Threats, Attacks, and Vulnerabilities Flashcards

1
Q

As the security administrator for your organization, you must be aware of all types of attacks that can occur and plan for them. Which type of attack uses more than one computer to attack the victim?

DoS

DDoS

Worm

A

DDoS

A DDoS attack uses multiple computer systems to attack a server or host in the network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

An alert signals you that a server in your network has a program running on it that bypasses authorization. Which type of attack has occurred?

DoS

DDoS

Backdoor

A

Backdoor

In a backdoor attack, a program or service is placed on a server to bypass normal security procedures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

An administrator at a sister company calls to report a new threat that is making the rounds. According to him, the latest danger is an attack that attempts to intervene in a communications session by inserting a computer between the two systems that are communicating. Which of the following types of attacks does this constitute?

Man-in-the-middle attack

Backdoor attack

Worm

A

Man-in-the-middle attack

A man-in-the-middle attack attempts to fool both ends of a communications session into believing that the system in the middle is the other end

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

You’ve discovered that an expired certificate is being used repeatedly to gain logon privileges. Which type of attack is this most likely to be?

Man-in-the-middle attack

Backdoor attack

Replay attack

A

Replay attack

A replay attack attempts to replay the results of a previously successful session to gain access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which type of attack denies authorized users access to network resources?

DoS

Worm

Logic bomb

A

DoS

A DoS attack is intended to prevent access to network resources by overwhelming or flooding a service or network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Your system has just stopped responding to keyboard commands. You noticed that this occurred when a spreadsheet was open and you connected to the Internet. Which kind of attack has probably occurred?

Logic bomb

Worm

Virus

A

Logic bomb

A logic bomb notifies an attacker when a certain set of circumstances has occurred. This may in turn trigger an attack on your system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

You’re explaining the basics of security to upper management in an attempt to obtain an increase in the networking budget. One of the members of the management team mentions that they’ve heard of a threat from a virus that attempts to mask itself by hiding code from antivirus software. What type of virus is she referring to?

Armored virus

Malevolent virus

Worm

A

Armored virus

An armored virus is designed to hide the signature of the virus behind code that confuses the antivirus software or blocks it from detecting the virus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What kind of virus could attach itself to the boot sector of your disk to avoid detection and report false information about file sizes?

Trojan horse virus

Stealth virus

Worm

A

Stealth virus

A stealth virus reports false information to hide itself from antivirus software. Stealth viruses often attach themselves to the boot sector of an operating system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is it known as when an attacker manipulates the database code to take advantage of a weakness in it?

SQL tearing

SQL cracking

SQL injection

A

SQL injection

SQL injection occurs when an attacker manipulates the database code to take advantage of a weakness in it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What term describes when the item used to validate a user’s session, such as a cookie, is stolen and used by another to establish a session with a host that thinks it is still communicating with the first party?

Patch infiltration

XML injection

Session hijacking

A

Session hijacking

Session hijacking occurs when the item used to validate a user’s session, such as a cookie, is stolen and used by another to establish a session with a host that thinks it is still communicating with the first party

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following involves unauthorized commands coming from a trusted user to the website?

ZDT

HSM

XSRF

A

XSRF

XSRF involves unauthorized commands coming from a trusted user to the website. This is often done without the user’s knowledge, and it employs some type of social networking to pull it off

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

When a hole is found in a web browser or other software, and attackers begin exploiting it before the developer can respond, what type of attack is it known as?

Xmas

Malicious insider

Zero-day

A

Zero-day

When a hole is found in a web browser or other software, and attackers begin exploiting it the very day it is discovered by the developer (bypassing the one-to-two-day response time that many software providers need to put out a patch once the hole has been found), it is known as a zero-day attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following is a small library that is created to intercept API calls transparently?

Chock

Wedge

Shim

A

Shim

A shim is a small library that is created to intercept API calls transparently

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The new head of software engineering has demanded that all code be tested to identify the design flow and then modified, as needed, to clean up routines without changing the code’s visible behavior. What is this process known as?

Straightening

Sanitizing

Refactoring

A

Refactoring

Refactoring involves testing to identify the design flow and then modifying, as needed, to clean up routines without changing the code’s visible behavior

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Karl from Accounting is in a panic. He is convinced that he has identified malware on the servers—a type of man-in-the-middle attack in which a Trojan horse manipulates calls between the browser and yet still displays back the user’s intended transaction. What type of attack could he have stumbled on?

Man-in-the-browser

Man-in-the-castle

Man-in-the-code

A

Man-in-the-browser

Man-in-the-browser is a type of man-in-the-middle attack in which a Trojan horse manipulates calls between the browser and its security mechanisms yet still displaying back the user’s intended transaction

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Pass-the-hash attacks take advantage of a weak encryption routine associated with which protocols?

NetBEUI and NetBIOS

NTLM and LanMan

Telnet and TFTP

A

NTLM and LanMan

Pass-the-hash attacks take advantage of a weak encryption routine associated with NTLM and LanMan protocols

17
Q

The command monlist can be used with which protocol as part of an amplification attack?

SMTP

NTP

SNMP

A

NTP

The command monlist can be used with an NTP amplification attack to send details of the last 600 people who requested network time

18
Q

An attacker has placed an opaque layer over the Request A Catalog button on your web page. This layer tricks visitors into going to a form on a different website and giving their contact information to another party when their intention was to give it to you. What type of attack is this known as?

Clickjacking

Man-in-the-middle

XSRF

A

Clickjacking

Clickjacking involves an attacker using multiple transparent or opaque layers to trick a user into clicking a button or link on another page when they were intending to click the top-level page

19
Q

With which of the following is the DNS server given information about a name server that it thinks is legitimate when it isn’t?

DNS tagging

DNS kiting

DNS poisoning

A

DNS poisoning

With DNS poisoning, also known as DNS spoofing, the DNS server is given information about a name server that it thinks is legitimate when it isn’t

20
Q

It has been brought to your attention that a would-be attacker in Indiana has been buying up domains based on common misspellings of your company’s name with the sole intent of creating websites that resemble yours and prey on those who mistakenly stumble onto these pages. What type of attack is this known as?

Watering hole

Faulty tower

Typo squatting

A

Typo squatting

Typo squatting involves creating domains that are based on the misspelling of another