Quiz #11 InfoSec
TRUE
Because people inside an organization generally have more detailed knowledge of the IT infrastructure than outsiders do, they can place logic bombs more easily.
FALSE
System infectors are viruses that attack document files containing embedded macro programming capabilities
TRUE
A successful denial of service (DoS) attack may create so much network congestion that authorized users cannot access network resources
TRUE
ActiceX is used by developers to create active content.
Polymorphic virus
Adam discovers a virus on his system that is using encryption to modify itself. The virus escapes detection by signature-based antivirus software. What type of virus has be discovered?
Confidentiality
Alison discovers that a system under her control has been infected with malware, which is using a key logger to report user keystrokes to a third party. What information security property is this malware attacking?
TRUE
An electronic mail bomb is a form of malicious macro attack that typically involves an email attachment that contains macros designed to inflict maximum damage.
TRUE
Attacks against confidentiality and privacy, data integrity, and availability of services are all ways malicious code can threaten businesses.
Trojan horse
Breanne's system was infected by malicious code after she installed an innocent-looking solitaire game that she downloaded from the Internet. What type of malware did she likely encounter?
FALSE
Trojans are self-contained programs designed to propagate from one host machine to another using the host's own network communications protocol.
Whitelisting
Val would like to limit the websites that her users visit to those on an approved list of pre-cleared sites. What type of approach is Val advocating?
Data Import
What is NOT one of the four main purposes of an attack?
Remote Access Tool (RAT)
What type of malicious software allows an attacker to remotely control a compromised computer?
TRUE
It is common for rootkits to modify parts of the operating system to conceal traces of their presence.
Spear Phishing
The CEO of Kelly's company recently fell victim to an attack. The attackers sent the CEO an email informing him that his company was being sued and he needed to view a subpoena at a court website. When visiting the website, malicious code was downloaded onto the CEO's computer. What type of attack took place?
FALSE
The four primary types of malicious code attacks are unplanned attacks, planned attacks, direct attacks, and indirect attacks.
TRUE
The goal of a command injection is to execute commands on a host operating system.
FALSE
A smurf attack tricks users into providing logon information on what happen to be a legitimate website but is in fact a website set up by an attacker to obtain this information.
TRUE
Defense in depth is the practice of layering defenses to increase overall security and provide more reacting time to respond to incidents.
Cross-site processing (XSS)
Larry recently viewed an auction listing on a website. As a result, his computer executed code that popped up a window that asked for his password. What type of attack has Larry likely encountered?
FALSE
Retro viruses counter the ability of antivirus programs to detect changes in infected files.
.docx
What file type is least likely to be impacted by a file infector virus?
Honeypot
What type of system is intentionally exposed to attackers in an attempt to lure them out?
Internet Control Message Protocol (ICMP)
Yolanda would like to prevent attackers from using her network as a relay point for a smurf attack. What protocol should she block?
TRUE
a computer virus is an executable program that attaches to, or infects, other executable programs.