Chapter 17 Security
You're working late one night, and you notice that the hard disk on your new computer is very active even though you aren't doing anything on the computer and it isn't connected to the Internet. What is the most likely suspect? A. A disk failure is imminent. B. A virus is spreading in your system. C. Your system is under a DoS attack. D. TCP/IP hijacking is being attempted.
. B. A symptom of many viruses is unusual activity on the system disk. This is caused by the virus spreading to other files on your system.
Upper management has decreed that a firewall must be put in place immediately, before your site suffers an attack similar to one that struck a sister company. Responding to this order, your boss instructs you to implement a packet filter by the end of the week. A packet filter performs which function? A. Prevents unauthorized packets from entering the network B. Allows all packets to leave the network C. Allows all packets to enter the network D. Eliminates collisions in the network
A A. Packet filters prevent unauthorized packets from entering or leaving a network. Packet filters are a type of firewall that block specified traffic based on IP address, protocol, and many other attributes.
Your system log files report an ongoing attempt to gain access to a single account. This attempt has been unsuccessful to this point. What type of attack are you most likely experi- encing? A. Password-guessing attack B. Back door attack C. Worm attack D. TCP/IP hijacking
A. A password-guessing attack occurs when a user account is repeatedly attacked using a variety of passwords.
You're the administrator for a large bottling company. At the end of each month, you routinely view all logs and look for discrepancies. This month, your email system error log reports a large number of unsuccessful attempts to log on. It's apparent that the email server is being targeted. Which type of attack is most likely occurring? A. Software exploitation attack B. Backdoor attack C. Worm D. TCP/IP hijacking
A. A software exploitation attack attempts to exploit weaknesses in software. A common attack attempts to communicate with an established port to gain unauthorized access.
Which of the following is different from a virus in that it can reproduce itself, it's self-contained, and it doesn't need a host application to be transported? A. Worm B. Smurf C. Phish D. Trojan
A. A worm is different from a virus in that it can reproduce itself, it's self-contained, and it doesn't need a host application to be transported.
Which type of attack denies authorized users access to network resources? A. DoS B. Worm C.Logic bomb D.Social engineering
A. Although the end result of any of these attacks may be denying authorized users access to network resources, a DoS attack is specifically intended to prevent access to network resources by overwhelming or flooding a service or network.
Which component of physical security addresses outer-level access control A. Perimeter security B. Mantraps C. Security zones D. Strong passwords
A. Biometrics is a technology that uses personal characteristics, such as a retinal pattern or fingerprint, to establish identity.
Which technology uses a physical characteristic to establish identity? A. Biometrics B. Surveillance C. Smart card D. CHAP authenticator
A. Biometrics is a technology that uses personal characteristics, such as a retinal pattern or fingerprint, to establish identity.
As part of your training program, you're trying to educate users on the importance of security. You explain to them that not every attack depends on implementing advanced technological methods. Some attacks, you explain, take advantage of human shortcomings to gain access that should otherwise be denied. What term do you use to describe attacks of this type? A. Social engineering B. IDS system C. Perimeter security D. Biometrics
A. Social engineering uses the inherent trust in the human species, as opposed to technol- ogy, to gain access to your environmen
Internal users suspect repeated attempts to infect their systems as reported to them by pop-up messages from their virus-scanning software. According to the pop-up messages, the virus seems to be the same in every case. What is the most likely culprit? A. A server is acting as a carrier for a virus. B. You have a caterpillar virus. C. Your antivirus software has malfunctioned. D. A DoS attack is under way.
A. Some viruses won't damage a system in an attempt to spread into all the other systems in a network. These viruses use that system as the carrier of the virus.
Your company provides medical data to doctors from a worldwide database. Because of the sensitive nature of the data you work with, it's imperative that authentication be established on each session and be valid only for that session. Which of the following authentication methods provides credentials that are valid only during a single session? A. Tokens B. Certificate C. Smart card D. Kerberos
A. Tokens are created when a user or system successfully authenticates. The token is destroyed when the session is over.
As the security administrator for your organization, you must be aware of all types of attacks that can occur and plan for them. Which type of attack uses more than one computer to attack the victim? A. DoS B. DDoS C. Worm D.UDP attack
B. A distributed denial of service (DDoS) attack uses multiple computer systems to attack a server or host in the network.
One of the vice presidents of the company calls a meeting with the information technology department after a recent trip to competitors' sites. She reports that many of the companies she visited granted access to their buildings only after fingerprint scans, and she wants simi- lar technology employed at this company. Of the following, which technology relies on a physical attribute of the user for authentication? A. Smart card B. Biometrics C. Mutual authentication D. Tokens
B. Biometrics relies on a physical characteristic of the user to verify identity. Biometric devices typically use either a hand pattern or a retinal scan to accomplish this.
You're in the process of securing the IT infrastructure by adding fingerprint scanners to your existing authentication methods. This type of security is an example of which of the following? A. Access control B. Physical barriers C. Biometrics D. Softening
C. A fingerprint scanner, or any device that identifies a person by a physical trait, is consid- ered a biometric security control.
You've discovered that an expired certificate is being used repeatedly to gain logon privileges. Which type of attack is this most likely to be? A. Man-in-the-middle attack B. Back door attack C. Replay attack D. TCP/IP hijackiNG
C. A replay attack attempts to replay the results of a previously successful session to gain access.
A server in your network has a program running on it that bypasses authentication. Which type of attack has occurred? A. DoS B. DDoS C.Back door D.Social engineering
C. In a back door attack, a program or service is placed on a server to bypass normal security procedures.
Your help desk has informed you that they received an urgent call from the vice president last night requesting his logon ID and password. When talking with the VP today, he says he never made that call. What type of attack is this? A. Spoofing B. Replay attack C. Social engineering D. Trojan horse
C. Someone trying to con your organization into revealing account and password information is launching a social engineering attack.
Which media is susceptible to viruses? A. Tape B. Memory stick C. CD-R D. All of the above
D D. All of these devices can store and pass viruses to uninfected systems. Make sure that all files are scanned for viruses before they're copied to these media.
A smurf attack attempts to use a broadcast ping on a network; the return address of the ping may be that of a valid system in your network. Which protocol does a smurf attack use to conduct the attack? A. TCP B. IP C. UDP D. ICMP
D. A smurf attack attempts to use a broadcast ping (ICMP) on a network. The return address of the ping may be that of a valid system in your network. This system will be flooded with responses in a large network.
A junior administrator comes to you in a panic. After looking at the log files, he has become convinced that an attacker is attempting to use a duplicate IP address to replace another system in the network to gain access. Which type of attack is this? A. Man-in-the-middle attack B. Back door attack C. Worm D. TCP/IP hijacking
D. TCP/IP hijacking is an attempt to steal a valid IP address and use it to gain authorization or information from a network.