Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
20 Cards in this Set
- Front
- Back
- 3rd side (hint)
|
1 CH4
You are the senior administrator for a bank. A user calls you on the telephone and says they were notified to contact you but couldn’t find your information on the company website. Two days ago, an email told them there was something wrong with their account and they needed to click a link in the email to fix the problem. They clicked the link and filled in the information, but now their account is showing a large number of transactions that they did not authorize. They were likely the victims of what type of attack? |
1
A) Spimming B) Phishing C) Pharming D) Escalating |
1 B
Sending an email with a misleading link to collect information is a phishing attack. |
|
|
2 CH4
As the security administrator for your organization, you must be aware of all types of attacks that can occur and plan for them. Which type of attack uses more than one computer to attack the victim? |
2
A) DoS B) DDoS C) Worm D) UDP attack |
2 B
A DDoS attack uses multiple computer systems to attack a server or host in the network. |
|
|
3 CH4
An alert signals you that a server in your network has a program running on it that bypasses authorization. Which type of attack has occurred? |
3
A) DoS B) DDoS C) Backdoor D) Social engineering |
3 C
In a backdoor attack, a program or service is placed on a server to bypass normal security procedures. |
|
|
4 CH4
An administrator at a sister company calls to report a new threat that is making the rounds. According to him, the latest danger is an attack that attempts to intervene in a communications session by inserting a computer between the two systems that are communicating. Which of the following types of attacks does this constitute? |
4
A) Man-in-the-middle attack B) Backdoor attack C) Worm D) TCP/IP hijacking |
4 A
A man-in-the-middle attack attempts to fool both ends of a communications session into believing the system in the middle is the other end. |
|
|
5 CH4
You’ve discovered that an expired certificate is being used repeatedly to gain logon privileges. Which type of attack is this most likely to be? |
5
A) Man-in-the-middle attack B) Backdoor attack C) Replay attack D) TCP/IP hijacking |
5 C
A replay attack attempts to replay the results of a previously successful session to gain access. |
|
|
6 CH4
A junior administrator comes to you in a panic. After looking at the log files, he has become convinced that an attacker is attempting to use an IP address to replace another system in the network to gain access. Which type of attack is this? |
6
A) Man-in-the-middle attack B) Backdoor attack C) Worm D) TCP/IP hijacking |
6 D
TCP/IP hijacking is an attempt to steal a valid IP address and use it to gain authorization or information from a network. |
|
|
7 CH4
A server on your network will no longer accept connections using TCP. The server indicates that it has exceeded its session limit. Which type of attack is probably occurring? |
7
A) TCP ACK attack B) Smurf attack C) Virus attack D) TCP/IP hijacking |
7 A
A TCP ACK attack creates multiple incomplete sessions. Eventually, the TCP protocol hits a limit and refuses additional connections. |
|
|
8 CH4
A smurf attack attempts to use a broadcast ping on a network; the return address of the ping may be a valid system in your network. Which protocol does a smurf attack use to conduct the attack? |
8
A) TCP B) IP C) UDP D) ICMP |
8 D
A smurf attack attempts to use a broadcast ping (ICMP) on a network. The return address of the ping may be a valid system in your network. This system will be flooded with responses in a large network. |
|
|
9 CH4
A user calls you in a panic. He is receiving emails from people indicating that he is inadvertently sending viruses to them. Over 200 such emails have arrived today. Which type of attack has most likely occurred? |
9
A) SAINT B) Backdoor attack C) Worm D) TCP/IP hijacking |
9 C
A worm is a type of malicious code that attempts to replicate using whatever means are available. The worm may not have come from the user’s system; rather, a system with the user’s name in the address book has attacked these people. |
|
|
10 CH4
Which type of attack denies authorized users access to network resources? |
10
A) DoS B) Worm C) Logic bomb D) Social engineering |
10 A
A DoS attack is intended to prevent access to network resources by overwhelming or flooding a service or network. |
|
|
11 CH4
Your system has just stopped responding to keyboard commands. You noticed that this occurred when a spreadsheet was open and you dialed in to the Internet. Which kind of attack has probably occurred? |
11
A) Logic bomb B) Worm C) Virus D) ACK attack |
11 A
A logic bomb notifies an attacker when a certain set of circumstances has occurred. This may in turn trigger an attack on your system. |
|
|
12 CH4
You’re explaining the basics of security to upper management in an attempt to obtain an increase in the networking budget. One of the members of the management team mentions that they’ve heard of a threat from a virus that attempts to mask itself by hiding code from antivirus software. What type of virus is he referring to? |
12
A) Armored virus B) Polymorphic virus C) Worm D) Stealth virus |
12 A
An armored virus is designed to hide the signature of the virus behind code that confuses the antivirus software or blocks it from detecting the virus. |
|
|
13 CH4
What kind of virus could attach itself to the boot sector of your disk to avoid detection and report false information about file sizes? |
13
A) Trojan horse virus B) Stealth virus C) Worm D) Polymorphic virus |
13 B
A stealth virus reports false information to hide itself from antivirus software. Stealth viruses often attach themselves to the boot sector of an operating system. |
|
|
14 CH4
A mobile user calls you from the road and informs you that his laptop is exhibiting erratic behavior. He reports that there were no problems until he downloaded a tic-tac-toe program from a site that he had never visited before. Which of the following terms describes a program that enters a system disguised in another program? |
14
A) Trojan horse virus B) Polymorphic virus C) Worm D) Armored virus |
14 A
A Trojan horse enters with a legitimate program to accomplish its nefarious deeds. |
|
|
15 CH4
Your system has been acting strangely since you downloaded a file from a colleague. Upon examining your antivirus software, you notice that the virus definition file is missing. Which type of virus probably infected your system? |
15
A) Polymorphic virus B) Retrovirus C) Worm D) Armored virus |
15 B
.Retroviruses are often referred to as anti-antiviruses. They can render your antivirus software unusable and leave you exposed to other, less-formidable viruses. |
|
|
16 CH4
Internal users are reporting repeated attempts to infect their systems as reported to them by pop-up messages from their virus-scanning software. According to the pop-up messages, the virus seems to be the same in every case. What is the most likely culprit? |
16
A) A server is acting as a carrier for a virus. B) You have a worm virus. C) Your antivirus software has malfunctioned. D) A DoS attack is under way. |
16 A
Some viruses won’t damage a system in an attempt to spread into all the other systems in a network. These viruses use that system as the carrier of the virus. |
|
|
17 CH4
Your system log files report an ongoing attempt to gain access to a single account. This attempt has been unsuccessful to this point. What type of attack are you most likely experiencing? |
17
A) Password-guessing attack B) Backdoor attack C) Worm attack D) TCP/IP hijacking |
17 A
A password-guessing attack occurs when a user account is repeatedly attacked using a variety of different passwords. |
|
|
18 CH4
A user reports that he is receiving an error indicating that his TCP/IP address is already in use when he turns on his computer. A static IP address has been assigned to this user’s computer, and you’re certain this address was not inadvertently assigned to another computer. Which type of attack is most likely underway? |
18
A) Man-in-the-middle attack B) Backdoor attack C) Worm D) TCP/IP hijacking |
18 D
One of the symptoms of a TCP/IP hijacking attack may be the unavailability of a TCP/IP address when the system is started. |
|
|
19 CH4
You’re working late one night, and you notice that the hard disk on your new computer is very active even though you aren’t doing anything on the computer and it isn’t connected to the Internet. What is the most likely suspect? |
19
A) A disk failure is imminent. B) A virus is spreading in your system. C) Your system is under a DoS attack. D) TCP/IP hijacking is being attempted. |
19 B
A symptom of many viruses is unusual activity on the system disk. This is caused by the virus spreading to other files on your system. |
|
|
20 CH4
You’re the administrator for a large bottling company. At the end of each month, you routinely view all logs and look for discrepancies. This month, your email system error log reports a large number of unsuccessful attempts to log on. It’s apparent that the email server is being targeted. Which type of attack is most likely occurring? |
20
A) Software exploitation attack B) Backdoor attack C) Worm D) TCP/IP hijacking |
20 A
A software exploitation attack attempts to exploit weaknesses in software. A common attack attempts to communicate with an established port to gain unauthorized access. Most email servers use port 25 for email connections using SMTP. |
