CDS 344 Chapter 3 Quiz

Ace your homework & exams now with Quizwiz!

A man-in-the-middle attack takes advantage of the multihop process used by many types of networks. True False

True

Which one of the following is an example of a disclosure threat? a. Espionage b. Alteration c. Denial d. Destruction

a. Espionage

Barry discovers that an attacker is running an access point in a building adjacent to his company. The access point is broadcasting the security set identifier (SSID) of an open network owned by the coffee shop in his lobby. Which type of attack is likely taking place? a. Evil twin b. Wardriving c. Bluesnarfing d. Replay attack

a. Evil twin

An alteration threat violates information integrity. True False

True

Adam discovers a virus on his system that is using encryption to modify itself. The virus escapes detection by signature-based antivirus software. What type of virus has he discovered? a. Polymorphic virus b. Stealth virus c. Cross-platform virus d. Multipartite virus

a. Polymorphic virus

Tony is working with a law enforcement agency to place a wiretap pursuant to a legitimate court order. The wiretap will monitor communications without making any modifications. What type of wiretap is Tony placing? a. Active wiretap b. Between-the-lines wiretap c. Piggyback-entry wiretap d. Passive wiretap

d. Passive wiretap

Which type of virus targets computer hardware and software startup functions? a. Hardware infector b. System infector c. File infector d. Data infector

b. System infector

Which group is the most likely target of a social engineering attack? a. Receptionists and administrative assistants b. Information security response team c. Internal auditors d. Independent contractors

a. Receptionists and administrative assistants

Breanne's system was infected by malicious code after she installed an innocent-looking solitaire game that she downloaded from the Internet. What type of malware did she likely encounter? a. Virus b. Worm c. Trojan horse d. Logic bomb

c. Trojan horse

What type of malicious software masquerades as legitimate software to entice the user to run it? a. Virus b. Worm c. Trojan horse d. Rootkit

c. Trojan horse

Trojans are self-contained programs designed to propagate from one host machine to another using the host's own network communications protocols. True False

False

Denial of service (DoS) attacks are larger in scope than distributed denial of service (DDoS) attacks. True False

False

The main difference between a virus and a worm is that a virus does not need a host program to infect. True False

False

Yuri is a skilled computer security expert who attempts to break into the systems belonging to his clients. He has permission from the clients to perform this testing as part of a paid contract. What type of person is Yuri? a. Cracker b. White-hat hacker c. Black-hat hacker d. Grey-hat hacker

b. White-hat hacker

When servers need operating system upgrades or patches, administrators take them offline intentionally so they can perform the necessary work without risking malicious attacks. True False

True

The CEO of Erlich's company recently fell victim to an attack. The attackers sent the CEO an email informing him that his company was being sued and he needed to view a subpoena at a court website. When visiting the website, malicious code was downloaded onto the CEO's computer. What type of attack took place? a. Spear phishing b. Pharming c. Adware d. Command injection

a. Spear phishing

What tool might be used by an attacker during the reconnaissance phase of an attack to glean information about domain registrations? a. Whois b. Simple Network Management Protocol (SNMP) c. Ping d. Domain Name System (DNS)

a. Whois

What file type is least likely to be impacted by a file infector virus? a. .exe b. .docx c. .com d. .dll

b. .docx

What program, released in 2013, is an example of ransomware? a. BitLocker b. Crypt0L0cker c. FileVault d. CryptoVault

b. Crypt0L0cker

What is NOT one of the four main purposes of an attack? a. Denial of availability b. Data correlation c. Data modification d. Launch point

b. Data correlation

Yolanda would like to prevent attackers from using her network as a relay point for a smurf attack. What protocol should she block? a. Hypertext Transfer Protocol (HTTP) b. Transmission Control Protocol (TCP) c. Internet Control Message Protocol (ICMP) d. User Datagram Protocol (UDP)

c. Internet Control Message Protocol (ICMP)

Brian would like to conduct a port scan against his systems to determine how they look from an attacker's viewpoint. What tool can he use for this purpose? a. Ping b. Simple Network Management Protocol (SNMP) agent c. Nmap d. Remote Access Tool (RAT)

c. Nmap

Bob is developing a web application that depends upon a database backend. What type of attack could a malicious individual use to send commands through his web application to the database? a. Cross-site scripting (XSS) b. XML injection c. SQL injection d. LDAP injection

c. SQL injection

What is NOT a typical sign of virus activity on a system? a. Unexplained decrease in available disk space b. Unexpected error messages c. Unexpected power failures d. Sudden sluggishness of applications

c. Unexpected power failures

Alison discovers that a system under her control has been infected with malware, which is using a key logger to report user keystrokes to a third party. What information security property is this malware attacking? a. Integrity b. Availability c. Accounting d. Confidentiality

d. Confidentiality

Jared recently viewed a forum discussion on a website. As a result, his computer executed code that popped up a window that asked for his password. What type of attack has Jared likely encountered? a. SQL injection b. Command injection c. XML injection d. Cross-site scripting (XSS)

d. Cross-site scripting (XSS)

What is NOT a common motivation for attackers? a. Money b. Fame c. Revenge d. Fear

d. Fear

Which tool can capture the packets transmitted between systems over a network? a. Wardialer b. OS fingerprinter c. Port scanner d. Protocol analyzer

d. Protocol analyzer

Which term describes an action that can damage or compromise an asset? a. Likelihood b. Vulnerability c. Countermeasure d. Threat

d. Threat

Which type of attack against a web application uses a newly discovered vulnerability that is not patchable? a. SQL injection b. Cross-site scripting c. Cross-site request forgery d. Zero-day attack

d. Zero-day attack


Related study sets

LynnettaR Herm finals study Chapter 8, 4, 13

View Set

Chapter 59: Caring for Clients with Disorders of the Bladder and Urethra

View Set

Marketing Chapter 7 - Segmentation, Targeting, and Positioning

View Set

Chapter 3: Stoichometry/Mass Balence

View Set

Acct 200 journal entries from lectures, exam 1

View Set