Quiz 3 - Malicious Attacks, Threats, and Vulnerabilities
Brian notices an attack taking place on his network. When he digs deeper, he realizes that the attacker has a physical presence on the local network and is forging Media Access Control (MAC) addresses. Which type of attack is most likely taking place?
Address Resolution Protocol (ARP) poisoning
Which password attack is typically used specifically against password files that contain cryptographic hashes?
Birthday Attacks
Which one of the following is an example of a disclosure threat?
Espionage
Barry discovers that an attacker is running an access point in a building adjacent to his company. The access point is broadcasting the security set identifier (SSID) of an open network owned by the coffee shop in his lobby. Which type of attack is likely taking place?
Evil Twin
Which type of attack involves the creation of some deception in order to trick unsuspecting users?
Fabrication
Which control is not designed to combat malware?
Firewalls
Which type of denial of service attack exploits the existence of software flaws to disrupt a service?
Logic Attack
Maria's company recently experienced a major system outage due to the failure of a critical component. During that time period, the company did not register any sales through its online site. Which type of loss did the company experience as a result of lost sales?
Opportunity Cost
Tony is working with a law enforcement agency to place a wiretap pursuant to a legitimate court order. The wiretap will monitor communications without making any modifications. What type of wiretap is Tony placing?
Passive Wiretap
Bob is using a port scanner to identify open ports on a server in his environment. He is scanning a web server that uses Hypertext Transfer Protocol (HTTP). Which port should Bob expect to be open to support this service?
Port 80: Hypertext Transport Protocol (HTTP) Port 21: FTP (File Transfer Protocol) Port 443: HTTP over Secure Sockets Layer (SSL) Port 23: Telnet
Which tool can capture the packets transmitted between systems over a network?
Protocol Analyzer (Packet Sniffer or just Sniffer)
Which group is the most likely target of a social engineering attack?
Receptionists and Administrative Assistants
In which type of attack does the attacker attempt to take over an existing connection between two systems?
Session Hijacking
Users throughout Alison's organization have been receiving unwanted commercial messages over the organization's instant messaging program. What type of attack is taking place?
Spim
Which term describes an action that can damage or compromise an asset?
Threat
Florian recently purchased a set of domain names that are similar to those of legitimate websites and used the newly purchased sites to host malware. Which type of attack is Florian using?
Typosquatting (URL Hijacking)
An attacker attempting to break into a facility pulls the fire alarm to distract the security guard manning an entry point. Which type of social engineering attack is the attacker using?
Urgency
Yuri is a skilled computer security expert who attempts to break into the systems belonging to his clients. He has permission from the clients to perform this testing as part of a paid contract. What type of person is Yuri?
White-Hat Hacker
Which type of attack against a web application uses a newly discovered vulnerability that is not patchable?
Zero-Day Attack
What type of malicious software masquerades as legitimate software to entice the user to run it?
Trojan Horse