Threats, Attacks, and Vulnerabilities

Question 1

As the security administrator for your organization, you must be aware of all types of attacks that can occur and plan for them. Which type of attack uses more than one computer to attack the victim?

DoS

DDoS

Worm

Answer 1

DDoS

A DDoS attack uses multiple computer systems to attack a server or host in the network

Question 2

An alert signals you that a server in your network has a program running on it that bypasses authorization. Which type of attack has occurred?

DoS

DDoS

Backdoor

Answer 2

Backdoor

In a backdoor attack, a program or service is placed on a server to bypass normal security procedures

Question 3

An administrator at a sister company calls to report a new threat that is making the rounds. According to him, the latest danger is an attack that attempts to intervene in a communications session by inserting a computer between the two systems that are communicating. Which of the following types of attacks does this constitute?

Man-in-the-middle attack

Backdoor attack

Worm

Answer 3

Man-in-the-middle attack

A man-in-the-middle attack attempts to fool both ends of a communications session into believing that the system in the middle is the other end

Question 4

You’ve discovered that an expired certificate is being used repeatedly to gain logon privileges. Which type of attack is this most likely to be?

Man-in-the-middle attack

Backdoor attack

Replay attack

Answer 4

Replay attack

A replay attack attempts to replay the results of a previously successful session to gain access

Question 5

Which type of attack denies authorized users access to network resources?

DoS

Worm

Logic bomb

Answer 5

DoS

A DoS attack is intended to prevent access to network resources by overwhelming or flooding a service or network

Question 6

Your system has just stopped responding to keyboard commands. You noticed that this occurred when a spreadsheet was open and you connected to the Internet. Which kind of attack has probably occurred?

Logic bomb

Worm

Virus

Answer 6

Logic bomb

A logic bomb notifies an attacker when a certain set of circumstances has occurred. This may in turn trigger an attack on your system

Question 7

You’re explaining the basics of security to upper management in an attempt to obtain an increase in the networking budget. One of the members of the management team mentions that they’ve heard of a threat from a virus that attempts to mask itself by hiding code from antivirus software. What type of virus is she referring to?

Armored virus

Malevolent virus

Worm

Answer 7

Armored virus

An armored virus is designed to hide the signature of the virus behind code that confuses the antivirus software or blocks it from detecting the virus

Question 8

What kind of virus could attach itself to the boot sector of your disk to avoid detection and report false information about file sizes?

Trojan horse virus

Stealth virus

Worm

Answer 8

Stealth virus

A stealth virus reports false information to hide itself from antivirus software. Stealth viruses often attach themselves to the boot sector of an operating system

Question 9

What is it known as when an attacker manipulates the database code to take advantage of a weakness in it?

SQL tearing

SQL cracking

SQL injection

Answer 9

SQL injection

SQL injection occurs when an attacker manipulates the database code to take advantage of a weakness in it

Question 10

What term describes when the item used to validate a user’s session, such as a cookie, is stolen and used by another to establish a session with a host that thinks it is still communicating with the first party?

Patch infiltration

XML injection

Session hijacking

Answer 10

Session hijacking

Session hijacking occurs when the item used to validate a user’s session, such as a cookie, is stolen and used by another to establish a session with a host that thinks it is still communicating with the first party

Question 11

Which of the following involves unauthorized commands coming from a trusted user to the website?

ZDT

HSM

XSRF

Answer 11

XSRF

XSRF involves unauthorized commands coming from a trusted user to the website. This is often done without the user’s knowledge, and it employs some type of social networking to pull it off

Question 12

When a hole is found in a web browser or other software, and attackers begin exploiting it before the developer can respond, what type of attack is it known as?

Xmas

Malicious insider

Zero-day

Answer 12

Zero-day

When a hole is found in a web browser or other software, and attackers begin exploiting it the very day it is discovered by the developer (bypassing the one-to-two-day response time that many software providers need to put out a patch once the hole has been found), it is known as a zero-day attack

Question 13

Which of the following is a small library that is created to intercept API calls transparently?

Chock

Wedge

Shim

Answer 13

Shim

A shim is a small library that is created to intercept API calls transparently

Question 14

The new head of software engineering has demanded that all code be tested to identify the design flow and then modified, as needed, to clean up routines without changing the code’s visible behavior. What is this process known as?

Straightening

Sanitizing

Refactoring

Answer 14

Refactoring

Refactoring involves testing to identify the design flow and then modifying, as needed, to clean up routines without changing the code’s visible behavior

Question 15

Karl from Accounting is in a panic. He is convinced that he has identified malware on the servers—a type of man-in-the-middle attack in which a Trojan horse manipulates calls between the browser and yet still displays back the user’s intended transaction. What type of attack could he have stumbled on?

Man-in-the-browser

Man-in-the-castle

Man-in-the-code

Answer 15

Man-in-the-browser

Man-in-the-browser is a type of man-in-the-middle attack in which a Trojan horse manipulates calls between the browser and its security mechanisms yet still displaying back the user’s intended transaction

Question 16

Pass-the-hash attacks take advantage of a weak encryption routine associated with which protocols?

NetBEUI and NetBIOS

NTLM and LanMan

Telnet and TFTP

Answer 16

NTLM and LanMan

Pass-the-hash attacks take advantage of a weak encryption routine associated with NTLM and LanMan protocols

Question 17

The command monlist can be used with which protocol as part of an amplification attack?

SMTP

NTP

SNMP

Answer 17

NTP

The command monlist can be used with an NTP amplification attack to send details of the last 600 people who requested network time

Question 18

An attacker has placed an opaque layer over the Request A Catalog button on your web page. This layer tricks visitors into going to a form on a different website and giving their contact information to another party when their intention was to give it to you. What type of attack is this known as?

Clickjacking

Man-in-the-middle

XSRF

Answer 18

Clickjacking

Clickjacking involves an attacker using multiple transparent or opaque layers to trick a user into clicking a button or link on another page when they were intending to click the top-level page

Question 19

With which of the following is the DNS server given information about a name server that it thinks is legitimate when it isn’t?

DNS tagging

DNS kiting

DNS poisoning

Answer 19

DNS poisoning

With DNS poisoning, also known as DNS spoofing, the DNS server is given information about a name server that it thinks is legitimate when it isn’t

Question 20

It has been brought to your attention that a would-be attacker in Indiana has been buying up domains based on common misspellings of your company’s name with the sole intent of creating websites that resemble yours and prey on those who mistakenly stumble onto these pages. What type of attack is this known as?

Watering hole

Faulty tower

Typo squatting

Answer 20

Typo squatting

Typo squatting involves creating domains that are based on the misspelling of another