Chapter 4 - Types of Attacks

Question 1

Your manager has called you into the office and has expressed concerns about a number of news reports on social engineering attacks. Your manager would like to know what can be done to protect the company against social engineering attacks. What is your response?

Answer 1

User awareness and training

Question 2

Your manager has read reports of tailgating being a problem with security in many organizations and wants to know what can be done to prevent tailgating. Which of the following controls will help protect against tailgating?

A. Locked doors
B. Electronic keypads
C. Swipe cards
D. Mantrap

Answer 2

D. Mantrap

Question 3

What is the term used for a phishing attack that is targeted toward a specific person such as executive of a company?

Answer 3

Whaling

Question 4

What type of attack results in the victim’s system not being able to perform its job function?

Answer 4

Denial of Service

DoS

Question 5

The hacker has managed to poison everyone’s ARP cache so that all traffic to the internet is being sent to the hacker’s system before being routed out to the internet. What type of attack is this?

Answer 5

Man-in-the-Middle

MITM

Question 6

What file can the hacker modify after compromising your system that could lead you to the wrong web site?

Answer 6

Hosts

Question 7

What type of attack is a smurf attack?

Answer 7

Distributed Denial of Service

DDoS

Question 8

John has been studying techniques used by hackers and decides to send a packet to your system, but ensures that he alters the source IP address of the packet so it looks like it came from someone else. What type of attack is this?

Answer 8

Spoofing

Question 9

Your manager has been reading a lot about popular password attacks such as dictionary attacks and brute-force attacks. Your manager is worried that your company is susceptible to such attacks. Which of the following controls will help protect against a brute-force attack?

A. Password complexity
B. Account lockout
C. Network firewall
D. Intrusion detection system

Answer 9

B. Account lockout

Question 10

Which of the following is a popular method to protect against dictionary attacks?

A. Password complexity
B. Account lockout
C. Network firewall
D. Intrusion detection system

Answer 10

A. Password complexity

Question 11

With a dictionary attacks, how does the password-cracking software attempt to figure out the passwords of the different user accounts?

Answer 11

Reads the passwords from a word list file

Question 12

You are monitoring network traffic and you notice a packet with (pass’ 1=1- -) in the content of the packet. What type of attack has occurred?

Answer 12

SQL injection

Question 13

What type of attack involves the hacker sending too much data to an application that typically results in the hacker gaining remote access to the system with administrative permissions?

Answer 13

Buffer overflow

Question 14

A hacker tries to compromise your system by submitting script code into a field in a web page that is then submitted and stored as data in the web site database. The hacker is anticipating when you navigate to the site and display the data, that your browser will parse the script and execute it. What type of attack is this?

Answer 14

Cross-site scripting

Question 15

When looking at the web server log files, you notice that a lot of the requests that have hit the web site are navigating to the /scripts/..%c0%af../winnt/system32 folder. What type of attack is occurring?

Answer 15

Folder traversal