Domain 3.0 Threats and Vulnerabilities

Question 0

What level of privileges does a Trojan horse have in most corporate network environments?

A. Administrative
B. Normal user
C. System
D. No access

Answer 0

B. Normal user

Question 1

Which of the following is a virus whose primary feature is its attempt to prevent anti-virus software from removing it?

A. armored
B. stealth
C. polymorphic
D. boot sector

Answer 1

A. armored

Question 2

A logic bomb can be triggered by a number of events. Which of the following is likely not an example of a delivery mechanism used to plant a logic bomb?

A. Password guessing
B. Virus
C. System
D. Trojan horse

Answer 2

A. Password guessing

Question 3

Which of the following is not a true statement?

A. Worms are self replicating and do not need a host.
B. Worms always cause data corruption.
C. WORMS are a form of write once, read many storage device.
D. Worms do not need user activity to initiate.

Answer 3

B. Worms always cause data corruption.

Question 4

Which of the following is not directly associated with man-in-the-middle attacks?

A. DNS poisoning
B. DDoS
C. Rogue proxy server
D. False HOSTS file

Answer 4

B. DDoS

DDoS - Distributed Denial of Service
DNS - Domain Name Service

Question 5

A Smurf attack relies on what form of traffic to flood a victim?

A. UDP
B. TCP SYN packets
C. ICMP Type 0
D. Encrypted

Answer 5

C. ICMP Type 0

ICMP - Internet Control Message Protocol
UDP - User Datagram Protocol
TCP - Transmission Control Protocol

Question 6

What is SPIM?

A. Serial Port Indicator Mechanism
B. Unwanted junk e-mail messages
C. A name resolver service
D. SPAM over IM

Answer 6

D. SPAM over IM

IM - Instant Messaging
SPAM - Something Posing As Mail???

Question 7

What type of attack aims at redirecting traffic intended for a legitimate Web site to an illegitimate Web site?

A. Phishing
B. Pharming
C. Fraggle
D. SQL injection

Answer 7

B. Pharming

Question 8

What is the social engineering tactic that grants an unauthorized person access to a secured area without consent of an authorized person?

A. Tailgating
B. War driving
C. Phishing
D. Piggybacking

Answer 8

A. Tailgating

Question 9

What is vishing?

A. Virtualization hijacking
B. Phishing using a virus
C. VLAN based DOS attacks
D. VoIP based information gathering

Answer 9

D. VoIP based information gathering

Question 10

What technology can use either the 2.4 or 5 GHz frequency ranges and can support theoretical throughputs of 600 Mbps when using 802.11 wireless networks?

A. WPA
B. 802.11n
C. MAC filtering
D. isolation

Answer 10

B. 802.11n

Question 11

A hacker sets up a wireless access point in a vacant room next door to your office space. The wireless network supported by this unauthorized device has the same network name and base station MAC address as the authorized access point. What form of attack is the attacker using?

A. DHCP starvation
B. Bluejacking
C. Evil twin
D. Packet injection

Answer 11

C. Evil twin

Question 12

When entering your office building from a side entrance, one that faces several outdoor restaurants, you notice markings on the wall. They look like circles with numbers and codes written nearby. What is this an indication of?

A. War chalking
B. Impersonation
C. Piggybacking
D. Firewall breach

Answer 12

A. War chalking

Question 13

While away from the office for lunch, you connect your notebook to a free WiFi hotspot provided by the restaurant. You sit in a corner booth, latch the notebook to the table, and direct the screen so as to be visible only from your seating position. What security risk have you overlooked?

A. Snatch and grab
B. Shoulder surfing
C. Eavesdropping
D. Brownouts

Answer 13

C. Eavesdropping

Question 14

The ability for a hacker to submit various constructions of commands and search expressions in order to interact with the back-end database supporting a Web site is commonly considered what form of attack?

A. Session hijacking
B. SQL injection
C. DDoS
D. Buffer overflow

Answer 14

B. SQL injection

SQL - Structured Query Language

Question 15

Which type of attack would typically not result in an attacker gaining the direct ability to arbitrarily execute his own choice of code on a target or victim system?

A. SQL injection
B. Buffer overflow
C. Directory traversal
D. Deauthorization flooding

Answer 15

D. Deauthorization flooding

Question 16

What form or type of attack is the most difficult to detect and block?

A. Scripting
B. Zero day
C. Input manipulation
D. Eavesdropping

Answer 16

B. Zero day

Question 17

An attack which is transmitted to a target through an HTTP response that is not properly validated could result in page hijacking, cache-poisoning, cross-site scripting, cookie manipulation, and other compromises. What is this attack often classified as?

A. Header manipulation
B. Cookie hijacking
C. XML injection
D. Bluesnarfing

Answer 17

A. Header manipulation

Question 18

All of the following are generally considered detections controls. However, which also has the added benefit as being a preventative control as well?

A. Security cameras
B. Perimeter breach detectors
C. Security guards
D. Proximity sensors

Answer 18

C. Security guards

Question 19

Which of the following is not a technique to bypass physical key-based locks?

A. Shimming
B. Picking
C. Jittering
D. Bumping

Answer 19

C. Jittering

Question 20

What type of proximity reader is able to generate its own electricity from the magnetic field generated by or near the receiver device?

A. RFID
B. Transponder
C. Passive device
D. Magnetic contact

Answer 20

A. RFID

RFID - Radio Frequency Identification

Question 21

What risk assessment metric predicts the likelihood of a threat being realized within a given time frame?

A. Single Loss Expectancy
B. Exposure Factor
C. Annualized Rate of Occurence
D. Acceptable Risk

Answer 21

C. Annualized Rate of Occurence

Question 22

The possibility of harm due to the lack of a protection or the failure of a countermeasure can be labeled as a?

A. Threat
B. Vulnerability
C. Exposure
D. Tolerance

Answer 22

B. Vulnerability

Question 23

As a consumer of open source software, what is the best way you can defend against buffer overflow in deployed software that is essential to your organization’s work tasks?

A. Deploy current vendor patches
B. Perform a code review and add input limit checks
C. User training and awareness
D. Auditing activities of users and processes

Answer 23

B. Perform a code review and add input limit checks

Question 24

After running a vulnerability assessment, you discovered several weaknesses. After applying patches and performing some reconfiguration, how can you check that your modifications are sufficient without risking damage or downtime?

A. Re-perform the vulnerability assessment
B. Restore the system image from a backup
C. Perform penetration testing
D. Check your transaction logs

Answer 24

A. Re-perform the vulnerability assessment

Question 25

What form of testing will provide a client with the most realistic criminal perspective on the vulnerabilities of their security infrastructure?

A. Fuzzing
B. Black box testing
C. Vulnerability scanning
D. Malware simulation

Answer 25

B. Black box testing

Question 26

A vulnerability scanner is the most appropriate tool for discovering what type of security issue?

A. Zero day vulnerabilites
B. Poor security policy design
C. Inappropriate use behavior
D. Known weaknesses

Answer 26

D. Known weaknesses