QUIZ 7 - CHAPTER 8
TRUE
True or False? System infectors are viruses that attack document files containing embedded macro programming capabilities.
TRUE
True or False? A backdoor is a hidden way to bypass access controls and allow access to a system or resource.
FALSE
True or False? A port-scanning tool enables an attacker to escalate privileges on a network server.
TRUE
True or False? Attacks against confidentiality and privacy, data integrity, and availability of services are all ways malicious code can threaten businesses.
TRUE
True or False? Because people inside an organization generally have more detailed knowledge of the IT infrastructure than outsiders do, they can place logic bombs more easily.
FAlSE
True or False? Hijacking refers to the use of social engineering to obtain access credentials, such as usernames and passwords.
TRUE
True or False? Security breaches perpetrated by current and former employees often go undetected due to weak personnel and security policies or ineffective countermeasures.
TRUE
True or False? The function of homepage hijacking is to change a browser's homepage to point to the attacker's site.
TRUE
True or False? A rootkit is a type of malware that modifies or replaces one or more existing programs to hide the fact that a computer has been compromised.
FALSE
True or False? A smurf attack tricks users into providing logon information on what appears to be a legitimate website but is in fact a website set up by an attacker to obtain this information.
TRUE
True or False? Defense in depth is the practice of layering defenses to increase overall security and provide more reaction time to respond to incidents.
SLOW VIRUS
Arturo discovers a virus on his system that resides only in the computer's memory and not in a file. What type of virus has he discovered? Retro virus Slow virus Cross-platform virus Multipartite virus
STRUCTURED QUERY LANGUAGE (SQL) INJECTION
Bob is developing a web application that depends on a backend database. What type of attack could a malicious individual use to send commands through his web application to the database? Extensible Markup Language (XML) injection Structured Query Language (SQL) injection Cross-site scripting (XSS) Lightweight Directory Access Protocol (LDAP) injection
SESSION HIJACKING
Devaki is investigating an attack. An intruder managed to take over the identity of a user who was legitimately logged in to Devaki's company's website by manipulating Hypertext Transfer Protocol (HTTP) headers. Which type of attack likely took place? Extensible Markup Language (XML) injection Structured Query Language (SQL) injection Session hijacking Cross-site scripting (XSS)
BOTNETS
Hacking groups create _______ to launch attacks whereby they infect vulnerable machines with agents that perform various functions at the command of the controller. ransomware honeypots logic bombs Botnets
REMOTE ACCESS TOOL (RAT)
Karen is a hacker. She wants to access a server and control it remotely. The tool she plans to use is a type of Trojan. What tool will Karen use for this purpose? Remote Access Tool (RAT) Network mapper (Nmap) Ping Simple Network Management Protocol (SNMP) agent
CROSS-SITE SCRIPTING (XSS)
Larry recently viewed an auction listing on a website. As a result, his computer executed code that popped up a window that asked for his password. What type of attack has Larry likely encountered? Cross-site scripting (XSS) Extensible Markup Language (XML) injection Command injection Structured Query Language (SQL) injection
TROJAN HORSE
Lin installed a time-management utility that she downloaded from the Internet. Now several applications are not responding to normal commands. What type of malware did she likely encounter? Ransomware Worm Trojan horse Virus
SPEAR PHISHING
The chief executive officer (CEO) of a company recently fell victim to an attack. The attackers sent the CEO an email that appeared to come from the company's attorney. The email informed the CEO that his company was being sued and he needed to view a subpoena at a court website. When visiting the website, malicious code was downloaded onto the CEO's computer. What type of attack took place? Ransomware Pharming Spear phishing Command injection
BLACKLISTING
Tonya would like to protect her users and the network when users browse to known dangerous sites. She plans to maintain a list of those sites and drop messages from those websites. What type of approach is Tonya advocating? Whitelisting Correct! Blacklisting Change detection Integrity checking