Cyber Security Midterm
Vulnurability
A means by which a threat agent can cause harm
Threat
A potential to do harm
Control
A protective measure that prevents a threat agent from exercising a vulnerability
You are reviewing security controls and their usefulness. You notice that account lockout policies are in place. Which of the following attacks will these policies thwart? (choose two) a. DNS poisoning b. Replay c. Buffer overflow d. Brute force e. Dictionary
Brute Force & Dictionary
The term Trojan Horse comes from
Ancient Greek Times
What part of CIA does DoS/DDoS affect?
Availability
_______ ensures authorized users — persons or computer systems — can access (or use) information without interference or obstruction, and in the required format.
Availability
List two network attacks of each category. 1. Interruption 2. Modification 3. Interception
1. DoS & DDoS 2. DNS poisoning & IP spoofing 3. Session hijacking & SSL hijacking
What percentage of Social Engineering attacks are from human error?
95%
TCP/IP is a set of protocols that operates at both the Network and Transport layers of the OSI Reference Model. (T/F)
True
The investigation phase of the Security Systems Development Life cycle (SecSDLC) begins with a directive from upper management. (T/F)
True
The term "router" describes a device that connects two or more networks and selectively interchanges packets of data between them. (T/F)
True
Which group is the most likely target of a social engineering attack? a. Receptionists and administrative assistants b. Information security response team c. Internal auditors d. Independent contractors
a. Receptionists and administrative assistants
Unlike viruses, worms do NOT require a host program in order to survive and replicate.
True
What Social Engineering attack involves a phone call?
Vishing
Ransomware demands a person to give what to get back their computer?
Money
3 Ways of Control
Procedural, Technical, Educational
The CEO of Kelly's company recently fell victim to an attack. The attackers sent the CEO an email informing him that his company was being sued and he needed to view a subpoena at a court website. When visiting the website, malicious code was downloaded onto the CEO's computer. What type of attack took place? a. Spear phishing b. Pharming c. Adware d. Command injection
a. Spear phishing
In the TCP three-way handshake, what should system A send to system B in step 3? a. ACK b. SYN c. FIN d. RST
a. ACK
You are troubleshooting an intermittent connectivity issue with a web server. After examining the logs, you identify repeated connection attempts from various IP addresses. You realize theses connection attempts are overloading the server, preventing it from responding to other connections. Which of the following is MOST likely occurring? a. DDoS attack b. DoS attack c. Amplificationattack d. IP spoofing attack
a. DDoS attack
Within the context of information security, __________ is the process of using interpersonal skills to convince people to reveal access credentials or other valuable information to the attacker.
Social Engineering
What company took massive damage from Ransomware?
Sony
__________ is a technique used to gain unauthorized access to computers, wherein the intruder sends messages to a computer that has an IP address that indicates that the messages are coming from a trusted host and not the actual source computer.
Spoofing
What is the purpose of a web-based cookie?
Store information in website/servers
What movie sparked conflict between Sony and North Korea?
The Interview
Compare TCP/IP model with OSI model.
The TCP/IP model has 4 layers, is protocol dependent and shows the specific protocols that the internet has developed around. The OSI model has 7 layers, is protocol independent and is a general reference model developed by ISO.
Which term describes an action that can damage or compromise an asset?
Threat
_______ is initiated by upper management with issue policy, procedures, and processes.
Top-Down Approach
A user complains that his system is no longer able to access the Walmart.com site. Instead, his browser goes to a different site. After investigation, you notice the following entries in the user's hosts file: 127.0.0.1 localhost 72.23.231.233 walmart.com What is the BEST explanation for this situation? a. Pharming attack b. Whaling attack c. Session hijacking d. Phishing attack
a. Pharming attack
A phishing email is a fake or bogus email intended to trick the recipient into clicking on an embedded URL link or opening an email attachment.
True
What in the CIA triangle is hurt by Session Hijacking?
Confidentiality
What is NOT a good way to prevent a Man-in-the-Middle attack?
Connect to a hotspot with no password.
A successful denial of service (DoS) attack may create so much network congestion that authorized users cannot access network resources. (T/F)
True
Attacks against confidentiality and privacy, data integrity, and availability of services are always malicious code can threaten businesses.
True
What IP spoofing did Kevin Mitnick use?
DoS
A phishing attack "poisons" a domain name on a domain name server.
False
A worm is a self-contained program that has to trick users into running it. (T/F)
False
DoS uses a botnet of computers (T/F)
False
Hypertext Transfer Protocol (HTTP) encrypts data transfers between secure browsers and secure web pages. (T/F)
False
IP addresses are eight-byte addresses that uniquely identify every device on the network. (T/F)
False
The Transport Layer of the OSI Reference Model creates, maintains, and disconnects communications that take place between processes over the network. (T/F)
False
The main difference between a virus and a worm is that a virus does not need a host program to infect.
False
Threats are always malicious
False
Threats are always targeted
False
Hypertext Transfer Protocol (HTTP) is the communications protocol between web browsers and websites with data in clear text. (T/F)
True
Confidentiality ensures that only those with the rights and privileges to modify information are able to do so. (T/F)
False, Integrity
Which list presents the layers of the OSI model in the correct order? a. Presentation, Application, Session, Transport, Network, Data Link, Physical b. Application, Presentation, Session, Transport, Network, Data Link, Physical c. Presentation, Application, Session, Transport, Data Link, Network, Physical d. Application, Presentation, Session, Network, Transport, Data Link, Physical
b. Application, Presentation, Session, Transport, Network, Data Link, Physical
During troubleshooting, Chris uses the nslookup command to check the IP address of a host he is attempting to connect to. The IP he sees in the response is not the IP that should resolve when the lookup is done. What type of attack has likely been conducted? a. ARP spoofing b. DNS cache poisoning c. Eavesdropping d. SSL hijacking
b. DNS cache poisoning
A(n) ____ is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time. a. Denial-of-service b. Distributed denial-of-service c. Virus d. Spam
b. Distributed denial-of-service
Terry is troubleshooting a network that is experiencing high traffic congestion issues. Which device, if present on the network, should be replaced to alleviate these issues? a. Firewall b. Hub c. Switch d. Router
b. Hub
Of the following malware types, which one is MOST likely to monitor a user's computer? a. Trojan b. Spyware c. Ransomwares d. Adware
b. Spyware
Which is NOT a step in the 3-Way Handshake a. ACK b. SYN c. ACK/Reset d. SYN/ACK
c. ACK/Reset
Which important protocol is responsible for providing human-readable addresses instead of numerical IP addresses? a. TCP b. IP c. DNS d. ARP
c. DNS
An attack that causes a service to fail by exhausting all of a system's resources is what type of attack? a. Worms b. Viruses c. Denial of service attack d. Trojan horses
c. Denial of service attack
A network administrator is attempting to identify all traffic on an internal network. Which of the following tools in the BEST choice? a. Black box test b. Penetration test c. Protocol analyzer d. Baseline review
c. Protocol analyzer
After Tom turned on his computer, he saw a message indicating that unless he made a payment, his hard drive would be formatted. What does this indicate? a. Armored virus b. Backdoor c. Ransomwares d. Trojan
c. Ransomwares
In which type of attack does the attacker attempt to get users' encrypted data by failing the certificate validation process? a. DDoS attack b. Sniffing c. SSL hijacking d. IP spoofing attack
c. SSL hijacking
In which type of attack does the attacker attempt to take over an existing connection between two systems? a. Man-in-the-middle attack b. URL hijacking c. Session hijacking d. Typosquatting
c. Session hijacking
Users in your organization have reported receiving a similar email from the same sender. The email included a link, but after recent training on emerging threats, all the users chose not to click the link. Security investigators determined the link was malicious and was designed to download ransomeware. Which of the following BEST describes the email? a. Phishing b. Spam c. Spear phishing d. Vishing
c. Spear phishing
What type of malicious software masquerades as legitimate software to entice the user to run it? a. Virus b. Worm c. Trojan horse d. Rootkit
c. Trojan Horse
What vulnerabilities do Man-in-the-Middle attacks exploit? a. Confidentiality b. Integrity c. Personal Information d. All of the above
d. All of the above
Which of the following functions does information security perform for an organization? a. Protects the organization's ability to function. b. Enables the safe operation of applications implemented on the organization's IT systems. c. Protects the data the organization collects and uses. d. All of the above.
d. All of the above
HTTP, DNS, and SSL all occur at what layer of the TCP/IP model? a. Layer 1 b. Layer 2 c. Layer 3 d. Layer 4
d. Layer 4
In the well-known ____ attack, an attacker monitors (or sniffs) packets from the network, modifies them, and inserts them back into the network. a. Zombie-in-the-middle b. Sniff-in-the-middle c. Server-in-the-middle d. Man-in-the-middle
d. Man-in-the-middle
Which of the following describes the TCP/IP Model a. Developed by ISO (International organization for standardization) b. 7 layers c. Has presentation layer d. Protocol dependent
d. Protocol dependent
What type of network device normally connects directly to endpoints and uses MAC-based filtering to limit traffic flows? a. Router b. Hub c. Access point d. Switch
d. Switch
During a forensic investigation, Charles is able to determine the Media Access Control address of a system that was connected to a compromised network. Charles knows that MAC addresses are tied back to a manufacturer or vendor and are part of the fingerprint of the system. To which OSI layer does a MAC address belong? a. The application layer b. The session layer c. The physical layer d. The data link layer
d. The data link layer