Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Cyber Security > Quiz 2 > Flashcards

Quiz 2 Flashcards

1
Q

Privacy filter (a.k.a. privacy screen) is a protective overlay placed on the computer screen that narrows the viewing angle, so the screen content is only visible directly in front of the monitor and cannot be seen by others nearby. Privacy filter is one of the countermeasures against shoulder surfing.

True
False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

An email message containing a warning related to a non-existent computer security threat, asking a user to delete system files falsely identified as malware, and/or prompting them to share the message with others would be an example of:

Vishing
Impersonation
Virus hoax
Phishing

A

Virus Hoax

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q 
Which of the terms listed below refers to a platform used for watering hole attacks?
 Mail gateways
 Websites
 PBX systems
 Web browsers
A

Websites

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

An attacker impersonates a company’s managing staff member to manipulate a lower rank employee into disclosing confidential data. The attacker informs the victim that the information is essential for a task that needs to be completed within the business hours on the same day and mentions potential financial losses for the company in case the victim refuses to comply. Which social engineering principles apply to this attack scenario? (Select 3 answers)

 Urgency
 Familiarity
 Authority
 Consensus
 Intimidation
 Scarcity
A

Urgency
Authority
Intimidation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

An attacker impersonating a software beta tester replies to a victim’s post in a forum thread discussing the best options for affordable productivity software. A while later, he/she follows up by sending the victim private message mentioning the discussion thread and offering free access to a closed beta version of a fake office app. Which social engineering principles apply to this attack scenario? (Select 3 answers)

 Authority
 Intimidation
 Consensus
 Scarcity
 Familiarity
 Trust
 Urgency
A

Scarcity
Familiarity
Trust

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

While conducting a web research that would help in making a better purchasing decision, a user visits series of Facebook pages and blogs containing fake reviews and testimonials in favor of a paid app intentionally infected with malware. Which social engineering principle applies to this attack scenario?

 Scarcity
 Authority
 Consensus
 Intimidation
 Urgency
A

Consensus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

An attempt to flood the bandwidth or resources of a targeted system so that it becomes overwhelmed with false requests and in result doesn’t have time or resources to handle legitimate requests is called:

Bluesnarfing
MITM attack
Session hijacking
DoS attack

A

DoS attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

As opposed to the simple Denial of Service (DoS) attacks that usually are performed from a single system, a Distributed Denial of Service (DDoS) attack uses multiple compromised computer systems to perform the attack against its target. The intermediary systems that are used as platform for the attack are the secondary victims of the DDoS attack; they are often referred to as zombies, and collectively as a botnet.

True
False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following attacks relies on intercepting and altering data sent between two networked hosts?

Zero-day attack
MITM attack
Watering hole attack
Replay attack

A

Watering hole attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A type of exploit that relies on overwriting contents of memory to cause unpredictable results in an application is known as:

IV attack
SQL injection
Buffer overflow
Fuzz test

A

Buffer overflow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Entry fields of web forms lacking input validation are vulnerable to what kind of attacks?

Replay attacks
SQL injection attacks
Brute-force attacks
Dictionary attacks

A

SQL injection attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the answers listed below refers to a common target of cross-site scripting (XSS)?

Physical security
Alternate sites
Dynamic web pages
Removable storage

A

Dynamic web pages

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Cross-site request forgery (CSRF/XSRF) is a security exploit that allows for infecting a website with malicious code. The malicious code, often in the form of JavaScript, can then be sent to the unsuspecting user and executed via the user’s web browser application.

True
False

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which type of attack allows for tricking a user into sending unauthorized commands to a web application? (Select 2 answers)

 IRC
 CSRF
 XSS
 XSRF
 CSR
A

CSRF

XSRF

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following facilitate(s) privilege escalation attacks? (Select all that apply)

 System/application vulnerability
 Distributed Denial of Service (DDoS)
 Social engineering techniques
 Attribute-Based Access Control (ABAC)
 System/application misconfiguration
A

System/application vulnerability
Social engineering techniques
System/application misconfiguration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

An attacker managed to associate his/her MAC address with the IP address of the default gateway. In result, a targeted host is sending network traffic to the attacker’s IP address instead of the IP address of the default gateway. Based on the given info, which type of attack is taking place in this scenario?

ARP poisoning
Replay attack
Cross-site request forgery
DNS poisoning

A

ARP poisoning

17
Q

Which of the attack types listed below relies on the amplification effect?

Zero-day attack
DDoS attack
Brute-force attack
MITM attack

A

DDoS attack

18
Q

Remapping a domain name to a rogue IP address is an example of what kind of exploit?

DNS poisoning
Domain hijacking
ARP poisoning
URL hijacking

A

DNS poisoning

19
Q

The term “Domain hijacking” refers to a situation in which a domain registrant due to unlawful actions of third parties loses control over his/her domain name.

True
False

A

True

20
Q

Which of the terms listed below refers to a computer security exploit that takes advantage of vulnerabilities in a user’s web browser application?

MTTR
MITM
MTBF
MITB

A

MITB

21
Q

A replay attack occurs when an attacker intercepts user data and tries to use this information later to impersonate the user to obtain unauthorized access to resources on a network.

True
False

A

True

22
Q

A technique that allows an attacker to authenticate to a remote server without extracting a cleartext password from the digest and use the digest instead of a password credential is known as:

Pass the hash
Replay attack
Hash collision
Rainbow table

A

Pass the hash

23
Q

In computer security, the term “Clickjacking” refers to a malicious technique of tricking a user into clicking on something different from what the user thinks they are clicking on.

True
False

A

True

24
Q

In a session hijacking attack, a hacker takes advantage of the session ID stored in:

Key escrow
Digital signature
Cookie
Firmware

A

Cookie

25
Q

A type of attack aimed at exploiting vulnerability that is present in already released software but unknown to the software developer is called:

Xmas attack
Zero-day attack
IV attack
Replay attack

A

Zero-day attack

Cyber Security (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions