Ch. 14

Question 1

1. Which of the following is a type of denial of service attack?
A. Ping of Death
B. Stacheldraht
C. SYN flood
D. All of the above

Answer 1

1. D. A denial of service (DoS) attack prevents users from accessing the system. All of the options are possible denial of service attacks.

Question 2

2. Which is not a type of threat that can affect your network?
A. Worm
B. Phishing
C. Access control list
D. Rogue access point

Answer 2

2. C. Worms, phishing, and rogue access points are all threats that may adversely affect a network.

Question 3

3. Which type of virus impacts files with the filename extensions .com, .exe, and .dll?
A. File viruses
B. SYN flood
C. Smurf
D. Tribe Flood Network

Answer 3

3. A. Options B, C, and D are all DoS attacks, so the only real option is a file virus. A file virus attacks executable application and system program files.

Question 4

4. In which type of attack does the attacker scan for networks using a high-powered antenna connected to a wireless laptop?
A. War driving
B. Evil twin
C. WEP cracking
D. WPA cracking

Answer 4

4. A. In war driving, the attacker simply drives around with a high-powered antenna connected to a wireless laptop scanning for networks.

Question 5

5. Monkey B, Michelangelo, Stoned, and Stealth Boot are examples of which type of virus?
A. IP spoofing
B. Multipartite
C. Macro
D. Boot sector

Answer 5

5. D. These are all examples of boot-sector viruses that get into the master boot record. A boot-sector virus will overwrite the boot sector, thereby making it look as if there is no pointer to your operating system. When you power up the computer, you will see a Missing Operating System or Hard Disk Not Found error message.

Question 6

6. Which type of virus affects both the boot sector and files on a computer?
A. Mulipartite
B. Macro
C. Tribe Flood Network 2000 (TFN2K)
D. Smurf

Answer 6

6. A. A multipartite virus is one that affects both the boot sector and files on your computer.

Question 7

7. What is the main difference between a worm and a virus?
   A. Worms require user action for replication.
   B. Viruses do not require user intervention for replication.
   C. Worms can replicate without user intervention.
   D. None of the above.

Answer 7

7. C. A worm can actively replicate itself without user intervention, whereas a virus can be activated and spread only if a user opens an application.

Question 8

8. What kind of attack involves the hacker attempting all combinations of characters for a password to gain access?
A. Packet sniffers
B. Brute-force attack
C. Worm
D. Backdoor

Answer 8

8. B. A brute-force attack is a software-related attack that employs a program that is running on a targeted network and tries to log in to some type of shared network resource like a server.

Question 9

9. What type of security threat allows an attacker to learn your password through the use of an email or phone call?
A. Phishing
B. Trust-exploration attack
C. Man-in-the-middle attack
D. Rogue access point

Answer 9

9. A. Social engineering, or phishing, refers to the act of attempting to illegally obtain sensitive information by pretending to be a credible source. Phishing usually takes one of two forms: an email or a phone call.

Question 10

10. Which type of policy should be implemented to secure important company documents and materials when employees leave their workstations?
A. Clean housekeeping
B. Clean desk
C. Security audit
D. Proactive defense

Answer 10

10. B. A clean-desk policy means that all important documents, such as books, schematics, confidential letters, and the like, are removed from the desk (and locked away) when employees leave their workstations.

Question 11

11. If you implement a set of policies and procedures that define corporate information as confidential and then train employees on these procedures, what type of attack can you prevent?
A. DoS
B. Man-in-the-middle attacks
C. Smurf
D. Social engineering

Answer 11

11. D. It is important to train all employees by informing them that people may try to call and email them to gather information to attack the company. This is called phishing or social engineering.

Question 12

12. What type of wireless frame populates the display when someone is scanning for wireless networks?
A. Probe response
B. Beacon
C. SSID
D. Discovery

Answer 12

12. B. When you set the AP to not broadcast the SSID, it will remove the SSID from packets called beacons (these are the packets that populate the display when you scan for networks) but it will still be present in many other packet types.

Question 13

13. What defines the appropriate response to a security event on a network?
    A. Implementing security procedures
    B. Installing a new router
    C. Turning off the network
    D. Implementing an HR policy for dress code

Answer 13

13. A. A security procedure defines the appropriate response to a security event on your network.

Question 14

14. Which of the following security mechanisms has been compromised?
A. WEP
B. 802.11i
C. WPA-2
D. RADIUS

Answer 14

14. A. Soon after its adoption as a security measure, it was discovered that due to a weakness in the way the algorithm was employed, programs that became widely available on the Internet could be used to crack the WEP key.

Question 15

15. What process allows you to update your Windows-based operating system?
A. Technet
B. Windows Update
C. Text message
D. Hotfix

Answer 15

15. B. Windows Update is a utility that is typically automatically installed when you install Windows. The update engine will periodically scan your system for the version of Windows components you have installed and compare them to the most current versions available from Microsoft. If your software is out-of-date, a Windows Update dialog box will appear, asking if you want to install the software updates.

Question 16

16. Why is it important to keep your system patched and up-to-date?
    A. To completely stop your need for security
    B. To increase the functionality of your applications
    C. To fix system vulnerabilities
    D. To make Windows completely safe and worry free

Answer 16

16. C. With so much code written for applications and operating systems, developers go back after the initial release to fix any problems that are uncovered. These fixes are released as hotfixes or patches.

Question 17

17. Which value does a wireless station use to choose an access point?
A. Signal-to-noise ratio
B. MAC address
C. SSID
D. Channel number

Answer 17

17. C. Wireless stations (laptops, PDAs, and so on) choose an access point with which to connect by SSID and not by channel, MAC address, or signal-to-noise ratio.

Question 18

18. Which type of scanning allows an antivirus program to search for a virus even if there is no definition for it?
A. Update scan
B. Signature-file scan
C. Database scan
D. Heuristic scan

Answer 18

18. D. Heuristic scanning allows for this type of scanning. The engine looks for suspicious activity that might indicate a virus.

Question 19

19. What type of files need to be updated in order for your antivirus program to have the latest information about attacks and viruses?
A. Definition files
B. Email files
C. DOC (.doc) files
D. EXE (.exe) files

Answer 19

19. A. Every week, you need to update your list of known viruses—called the virus definition files. You can do this manually or automatically through the manufacturer’s website. You can use a staging server within your company to download and then distribute the updates, or you can set up each computer to download updates.

Question 20

20. What type of scan can be done by an antivirus program?
A. Emergency
B. In-demand
C. On-access
D. All of the above

Answer 20

20. D. An antivirus program examines the computer suspected of being infected and eradicates any viruses it finds using any of these methods.