Core 2: Threats & Vulnerability

Question 1

As opposed to the simple Denial of Service (DoS) attacks that usually are performed from a single system, a Distributed Denial of Service (DDoS) attack uses multiple compromised computer systems to perform the attack against its target.

True or False?

Answer 1

True

Question 2

An attempt to flood the bandwidth or resources of a targeted system so that it becomes overwhelmed with false requests and in result doesn’t have time or resources to handle legitimate requests is called:

Bluesnarfing
MITM attack
Session hijacking
DoS attack

Answer 2

DoS attack

Question 3

A type of attack aimed at exploiting vulnerability that is present in already released software but unknown to the software developer is called:

Xmas attack
Zero-day attack
IV attack
Replay attack

Answer 3

Zero-day attack

Question 4

Which of the following attacks relies on intercepting and altering data sent between two networked hosts?

Zero-day attack
MITM attack
Watering hole attack
Replay attack

Answer 4

MITM attack

Question 5

An attack against encrypted data that relies heavily on computing power to check all possible password combinations until the correct one is found is known as:

Replay attack
Brute-force attack
Dictionary attack
Birthday attack

Answer 5

Brute-force attack

Question 6

Which password attack takes advantage of a predefined list of words?

Birthday attack
Replay attack
Dictionary attack
Brute-force attack

Answer 6

Dictionary attack

Question 7

Rainbow tables are lookup tables used to speed up the process of password guessing.

True or False?

Answer 7

True

Question 8

Which of the following answers refers to the contents of a rainbow table entry?

Hash/Password
IP address/Domain name
Username/Password
Account name/Hash

Answer 8

Hash/Password

Question 9

An email sent from unknown source disguised as a trusted source known to the message receiver is an example of: (Select 2 answers)

 Spoofing
 Dictionary attack
 Trojan horse
 Brute forcing
 Social engineering
 Tailgating

Answer 9

Spoofing

Social Engineering

Question 10

What kind of general term is used to describe the process of securing a computer system?

Patching
Baselining
Hardening
Auditing

Answer 10

Hardening

Question 11

Network Access Control (NAC) defines a set of rules enforced in a network that the clients attempting to access the network must comply with. With NAC, policies can be enforced before or after end-stations gain access to the network. NAC can be implemented as pre-admission NAC where a host must, for example, be virus free or have patches applied before it can be allowed to connect to the network, and/or post-admission NAC, where a host is being granted/denied permissions based on its actions after it has been provided with the access to the network.

True
False

Answer 11

True

Question 12

The intermediary systems used as a platform for a DDoS attack are often referred to as zombies, and collectively as a botnet.

True
False

Answer 12

True