Chapter 4: Types of Attacks
B. Spoofing
A hacker alters a source address (IP, MAC or E-mail) of a packet in order to bypass the access control list on the router. A. Vishing B. Spoofing C. Spam D. Eavesdropping
D. Cross-site scripting
A hacker tries to compromise your system by submitting script code into a field in a web page that is in then submitted and stored as data in the website database. The hacker is anticipating when you navigate to the site and display the data, that your browser will parse the script and execute it. What type of attack is this? A. Buffer overflow B. SQL injection C. Folder traversal D. Cross-site scripting
B. DNS Poisoning
Altering the DNS cache or modifying table entries of websites previously stored/visted in an attempt to redirect users to an incorrect website. A. ARP Poisoning B. DNS Poisoning C. DPN Poisoning D. ARC Poisoning
A. Distributed Denial of Service (DDoS)
An attack that uses a number of "zombie systems" to perform the attack by creating a large number of request. A. Distributed Denial of Service (DDoS) B. Port scan C. Phishing D. Whaling
A. Man-in-the-Middle (MITM)
An attack where the hacker inserts himself in the middle of two systems that are communicatingand then passess information back and forth. A. Man-in-the-Middle (MITM) B. Port scan C. Phishing D. Eavesdropping
D. Whaling
An e-mail was sent to the CEO of the company asking the CEO to change their password. A. DoS B. Port scan C. Phishing D. Whaling
D. Spoofing
John has been studying techniques used by hackers and decides to send a packet to your system, but ensures that he alters the source IP address of the packet so it looks like it came from someone else. What type of attack is this? A. Phishing B. Pharming C. Spim D. Spoofing
C. Pharming
Leading a user to the wrong site by modifying the DNS or the hosts file of a system. A. Whaling B. Phishing C. Pharming D. Spim
D. Man-in-the-Middle (MITM)
The hacker has managed to poison everyone's ARP cache so that all traffic to the internet is being sent to the hacker's system before being routed out to the Internet. What type of attack is this? A. Distributed Denial of Service (DDos) B. Denial of Service (DoS) C. Phishing D. Man-in-the-Middle (MITM)
A. Social engineering
This sort of attack involves the hacker trying to trick someone into compromising security through social contact such as a phone call or e-mail message. A. Social engineering B. Phishing C. Spoofing E. Eavesdropping
B. hosts
What file can the hacker modify after compromising your system that could lead you to the wrong web site? A. sam B. hosts C. lmhosts D. services
A. Whaling
What is the term used for a phishing attack that is targeted toward a specific person such as the executive of a company? A. Whaling B. Phishing C. Pharming D. Spim
A. Buffer overflow
What type of attack involves the hacker sending too much data to an application that typically results in the hacker gaining remote access to the system with administrative permissions? A. Buffer overflow B. SQL injection C. Folder traversal D. Cross-site scripting
A. Distributed Denial of Service (DDos)
What type of attack is a smurf attack? A. Distributed Denial of Service (DDos) B. Denial of Service (DoS) C. DNS poison D. Man-in-the-Middle (MITM)
C. Denial of Service
What type of attack results in the victim's system not being able to perform its job function? A. Man-in-the-Middle (MITM) B. Spoofing C. Denial of Service (DoS) D. Port scanning.
C. Folder traversal
When looking at the web server logs files, you notice that a lof of the request that have hit the web site are navigating to the /script/..%c0%af../winnt/system32 folder. What type of attack is occuring? A. Buffer overflow B. SQL injection C. Folder traversal D. Cross-site scripting
A. Password complexity
Which of the following is a popular method to protect against dictionary attacks? A. Password complexity B. Account lockout C. Network firewall D. Intrusion detection system
D. Reads the passwords from a word list file.
With dictionary attacks, how does the password-cracking software attempt to figure out the passwords of the different user accounts? A. Calculates all possible passwords B. Uses the passwords stored in the SAM database C. Uses the entries in the /etc/passwd file D. Reads the passwords from a word list file.
B. Port scanning
You are monitoring network traffic and notice that a single IP address is making a connection to a wealth of port numbers one after the other in a short period of time. A. DoS B. Port scanning C. Phishing D. Whaling
B. SQL injection
You are monitoring network traffic and you notice a packet with pass' or 1=1-- in the content of the packet. What type of attack has occured? A. Buffer overflow B. SQL injection C. Folder injection D. Cross-site scripting
B. User awareness and training.
You manager has called you into the office and has expressed concerns about a number of news reports on social engineering attacks. You manager would like to know what can be done to protect the company against social engineering attacks. What is your response? A. User a firewall. B. User awareness and training. C. Install antivirus software. D. Implement physical seciruty.
D. Mantrap.
You manager has red reports of tailgating being a problem with security in many organizations and wants to know what can be done to prevent tailgating. which of the following controls will help protect against tailgating. A. Locked doors. B. Electronic keypads. C. Swipe cards. D. Mantrap.
A. DoS
You notice that your web site is running slowly so you look at the logs and notice that you are getting a large number of HTTP requests from a single IP. A. DoS B. Port scan C. Phishing D. Whaling
C. Vishing
You receive a phone call from a person stating that there has been a change to your life insurance policy. You will need to pay a one-time administration fee by supplying your credit card number. A. DoS B. Port scan C. Vishing D. Whaling
B. Account lockout
Your manager has been reading a lot about popular password attacks such as dictionary attacks and brute-force attacks. Your manager is worred that your computer is susceptible to such attacks. Which of the following controls will help rotect against a brute-force attack? A. Password complexity B. Account lockout C. Network firewall D. Intrusion detection system