final4

Ace your homework & exams now with Quizwiz!

True or False? Anti-malware programs and firewalls cannot detect most phishing scams because the scams do not contain suspect code.

True

In which type of attack does the attacker attempt to take over an existing connection between two systems?

Session hijacking

Forensics and incident response are examples of __________ controls.

corrective

Purchasing an insurance policy is an example of the ____________ risk management strategy.

transfer

Aditya is the security manager for a mid-sized business. The company has suffered several serious data losses when laptops were stolen. Aditya decides to implement full disk encryption on all laptops. What risk response did Aditya take?

Risk reduction (or mitigation)

Brian notices an attack taking place on his network. When he digs deeper, he realizes that the attacker has a physical presence on the local network and is forging Media Access Control (MAC) addresses. Which type of attack is most likely taking place?

Address resolution protocol (ARP) poisoning;spoofing attack.

A hacker has stolen logon IDs and passwords. The hacker is now attempting to gain unauthorized access to a public-facing web application by using the stolen credentials one by one. What type of attack is taking place?

Credential harvesting

Barry discovers that an attacker is running an access point in a building adjacent to his company. The access point is broadcasting the security set identifier (SSID) of an open network owned by the coffee shop in his lobby. Which type of attack is likely taking place?

Evil twin; In an evil twin attack, the attacker deploys a fake open or public wireless network to use a packet sniffer on any user who connects to it.

True or False? Corrective controls are implemented to address a threat in place that does not have a straightforward risk-mitigating solution.

False

True or False? Bluejacking is an attack in which wireless traffic is sniffed between Bluetooth devices.

False; Bluesnarfing

True or False? Preventive controls merely attempt to suggest that a subject not take a specific action, whereas corrective controls do not allow the action to occur.

False; Deterrent controls merely attempt to suggest that a subject not take a specific action, whereas preventive controls do not allow the action to occur.

True or False? A phishing attack "poisons" a domain name on a domain name server (DNS).

False; Pharming "poisons" a domain name on a DNS. Phishing attempts to scam people with an email or instant message.

True or False? A man-in-the-middle attack takes advantage of the multihop process used by many types of networks.

True

True or False? A phishing email is a fake or bogus email intended to trick the recipient into clicking on an embedded link or opening an email attachment.

True

True or False? A social engineering consensus tactic relies on the position that "everyone else has been doing it" as proof that it is okay or acceptable to do.

True

True or False? Impact refers to the amount of risk or harm caused by a threat or vulnerability that is exploited by a perpetrator.

True

True or False? In a masquerade attack, one user or computer pretends to be another user or computer.

True

True or False? In a watering-hole attack, a targeted user is lured to a commonly visited website on which malicious code has been planted.

True

An attacker attempting to break into a facility pulls the fire alarm to distract the security guard manning an entry point. Which type of social engineering attack is the attacker using?

Urgency

Adam is evaluating the security of a web server before it goes live. He believes that an issue in the code allows a cross-site scripting attack against the server. What term describes the issue that Adam discovered?

Vulnerability


Related study sets

Страны и столицы Евразии

View Set

Chapter 9: Accounting for Receivables

View Set

performance tracker life/health underwriting

View Set

US history- Cold War and Postwar Boom 12/11

View Set

4410: Exam 1- Perfusion and Infection

View Set

Chapter 11: Self Identity and Personality

View Set

ARM 54 Assignment 4 Practice exam

View Set

E-Marketing Final Exam- Chapter 12-E-Marketing Communication: Owned Media

View Set