Information Assurance 3

Question 1

the term used to describe a program written to take advantage of a known vulnerability

Answer 1

exploit

Question 2

the act of using an exploit against a vulnerability

Answer 2

attack

Question 3

Data is written beyond the limits of a buffer

Answer 3

Buffer Overflow

Question 4

Force programs to behave in an unintended way

Answer 4

Non-validated Input

Question 5

Improperly ordered or timed events

Answer 5

Race Conditions

Question 6

Protect sensitive data through authentication,
authorization, and encryption

Answer 6

Weaknesses in Security Practices

Question 7

• Access control to physical equipment and resources
• Security practice

Answer 7

Access control to problems

Question 8

Symptoms of Malware

Answer 8

1. Increase in CPU usage
2. Decrease in computer speed
3. Computer freeze and crashes
4. Decrease in Web browsing speed
5. Unexplainable problems with network connections
6. Files are modified
7. Files are deleted
8. Presence of unknown files, programs, or desktop icons
9. Unknown processes running
10. Programs are turning off or reconfiguring themselves
11. Email is being sent without the user’s knowledge or consent.

Question 9

is used to steal data, bypass access control, cause harm to, or compromise a system.

Answer 9

Malware

Question 10

Infection Methods

Answer 10

1. virus
2. worm
3. trojan
4. bot

Question 11

have the ability to replicate themselves by hooking them to the program on the host computer like songs, videos etc and then they travel all over the internet.

Answer 11

Virus

Question 12

• their purpose is to conceal themselves inside the software that seems legitimate. Steals information or any other purpose.
• Provide backdoor gateway for malicious programs

Answer 12

Trojan

Question 13

• advanced form of worms
• Automated processes that are designed to interact over the internet without the need of human interaction

Answer 13

Bots

Question 14

• Self-replicating in nature but they don’t hook themselves to the program on the host computer.
• Can easily travel from one computer to another.

Answer 14

Worms

Question 15

malware actions

Answer 15

1. adware
2. spyware
3. ransomware
4. scareware
5. rootkit
6. zombies

Question 16

display ads computer desktop or inside individual programs

Answer 16

Adware

Question 17

software that monitors your activities on computer and reveal collected information to interested party.

Answer 17

Spyware

Question 18

It masquerades as a tool to help fix your system but when the software is executed it will infect your system or completely destroy it. The software will display a message to frighten you and force to take some action like pay them to fix your system.

Answer 18

Scareware

Question 18

It is type of malware that will either encrypt your files or will lock your computer making it inaccessible either partially or wholly. Then a screen will be displayed asking for money i.e., ransom

Answer 18

Ransomware

Question 19

Designed to gain root access or we can say administrative privileges in the user system. Once gained the root access, the exploiter can do anything from stealing private files to private data.

Answer 19

Rootkits

Question 20

They work similar to Spyware. Infection mechanism is same but they don’t spy and steal information rather they wait for the command from hackers.

Answer 20

Zombies

Question 21

Old Generation Attacks

Answer 21

1. Theft of intellectual property
2. Identity theft
3. Theft of equipment and information
4. Sabotage
5. Information Extortion

Question 22

means violation of intellectual property rights like copyrights, patents

Answer 22

Theft of intellectual property

Question 23

```

means to act someone else to obtain person9s personal information or to access vital
information they have like accessing the computer or social media account of a person by login into the account by using their login credentials.

Answer 23

Identity theft

Question 24

increasing these days due to the mobile nature o fdevices and increasing information capacity

Answer 24

Theft of equipment and information

Question 25

means destroying company9s website to cause loss of confidence on part of its customer

Answer 25

Sabotage

Question 26

means theft of company9s property or information to receive payment in exchange

Answer 26

Information extortion

Question 27

New Generation Attacks

Answer 27

1. Technology with weak security 1. Social media attacks 1. Mobile Malware 1. Outdated Security Software 1. Corporate data on personal devices 1. Social Engineering

Question 28

With the advancement in technology, with every passing day a new gadget is being released in the market. But very few are fully secured and follows Information security principles

Answer 28

Technology with weak security

Question 29

cyber-criminal identify and infect a cluster of websites that persons of a particular organisation visit, to steal information

Answer 29

Social media attacks

Question 29

With new threats emerging every day, updating in security software is a pre requisite to have a fully secured environment.

Answer 29

Outdated Security Software

Question 30

* There is a saying when there is a connectivity to Internet there will be danger to Security. * Same goes to Mobile phones where gaming applications are designed to lure customer to download the game and unintentionally, they will install malware or virus in the device.

Answer 30

Mobile Malware

Question 31

These days every organization follows a rule BYOD. BYOD means Bring your own device like Laptops, Tablets to the workplace.

Answer 31

Corporate data on personal devices

Question 32

* **manipulating people so that they give up their confidential** information like bank account details, password etc. * These criminals can trick you into giving your private and confidential information or they will gain your trust to get access to your computer to install a malicious software- that will give them control of your computer

Answer 32

Social Engineering

Question 33

Social Engineering (Methods of Infiltration)

Answer 33

1. pretexting 2. tailgating 3. something for something (quid pro quo) 4. baiting 5. vishing 6. phishing 7. dumpster diving

Question 34

an **attacker calls an individual and lies to them** in an attempt to gain access to privileged data.

Answer 34

Pretexting

Question 35

an attacker quickly follows an authorized person into a secure location.

Answer 35

Tailgating

Question 36

an attacker requests personal information from a party in exchange for something

Answer 36

Something for something (Quid pro quo)

Question 37

The cyber criminal usually promises the victim a reward in return for sensitive information or knowledge of its whereabouts.

Answer 37

Baiting

Question 38

is a cyberattack where the attacker gets their hands on sensitive documents or data you carelessly threw into the trash bin.

Answer 38

Dumpster diving

Question 38

sent thru voicemails to convince victims they must act quickly to protect themselves from arrest or another risk.

Answer 38

Vishing

Question 39

Wi-Fi Password Cracking (Methods of Infiltration)

Answer 39

1. Social engineering 2. Brute-force attacks 3. Network sniffing

Question 40

The attacker **manipulates a person who knows the password into providing it.**

Answer 40

Social Engineering

Question 41

The password maybe discovered by listening and capturing packets sent on the network.

Answer 41

Network Sniffing

Question 42

The attack tries several possible passwords in an attempt to guess the password.

Answer 42

Brute-force attacks

Question 43

Is a disruption of network services, this attack is a **malicious attempt by a single person** or a group of people to cause the victim, site or node to deny service to its customers.

Answer 43

Denial-of-Service (DoS)

Question 43

when a malicious party sends a **fraudulent email disguised as being from a legitimate, trusted source.**

Answer 43

Phishing

Question 44

a network, host, or application is sent an **enormous quantity of data at a rate which it cannot handle.**

Answer 44

Overwhelming quantity of traffic

Question 45

when multiple hosts attack simultaneously

Answer 45

(Distributed Denial of Service) -

Question 46

maliciously formatted packet is sent to a host or application and the receiver is unable to handle it.

Answer 46

Malicious formatted packets

Question 47

types of DOS attacks

Answer 47

1. Penetration 1. Eavesdropping 1. Man-In-The-Middle 1. Flooding

Question 48

* attacker gains access to same network * listens to traffic going in and out

Answer 48

eavesdropping

Question 48

* **attacker gets inside your machine** * **take over machine and do whatever he wants** * achieves entry via software, stolen password

Answer 48

penetration

Question 49

* attacker listens in input/output * can substitute messages in both directions

Answer 49

man-in-the-middle

Question 50

* attacker sends overwhelming number of messages; great congestion

Answer 50

flooding

Question 51

is a technique used by threat actors to **increase the prominence of their malicious websites**, making them look more authentic to consumers.

Answer 51

SEO Poisoning (SEO - Search Engine Optimization)

Question 52

* Uses multiple techniques to compromise a target. * Uses a hybrid of worms, Trojan horses, spyware…

Answer 52

Blended Attack