Section 5: Quiz 61 - Information System Attack Methods and Techniques
Which of the following can be regarded as a significant risk for VoIP infrastructure? A. A DDoS attack B. Social engineering C. Juice jacking D. Premium rate fraud
Answer: A. A DDoS attack. Explanation: Distributed denial-of-service attacks intend to shut down a network or machine by flooding the same with traffic. A DDoS attack is regarded as a significant risk for VoIP infrastructure. Premium rate fraud occurs when the phone system is compromised and used for making long-distance calls. However, a more significant risk is a DDoS attack. Juice jacking and social engineering do not directly have any impact on VoIP infrastructure.
Which of the following is the most effective approach in addressing the risk of dumpster diving? A. Security awareness training B. A documented discarding policy C. Placing CCTV above bins D. Purchasing high-speed shredders
Answer: A. Security awareness training. Explanation: Dumpster diving is a technique in which an intruder attempts to gather sensitive information from bins and other areas where documents are not properly discarded. Users should be appropriately trained on discarding sensitive information. In the absence of security awareness training, other options may not be effective in preventing the risk of dumpster diving.
Which of the following is regarded as a passive cybersecurity attack? A. Traffic analysis. B. Juice jacking C. Denial of service D. IP spoofing
Answer: A. Traffic analysis. Explanation: Passive attacks are types of attacks in which only information is captured but does not modify, insert, or delete the traffic in an active way. Examples of passive attacks include traffic analysis, network analysis, and eavesdropping. The other options are examples of active attacks.
Which technique is used to test the wireless security of an organization? A. War driving. B. Juice jacking C. War dialing D. Social engineering
Answer: A. War driving. Explanation: War driving is a technique for locating and getting access to wireless networks with the aid of specialized tools. An intruder drives or walks around the building while equipped with specialized tools to identify unsecured networks. The same technique is used by IS auditors to identify unsecured networks and thereby test the wireless security of an organization.
Social engineering can succeed on account of: A. a technical error B. an error in judgement C. a highly qualified intruder D. a computer error
Answer: B. An error of judgement. Explanation: Social engineering succeeds due to errors in judgement on the part of an employee who provides sensitive information to intruders. Intruders establish a level of trust with the user/employer and take advantage.
Which of the following techniques is regarded as an inherent risk in the data entry process for which apparently there is no preventive control? A. Shoulder surfing B. Data diddling C. Race condition D. Dumpster diving
Answer: B. Data diddling. Explanation: Data diddling is a type of attack in which data is altered as it enters a computer system. This is done mostly by a data entry clerk or a computer virus. Data is altered before computer security is able to protect the data. Data diddling requires very little technical knowledge. There are no preventive controls for data diddling and so the organization needs to rely on compensatory controls.
Which of the following methods has the ability to circumvent two-factor authentication? A. DDoS B. Man in the middle C. Juice jacking D. Brute force
Answer: B. Man in the middle Explanation: In this attack, the attacker interferes while two devices are establishing a connection. In case any device asks for authentication, it sends a request to another device and then a response is sent to the first device. Once a connection is established, the attacker can communicate and obtain information as required, thereby circumventing the two-factor authentication.
The use of hidden files on web pages to save certain information of client sessions can expose the risk of: A. race conditions B. parameter tampering C. flooding D. juice jacking
Answer: B. Parameter tampering. Explanation: The unauthorized modification of web application parameters with a malicious intent is known as parameter tampering. As the hidden files in the web page are not visible, developers may feel safe to pass the data without proper validation. This creates a risk as the intruder may intercept the hidden data and may modify the parameter for malicious purposes.
Which of the following risks increases due to URL shortening services? A. Social engineering B. Phishing C. Vishing D. DDOS
Answer: B. Phishing. Explanation: A URL shortening service converts long URLs (web addresses) into short versions. Hackers attempt to fool users by using URL shortening services to create URLs resembling genuine websites. This is done to spread malicious software or collect sensitive data by way of phishing.
A mandatory process of reading an employee's ID badge at the entrance door is designed to prevent: A. shoulder surfing B. Piggybacking. C. race condition D. dumpster diving
Answer: B. Piggybacking Explanation: In this type of attack, an intruder follows an authorized person through a secure door and so is able to enter a restricted area without authentication. Piggybacking is regarded as a physical security vulnerability.
Wireless infrastructure increases which of the following risks? A. Port scanning B. War driving. C. War dialing D. Backdoor
Answer: B. War driving. Explanation: War driving is a technique that is designed to exploit the weakness of a wireless infrastructure. It is a technique for locating and getting access to wireless networks with the use of specialized tools such as wireless Ethernet cards. An intruder drives or walks around the building to identify unsecured networks.
Which of the following is used for distributed denial-of-service? A. Phishing techniques B. Logic bombs C. Botnets D. Social engineering
Answer: C. Botnets. Explanation: A botnet is a network of zombie computers controlled by intruders. Botnets can be used to perform DDoS, spam, and other types of attack.
The risk of which of the following increases due to poor programming and coding practices? A. Juice jacking B. Social engineering C. Buffer overflow D. Brute force
Answer: C. Buffer overflow. Explanation: A buffer overflow, or buffer overrun, is a common software coding mistake that an attacker could exploit to gain access to the system. This error occurs when there is more data in a buffer than it can handle, causing the data to overflow into adjacent storage. Due to this, an attacker gets an opportunity to manipulate the coding errors for malicious actions. A major cause of buffer overflow is poor programming and coding practices.
Passwords entered in the computer screen should be masked to prevent: A. juice jacking B. tailgating C. shoulder surfing D. impersonation
Answer: C. Shoulder surfing. Explanation: In a shoulder surfing attack, an intruder or camera captures the sensitive information by looking over the shoulder of the user entering the details on the computer screen. Passwords entered on the computer screen should be masked to prevent shoulder surfing attacks.
Which of the following techniques does not require any tools or techniques to obtain critical information? A. Privilege escalation. B. Race condition C. Social engineering D. Buffer overflow
Answer: C. Social Engineering Explanation: Social engineering is the act of tricking someone into divulging information or taking action, usually without use of any technology. The idea behind social engineering is to take advantage of a potential victim's natural tendencies and emotional reactions
Which of the following techniques does not require any tools or techniques to obtain critical information? A. Privilege escalation B. Race condition C. Social engineering D. Buffer overflow
Answer: C. Social engineering. Explanation: In a social engineering attack, an attempt is made to obtain sensitive information from users by tricking and manipulating people. In a social engineering attack, the attacker does not require any technical tools and techniques to obtain information. Social engineering is generally conducted through dialogue, interviews, inquiries, and other social methods of interaction.
An attack in which internet traffic appears to originate from the internal IP of the organization is known as: A. a DDoS attack B. parameter tampering C. Spoofing. D. port scanning
Answer: C. Spoofing. Explanation: In IP spoofing, a forged IP address is used to break a firewall. In this type of attack, an intruder hides their original identity and acts as someone else. Intruders generally make use of spoofed internal IPs to get access to systems or data that are restricted for outside IPs. IP spoofing can be regarded as the masquerading of a machine.
The most effective way to reduce the consequences of a social engineering attack is: A. to implement robust physical security B. to implement robust logical security C. The provision of security awareness training. D. to prepare information security policy
Answer: C. The provision of security awareness training. Explanation: The objective of social engineering is to exploit human nature and weakness to obtain critical and sensitive information. By means of adequate and effective security awareness training, the consequences of a social engineering attack can be minimized. Other options will not help to directly address the impact of social engineering attacks.
A password sniffing attack can: A. help an intruder act as another party B. help an intruder bypass physical security C. help an intruder gain unauthorized access to a system D. help an intruder perform impersonation
Answer: C. To help an intruder gain unauthorized access to a system. Explanation: The password sniffer is a small program that listens to all traffic in the attached network(s), builds data streams out of TCP/IP packets, and extracts usernames and passwords. This password is then used to gain unauthorized access to the system.
Which of the following techniques is used to gather information about encrypted data being transmitted over the network? A. DDOS B. IP spoofing C. Traffic analysis. D. Masquerading
Answer: C. Traffic analysis. Explanation: In traffic analysis, an intruder attempts to capture and analyze the nature of the traffic flow between hosts, the frequency of messages, their length, the length of the session, and other relevant information. Through all of this information, an intruder attempts to understand and guess the type of communication. This is typically done when messages are encrypted.
In which of the following attacks is residual biometric information used to gain unauthorized access? A. A brute-force attack B. An encrypted attack C. A mimic attack D. A replay attack
Answer: D. A replay attack. Explanation: In a replay attack, an attacker makes use of residual biometric characteristics (such as fingerprints left on a biometric device) to obtain unauthorized access.