Security Ch 3

Ace your homework & exams now with Quizwiz!

(T/F) An attacker will use exploit software when performing vulnerability assessments and intrusive penetration testing.

True

(T/F) Failing to prevent an attack all but invites an attack.

True

(T/F) In 2011, the United States ranked second globally as a source of network attacks and highest as a source of attacks in North America, even if they originate outside the United States.

True

(T/F) Spoofing means a type of attack in which one person, program, or computer disguises itself as another person, program, or computer to gain access to some resource.

True

(T/F) True downtime cost is the amount of money a company loses due to downtime, either intentional or unintentional. It is also called opportunity cost.

True

(T/F) A DoS attack is a coordinated attempt to deny service by causing a computer to perform an unproductive task.

True

Prior to VoIP, attackers would use wardialers to ________.

All of the above

What is the definition of netcat?

A network utility program that reads from and writes to network connections. Backdoor

Malicious software can be hidden in a ________.

All of the above

What is meant by Pharming?

An attack that seeks to obtain personal or private financial information through domain spoofing

An attempt to exploit a vulnerability of a computer or network component is the definition of ________.

Attack

________ is a method that black-hat hackers use to attempt to compromise logon and password access controls, usually following a specific attack plan, including the use of social engineering to obtain user information.

Brute-force password atack

A _________ has a hostile intent, possesses sophisticated skills, and may be interested in financial gain. They represent the greatest threat to networks and information resources.

Cracker

(T/F) Once you detect a DoS attack, you cannot stop it easily.

False

(T/F) Successfully connecting to a computer using a modem makes it impossible to access the rest of the organization's network.

False

(T/F) The up-to-date Common Vulnerabilities & Exposure list is maintained and managed by the U.S. Department of Finance.

False

(T/F) Wardialers are becoming more frequently used given the rise of digital telephony and now IP telephony or Voice over IP (VoIP).

False

________ is a type of attack in which the attacker takes control of a session between two machines and masquerades as one of them.

Hijacking

What term is used to describe an attack in which the attacker gets between two parties and intercepts messages before transferring them on to their intended destination?

Man-in-the-Middle

A(n) ___________ fingerprint scanner is a software program that allows an attacker to send logon packets to an IP host device.

Operating System (OS)

A ___________ is a software program that performs one of two functions: brute-force password attack to gain unauthorized access to a system, or recovery of passwords stored in a computer system.

Password Cracker

A type of fraud in which an attacker attempts to trick the victim into providing private information.

Phishing

In a ________, the attacker sends a large number of packets requesting connections to the victim computer

SYN flood

Another type of attacker is called a ________. This is a person with little or no skill who simply follows directions or uses a "cookbook" approach to carrying out a cyberattack without understanding the meaning of the steps he or she is performing.

Script Kiddie

What name is given to any event that results in a violation of any of the C-I-A security tenets?

Security Breach

What is meant by promiscuous mode?

The mode in which sniffers operate; it is nonintrusive and does not generate network traffic. This means that every data packet is captured and can be seen by the sniffer.

(T/F) Researchers have estimated that attackers issue thousands of DDoS attacks against networks each week, the most targeted organizations being larger companies and universities. The threat of a DDoS attack is so serious that prevention is a top priority in many organizations, including security product vendors

True/False

When an attacker discovers a __________, he or she can use it to bypass existing security controls such as passwords, encryption, and so on.

backdoor

Loss of financial assets due to ________ is a worst-case scenario for all organizations

malicious attacks

A type of malware that modifies or replaces one or more existing programs to hide the fact that a computer has been compormised

rootkit


Related study sets

Gastrointestinal Disorders - ML5

View Set

PMBOK Chapter 5 5th (Project Scope Management)

View Set

EMT Chapter 26 - Soft Tissue Injuries

View Set

Unit 2: Session 4: Pooled Investments

View Set