Threats and Vulnerabilities

Question 1

You are the senior administrator for a bank. A user calls you on the telephone and says they
were notified to contact you but couldn’t find your information on the company website.
Two days ago, an email told them there was something wrong with their account and they
needed to click a link in the email to fix the problem. They clicked the link and filled in the
information, but now their account is showing a large number of transactions that they did
not authorize. They were likely the victims of what type of attack?

A. Spimming
B. Phishing
C. Pharming
D. Escalating

Answer 1

B. Sending an email with a misleading link to collect information is a phishing attack.

Question 2

As the security administrator for your organization, you must be aware of all types of attacks
that can occur and plan for them. Which type of attack uses more than one computer to
attack the victim?

A. DoS
B. DDoS
C. Worm
D. UDP attack

Answer 2

B. A DDoS attack uses multiple computer systems to attack a server or host in the network.

Question 3

An alert signals you that a server in your network has a program running on it that
bypasses authorization. Which type of attack has occurred?

A. DoS
B. DDoS
C. Backdoor
D. Social engineering

Answer 3

C. In a backdoor attack, a program or service is placed on a server to bypass normal
security procedures.

Question 4

An administrator at a sister company calls to report a new threat that is making the rounds.
According to him, the latest danger is an attack that attempts to intervene in a communications
session by inserting a computer between the two systems that are communicating.
Which of the following types of attacks does this constitute?

A. Man-in-the-middle attack
B. Backdoor attack
C. Worm
D. TCP/IP hijacking

Answer 4

A. A man-in-the-middle attack attempts to fool both ends of a communications session into
believing the system in the middle is the other end.

Question 5

You’ve discovered that an expired certificate is being used repeatedly to gain logon privileges.
Which type of attack is this most likely to be?

A. Man-in-the-middle attack
B. Backdoor attack
C. Replay attack
D. TCP/IP hijacking

Answer 5

C. A replay attack attempts to replay the results of a previously successful session to
gain access.

Question 6

A junior administrator comes to you in a panic. After looking at the log files, he has
become convinced that an attacker is attempting to use an IP address to replace another
system in the network to gain access. Which type of attack is this?

A. Man-in-the-middle attack
B. Backdoor attack
C. Worm
D. TCP/IP hijacking

Answer 6

D. TCP/IP hijacking is an attempt to steal a valid IP address and use it to gain authorization
or information from a network

Question 7

A server on your network will no longer accept connections using TCP. The server indicates
that it has exceeded its session limit. Which type of attack is probably occurring?

A. TCP ACK attack
B. Smurf attack
C. Virus attack
D. TCP/IP hijacking

Answer 7

A. A TCP ACK attack creates multiple incomplete sessions. Eventually, the TCP protocol
hits a limit and refuses additional connections.

Question 8

A smurf attack attempts to use a broadcast ping on a network; the return address of the
ping may be a valid system in your network. Which protocol does a smurf attack use to
conduct the attack?

A. TCP
B. IP
C. UDP
D. ICMP

Answer 8

D. A smurf attack attempts to use a broadcast ping (ICMP) on a network. The return
address of the ping may be a valid system in your network. This system will be flooded
with responses in a large network.

Question 9

A user calls you in a panic. He is receiving emails from people indicating that he is inadvertently
sending viruses to them. Over 200 such emails have arrived today. Which type of
attack has most likely occurred?

A. SAINT
B. Backdoor attack
C. Worm
D. TCP/IP hijacking

Answer 9

C. A worm is a type of malicious code that attempts to replicate using whatever means are
available. The worm may not have come from the user’s system; rather, a system with the
user’s name in the address book has attacked these people.

Question 10

Which type of attack denies authorized users access to network resources?

A. DoS
B. Worm
C. Logic bomb
D. Social engineering

Answer 10

A. A DoS attack is intended to prevent access to network resources by overwhelming or
flooding a service or network.

Question 11

Your system has just stopped responding to keyboard commands. You noticed that this
occurred when a spreadsheet was open and you dialed in to the Internet. Which kind of
attack has probably occurred?

A. Logic bomb
B. Worm
C. Virus
D. ACK attack

Answer 11

A. A logic bomb notifies an attacker when a certain set of circumstances has occurred.
This may in turn trigger an attack on your system.

Question 12

You’re explaining the basics of security to upper management in an attempt to obtain an
increase in the networking budget. One of the members of the management team mentions
that they’ve heard of a threat from a virus that attempts to mask itself by hiding code from
antivirus software. What type of virus is he referring to?

A. Armored virus
B. Polymorphic virus
C. Worm
D. Stealth virus

Answer 12

A. An armored virus is designed to hide the signature of the virus behind code that confuses
the antivirus software or blocks it from detecting the virus.

Question 13

What kind of virus could attach itself to the boot sector of your disk to avoid detection and
report false information about file sizes?

A. Trojan horse virus
B. Stealth virus
C. Worm
D. Polymorphic virus

Answer 13

B. A stealth virus reports false information to hide itself from antivirus software. Stealth
viruses often attach themselves to the boot sector of an operating system.

Question 14

A mobile user calls you from the road and informs you that his laptop is exhibiting erratic behavior. He reports that there were no problems until he downloaded a tic-tac-toe program from a site that he had never visited before. Which of the following terms describes a program that enters a system disguised in another program?

A. Trojan horse virus
B. Polymorphic virus
C. Worm
D. Armored virus

Answer 14

A. A Trojan horse enters with a legitimate program to accomplish its nefarious deeds.

Question 15

Your system has been acting strangely since you downloaded a file from a colleague. Upon
examining your antivirus software, you notice that the virus definition file is missing. Which type of virus probably infected your system?

A. Polymorphic virus
B. Retrovirus
C. Worm
D. Armored virus

Answer 15

B. Retroviruses are often referred to as anti-antiviruses. They can render your antivirus
software unusable and leave you exposed to other, less-formidable viruses.

Question 16

Internal users are reporting repeated attempts to infect their systems as reported to them by
pop-up messages from their virus-scanning software. According to the pop-up messages,
the virus seems to be the same in every case. What is the most likely culprit?

A. A server is acting as a carrier for a virus.
B. You have a worm virus.
C. Your antivirus software has malfunctioned.
D. A DoS attack is under way

Answer 16

A. Some viruses won’t damage a system in an attempt to spread into all the other systems in
a network. These viruses use that system as the carrier of the virus.

Question 17

Your system log files report an ongoing attempt to gain access to a single account. This attempt has been unsuccessful to this point. What type of attack are you most likely
experiencing?

A. Password-guessing attack
B. Backdoor attack
C. Worm attack
D. TCP/IP hijacking

Answer 17

A. A password-guessing attack occurs when a user account is repeatedly attacked using a
variety of different passwords

Question 18

A user reports that he is receiving an error indicating that his TCP/IP address is already in
use when he turns on his computer. A static IP address has been assigned to this user’s computer,and you’re certain this address was not inadvertently assigned to another computer.
Which type of attack is most likely underway?

A. Man-in-the-middle attack
B. Backdoor attack
C. Worm
D. TCP/IP hijacking

Answer 18

D. One of the symptoms of a TCP/IP hijacking attack may be the unavailability of a TCP/IP
address when the system is started.

Question 19

You’re working late one night, and you notice that the hard disk on your new computer is
very active even though you aren’t doing anything on the computer and it isn’t connected to
the Internet. What is the most likely suspect?

A. A disk failure is imminent.
B. A virus is spreading in your system.
C. Your system is under a DoS attack.
D. TCP/IP hijacking is being attempted.

Answer 19

B. A symptom of many viruses is unusual activity on the system disk. This is caused by the
virus spreading to other files on your system.

Question 20

You’re the administrator for a large bottling company. At the end of each month, you
routinely view all logs and look for discrepancies. This month, your email system error
log reports a large number of unsuccessful attempts to log on. It’s apparent that the email
server is being targeted. Which type of attack is most likely occurring?

A. Software exploitation attack
B. Backdoor attack
C. Worm
D. TCP/IP hijacking

Answer 20

A. A software exploitation attack attempts to exploit weaknesses in software. A common
attack attempts to communicate with an established port to gain unauthorized access. Most
email servers use port 25 for email connections using SMTP.