Security Ch 3
(T/F) An attacker will use exploit software when performing vulnerability assessments and intrusive penetration testing.
True
(T/F) Failing to prevent an attack all but invites an attack.
True
(T/F) In 2011, the United States ranked second globally as a source of network attacks and highest as a source of attacks in North America, even if they originate outside the United States.
True
(T/F) Spoofing means a type of attack in which one person, program, or computer disguises itself as another person, program, or computer to gain access to some resource.
True
(T/F) True downtime cost is the amount of money a company loses due to downtime, either intentional or unintentional. It is also called opportunity cost.
True
(T/F) A DoS attack is a coordinated attempt to deny service by causing a computer to perform an unproductive task.
True
Prior to VoIP, attackers would use wardialers to ________.
All of the above
What is the definition of netcat?
A network utility program that reads from and writes to network connections. Backdoor
Malicious software can be hidden in a ________.
All of the above
What is meant by Pharming?
An attack that seeks to obtain personal or private financial information through domain spoofing
An attempt to exploit a vulnerability of a computer or network component is the definition of ________.
Attack
________ is a method that black-hat hackers use to attempt to compromise logon and password access controls, usually following a specific attack plan, including the use of social engineering to obtain user information.
Brute-force password atack
A _________ has a hostile intent, possesses sophisticated skills, and may be interested in financial gain. They represent the greatest threat to networks and information resources.
Cracker
(T/F) Once you detect a DoS attack, you cannot stop it easily.
False
(T/F) Successfully connecting to a computer using a modem makes it impossible to access the rest of the organization's network.
False
(T/F) The up-to-date Common Vulnerabilities & Exposure list is maintained and managed by the U.S. Department of Finance.
False
(T/F) Wardialers are becoming more frequently used given the rise of digital telephony and now IP telephony or Voice over IP (VoIP).
False
________ is a type of attack in which the attacker takes control of a session between two machines and masquerades as one of them.
Hijacking
What term is used to describe an attack in which the attacker gets between two parties and intercepts messages before transferring them on to their intended destination?
Man-in-the-Middle
A(n) ___________ fingerprint scanner is a software program that allows an attacker to send logon packets to an IP host device.
Operating System (OS)
A ___________ is a software program that performs one of two functions: brute-force password attack to gain unauthorized access to a system, or recovery of passwords stored in a computer system.
Password Cracker
A type of fraud in which an attacker attempts to trick the victim into providing private information.
Phishing
In a ________, the attacker sends a large number of packets requesting connections to the victim computer
SYN flood
Another type of attacker is called a ________. This is a person with little or no skill who simply follows directions or uses a "cookbook" approach to carrying out a cyberattack without understanding the meaning of the steps he or she is performing.
Script Kiddie
What name is given to any event that results in a violation of any of the C-I-A security tenets?
Security Breach
What is meant by promiscuous mode?
The mode in which sniffers operate; it is nonintrusive and does not generate network traffic. This means that every data packet is captured and can be seen by the sniffer.
(T/F) Researchers have estimated that attackers issue thousands of DDoS attacks against networks each week, the most targeted organizations being larger companies and universities. The threat of a DDoS attack is so serious that prevention is a top priority in many organizations, including security product vendors
True/False
When an attacker discovers a __________, he or she can use it to bypass existing security controls such as passwords, encryption, and so on.
backdoor
Loss of financial assets due to ________ is a worst-case scenario for all organizations
malicious attacks
A type of malware that modifies or replaces one or more existing programs to hide the fact that a computer has been compormised
rootkit