2.3 Vulnerability Management

Question 1

in which type of attack is a user connected to a different web server than the one intended by the user?

Answer 1

hyperlink spoofing attack

Question 2

what is meant by VM escape?

Answer 2

viruses and malware can migrate multiple VMs on a single server

Question 3

which type of system does a stuxnet attack target?

Answer 3

a supervisory control and data acquisition (SCADA) system

Question 4

which type of attack involves flooding a recipient e-mail address with identical e-mails?

Answer 4

spamming attack

Question 5

what is a replay attack?

Answer 5

an attack where an intruder records the communication between a user and a server, and later plays the recorded information back to impersonate the user

Question 6

what is the purpose of GPS tracking on a mobile device?

Answer 6

it allows a mobile device to be located

Question 7

what is a command injection?

Answer 7

when an operating system command is submitted in an HTML string

Question 8

what is war chalking?

Answer 8

leaving signals about a wireless network on the outside of the building where it is housed

Question 9

which attack is an extension of the denial-of-service (DoS) attack and uses multiple computers?

Answer 9

DDoS attack

Question 10

which component of a computer use policy indicates that data stored on a company computer is not guaranteed to remain confidential?

Answer 10

a no expectation of privacy policy

Question 11

how do you ensure that data is removed from a mobile device that has been stolen?

Answer 11

use a remote wipe or remote sanitation program

Question 12

what is phishing?

Answer 12

when an e-mail request for confidential information that appears to originate from a bank or other trusted institution is received

Question 13

what is click-jacking?

Answer 13

a technique that is used to trick users into revealing confidential information or taking over the user’s computer when clicking links

Question 14

what does the acronym SCADA denote?

Answer 14

supervisory control and data acquisition

Question 15

which type of attack allows an attacker to redirect internet traffic by setting up a fake DNS server to answer client requests?

Answer 15

DNS spoofing

Question 16

what is the purpose of screen locks on mobile devices?

Answer 16

to prevent users from accessing the mobile device until a password or other factor is entered

Question 17

which type of attack is characterized by an attacker who records an encrypted transmission between a client and a server computer so that he or she can then send it to the server to gain access?

Answer 17

a replay attack

Question 18

why is it important to limit the use of flash drives and portable music devices by organization employees?

Answer 18

to prevent users from copying data to their personnel devices and possibly causing data leakage or from transferring malware to corporate computers

Question 19

which type of attack is characterized by an attacker who situates himself or herself in such a way that he or she can intercept all traffic between two hosts?

Answer 19

man-in-the-middle

Question 20

should virtual servers have the same information security requirements as physical servers?

Answer 20

Yes

Question 21

what is a smurf attack?

Answer 21

an attack where a ping request is sent to a broadcast network address with the aim of overwhelming the system

Question 22

what causes VM sprawl to occur?

Answer 22

when multiple VMs become difficult to manage

Question 23

what is an Xmas attack?

Answer 23

an attack that looks for open ports

Question 24

what is an XML injection?

Answer 24

when a user enters values in an XML query that takes advantage of security loopholes

Question 25

what is the purpose of SCADA?

Answer 25

to collect data from factories, plants, or other remote locations, and send the data to a central computer that manages and controls the data

Question 26

what does the acronym ICS denote?

Answer 26

industrial control system

Question 27

which servers are susceptible to the same type of attacks as their hosts, including denial of service attacks, detection attack, and escape attacks?

Answer 27

virtual servers

Question 28

what is spear phishing?

Answer 28

an e-mail request for confidential information that appears to come from your supervisor

Question 29

what is the main difference between virtualization and cloud computing?

Answer 29

the location and ownership of the physical components

Question 30

what is an evil twin?

Answer 30

an access point with the same SSID as the legitimate access point

Question 31

what is vishing?

Answer 31

a special type of phishing that uses VoIP

Question 32

where should you physically store mobile devices to prevent theft?

Answer 32

in a locked cabinet or safe

Question 33

what is whaling?

Answer 33

a special type of phishing that targets a single power user, such as Chief Executive Officer (CEO)

Question 34

what is the purpose of a remote sanitation application on a mobile device?

Answer 34

to ensure that the data on the mobile device can be erased remotely in the event the mobile device is lost or stolen

Question 35

which address is faked with IP spoofing attacks?

Answer 35

the source IP address

Question 36

what is bluesnarfing?

Answer 36

the act of gaining unauthorized access to a device (and the network it is connected to) through its bluetooth connection

Question 37

which attack uses clients, handles, agents, and targets?

Answer 37

DDoS attack

Question 38

when does path traversal occur?

Answer 38

when the ../ characters are entered into the URL to traverse directories that are not supposed to be available from the Web

Question 39

what is war driving?

Answer 39

the act of discovering unprotected wireless network by driving around with a laptop

Question 40

which type of attack does challenge handshake authentication protocol (CHAP) protect against?

Answer 40

replay

Question 41

what does the acronym DDoS denote?

Answer 41

distributed denial of service

Question 42

what is header manipulation?

Answer 42

when a hacker is able to manipulate a packet header to deface, hijack, or poison the packet

Question 43

what is bluejacking?

Answer 43

an attack that sends unsolicited messages over a bluetooth connection

Question 44

which attack requires that the hacker compromise as many computers as possible to initiate the attack?

Answer 44

DDoS attack

Question 45

what is an IP spoofing attack?

Answer 45

an attack in which the source IP address in an IP datagram is modified to imitate the IP address of a packet originating from an authorized source

Question 46

which type of attack searches long lists of words for a particular language to match them to an encrypted password?

Answer 46

dictionary attack

Question 47

why is GPS tracking often disabled?

Answer 47

it is considered a security threat. as long as GPS tracking is enabled and the mobile device is powered on, the device (and possibly its user) can be located

Question 48

what is spimming?

Answer 48

an instance of spam sent over an instant message application

Question 49

what is malicious insider?

Answer 49

an employee who uses his access to the network and facility to obtain confidential information

Question 50

what is the purpose of a screen lock on a mobile device?

Answer 50

to act as a deterrent if a mobile device is lost or stolen by requiring a key combination to activate the device

Question 51

encrypting all files on a system hardens which major component of a server?

Answer 51

the file system

Question 52

what is an IV attack?

Answer 52

cracking the WEP secret key using the initialization vector (IV)

Question 53

what is pharming?

Answer 53

traffic redirection to a web site that looks identical to the intended web site

Question 54

what is the purpose of mobile device encryption?

Answer 54

to ensure that the contents of the mobile device are confidential

Question 55

which type of attack sequentially generates every possible password and checks them all against a password file?

Answer 55

brute force attack

Question 56

which type of brute-force attack attempts to find any two hashed messages that have the same value?

Answer 56

a birthday attack