CH8

Question 1

Type of Exploits (Common attacks) includes:

Answer 1

Ransomware
Viruses
Worms
Trojan horses
Blended threat
Spam
Distributed denial-of-service attacks
Rootkits
Advanced persistent threat
Phishing, spear-phishing, smishing and vishing
Identity theft
Cyberespionage and cyberterrorism

Question 2

Malware that stops you from using your computer or accessing your data until you meet certain demands such as paying a ransom or sending photos to the attacker

Answer 2

Ransomware

Question 3

A piece of programming code (usually disguised as something else) that causes a computer to behave in an unexpected and undesirable manner

Answer 3

Viruses

Question 4

(Worms/viruses) Spread to other machines when a computer user shares an infected file or sends an email with a virus-infected attachment

Answer 4

virus

Question 5

A harmful program that resides in the active memory of the computer and duplicates itself

Answer 5

worms

Question 6

T/F: Worms can propagate without human intervention.

Answer 6

true

Question 7

A seemingly harmless program in which malicious code is hidden

Answer 7

Trojan Horses

Question 8

(Worms/Trojan horses) is when a victim on the receiving end is usually tricked into opening it because it appears to be useful software from a legitimate source.

Answer 8

Trojan Horse

Question 9

The (Ransomware/Trojan Horse) program’s harmful payload might be designed to enable the attacker to destroy hard drives, corrupt files, control the computer remotely, launch attacks against other computers, steal passwords or spy on users

Answer 9

trojan horse

Question 10

T/F: Ransomware often creates a “backdoor” on a computer that enables an attacker to gain future access

Answer 10

f, trojan horse

Question 11

A type of Trojan horse that executes when it is triggered by a specific event

Answer 11

Logic bomb

Question 12

A sophisticated threat that combines the features of a virus, worm, Trojan horse, and other malicious code into a single payload

Answer 12

Blended Threat

Question 13

(Blended Threat/Spam/Trojan Horse) might use server and Internet vulnerabilities to initiate and then transmit and spread an attack using EXE files, HTML files, and registry keys

Answer 13

blended threat

Question 14

The use of email systems to send unsolicited email to large numbers of people

Answer 14

Spam

Question 15

T/F: Spam is also an inexpensive method of marketing used by many legitimate organizations

Answer 15

true

Question 16

software generates and grades tests that humans can pass and all but the most sophisticated computer programs cannot.

Answer 16

CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart)

Question 17

An attack in which a malicious hacker takes over computers via the Internet and causes them to flood a target site with demands for data and other small tasks

Answer 17

Distributed Denial-of-Service Attacks (DDoS)

Question 18

T/F: Distributed Denial-of-Service Attacks keeps target so busy responding to requests that legitimate users cannot get in.

Answer 18

true

Question 19

A large group of computers, controlled from one or more remote locations by hackers, without the consent of their owners

Answer 19

Botnet

Question 20

Sometimes called zombies

Answer 20

Botnet

Question 21

T/F: Botnets are frequently used to distribute spam and malicious code

Answer 21

true

Question 22

A set of programs that enables its user to gain administrator-level access to a computer without the end user’s consent or knowledge

Answer 22

Rootkit

Question 23

Attackers can use the ______ to execute files, access logs, monitor user activity, and change the computer’s configuration

Answer 23

rootkit

Question 24

Symptoms of rootkit infections:

Answer 24

• Computer locks up or fails to respond to input from the keyboard
• Screen saver changes without any action on the part of the user
• Taskbar disappears
• Network activities function extremely slow

Question 25

is a network attack in which an intruder gains access to a network and stays undetected with the intention of stealing data over a long period of time.

Answer 25

Advanced Persistent Threat
(APT)

Question 26

An APT attack advances through the following five phases:

Answer 26

• Reconnaissance
• Incursion
• Discovery
• Capture
• Export

Question 27

T/F: Detecting anomalies in outbound data is the best way for administrators to discover that the network has been the target of an DDoS attack.

Answer 27

F, an APT attack

Question 28

The act of fraudulently using email to try to get the recipient to reveal personal data.

Answer 28

Phishing

Question 29

T/F: Con artists send legitimate-looking emails urging recipients to take action to avoid a negative consequence or to receive a reward is an example of Spam.

Answer 29

F, example of Phishing

Question 30

is a variation of phishing where fraudulent emails are sent to a certain organization’s employees.

Answer 30

Spear-phishing

Question 31

T/F: Spear-phishing is designed to look like they came from high-level executives within organization.

Answer 31

true

Question 32

T/F: Spear-phishing much more precise and narrow.

Answer 32

true

Question 33

is a variation of phishing that involves the use of texting.

Answer 33

Smishing

Question 34

is similar to smishing except the victims receive a voice mail message telling them to call a phone number or access a Web site.

Answer 34

Vishing

Question 35

The theft of personal information and then used without their permission

Answer 35

Identity Theft

Question 36

is the unintended release of sensitive data or the access of sensitive data by unauthorized individuals

Answer 36

Data breach

Question 37

Data breach often results in (identity theft/ransomware/phishing)

Answer 37

identity theft

Question 38

Involves the development of malware that secretly steals data in the computer systems of organizations, such as government agencies, military contractors, political organizations, and manufacturing firms

Answer 38

Cyberespionage

Question 39

The intimidation of government of civilian population by using information technology to disable critical national infrastructure to achieve political, religious, or ideological goals

Answer 39

Cyberterrorism

Question 40

T/F: Cyberterrorists try daily to gain unauthorized access to a number of important and sensitive sites.

Answer 40

True

Question 41

A strong security program begins by:

Answer 41

• Assessing threats to the organization’s computers and network.
• Identifying actions that address the most serious vulnerabilities.
  -Educating users about the risks involved and the actions they must take to prevent a security incident

Question 42

The process of assessing security-related risks to an organization’s computer and networks form both internal and external threats

Answer 42

Risk assessment

Question 43

an organization’s security requirements along with the controls and sanctions needed to meet those requirements.

Answer 43

Security policy

Question 44

T/F: Security Policy outlines what needs to be done and how to do it.

Answer 44

F, what needs to be done not how to do it.

Question 45

T/F: Automated system rules should mirror an organization’s written policies.

Answer 45

true

Question 46

T/F: Organizations should implement a layered security solution to make computer break-ins so difficult that an attacker gives up.

Answer 46

T, If an attacker breaks through one layer, another layer must then be overcome.

Question 47

A system of software, hardware, or a combination of both that stands guard between an organization’s internal network and the Internet and limits network access based on the organization’s access policy

Answer 47

Firewall

Question 48

A hardware- or software-based network security system that is able to detect and block sophisticated attacks by filtering network traffic dependent on the packet contents.

Answer 48

Next-generation firewall (NGFW)

Question 49

T/F: Security policies goes deeper to inspect the payload of packets and match sequences of bytes for harmful activities

Answer 49

F, NGFW goes deeper

Question 50

Scans for specific sequence of bytes, known as a virus signature, that indicates the presence of a specific virus.

Answer 50

Antivirus software

Question 51

T/F: if a firewall finds a virus, it informs the user and may clean, delete, or quarantine any files, directories, or disks affected by the malicious code.

Answer 51

f, If an antivirus finds a virus…

Question 52

T/F: It is not very crucial that antivirus software be continually updated with the latest virus signatures.

Answer 52

F, it is crucial.

Question 53

Evaluates whether an organization has well-considered security policy in place and if it is being followed.

Answer 53

Security audit

Question 54

The security audit should:

Answer 54

• Review who has access to particular systems and data and what level of authority each user has
• Test system safeguards to ensure that they are operating as intended

Question 55

Some organizations also perform a ____________, where individuals try to break through the measures and identify vulnerabilities.

Answer 55

penetration test

Question 56

Software and/or hardware that monitors system and network resources and activities.

Answer 56

Intrusion detection system (IDS)

Question 57

The ___________________ notifies network security personnel when it detects network traffic that attempts to circumvent the security measures of a networked computer environment.

Answer 57

Intrusion detection system (IDS)

Question 58

T/F: A response plan should be developed well in advance of any incident, and it should be approved by the organization’s legal department and senior management.

Answer 58

true.

Question 59

A well-developed response plan helps keep an incident under ________ and _______ control.

Answer 59

technical, emotional.

Question 60

T/F: In a security incident, the primary goal must be to attempt to monitor or catch an intruder.

Answer 60

F, Regain control and limit damage, not to attempt to monitor or catch an intruder