final4
True or False? Anti-malware programs and firewalls cannot detect most phishing scams because the scams do not contain suspect code.
True
In which type of attack does the attacker attempt to take over an existing connection between two systems?
Session hijacking
Forensics and incident response are examples of __________ controls.
corrective
Purchasing an insurance policy is an example of the ____________ risk management strategy.
transfer
Aditya is the security manager for a mid-sized business. The company has suffered several serious data losses when laptops were stolen. Aditya decides to implement full disk encryption on all laptops. What risk response did Aditya take?
Risk reduction (or mitigation)
Brian notices an attack taking place on his network. When he digs deeper, he realizes that the attacker has a physical presence on the local network and is forging Media Access Control (MAC) addresses. Which type of attack is most likely taking place?
Address resolution protocol (ARP) poisoning;spoofing attack.
A hacker has stolen logon IDs and passwords. The hacker is now attempting to gain unauthorized access to a public-facing web application by using the stolen credentials one by one. What type of attack is taking place?
Credential harvesting
Barry discovers that an attacker is running an access point in a building adjacent to his company. The access point is broadcasting the security set identifier (SSID) of an open network owned by the coffee shop in his lobby. Which type of attack is likely taking place?
Evil twin; In an evil twin attack, the attacker deploys a fake open or public wireless network to use a packet sniffer on any user who connects to it.
True or False? Corrective controls are implemented to address a threat in place that does not have a straightforward risk-mitigating solution.
False
True or False? Bluejacking is an attack in which wireless traffic is sniffed between Bluetooth devices.
False; Bluesnarfing
True or False? Preventive controls merely attempt to suggest that a subject not take a specific action, whereas corrective controls do not allow the action to occur.
False; Deterrent controls merely attempt to suggest that a subject not take a specific action, whereas preventive controls do not allow the action to occur.
True or False? A phishing attack "poisons" a domain name on a domain name server (DNS).
False; Pharming "poisons" a domain name on a DNS. Phishing attempts to scam people with an email or instant message.
True or False? A man-in-the-middle attack takes advantage of the multihop process used by many types of networks.
True
True or False? A phishing email is a fake or bogus email intended to trick the recipient into clicking on an embedded link or opening an email attachment.
True
True or False? A social engineering consensus tactic relies on the position that "everyone else has been doing it" as proof that it is okay or acceptable to do.
True
True or False? Impact refers to the amount of risk or harm caused by a threat or vulnerability that is exploited by a perpetrator.
True
True or False? In a masquerade attack, one user or computer pretends to be another user or computer.
True
True or False? In a watering-hole attack, a targeted user is lured to a commonly visited website on which malicious code has been planted.
True
An attacker attempting to break into a facility pulls the fire alarm to distract the security guard manning an entry point. Which type of social engineering attack is the attacker using?
Urgency
Adam is evaluating the security of a web server before it goes live. He believes that an issue in the code allows a cross-site scripting attack against the server. What term describes the issue that Adam discovered?
Vulnerability