FISS Chapter 11

Ace your homework & exams now with Quizwiz!

Alison discovers that a system under her control has been infected with malware, which is using a keylogger to report user keystrokes to a third party. What information security property is this malware attacking? a. Integrity b. Accounting c. Confidentiality d. Availability

Confidentiality

Breanne's system was infected by malicious code after she installed an innocent-looking solitaire game that she downloaded from the Internet. What type of malware did she likely encounter? a. Worm b. Logic bomb c. Virus d. Trojan horse

Trojan horse

Val would like to limit the websites that her users visit to those on an approved list of pre-cleared sites. What type of approach is Val advocating? a. Whitelisting b. Blacklisting c. Packet filtering d. Context-based screening

Whitelisting

What tool might be used by an attacker during the reconnaissance phase of an attack to glean information about domain registrations? a. Simple Network Management Protocol (SNMP) b. Domain Name System (DNS) c. Ping d. Whois

Whois

A smurf attack tricks users into providing logon information on what appears to be a legitimate website but is in fact a website set up by an attacker to obtain this information. True False

False

The four primary types of malicious code attacks are unplanned attacks, planned attacks, direct attacks, and indirect attacks. True False

False

Yolanda would like to prevent attackers from using her network as a relay point for a smurf attack. What protocol should she block? a. Hypertext Transfer Protocol (HTTP) b. Internet Control Message Protocol (ICMP) c. Transmission Control Protocol (TCP) d. User Datagram Protocol (UDP)

Internet Control Message Protocol (ICMP)

Brian would like to conduct a port scan against his systems to determine how they look from an attacker's viewpoint. What tool can he use for this purpose? a. Nmap b. Ping c. Simple Network Management Protocol (SNMP) d. Remote Access Tool (RAT)

Nmap

Adam discovers a virus on his system that is using encryption to modify itself. The virus escapes detection by signature-based antivirus software. What type of virus has he discovered? a. Polymorphic virus b. Stealth virus c. Multi-partitite virus d. Cross-platform virus

Polymorphic virus

What type of malicious software allows an attacker to remotely control a compromised computer? a. Worm b. Polymorphic virus c. Remote Access Tool (RAT) d. Armored virus

Remote Access Tool (RAT)

Bob is developing a web application that depends upon a database backend. What type of attack could a malicious individual use to send commands through his web application to the database? a. SQL injection b. LDAP injection c. XML injection d. Cross-site scripting (XSS)

SQL injection

Gwen is investigating an attack. An intruder managed to take over the identity of a user who was legitimately logged in to Gwen's company's website by manipulating Hypertext Transfer Protocol (HTTP) headers. Which type of attack likely took place? a. Cross-site scripting b. Session hijacking c. XML injection d. SQL injection

Session hijacking

The CEO of Kelly's company recently fell victim to an attack. The attackers sent the CEO an email informing him that his company was being sued and he needed to view a subpoena at a court website. When visiting the website, malicious code was downloaded onto the CEO's computer. What type of attack too place? a. Pharming b. Spear phishing c. Command injection d. Adware

Spear phishing

Which type of virus targets computer hardware and software startup functions? a. System infector b. Data infector c. File infector d. Hardware infector

System infector

Larry recently viewed an auction listing on a website. As a result, his computer executed code that popped up a window that asked for his password. What type of attack has Larry likely encountered? a. Command injection b. Cross-site scripting (XSS) c. SQL injection d. XML injection

Cross-site scripting (XSS)


Related study sets

Survey of World History A - Unit 6

View Set

AWS Certified Solutions Architect Chapter Exams

View Set

CompTIA Linux+ (XKO-004) Post-Assessment Quiz

View Set

Сетевые протоколы

View Set

CHAPTER 15: MCQs (RETAILING AND WHOLESALING STRATEGIES)

View Set

Project Management Exam 1 (chap 1)

View Set