Testout 3

What is the main difference between a worm and a virus?

A worm can replicate itself whereas a virus needs a host for distribution.

What type of malware monitors your actions?

Spyware

A collection of zombie computers have been setup to collect personal information. What type of malware do the zombie computers represent?

Botnet

What is a program that appears to be a legitimate application, utility, game, or screensaver and that performs malicious activities surreptitiously?

Trojan Horse

Which of the following defines a logic bomb?

A program that performs a malicious activity at a specific time or after a trigger event.

What of the following is a characteristic of a virus?

Requires an activation mechanism to run.

Which of the following is undetectable software that allows admin level access?

Rootkit

Which of the following are characteristics of a rootkit? (2)

Hides itself from detection, requires admin-level privileges for installation.

You have heard about a new malware program that prevents itself to users as a virus scanner. When users run this software it installs itself as a hidden program that has admin level access to various OS components. The program then tracks system activity and allows an attacker to remotely gain admin access to this computer. What is this?

Rootkit.

While browsing the internet, you notice that the browser displays ads that are targeted towards recent keyword searches you have performed. What is this an example of?

Adware.

Devs in your company have created a web application that interfaces with a database server. During development, programmers created a special user account that bypasses normal security. What is this an example of?

Backdoor.

Which of the following best describes spyware?

It monitors the actions you take on your machine and sends the info back to its originating source.

What is the most common means of Virus distribution?

EMail

What is the common name for a program that has no useful purpose, but attempts to spread itself to other system and often damages resources on the system where it is found?

Virus

Which of the following is not a primary characteristic of a worm?

It infects the MBR of a harddrive.

What is the primary distinguishing characteristic between a worm and a logic bomb?

Self replication.

What is another name for a logic bomb?

Asynchronous attack.

What is another name for a backdoor that was left in a product by the manufacturer by accident?

Maintenance hook

A relatively new employee in the data entry cubical farm was assigned a user account similar to that of all the other data entry employees. However, audit logs have shown that this user account has been used to change ACL's on several confidential files and has accessed the date in those areas. This situation indicates which of the following has occurred?

Privilege escalation.

Which type of malicious activity can be described as numerous unwanted and unsolicited email messages sent to a wide range of victims?

Spamming

What is the greatest thread to confidentiality in most secure organizations?

USB devices

If an SMTP server i not properly and securely configured, it can be hijacked and used maliciously as an SMTP relay agent. Which type of activity could result?

Spam

You want to prevent your browser from running JavaScript commands that are potentially harmful. What of the following would you restrict to allow this?

Client-Side Scripts

Which of the following is the main difference between a DoS attack and a DDoS attack?

DDoS uses zombie computers.

While using the internet, you type the URL of one of your favourite sites in the browser. Instead of going to the correct site, however, the browser displays a completely different website. When you use an IP address of the web server, it displays correctly. Why?

A DNS poisoning attack.

Which of the following attacks tries to associate an incorrect MAC address with a known IP address?

ARP Poisoning

What are the most common network traffic packets captured and used in a replay attack?

Authentication

When a malicious user captures authentication traffic and replays it against the network later,what is the security problem you are most concerned about?

An unauthorized user getting access to sensitive resources.

A router on the border of your network detects a packet with source address that is from an internal client but the packet was received on the Internet facing interface. This is an example of what?

Spoofing

What is modified in the most common form of spoofing on a typical IP packet?

Source address

Which type of activity changes or falsifies information in order to mislead or redirect traffic?

Spoofing

What is spoofing?

Changing or falsifying information in order to mislead or redirect traffic.

Which type of DoS attack occurs when a name server receives malicious or misleading data that incorrectly maps host names and IP addresses?

DNS poisoning.

Which of the following describes a man in the middle attack?

A false server intercepts communications from a client by impersonating the intended server.

Capturing packets as they travel from one host to another with the intent of altering the contents of the packets is a form of which security concern?

Man in the middle attack.

Which of the following could easily result in a DoS attack if the victimized system had too little free storage capacity?

Spam

An attacker sets up 100 drone computers that flood a DNS server with invalid requests. This is an example of which kind of attack?

DDoS

An attacker has obtained the logon credentials for a regular user on your network. Which type of security exists if this user account is used to perform admin functions?

Which of the following is an example of an internal threat?

Which of the following is a form of attack that tricks victims into providing confidential information through emails or websites that impersonate as an online entity the victim trusts?

Phishing

Which of the following are DoS attacks?

Fraggle, Smurf.

Which is a form of attack that either exploits a software flaw or floods a system with traffic in order to prevent legit activities or transactions from occurring?

DoS

As the victim of a Smurf attack, what protection measure is the most effective during the attack?

Communicating with your upstream provider.

Which of the following is an example of privilege escalation?

Creeping privileges

You suspect that an Xmas Tree attack is occurring on a system. Which of the following could result? (2)

The system will be unavailable to legit requests, the threat agent will obtain information about open ports.

An attacker uses an exploit to push a modified hosts file to client systems. This host file redirects traffic from legit tax preparation sites to malicious sites tho gather personal and financial info. What kind of attacks? (2)

Pharming, DNS poisoning.

An attacker sends unwanted and unsolicited emails to multiple recipients with malware attachments. What type of attack is this?

Spam.

Which of the following is a common form of social engineering attack?

Hoax virus info emails

Which of the following is not a form of social engineering?

Logging on with stolen credentials.

You have just received a generic looking email that is addressed as coming from an admin of your company. The email says that part of the system upgrade means you have to go to a website and enter your user/pass at a new website so you can manage your email and spam using that service. What should you do?

Verify the email was sent by the admin, and check if the new service is legit.

On your way to the back entrance of the building at work one morning, a man dressed as a plumber asks you to let him in so he can fix the restroom. What do?

Direct him to the front entrance and instruct him to check with the receptionist.

Dumpster diving is a low tech means of gathering info that may be useful in gaining unauthorized access, or as a staring point for more advanced attacks. How can companies reduce the risks of this?

Establish and enforce a document destruction policy.

Which of the following are examples of social engineering?(2)

Dumpster diving, Shoulder surfing.

What is the primary difference between impersonation and masquerading?

One is more active, one is more passive.

Which of the following social engineering attacks uses VOIP to gain sensitive info?

Vishing.

A senior executive reports that she received a sus email concerning a sensitive internal project that is behind production. The email is sent from someone she doesn't know and he is asking for immediate clarification on several of the project's details so that it can get back on schedule. What type of attack best describes this?

Whaling

Your company security policy states that wireless networks are not to be used because of the potential security risk they present to the network. One day you find an employee has connected to a wireless access point to the network in his office. What type of security risk is this?

Rogue access point.

Which of the following describes marks that attackers place outside a building to identify open wireless network?

War Chalking

The process of walking around an office building with an 802.11 signal detector is known as what?

War driving

Which of the following best describes bluesnarfing?

Unauthorized viewing of a calendar email and messages on a mobile device.

Which of the following sends unsolicited business cards and messages to a bluetooth device?

Bluejacking

Which of the following is the best protection against attacks on mobile phones via bluetooth?

Disable bluetooth on the phone.

You are troubleshooting a wireless connectivity issue on a small office. You determine that 2.4 GHz cordless phones used in this office are interfering with the wireless network transmissions. If the cordless phones are causing the interference, which of the following wireless standards are they using? (2)

...

Testout 3 - Subjecto.com

Testout 3

Your page rank:

Total word count: 1629
Pages: 6

Calculate the Price

- -
275 words
Looking for Expert Opinion?
Let us have a look at your work and suggest how to improve it!
Get a Consultant

What is the main difference between a worm and a virus?

A worm can replicate itself whereas a virus needs a host for distribution.

What type of malware monitors your actions?

Spyware

A collection of zombie computers have been setup to collect personal information. What type of malware do the zombie computers represent?

Botnet

What is a program that appears to be a legitimate application, utility, game, or screensaver and that performs malicious activities surreptitiously?

Trojan Horse

Which of the following defines a logic bomb?

A program that performs a malicious activity at a specific time or after a trigger event.

What of the following is a characteristic of a virus?

Requires an activation mechanism to run.

Which of the following is undetectable software that allows admin level access?

Rootkit

Which of the following are characteristics of a rootkit? (2)

Hides itself from detection, requires admin-level privileges for installation.

You have heard about a new malware program that prevents itself to users as a virus scanner. When users run this software it installs itself as a hidden program that has admin level access to various OS components. The program then tracks system activity and allows an attacker to remotely gain admin access to this computer. What is this?

Rootkit.

While browsing the internet, you notice that the browser displays ads that are targeted towards recent keyword searches you have performed. What is this an example of?

Adware.

Devs in your company have created a web application that interfaces with a database server. During development, programmers created a special user account that bypasses normal security. What is this an example of?

Backdoor.

Which of the following best describes spyware?

It monitors the actions you take on your machine and sends the info back to its originating source.

What is the most common means of Virus distribution?

EMail

What is the common name for a program that has no useful purpose, but attempts to spread itself to other system and often damages resources on the system where it is found?

Virus

Which of the following is not a primary characteristic of a worm?

It infects the MBR of a harddrive.

What is the primary distinguishing characteristic between a worm and a logic bomb?

Self replication.

What is another name for a logic bomb?

Asynchronous attack.

What is another name for a backdoor that was left in a product by the manufacturer by accident?

Maintenance hook

A relatively new employee in the data entry cubical farm was assigned a user account similar to that of all the other data entry employees. However, audit logs have shown that this user account has been used to change ACL’s on several confidential files and has accessed the date in those areas. This situation indicates which of the following has occurred?

Privilege escalation.

Which type of malicious activity can be described as numerous unwanted and unsolicited email messages sent to a wide range of victims?

Spamming

What is the greatest thread to confidentiality in most secure organizations?

USB devices

If an SMTP server i not properly and securely configured, it can be hijacked and used maliciously as an SMTP relay agent. Which type of activity could result?

Spam

You want to prevent your browser from running JavaScript commands that are potentially harmful. What of the following would you restrict to allow this?

Client-Side Scripts

Which of the following is the main difference between a DoS attack and a DDoS attack?

DDoS uses zombie computers.

While using the internet, you type the URL of one of your favourite sites in the browser. Instead of going to the correct site, however, the browser displays a completely different website. When you use an IP address of the web server, it displays correctly. Why?

A DNS poisoning attack.

Which of the following attacks tries to associate an incorrect MAC address with a known IP address?

ARP Poisoning

What are the most common network traffic packets captured and used in a replay attack?

Authentication

When a malicious user captures authentication traffic and replays it against the network later,what is the security problem you are most concerned about?

An unauthorized user getting access to sensitive resources.

A router on the border of your network detects a packet with source address that is from an internal client but the packet was received on the Internet facing interface. This is an example of what?

Spoofing

What is modified in the most common form of spoofing on a typical IP packet?

Source address

Which type of activity changes or falsifies information in order to mislead or redirect traffic?

Spoofing

What is spoofing?

Changing or falsifying information in order to mislead or redirect traffic.

Which type of DoS attack occurs when a name server receives malicious or misleading data that incorrectly maps host names and IP addresses?

DNS poisoning.

Which of the following describes a man in the middle attack?

A false server intercepts communications from a client by impersonating the intended server.

Capturing packets as they travel from one host to another with the intent of altering the contents of the packets is a form of which security concern?

Man in the middle attack.

Which of the following could easily result in a DoS attack if the victimized system had too little free storage capacity?

Spam

An attacker sets up 100 drone computers that flood a DNS server with invalid requests. This is an example of which kind of attack?

DDoS

An attacker has obtained the logon credentials for a regular user on your network. Which type of security exists if this user account is used to perform admin functions?

Which of the following is an example of an internal threat?

Which of the following is a form of attack that tricks victims into providing confidential information through emails or websites that impersonate as an online entity the victim trusts?

Phishing

Which of the following are DoS attacks?

Fraggle, Smurf.

Which is a form of attack that either exploits a software flaw or floods a system with traffic in order to prevent legit activities or transactions from occurring?

DoS

As the victim of a Smurf attack, what protection measure is the most effective during the attack?

Communicating with your upstream provider.

Which of the following is an example of privilege escalation?

Creeping privileges

You suspect that an Xmas Tree attack is occurring on a system. Which of the following could result? (2)

The system will be unavailable to legit requests, the threat agent will obtain information about open ports.

An attacker uses an exploit to push a modified hosts file to client systems. This host file redirects traffic from legit tax preparation sites to malicious sites tho gather personal and financial info. What kind of attacks? (2)

Pharming, DNS poisoning.

An attacker sends unwanted and unsolicited emails to multiple recipients with malware attachments. What type of attack is this?

Spam.

Which of the following is a common form of social engineering attack?

Hoax virus info emails

Which of the following is not a form of social engineering?

Logging on with stolen credentials.

You have just received a generic looking email that is addressed as coming from an admin of your company. The email says that part of the system upgrade means you have to go to a website and enter your user/pass at a new website so you can manage your email and spam using that service. What should you do?

Verify the email was sent by the admin, and check if the new service is legit.

On your way to the back entrance of the building at work one morning, a man dressed as a plumber asks you to let him in so he can fix the restroom. What do?

Direct him to the front entrance and instruct him to check with the receptionist.

Dumpster diving is a low tech means of gathering info that may be useful in gaining unauthorized access, or as a staring point for more advanced attacks. How can companies reduce the risks of this?

Establish and enforce a document destruction policy.

Which of the following are examples of social engineering?(2)

Dumpster diving, Shoulder surfing.

What is the primary difference between impersonation and masquerading?

One is more active, one is more passive.

Which of the following social engineering attacks uses VOIP to gain sensitive info?

Vishing.

A senior executive reports that she received a sus email concerning a sensitive internal project that is behind production. The email is sent from someone she doesn’t know and he is asking for immediate clarification on several of the project’s details so that it can get back on schedule. What type of attack best describes this?

Whaling

Your company security policy states that wireless networks are not to be used because of the potential security risk they present to the network. One day you find an employee has connected to a wireless access point to the network in his office. What type of security risk is this?

Rogue access point.

Which of the following describes marks that attackers place outside a building to identify open wireless network?

War Chalking

The process of walking around an office building with an 802.11 signal detector is known as what?

War driving

Which of the following best describes bluesnarfing?

Unauthorized viewing of a calendar email and messages on a mobile device.

Which of the following sends unsolicited business cards and messages to a bluetooth device?

Bluejacking

Which of the following is the best protection against attacks on mobile phones via bluetooth?

Disable bluetooth on the phone.

You are troubleshooting a wireless connectivity issue on a small office. You determine that 2.4 GHz cordless phones used in this office are interfering with the wireless network transmissions. If the cordless phones are causing the interference, which of the following wireless standards are they using? (2)

Share This
Flashcard

More flashcards like this

NCLEX 10000 Integumentary Disorders

When assessing a client with partial-thickness burns over 60% of the body, which finding should the nurse report immediately? a) ...

Read more

NCLEX 300-NEURO

A client with amyotrophic lateral sclerosis (ALS) tells the nurse, "Sometimes I feel so frustrated. I can’t do anything without ...

Read more

NASM Flashcards

Which of the following is the process of getting oxygen from the environment to the tissues of the body? Diffusion ...

Read more

Unfinished tasks keep piling up?

Let us complete them for you. Quickly and professionally.

Check Price

Successful message
sending