Practice Questions 37-48 Flashcards

1
Q
Recently malware on a computer at the Monty Burns Casino destroyed several important files after it detected that Homer was no longer employed at the casino. Which BEST identifies this malware. 
A. Logic bomb
B. Rootkit
C. Backdoor
D. Shoulder surfing
A

A logic bomb executes in response to an event. It detects that Homer is no longer an employed at the company .

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
A security administrator at a shopping mall discovered two wireless cameras pointing at an automatic teller machine. These cameras were not installed by mall personnel and are not authorized. What is the MOST likely goal of the cameras?
A. Tailgating 
B. Dumpster diving
C. Vishing 
D. Shoulder Surfing
A

Shoulder surfing is the practice of peering over a person’s shoulder to discover information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
Maggie reports that she keeps receiving unwanted emails about mortgages. What does this describe?
A. Phishing
B. Spear phishing 
C. Spam
D. Vishing
A

Spam is unwanted emails from any source.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
Your organization has been receiving a significant amount of spam with links to malicious web sites. You want to stop the spam. Which provides the best solution?
A. Add the domain to a block list.
B. Use a URL filter
C. Use a MAC filter
D. Add antivirus software
A

You can block emails from a specific domain sending spam by adding the domain to a block list.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
Lisa received an email advertising the newest version of a popular smartphone. She's been looking for this smartphone, but cant seem to find it anywhere else. This email includes a malicious link. Which principal is the email sender employing?
A. Authority
B. Intimidation
C. Scarcity
D. Trust
A

Scarcity is being used to entice the user to click the link, even though it seems risky, she is ignoring the risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
An IDS alerts on increasing traffic. Upon investigation, you realize its duet to a spike in network traffic from several source. Assuming this is malicious, which is MOST likely the explanation?
A. A smurf attack
B. A spoofing attack
C. A DoS attack
D. A DDoS attack
A

A distributed denial of service (DDoS) attack causes spikes in network traffic as multiple systems attempt to connect to a server and deplete the target’s resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
An application on one of your databases servers has crashed several times recently. Examining detailed debugging logs, you discover that just prior to crashing , the database application is receiving a long series of x90 characters. What is MOST likely occurring?
A. SQL injection
B. Buffer overflow
C. XML injection
D. Zero-day
A

Buffer overflow attacks include a series of no operation (NOP) commands, such as hexadecimal 90 (x90). When successful they can crash applications and expose memory allowing attackers to run malicious code on the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
A reviewer of a web application discovered that the application is not performing boundary checking. Which should the web developer add to this application to resolve this issue?
A. XSRF
B. XSS
C. Input validation
D. Fuzzing
A

The lack of input validation is a common coding error and it includes boundary or limit checking to validate data before using it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Web developers are implementing error handling in a web site application. Which represents the best practice for this?
A. Displaying a detailed error message but logging generic information on the error.
B. Displaying a generic error message but logging detailed information on the error
C. Displaying a generic error message and logging generic information on the error
D. Displaying a detailed error message and logging detailed information on the error.

A

You should display a generic error message but log detailed information on the error.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
Developers have created an application that users can download and install on their computers. Management wants to provide users with a reliable method of verifying that the application has not been modified. Which is the BEST method solution?
A. Code signing
B. Input validation
C. Code obfuscation
D. Stored procedures
A

Code signing provides a digital signature for the code , it verifies that it hasn’t been modified since the publisher released it .

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
Some protocols include timestamps and sequence numbers. These components help protect against what type of attacks?
A. Amplification
B. Replay
C. SYN flood
D. Salting
A

Timestamps and sequences are countermeasures against replay attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
Looking at logs for an online web application you see that someone has entered the following phrase into several queries : ' or '1='1'-- Which provides the BEST protection against this attack?
A. Normalization 
B. Proper error handling
C. Removing dead code
D. Stored Procedures
A

The phrase is commonly used in SQL injection attacks and stored procedures are an effective method or preventing SQL injection attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly