What is the main difference between a worm and a virus? |
A worm can replicate itself whereas a virus needs a host for distribution. |
What type of malware monitors your actions? |
Spyware |
A collection of zombie computers have been setup to collect personal information. What type of malware do the zombie computers represent? |
Botnet |
What is a program that appears to be a legitimate application, utility, game, or screensaver and that performs malicious activities surreptitiously? |
Trojan Horse |
Which of the following defines a logic bomb? |
A program that performs a malicious activity at a specific time or after a trigger event. |
What of the following is a characteristic of a virus? |
Requires an activation mechanism to run. |
Which of the following is undetectable software that allows admin level access? |
Rootkit |
Which of the following are characteristics of a rootkit? (2) |
Hides itself from detection, requires admin-level privileges for installation. |
You have heard about a new malware program that prevents itself to users as a virus scanner. When users run this software it installs itself as a hidden program that has admin level access to various OS components. The program then tracks system activity and allows an attacker to remotely gain admin access to this computer. What is this? |
Rootkit. |
While browsing the internet, you notice that the browser displays ads that are targeted towards recent keyword searches you have performed. What is this an example of? |
Adware. |
Devs in your company have created a web application that interfaces with a database server. During development, programmers created a special user account that bypasses normal security. What is this an example of? |
Backdoor. |
Which of the following best describes spyware? |
It monitors the actions you take on your machine and sends the info back to its originating source. |
What is the most common means of Virus distribution? |
|
What is the common name for a program that has no useful purpose, but attempts to spread itself to other system and often damages resources on the system where it is found? |
Virus |
Which of the following is not a primary characteristic of a worm? |
It infects the MBR of a harddrive. |
What is the primary distinguishing characteristic between a worm and a logic bomb? |
Self replication. |
What is another name for a logic bomb? |
Asynchronous attack. |
What is another name for a backdoor that was left in a product by the manufacturer by accident? |
Maintenance hook |
A relatively new employee in the data entry cubical farm was assigned a user account similar to that of all the other data entry employees. However, audit logs have shown that this user account has been used to change ACL's on several confidential files and has accessed the date in those areas. This situation indicates which of the following has occurred? |
Privilege escalation. |
Which type of malicious activity can be described as numerous unwanted and unsolicited email messages sent to a wide range of victims? |
Spamming |
What is the greatest thread to confidentiality in most secure organizations? |
USB devices |
If an SMTP server i not properly and securely configured, it can be hijacked and used maliciously as an SMTP relay agent. Which type of activity could result? |
Spam |
You want to prevent your browser from running JavaScript commands that are potentially harmful. What of the following would you restrict to allow this? |
Client-Side Scripts |
Which of the following is the main difference between a DoS attack and a DDoS attack? |
DDoS uses zombie computers. |
While using the internet, you type the URL of one of your favourite sites in the browser. Instead of going to the correct site, however, the browser displays a completely different website. When you use an IP address of the web server, it displays correctly. Why? |
A DNS poisoning attack. |
Which of the following attacks tries to associate an incorrect MAC address with a known IP address? |
ARP Poisoning |
What are the most common network traffic packets captured and used in a replay attack? |
Authentication |
When a malicious user captures authentication traffic and replays it against the network later,what is the security problem you are most concerned about? |
An unauthorized user getting access to sensitive resources. |
A router on the border of your network detects a packet with source address that is from an internal client but the packet was received on the Internet facing interface. This is an example of what? |
Spoofing |
What is modified in the most common form of spoofing on a typical IP packet? |
Source address |
Which type of activity changes or falsifies information in order to mislead or redirect traffic? |
Spoofing |
What is spoofing? |
Changing or falsifying information in order to mislead or redirect traffic. |
Which type of DoS attack occurs when a name server receives malicious or misleading data that incorrectly maps host names and IP addresses? |
DNS poisoning. |
Which of the following describes a man in the middle attack? |
A false server intercepts communications from a client by impersonating the intended server. |
Capturing packets as they travel from one host to another with the intent of altering the contents of the packets is a form of which security concern? |
Man in the middle attack. |
Which of the following could easily result in a DoS attack if the victimized system had too little free storage capacity? |
Spam |
An attacker sets up 100 drone computers that flood a DNS server with invalid requests. This is an example of which kind of attack? |
DDoS |
An attacker has obtained the logon credentials for a regular user on your network. Which type of security exists if this user account is used to perform admin functions? |
Which of the following is an example of an internal threat? |
Which of the following is a form of attack that tricks victims into providing confidential information through emails or websites that impersonate as an online entity the victim trusts? |
Phishing |
Which of the following are DoS attacks? |
Fraggle, Smurf. |
Which is a form of attack that either exploits a software flaw or floods a system with traffic in order to prevent legit activities or transactions from occurring? |
DoS |
As the victim of a Smurf attack, what protection measure is the most effective during the attack? |
Communicating with your upstream provider. |
Which of the following is an example of privilege escalation? |
Creeping privileges |
You suspect that an Xmas Tree attack is occurring on a system. Which of the following could result? (2) |
The system will be unavailable to legit requests, the threat agent will obtain information about open ports. |
An attacker uses an exploit to push a modified hosts file to client systems. This host file redirects traffic from legit tax preparation sites to malicious sites tho gather personal and financial info. What kind of attacks? (2) |
Pharming, DNS poisoning. |
An attacker sends unwanted and unsolicited emails to multiple recipients with malware attachments. What type of attack is this? |
Spam. |
Which of the following is a common form of social engineering attack? |
Hoax virus info emails |
Which of the following is not a form of social engineering? |
Logging on with stolen credentials. |
You have just received a generic looking email that is addressed as coming from an admin of your company. The email says that part of the system upgrade means you have to go to a website and enter your user/pass at a new website so you can manage your email and spam using that service. What should you do? |
Verify the email was sent by the admin, and check if the new service is legit. |
On your way to the back entrance of the building at work one morning, a man dressed as a plumber asks you to let him in so he can fix the restroom. What do? |
Direct him to the front entrance and instruct him to check with the receptionist. |
Dumpster diving is a low tech means of gathering info that may be useful in gaining unauthorized access, or as a staring point for more advanced attacks. How can companies reduce the risks of this? |
Establish and enforce a document destruction policy. |
Which of the following are examples of social engineering?(2) |
Dumpster diving, Shoulder surfing. |
What is the primary difference between impersonation and masquerading? |
One is more active, one is more passive. |
Which of the following social engineering attacks uses VOIP to gain sensitive info? |
Vishing. |
A senior executive reports that she received a sus email concerning a sensitive internal project that is behind production. The email is sent from someone she doesn't know and he is asking for immediate clarification on several of the project's details so that it can get back on schedule. What type of attack best describes this? |
Whaling |
Your company security policy states that wireless networks are not to be used because of the potential security risk they present to the network. One day you find an employee has connected to a wireless access point to the network in his office. What type of security risk is this? |
Rogue access point. |
Which of the following describes marks that attackers place outside a building to identify open wireless network? |
War Chalking |
The process of walking around an office building with an 802.11 signal detector is known as what? |
War driving |
Which of the following best describes bluesnarfing? |
Unauthorized viewing of a calendar email and messages on a mobile device. |
Which of the following sends unsolicited business cards and messages to a bluetooth device? |
Bluejacking |
Which of the following is the best protection against attacks on mobile phones via bluetooth? |
Disable bluetooth on the phone. |
You are troubleshooting a wireless connectivity issue on a small office. You determine that 2.4 GHz cordless phones used in this office are interfering with the wireless network transmissions. If the cordless phones are causing the interference, which of the following wireless standards are they using? (2) |
... |