Chapter 14 - Network Threats and Mitigation Flashcards
Which of the following is a type of denial of service attack?
A. Ping of Death
B. Stacheldraht
C. SYN flood
D. All of the above
- D. A denial of service (DoS) attack prevents users from accessing the system. All of the options are possible denial-of-service attacks.
In which attack does the attacker set the session ID ahead of time by sending a link to the victim with the ID preset?
A. Session fixation
B. Cross-site scripting
C. Session sidejacking
D. Session seeding
- A. Session fixation is an attack in which the attacker sets the session ID ahead of time by sending a link to the victim with the ID preset. Then when the user connects, the attacker waits for the authentication to complete and takes over the session by disconnecting the user and using the ID to reconnect.
Which type of virus impacts files with the filename extensions .com, .exe, and .dll?
A. File viruses
B. SYN flood
C. Smurf
D. Tribe Flood Network
- A. Options B, C, and D are all DoS attacks, so the only real answer is a file virus. A file virus attacks executable application and system program files scanning for networks.
In which type of attack does the attacker scan for networks using a high-powered antenna connected to a wireless laptop?
A. War driving
B. Evil twin
C. WEP cracking
D. WPA cracking
- A. In war driving, the attacker simply drives around with a high-powered antenna connected to a wireless laptop.
Monkey B, Michelangelo, Stoned, and Stealth Boot are examples of which type of virus?
A. IP spoofing
B. Multipartite
C .Macro
D. Boot sector
- D. These are all examples of boot-sector viruses that get into the master boot record. A boot-sector virus will overwrite the boot sector, thereby making it look as if there is no pointer to your operating system. When you power up the computer, you will see a Missing Operating System or Hard Disk Not Found error message.
Which type of virus affects both the boot sector and files on a computer?
A. Mulipartite
B. Macro
C. Tribe Flood Network 2000 (TFN2K)
D. Smurf
- A. A multipartite virus is one that affects both the boot sector and files on your computer.
What is the main difference between a worm and a virus?
A. Worms require user action for replication; viruses do not.
B. Worms can be spread by email and viruses cannot.
C. Worms can replicate without user intervention; viruses cannot.
D. None of the above.
- C. A worm can actively replicate itself without user intervention, whereas a virus can be activated and spread only if a user opens an application.
What kind of attack involves the hacker attempting all combinations of characters for a password to gain access?
A. Packet sniffers
B. Brute force attack
C. Worm
D. Backdoor
- B. A brute force attack is a software-related attack that employs a program that is running on a targeted network to log in to some type of shared network resource like a server.
What type of security threat allows an attacker to learn your password through the use of an email or phone call?
A. Phishing
B. Trust-exploration attack
C. Man-in-the-middle attack
D. Rogue access point
- A. Social engineering, or phishing, refers to the act of attempting to illegally obtain sensitive information by pretending to be a credible source. Phishing usually takes one of two forms: an email or a phone call.
Which type of policy should be implemented to secure important company documents and materials when employees leave their workstations?
A. Clean housekeeping
B. Clean desk
C. Security audit
D. Proactive defense
- B. A clean-desk policy means that all important documents, such as books, schematics, confidential letters, and the like, are removed from the desk (and locked away) when employees leave their workstations.
If you implement a set of policies and procedures that define corporate information as confidential and then train employees on these procedures, what type of attack can you prevent?
A. DoS
B. Man-in-the-middle attacks
C. Smurf
D. Social engineering
- D. It is important to train all employees by informing them that people may try to call and email them to gather information to attack the company. This is called phishing or social engineering.
What type of wireless frame populates the display when someone is scanning for wireless networks?
A. Probe response
B. Beacon
C. SSID
D. Discovery
- B. When you set the AP to not broadcast the SSID, it will remove the SSID from packets called beacons (these are the packets that populate the display when you scan for networks) but the SSID will still be present in many other packet types.
What defines the appropriate response to a security event on a network?
A. Implementing security procedures
B. Installing a new router
C. Turning off the network
D. Implementing an HR policy for dress code
- A. A security procedure defines the appropriate response to a security event on your network.
Which of the following security mechanisms has been compromised?
A. WEP
B. 802.11i
C. WPA2 Enterprise
D. RADIUS
- A. Soon after WEP’s adoption as a security measure, it was discovered that due to a weakness in the way the algorithm was employed, programs that became widely available on the Internet could be used to crack the WEP key.
What process allows you to update your Windows-based operating system?
A. Technet
B. Windows Update
C. Text message
D. Hotfix
- B. Windows Update is a utility that is typically automatically installed when you install Windows. The update engine will periodically scan your system for the version of Windows components you have installed and compare them to the most current versions available from Microsoft. If your software is out-of-date, a Windows Update dialog box will appear, asking if you want to install the software updates.