Security+ Chapter 1

Ace your homework & exams now with Quizwiz!

What is an elite hacker? - A hacker with a high level of technical ability - A hacker who has a wealthy background, and who is politically motivated - A hacker who has elitist ideas and hacks for political purposes - A hacker who searches for scripts and ready-made tools to use for attacks

A hacker with a high level of technical ability

What is an unstructured threat? - An elite hacker who mounts an attack against a specific target - A poorly engineered building - A type of malicious code that formats the hard drive on a computer. - An attack that is uncoordinated, nonspecific, and lasts a short amount of time

An attack that is uncoordinated, nonspecific, and lasts a short amount of time

What is a structured threat? - An attack that uses coordination, insiders, and lasts for a long period of time - A type of malicious code that formats the hard drive on a computer - An attempt to weaken infrastructure - An official threat from a terrorist organization

An attack that uses coordination, insiders, and lasts for a long period of time

In April 2009, Homeland Security Secretary Janet Napolitano told reporters - Organized crime made attempts to break into the US electric power grid - Hacktivists made attempts to break into the US electric power grid - Terrorists made attempts to break into the US electric power grid - China and Russia made attempts to break into the US electric power grid

China and Russia made attempts to break into the US electric power grid

The message "Hacked by Chinese," was left by the - Melissa virus - Love Letter virus - Slammer Worm - Code Red Worm

Code Red Worm

What is the most common threat to information security in an organization? - Computer viruses - Power surges - Forgotten passwords - SPAM

Computer viruses

Each of the infected systems became part of what is known as a bot network, which could be used to cause a DoS attack on a target or to forward spam e-mail to millions of users, as a result of the - Slammer Worm - Morris Worm - Conficker - Melissa Worm

Conficker

One of the hardest threats that the security professional will have to deal with is the elite hacker. True or False

False

One significant trend observed over the last several years has been the decrease in the number of computer attacks by nonaffiliated intruders as opposed to attacks by organized hacking groups, criminal organizations, or nations. True or False

False

The Code Red Worm spread to 350,000 computers in just over a week. True or False

False

The biggest change that has occurred in security over the last 30 years has been the change in the computing environment from small, tightly contained mainframes to a highly widespread network of much larger systems. True or False

False

The steps an attacker takes in attempting to penetrate a targeted network are extremely different from the ones that a security consultant performing a penetration test would take. True or False

False

There are three general reasons a particular computer system is attacked: It is specifically targeted by the attacker, it is a target of opportunity, or it is a target that was specified to be attacked by a larger criminal organization. True or False

False

Who is Kevin Mitnick? - He used social engineering, sniffers, and cloned cell phones to gain unauthorized access to networks belonging to Motorola, Novell, Fujitsu, and Sun Microsystems. - He made bank transfers from St. Petersburg using the Citibank cash management system. - He gained access to a loop carrier system operated by NYNEX and cut off FAA control tower and emergency services. - He developed the "Love Bug" love-letter virus that spread to 45 million people

He used social engineering, sniffers, and cloned cell phones to gain unauthorized access to networks belonging to Motorola, Novell, Fujitsu, and Sun Microsystems.

What is a port scan? - Identifies what ports can be used to smuggle information across borders - Identifies ports that are open and services that are running - Identifies the USB, parallel, and serial ports that can be used to connect to the system - Identifies the IP addresses of computers on the network

Identifies ports that are open and services that are running

If the system is infected with a time bomb, it means that - It has a virus that will do physical damage to the computer. - It has equipment that is coming close to the end of its life cycle. - It has a piece of malicious code that will be triggered at a certain time. - It has a piece of malicious code that will be triggered by a certain user activity

It has a piece of malicious code that will be triggered at a certain time.

When users are unable to access information or the systems processing information, you may have suffered a - Loss of confidentiality - Loss of integrity - Loss of authentication - Loss of availability

Loss of availability

When information is disclosed to individuals not authorized to see it, you have suffered a - Loss of confidentiality - Loss of integrity - Loss of functionality - Loss of availability

Loss of confidentiality

A successful attack on a network may adversely impact security in all the following ways EXCEPT: - Loss of confidentiality - Loss of integrity - Loss of functionality - Loss of availability

Loss of functionality

When information is modified by individuals not authorized to change it you have suffered a - Loss of confidentiality - Loss of integrity - Loss of functionality - Loss of availability

Loss of integrity

What was the Slammer Worm/Virus? - It was a macro virus that spread by emailing the first 50 people in the victim's address book with the subject: Important message. - The first Internet worm that "slammed" the Internet, created by a graduate student at Cornell University in 1988. - Malware that exploited Microsoft SQL Server and spread across the world in just 10 minutes. - Malware that would "slam" shut your computer by not allowing you to log in.

Malware that exploited Microsoft SQL Server and spread across the world in just 10 minutes.

A ping sweep - Is a method of clearing your network - Sends ICMP echo requests to the target machine - Determines what services are running on a system - Is an exploit that creates a denial of service (DoS) using ICMP echo requests

Sends ICMP echo requests to the target machine

What is the most common name for the first large-scale attack on the Internet that occurred in November of 1988? - The Code Red Worm - The Morris Worm - The Slammer Worm - The Jester Worm

The Morris Worm

As the level of sophistication of attacks has increased, - The level of knowledge necessary to exploit vulnerabilities has increased - The level of knowledge necessary to exploit vulnerabilities has decreased - The level of skill necessary to exploit vulnerabilities has increased - The amount of exploit software available on the Internet has decreased

The level of knowledge necessary to exploit vulnerabilities has decreased

Why is the Morris worm significant? - It placed embarrassing text on people's screens. - This was the first large-scale attack on the Internet. - It was the very first virus on the Internet. - It attacked the Windows operating system.

This was the first large-scale attack on the Internet.

Fifty years ago, few people had access to a computer system or network, so securing them was a relatively easy matter. True or False

True

The first step an administrator can take to minimize possible attacks is to ensure that all patches for the operating system and applications are installed. True or False

True

There are a number of different threats to security, including viruses and worms, intruders, insiders, criminal organizations, terrorists, and information warfare conducted by foreign countries. True or False

True

Viruses have no useful purpose. True or False

True

According to the Computer Crime and Security Survey, the four types of attacks that increased from 2007 to 2008 were - Viruses, insider abuse, laptop theft, and unauthorized access - Unauthorized access, theft/loss of proprietary information, misuse of web applications, and DNS attacks - Viruses, insider abuse, misuse of web applications, and DNS attacks - Laptop theft, unauthorized access, and theft/loss of proprietary information

Unauthorized access, theft/loss of proprietary information, misuse of web applications, and DNS attacks

Information warfare is - A video game - Warfare conducted against information and information processing equipment - A type of malicious code that "declares war" on a network by formatting the hard drives on computers and copying itself to other computers - A weapon that uses microwaves to destroy enemy vehicles

Warfare conducted against information and information processing equipment

The term "script kiddies" refers to - A hacker of low-end technical ability - A children's television show - A type of video game - An Internet site for peer-to-peer music sharing

A hacker of low-end technical ability

The term "hacktivist" refers to - A hacker who works for the government - A hacker with low technical ability - A hacker who is motivated by a political agenda - A hacker who can write scripts

A hacker who is motivated by a political agenda

What is Solar Sunrise? - An attack that was made to look like an attack from Iraq, but was actually made by two teenagers from California who got training in Israel - Electronic interference resulting from solar flares, occurring most commonly in the early morning hours. - A penetration test conducted by the FBI and other government agencies to test the defenses of government networks and critical infrastructure - The name of a virus that would "burn up" your hard drive at 6 A.M on the day of the summer solstice

An attack that was made to look like an attack from Iraq, but was actually made by two teenagers from California who got training in Israel

The first step an administrator can take to reduce possible attacks is to - Ensure all patches for the operating system and applications are installed - Install a firewall - Install anti-spyware software - Configure an intrusion detection system

Ensure all patches for the operating system and applications are installed


Related study sets

Prep-U Chapter 50: Assessment and management of patients with biliary disorders, PrepU Chapter 50: Biliary Disorders, PANCREATIC REVIEW

View Set

Google Digital Garage Certification Exam

View Set

BADM Principles of Marketing: Unit 10

View Set

Varcarolis: Chapter 27 - Anger, Aggression, and Violence

View Set

7th Grade Civics - 3 Branches of Government

View Set

The Essentials of conflict Unit 1 Milestone

View Set

APCSP CH 15 internet study guide

View Set