Chapter 14

Question 1

It prevents users from accessing the network and/or its resources. p474

Answer 1

Denial of Service (DoS)

Question 2

What is Ping of Death p474

Answer 2

Ping of Death attack, a humongous ICMP packet is sent to the remote host victim, totally flooding the victim’s buffer and causing the system to reboot or helplessly hang there, drowning.

Question 3

It’s a version of a DoS attack that floods its victim with spoofed broadcast ping messages. p477

Answer 3

Smurf

Question 4

Its also a DoS attack that inundates the receiving machine with lots of meaningless packets. p478

Answer 4

SYN Flood

Question 5

What’s Stacheldraht p478

Answer 5

This is actually a mélange of techniques that translates from the German word for barbed wire. It basically incorporates TFN and adds a dash of encryption to the mix.

Question 6

What is IP Spoofing p481

Answer 6

is the process of sending packets with a fake source address that makes it look like those packets actually originate from within the network that the hacker is trying to attack.

Question 7

What is a Brute-Force Attacks p482

Answer 7

is another software-oriented attack that employs a program running on a targeted network that tries to log in to some type of shared network resource like a server.

Question 8

What does Viruses do. p484

Answer 8

A key trait of viruses is that they can’t replicate themselves to other computers or systems without a user doing something like opening an executable attachment in an email to propagate them.

Question 9

attacks executable application and system program files like those ending in .COM, .EXE, and .DLL. p485

Answer 9

File Viruses

Question 10

one that affects both the boot sector and files on your computer, making such a virus particularly dangerous and exasperatingly difficult to remove. p486

Answer 10

Multipartite Viruses

Question 11

is basically a script of commonly enacted commands used to automatically carry out tasks without requiring a user to initiate them. pp486

Answer 11

Macro Viruses

Question 12

work their way into the master boot record that’s essentially the ground-zero sector on your hard disk where applications aren’t supposed to live. p486

Answer 12

Boot-Sector Viruses

Question 13

On-access scan An on-access scan runs in the background when you open a file or use a program in situations like these: p517

Answer 13

Insert a floppy disk or thumb drive
Download a file with FTP
Receive email messages and attachments
View a web page

Question 14

Before you initiate an on-demand scan, be sure that you have the oldest virus definitions. p517 T/F

Answer 14

False You must have the latest.

Question 15

is the process that an antivirus program deploys to examine a computer suspected of having a virus, identify the virus, and then get rid of it. p517

Answer 15

antivirus scan

Question 16

is a virus scan initiated by you or an administrator that searches a file, a directory, a drive, or an entire computer but only checks the files you’re currently accessing. p517

Answer 16

on-demand scan

Question 17

I recommend doing this at least monthly, but you’ll also want to do an on-demand scan. p517

Answer 17

When you first install the antivirus software
When you upgrade the antivirus software engine
Any time you suspect a virus outbreak

Question 18

is the core program that runs the scanning process and virus definitions are keyed to an engine version number. p516

Answer 18

antivirus engine

Question 19

For your antivirus program to work for you, you’ve got to upgrade, update, and scan in a specific order: p516

Answer 19

1. Upgrade the antivirus engine.
2. Update the definition files.
3. Create an antivirus emergency boot disk.
4. Configure and run a full on-demand scan.
5. Schedule monthly full on-demand scans.
6. Configure and activate on-access scans.
7. Make a new antivirus emergency boot disk monthly.
8. Get the latest update when fighting a virus outbreak.
9. Repeat all steps when you get a new engine.

Question 20

A typical antivirus program consists of two components: p515

Answer 20

The definition files

The engine

Question 21

Here are list of security procedure. p509

Answer 21

What to do when someone has locked themselves out of their account
How to properly install or remove software on servers What to do if files on the servers suddenly appear to be “missing” or altered
How to respond when a network computer has a virus
Actions to take if it appears that a hacker has broken into the network
Actions to take if there is a physical emergency such as a fire or flood

Question 22

Your network users need to have a clearly written document, called a ___________ that fully identifies and explains what’s expected of them and what they can and can’t do. p508

Answer 22

security policy

Question 23

security policies can cover literally hundreds of items. Here are some common ones: p505-07

Answer 23

Notification
Equipment access 
Wiring
Door locks/swipe mechanisms 
Badges
Tracking
Passwords
Monitor viewing

Question 24

The ICSA is a vendor-neutral organization that certifies the functionality of security products as well as makes recommendations on security in general. T/F p505

Answer 24

true

Question 25

What does Clean-Desk Policy mean. p504

Answer 25

it means requiring that all potentially important documents like books, schematics, confidential letters, notes to self, and so on aren’t left out in the open when someone’s away from their desk.

Question 26

What is a Security Audit. p504

Answer 26

A security audit is a thorough examination of your network that includes testing all its components to make sure everything is secure. You can do this internally, but you can also contract an audit with a third party if you want the level of security to be certified.

Question 27

So what exactly is a security policy. p504

Answer 27

it should precisely define how security is to be implemented within an organization and include physical security, document security, and network security.

Question 28

What is the order of volatility. p502

Answer 28

Memory content
Swap files
Network processes
System processes
File system information
Raw disk blocks

Question 29

This process may be initiated by a notice or communication from legal counsel to an organization. p503

Answer 29

Legal hold

Question 30

What is a Active Detection. p500

Answer 30

Is special software that searches for hackers attempting known attack methods and scans for the kind of suspicious activity and weird network traffic that hackers leave behind as they travel over the network.

Question 31

Is a software tool that can be incredibly effective in troubleshooting a problematic network but it can also be a hackers friend. p495

Answer 31

Packet Sniffers

Question 32

Programs that ping every port on the target to identify which ports are open. It does this by pinging the IP address of the target with the port number appended after a colon. p495

Answer 32

Port Scanners

Question 33

This attack requires a host machine the hacker has broken into and uses to redirect traffic that normally wouldn’t be allowed passage through a firewall. p495

Answer 33

Port-Redirection Attacks

Question 34

From simple invasions to elaborate Trojan horses villains can use their previously placed inroads into a specific host or a network whenever they want to. p494

Answer 34

Backdoors

Question 35

What is Bluejacking. p493

Answer 35

Is an attack aimed at bluetooth connections. It sends unsolicited messages to the devices. These messages are typically in the form of a vCard that contains the message in the name field.

Question 36

Is a network security standard that attempts to allow users to easily secure a wireless home network. It works by enabling the user to add a device to the network without typing credentials. p492

Answer 36

WPS Attacks

Question 37

An AP that is not under your control but is used to perform a hijacking attack. p492

Answer 37

Evil Twin

Question 38

These attacks allow access to the data on the device and make use of the pairing function used to connect two devices to transfer data between them. p493

Answer 38

Bluesnarfing

Question 39

Are miniature programs that run on a web server or that you download to your local machine. p494

Answer 39

ActiveX Attacks