?
System infector
Larry recently viewed an auction listing on a website. As a result, his computer executed code that popped up a window that asked for his password. What type of attack has Larry likely encountered?
Cross-site scripting (XSS)
What program, released in 2013, is an example of ransomware
CryptoLocker
What tool might be used by an attacker during the reconnaissance phase of an attack to glean information about domain registrations?
Whois
Alison is a security professional. A user reports that, after opening an email attachment, every document he saves is in a template format and other Microsoft Word documents will not open. After investigating the issue, Alison determines that the user's Microsoft Office normal.dot template has been damaged, as well as many Word files. What type of virus is the most likely cause?
Macro virus
Karen is a hacker. She wants to access a server and control it remotely. The tool she plans to use is a type of Trojan. What tool will Karen use for this purpose?
Remote Access Tool (RAT)
Lin installed a time-management utility that she downloaded from the Internet. Now several applications are not responding to normal commands. What type of malware did she likely encounter?
Trojan horse
A computer virus is an executable program that attaches to, or infects, other executable programs
True
A rootkit is a type of malware that modifies or replaces one or more existing programs to hide the fact that a computer has been compromised.
True
Attackers have established thousands of botnets, which they use to distribute malware and spam and to launch denial of service (DoS) attacks against organizations or even countries.
True
Attacks against confidentiality and privacy, data integrity, and availability of services are all ways malicious code can threaten businesses.
True
Security breaches perpetrated by current and former employees often go undetected due to weak personnel and security policies or ineffective countermeasures.
True
The goal of a command injection is to execute commands on a host operating system.
True
The success of Trojans is due to their reliance on social engineering to spread and operate; they have to trick users into running them.
True
The term "web defacement" refers to someone gaining unauthorized access to a web server and altering the index page of a site on the server.
True
Unlike viruses, worms do not require a host program to survive and replicate.
True
What is not a typical sign of virus activity on a system?
Unexpected power failures
Wen is a network security professional. He wants to strengthen the security of his agency's network infrastructure defenses. Which control can he use to protect the network?
Use proxy services and bastion hosts to protect critical services