Quiz March 5th Flashcards
Which penetration-testing concept compromises one system so that it can be used to attack another system?
Pivot
You need to list conditions that might indicate a hacker is attacking a network. Which of the following should you include?
A major increase in ICMP traffic
Your organization is using a STIX/TAXII client to review cyber threat indicators provided by an ISAC. What is the MOST likely source of this information?
AIS - Automated Indicator Sharing
NA
What is vishing?
A special type of phishing that uses Voice over IP (VoIP)
You have decided to attach a digital timestamp to a document that is shared on the network. Which attack does this prevent?
A replay attack
You need to explain to personnel a cross-site request forgery (CSRF) attack occurs. Which of the following best describes this attack?
When unauthorized commands are executed on a Web server by a trusted user
You need to educate several members of management regarding the susceptibility of passwords to attacks. To which attacks are passwords susceptible
Dictionary, Sniffing, Brute Force, Social Engineering
A user reports that she is unable to access a file server. You discover that there are numerous open connections on the file server from several servers and routers. Which type of attack has affected the file server?
Denial-of-service (DoS) attack
A member of management recently read an article about an attack that involved the use of multiple computers with purpose of denying legitimate access to a critical server. Which type of attack was being discussed?
Distributed denial-of-service (DDoS) attack
What is tailgating?
Following an authorized user through aa restricted entrance
Your organization recently experienced a cross-site scripting (XSS) attack. In which situation does XSS pose the most danger
User accesses a financial organization’s site using his or her login credentials
How is syslog used?
Holds event messages that are valuable for troubleshooting both security and performance issues
Which research source can help in discovering new vulnerabilities and potential threats in existing Internet standards?
RFCs –> Request for Comments
Which of these vulnerabilities could be created by a user who installs a SOHO router?
Default Configuration
You need to ensure that resources are only allocated when they are needed. Which secure coding technique should you use?
Provisioning and deprovisioning
Your company recently discovered that an attacker carried out an exhaustive password attack. Which type of password attack is often referred to as this?
Brute Force attack
An application that your company developed is susceptible to buffer overflows. Which type of vulnerability is demonstrated by them?
Improper input handling
Recently, an attacker tricked a user into believing he was selecting a button to direct him to a legitimate web site, but that button actually took him to another site. Which type of attack occurred?
Clickjacking
Which of the following scenarios describes a man-in-the-browser (MitB) attack?
When users attempt to access a legitimate website, they are instead redirected to a malicious website
The cafe in the student center of a university established contactless payment by printing QR codes on its menus. One day the menus have new QR codes printed on stickers replaced by old codes. Which social engineering principle made this a successful attack?
Trust
After troubleshooting an issue on a Windows computer, the IT technician determines that the computer has been infected by a platform-independent virus that was written in an application’s language and is capable of infecting any files using that language. Which virus is present?
Macro Virus
You discover that a malicious program has been installed on several host computers on your network. This program’s execution was remotely triggered. Of what is this an example?
Botnet
NA