Cyber Crime Final
What is The Cloud? A fluffy white thing in the sky A downloaded computer program A software and services that run on the Internet A website on the internet
A software and services that run on the Internet
distinguish between vulnerability, threat, and control
A threat is a set circumstances that could cause harm. A vulnerability is a weakness that could be exploited to cause harm. Controls prevent threats from exercising vulnerabilities.
You are reviewing security controls and their usefulness. You notice that account lockout policies are in place. Which of the following attacks will these policies thwart? (choose two) DNS poisoning Replay Buffer overflow Brute force Dictionary
Brute force Dictionary
What is not a good way to protect your information A.) use a HTTP web address B.) have the latest protection installed on your computers C.) change the default settings on your computer
A.) use a HTTP web address
In the diagram of the TCP three-way handshake here, what should system A send to system B in step 3? ACK SYN FIN RST
ACK
What is the difference between MAC spoofing and ARP spoofing?
ARP spoofing is when the attacker chooses its target and begins sending ARP packets across the LAN that contain the attacker's MAC address and the target's IP address. MAC spoofing is when the attacker sends a frame throughout the network with the newly configured MAC address.
A good way for a company to prevent cloud account hijacking is to: Use multi-factor authentication Restrict the range of IP addresses that can access cloud account applications Encrypt sensitive data sent to the cloud All of the above
All of the above
Of the following choices , which one is the best way to detect an inside threat ? Inform and Train your employees on the Importance of security awareness Log and audit employee's online actions Monitor any suspicious behavior All of the above
All of the above
Where can an insider threat take place? An accounting firm A grocery store An airline company All of the above
All of the above
Which of the following functions does information security perform for an organization? Protects the organization's ability to function. Enables the safe operation of applications implemented on the organization's IT systems. Protects the data the organization collects and uses All of the above.
All of the above.
Which of the following is NOT an example of Physical Security control? Antivirus Software Security Guards A locked server room
Antivirus Software
Which list presents the layers of the OSI model in the correct order? Presentation, Application, Session, Transport, Network, Data Link, Physical Application, Presentation, Session, Transport, Network, Data Link, Physical Presentation, Application, Session, Transport, Data Link, Network, Physical Application, Presentation, Session, Network, Transport, Data Link, Physical
Application, Presentation, Session, Transport, Network, Data Link, Physical
___________________ ensures authorized users — persons or computer systems — can access (or use) information without interference or obstruction, and in the required format.
Availability
Which of the following is the major controller of the cloud infrastructure service market? A. Microsoft B. Google C. Amazon D. Apple
C. Amazon
HTML injection is a? 1. SQL injection 2. Cross Scripting Attack 3. Code Injection 4. LDAP injection
3. Code Injection
Which part of CIA do HTML injection Attacks affect? 1. Confidentiality 2. Integrity 3. Accessibility 4. All of the above
4. All of the above
TCP/IP is a set of protocols that operates at both the Network and Transport layers of the OSI Reference Model.
True
The term "router" describes a device that connects two or more networks and selectively interchanges packets of data between them.
True
The top-down approach in information security implementation means when projects are initiated at the highest levels of an organization and then pushed to all levels
True
To be secure interfaces and APIs, strong authentication and access controls are required with encrypted transmission.
True
True or False: Electromagnetic Interception is the reconstruction of data from electromagnetic emissions
True
To avoid the nefarious use of cloud computing, which of the following is the BEST safeguard? a. Rigorous registration process b. Paid service c. OAuth d. Firewall
a. Rigorous registration process
Unlike viruses, worms do NOT require a host program in order to survive and replicate
True
WAP (wireless access point) is the connection between a wired and wireless network.
True
List at least five physical security controls
Walls, fencing, and gates Guards Dogs ID cards and badges Locks and keys Mantraps Electronic monitoring Alarms and alarm systems Interior walls and doors Rules and policies
____________________ is a technique used to gain unauthorized access to Wi-Fi wireless network by driving vehicle.
Wardriving
In the well-known ____ attack, an attacker monitors (or sniffs) packets from the network, modifies them, and inserts them back into the network. Zombie-in-the-middle Sniff-in-the-middle Server-in-the-middle Man-in-the-middle
Man-in-the-middle
What kind of insider threat is most common? Malicious Negligent Third Party
Negligent
____________________ enables a user to allow third-party application to access APIs on that user's behalf; for example, when Facebook asks a user if a new application can have access to his photos.
OAuth
A user complains that his system is no longer able to access the Walmart.com site. Instead, his browser goes to a different site. After investigation, you notice the following entries in the user's hosts file: 127.0.0.1 localhost 72.23.231.233 walmart.com What is the BEST explanation for this difficulty? Pharming attack Whaling attack Session hijacking Phishing attack
Pharming attack
List and describe the three ways of control.
Procedural controls Policies, procedures, guidelines Contracts, agreements Regulations Technical Controls Passwords Firewalls, intrusion systems Encryption Educational Controls People are the weakest link in info. Security
Which of the following explanations is TCP/IP model? Developed by ISO (International organization for standardization) 7 layers Has presentation layer Protocol Dependent
Protocol Dependent
A network administrator is attempting to identify all traffic on an internal network. Which of the following tools in the BEST choice? Black box test Penetration test Protocol analyzer Baseline review
Protocol analyzer
After Tom turned on his computer, he saw a message indicating that unless he made a payment, his hard drive would be formatted. What does this indicate? Armored virus Backdoor Ransomware Trojan
Ransomware
Which group is the most likely target of a social engineering attack? Receptionists and administrative assistants Information security response team Internal auditors Independent contractors
Receptionists and administrative assistants
In which type of attack does the attacker attempt to get at users' encrypted data by failing the certificate validation process? DDoS attack Sniffing SSL hijacking IP spoofing attack
SSL hijacking
In which type of attack does the attacker attempt to take over an existing connection between two systems? Man-in-the-middle attack URL hijacking Session hijacking Typosquatting
Session hijacking
Thieves recently rammed a truck through the entrance of your company's main building. During the chaos, their partners proceeded to steal a significant amount of IT equipment. Which of the following choices can you use to prevent this from happening again? a. Bollards b. Guards c. CCTV d. Mantrap
a. Bollards
. An organization requested bids for a contract and asked companies to submit their bids via email. After winning the bid, Acme realized it could not meet the requirements of the contract. Acme instead stated that it never submitted the bid. Which of the following would provide proof to the organization that Acme did submit the bid? a. Digital signature b. Integrity c. Decryption d. Encryption
a. Digital signature
The security manager at your company recently updated the security policy. One of the changes requires two-factor authentication. Which of the following will meet this requirement? a. Hardware token and PIN b. Finger print and retina scan c. Password and PIN d. PIN and security questions
a. Hardware token and PIN
Which of the following cloud services would be used to rent software, OS, and storage over the Internet? A. SaaS B. PaaS C. IaaS D. XaaS
C. IaaS
Within the context of information security, _______________________ is the process of using interpersonal skills to convince people to reveal access credentials or other valuable information to the attacker.
Social Engineering
Users in your organization have reported receiving a similar email from the same sender. The email included a link, but after recent training on emerging threats, all the users chose not to click the link. Security investigators determined the link was malicious and was designed to download ransomware. Which of the following BEST describes the email? Phishing Spam Spear Phishing Vishing
Spear Phishing
The CEO of Kelly's company recently fell victim to an attack. The attackers sent the CEO an email informing him that his company was being sued and he needed to view a subpoena at a court website. When visiting the website, malicious code was downloaded onto the CEO's computer. What type of attack took place? Spear phishing Pharming Adware Command injection
Spear phishing
Of the following malware types, which one is MOST likely to monitor a user's computer? Trojan Spyware Ransomware Adware
Spyware
List three solutions to prevent insider threats.
Strict password and account management policies Periodic security awareness training for all employees Have secure backup and recovery processes in place
Homer is able to connect to his company's wireless network with his smartphone but not with his laptop computer. Which of the following is the MOST likely reason for this disparity? 7 a. His company's network has a MAC address filter in place. b. His company's network has enabled SSID broadcast. c. His company's network has enabled WEP. d. His company's network has enabled WPA2 Enterprise
a. His company's network has a MAC address filter in place.
Why is WEP key is easy to get cracked? a. Its use of static encryption keys b. Using switch in the transmission c. Both A and B
a. Its use of static encryption keys
You maintain a training lab with 18 computers. You have enough rights and permissions on these machines so that you can configure them as needed for classes. However, you do not have the rights to add them to your organization's domain. Which of the following choices BEST describes this example? a. Least privilege b. Need to know c. User-based privileges d. BYOU
a. Least privilege
What type of network device normally connects directly to endpoints and uses MAC-based filtering to limit traffic flows? Router Hub Access Point Switch
Switch
Please compare TCP/IP model with OSI model.
TCP/IP model: Uses specific protocols around which the internet has developed Protocol dependent 4 layers No presentation, session, or physical layers OSI model: Is a general reference model developed by the International Organization for Standardization Protocol independent 7 layers
Which of the following is a NSA specification for protection against electromagnetic interference TEMPEST SPECTRE GHOST APACHE
TEMPEST
During a forensic investigation, Charles is able to determine the Media Access Control address of a system that was connected to a compromised network. Charles knows that MAC addresses are tied back to a manufacturer or vendor and are part of the fingerprint of the system. To which OSI layer does a MAC address belong? The application layer The session layer The physical layer The data link layer
The data link layer
Who should have access to an organization's server room? The janitor The receptionist The network administrator
The network administrator
What is social engineering?
The process of using social skills to convince people to reveal access credentials or other valuable information
Which term describes an action that can damage or compromise an asset? Risk Vulnerability Countermeasure Threat
Threat
________________ is initiated by upper management with issue policy, procedures, and processes.
Top-Down Approach
What type of malicious software masquerades as legitimate software to entice the user to run it? Virus Worm Trojan Horse Rootkit
Trojan Horse
. An Application Program Interface (API) refers to tools for creating software applications.
True
A phishing email is a fake or bogus email intended to trick the recipient into clicking on an embedded URL link or opening an email attachment
True
Of the following choices, which one does not involve insiders? Employees Competitors Business associates A random hacker
Competitors
What does a eavesdropping compromise? Confidentiality Integrity Availability
Confidentiality
What main part of the CIA triangle does account hijacking affect? Confidentiality Integrity Accessibility
Confidentiality
What type of threat did Mr.Justice cause through his actions ? Confidentiality Integrity Availability All of the above
Confidentiality
Which part of the CIA Triangle is MOST effected during an insider threat attack? Confidentiality Integrity Availability All of the above
Confidentiality
____________________ attacks leverage the fact that users are often logged into multiple sites at the same time and use one site to trick the browser into sending malicious requests to another site without the users' knowledge.
Cross-site Request Forgery (XSRF or CSRF)
____________________ attacks occur when an attacker embeds malicious scripts without permission in a third-party website that are later run by innocent visitors to that site.
Cross-site scripting (XSS)
A successful denial of service (DoS) attack may create so much network congestion that authorized users cannot access network resources.
True
ARP (address resolution protocol) works for mapping an IP address to a MAC address.
True
ARP spoofing attack "poisons" the ARP table mapping an IP address to a MAC address.
True
An insider threat is occurred by a current or former employee, contractor or business partner who has or had authorized access to an organization's network systems, data or premises.
True
Attacks against confidentiality and privacy, data integrity, and availability of services are always malicious code can threaten businesses.
True
Cloud venders expose a set of software interface or APIs in which customers use to interact with cloud services.
True
Cookies are designed for websites to remember stateful information (e.g., items added in the cart in Amazon.com.
True
Cookies are inherently harmless.
True
An attack that causes a service to fail by exhausting all of a system's resources is what type of attack? Worms Viruses Denial of service attack Trojan horses
Denial of service attack
____________________ is to verify the integrity of the file and provide non-repudiation.
Digital Signatures
A(n) ____ is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time. Denial-of-service Distributed denial-of-service Virus Spam
Distributed denial-of-service
Which of the following cannot put you at risk for getting infected with spyware? Blindly letting trusted software install other software Downloading a community verified mod for your favorite videogame Downloading freeware from an unofficial link Opening an email attachment that you are not sure of the contents inside
Downloading a community verified mod for your favorite videogame
A web beacon can track information about your device
False
A worm is a self-contained program that has to trick users into running it.
False
Confidentiality ensures that only those with the rights and privileges to modify information are able to do so.
False
Hashing functions require the use of keys.
False
Insider attacks usually require the advance knowledge of network.
False
Insider threat is always occurred by the insider who has malicious intention (e.g., fraud, unauthorized trading, and espionage).
False
MAC addresses are a unique identifier allotted to communication devices and are not changeable.
False
The Transport Layer of the OSI Reference Model creates, maintains, and disconnects communications that take place between processes over the network.
False
Threats are always malicious
False
Threats are always targeted
False
Wired connection is less secure than wireless.
False
You should use easy-to-remember personal information to create secure passwords.
False
Fingerprints, palm prints and retina scans are types of biometrics.
True
IP addresses are eight-byte addresses that uniquely identify every device on the network.
False (TCP header has 20 bytes, UDP header has 8)
Hypertext Transfer Protocol (HTTP) is the communications protocol between web browsers and websites with data in clear text.
True
Hypertext Transfer Protocol (HTTP) is the communications protocol between web browsers and websites with data in clear text.
True
Session Hijacking is the process in which a user's or organization's cloud account credentials are stolen and exploited by an unauthorized attacker.
False, Account Hijacking
Symmetric encryption uses two different keys: public key (to encipher) and private key (to decipher).
False, Asymmetric Encryption
Digital Certificates are the encrypted messages that can be mathematically proven to be authentic.
False, Digital Signature
Hypertext Transfer Protocol (HTTP) encrypts data transfers between secure browsers and secure web pages.
False, HTTPS encrypts data transfers between secure browsers and secure web pages
IaaS (Infrastructure as a Service) gives the customer access to applications running in the cloud.
False, Software as a service (SaaS)
WEP (Wired Equivalent Privacy) is the strongest encryption protocol for the wireless network.
False, WPA2
The main difference between a virus and a worm is that a virus does not need a host program to infect.
False, a virus does need a host while a worm does not.
A phishing attack "poisons" a domain name on a domain name server.
False, pharming attacks compromise at the DNS server level.
Terry is troubleshooting a network that is experiencing high traffic congestion issues. Which device, if present on the network, should be replaced to alleviate these issues? Firewall Hub Switch Router
Hub
_______________ is a technique used to gain unauthorized access to computers, wherein the intruder sends messages to a computer that has an IP address that indicates that the messages are coming from a trusted host and not the actual source computer.
IP Spoofing
List at least two network attacks of each category
Interruption: DoS, DDoS Modification: DNS poisoning, IP Spoofing Interception: Eavesdropping /Sniffing, Session hijacking, SSL hijacking
List five factors for authentication
Knowledge Ownership Characteristics Location Action
HTTP, DNS, and SSL all occur at what layer of the TCP/IP model? Layer 1 Layer 2 Layer 3 Layer 4
Layer 4
PKI systems are based on public-key cryptosystems and include digital certificates and certificate authorities.
True
Popular cryptosystems use a hybrid combination of symmetric and asymmetric algorithms.
True
The spoofed ARP packets contain the attacker's ________________ and the target's ________________.
MAC Address, IP Address
Pure asymmetric key encryption is not widely used, except with digital certificates.
True
Jemar recently received an email thanking him for a purchase that he did not make. He asked an administrator about it and the administrator noticed a pop-up window, which included the following code: <body onload="document.getElementByID('myform').submit()"> <form id="myForm"action="gcgapremium.com/purchase.php"method="post" <input name="Buy Now" value="Buy Now"/> </form> </body> Which of the following is the MOST likely explanation? a. XSRF (cross-site request forgery) b. Buffer overflow c. SQL injection d. ARP spoofing
a. XSRF (cross-site request forgery)
An application on one of your database servers has crashed several times recently. Examining detailed debugging logs, you discover that just prior to crashing, the database application is receiving a long series of characters (more data into the database application's memory than it can handle). What is MOST likely occurring? a. XSRF b. Buffer overflow c. HTML injection d. DNS poisoning
b. Buffer overflow
Homer wants to use digital signatures for his emails and realized he needs a certificate. Which of the following will issue Homer a certificate? a. IT department b. CA (Certificate Authority) c. Email service company d. Recovery agent
b. CA (Certificate Authority)
Which one is harmed by WEP cracking? a. Integrity b. Confidentiality c. Availability
b. Confidentiality
Which of the following terms describes the process of making and using codes to secure the transmission of information? a. Algorithm b. Cryptography c. Steganography d. Philosophy
b. Cryptography
Which of the following choices BEST describes the organizational trigger in insider threats (TWO)? a. High level of physical access controls b. High level of time pressure c. High level of security training d. High availability and easy of acquiring information
b. High level of time pressure d. High availability and easy of acquiring information
A small business owner modified his wireless router with the following settings: PERMIT 1A:2B:3C:4D:5E:6F DENY 6F:5E:4D:3C:2B:1A After saving the settings, an employee reports that he cannot access the wireless network anymore. What is the MOST likely reason that the employee cannot access the network? a. IP address filtering b. MAC address filtering c. DNS filtering d. URL filtering
b. MAC address filtering
In what type of attack does the attacker send unauthorized commands directly to a database? a. XSS (cross-site scripting) b. SQL injection c. XSRF (cross-site request forgery) d. Database dumping
b. SQL injection
Joe wants to send a secure email to Marge so he decides to encrypt it. Joe wants to ensure that Marge can verify that he sent it. Which of the following does Marge need to verify the certificate that Joe used in this process in valid? a. The CA (Certificate Authority)'s private key b. The CA's public key c. Marge's public key d. Marge's private key
b. The CA's public key
What is WEP stand for? a. Wide Encrypted Protocol b. Wireless Equivalent Privacy c. Wifi Ensured Protection
b. Wireless Equivalent Privacy
. Rachel at ABC corp. stores her public key where it can be accessed. Alex at XYZ corp. retrieves it and uses it to encrypt his session (symmetric) key. He sends it to Rachel, who decrypts Alex's session key with her private key, and then uses Alex's session key for short-term private communications. What is MOST likely occurring? a. Symmetric encryption b. Asymmetric encryption c. Hybrid encryption d. Hashing
c. Hybrid encryption
Of the following choices, which one is a cloud computing option model that the vendor provides access to a computer, but customers must manage the system, including keeping it up to data with current patches? a. Platform as a Service b. Software as a Service c. Infrastructure as a Service d. Private
c. Infrastructure as a Service
A code review of a web application discovered that the application is not performing boundary checking. What should the web developer add to this application to resolve this issue? a. XSRF b. XSS c. Input validation d. Antivirus software
c. Input validation
Jane and Carl work in an organization that includes a PKI (public key). Carl needs to send a message to Jane. What does Carl use in this process? a. Carl's public key b. Carl's private key c. Jane's public key d. Jane's private key
c. Jane's public key
Malicious users inject malicious code or software in Adobe PDF and MS office and upload it to the cloud service. Customers who download the Adobe PDF and the MS office will also execute the malwares. Which of the following choices BEST describes this example? a. Account hijacking b. Session hijacking c. Nefarious use of cloud computing d. SQL injection
c. Nefarious use of cloud computing
Looking at logs for an online web application, you see that someone has entered the following phrase into several queries: 'or '1'='1'-- Which of the following is the MOST likely explanation for this? a. Buffer overflow b. XSS (cross-site scripting) c. SQL injection d. Domain hijacking
c. SQL injection
Your organization hosts a web site and the web site accesses a database server in the internal network. ACLs (access control list) on firewalls prevent any connections to the database sever except from the web server. Database fields hosting customer data are encrypted an all data in transit between the web site server and the database several are encrypted. Which of the following represents the GREATEST risk to the data on the server? a. Theft of the database server b. HTML injection c. SQL injection d. Sniffing
c. SQL injection
Sean wants to ensure that other people cannot view data on his mobile device if he leaves it unattended. What should he implement? a. Encryption b. Cable lock c. Screen lock d. Remote wiping
c. Screen lock
A security auditor discovered that several employees in the accounting department can print and sign checks. In her final report, she recommended restricting the number of people who can print checks and the number of people who can sign them. She also recommended that no one should be authorized to print and sign checks. What policy is she recommending? a. Role-based access control b. BYOU c. Separation of duties d. Job rotation
c. Separation of duties
A telecommuting employee calls into his organization's IT help-desk and asks the help-desk professional to reset his password. Which of the following choices is the BEST choice for what the help-desk professional should do before resetting the password? a. Verify the user's name b. Disable the user's account c. Verify the user's identity d. Enable the user's account
c. Verify the user's identity
While creating a web application, a developer adds code to limit data provided by users. The code prevents users from entering special characters. Which of the following attacks will this code MOST likely prevent? a. Man-in-the-Middle b. Phishing c. XSS (cross-site scripting) d. Domain hijacking
c. XSS (cross-site scripting)
Of the following choices, which one does not involve insiders? employees competitors business associates CEO
competitors
What term is used to describe a cryptographic method that incorporates mathematical operations involving both a public key and a private key to encipher or decipher a message? a. Private-key encryption b. Symmetric encryption c. Advanced Encryption Standard (AES) d. Asymmetric encryption
d. Asymmetric encryption
Which one of the following provides an authentication mechanism that would be appropriate for pairing with a password to achieve two factor authentication? a. Username b. PIN c. Security question d. Fingerprint scan
d. Fingerprint scan
A function converts data into a string of characters and the string of characters cannot be reversed to re-create the original data. What type of function is this? a. Symmetric encryption b. Asymmetric encryption c. Stream cipher d. Hashing
d. Hashing
Which of the following choices BEST describes the characteristics of malicious insider? a. High loyalty toward their organization b. High level of rationality c. High level of ethical values d. High level of compulsive behavior
d. High level of compulsive behavior
Social engineers have launched several successful phone-based attacks against your organization resulting in several data leaks. Which of the following would be MOST effective at reducing the success of these attacks? a. Implement a BYOD (bring your own device) policy b. Update the an AUP (acceptable use policy) c. Implement a least privilege policy d. Implement a program to increase security awareness
d. Implement a program to increase security awareness
. You are planning to deploy a WLAN and you want to ensure it is secure. Which of the following provides the BEST security? a. Implementing WPA b. Disabling SSID broadcast c. Enabling MAC filtering d. Implementing WPA2
d. Implementing WPA2
Which of the following terms is used to describe the information used in conjunction with an algorithm to create the ciphertext from the plaintext or derive the plaintext from the ciphertext? a. Cipher b. Code c. Cleartext d. Key
d. Key
Which of the following wireless security mechanisms is subject to a spoofing attack? a. WEP b. WPA c. WPA 2 Enterprise d. MAC address filtering
d. MAC address filtering
Your organization maintains a separate wireless network for visitors in a conference room. However, you have recently noticed that people are connecting to this network even when there aren't any visitors in the conference room. You want to prevent theses connections, while maintaining easy access for visitors in the conference room. Which of the following is the BEST solutions? a. Disable SSID broadcasting b. Enable MAC filtering c. Use wireless jamming d. Reduce antenna power
d. Reduce antenna power
Bart is in a break area outside the office. He told Lisa that he forgot his badge inside and asked Lisa to let him follow her when she goes back inside. What does this describe? a. Spear phishing b. Vishing c. Mantrap d. Tailgating
d. Tailgating
A war driver is capturing traffic from a wireless network. When an authorized client connects, the attacker is able to implement a brute force attack to discover the encryption key. What type of attack did this war driver use? a. WPS attack b. HTML injection c. Packet injection d. WPA cracking
d. WPA cracking
Which of the following options would be used to prevent cloud account hijacking? a.Multi-factor authentication b.Using the same password for every account c.Encrypting sensitive data before it enters the cloud d.A&C
d.A&C
What network system should you not use? A.) WPA B.) wep C.) wpa2
B.) wep
____________________ validate the identity of the owner of the public key.
Certificate Authorities
During troubleshooting, Chris uses the nslookup command to check the IP address of a host he is attempting to connect to. The IP he sees in the response is not the IP that should resolve when the lookup is done. What type of attack has likely been conducted? ARP spoofing DNS cache poisoning Eavesdropping SSL hijacking
DNS cache poisoning
You are troubleshooting an intermittent connectivity issue with a web server. After examining the logs, you identify repeated connection attempts from various IP addresses. You realize these connection attempts are overloading the server, preventing it from responding to other connections. Which of the following is MOST likely occurring? DDoS attack DoS attack Amplification attack IP spoofing attack
DDoS attack
Which important protocol is responsible for providing human-readable addresses instead of numerical IP addresses? TCP IP DNS ARP
DNS
What is a malicious code used for ? to create a special language to create system vulnerabilities for security breaches to contact service providers for threats within a company to help students with their homework
to create system vulnerabilities for security breaches