8. Which term describes an action that can damage or compromisean asset? A. Risk B. Vulnerability C. Countermeasure D. Threat 10. Which type of attack
8. Which term describes an action that can damage or compromisean asset?
A. Risk
B. Vulnerability
C. Countermeasure
D. Threat
10. Which type of attack involves the creation of some deceptionin order to trick unsuspecting users?
A. Interception
B. Interruption
C. Fabrication
D. Modification
11. Which password attack is typically used specifically againstpassword files that contain cryptographic hashes?
A. Brute-force attacks
B. Dictionary attacks
C. Birthday attacks
D. Social engineering attacks
15. What type of malicious software masquerades as legitimatesoftware to entice the user to run it?
A. Virus
B. Worm
C. Trojan horse
D. Rootkit
16. An attacker attempting to break into a facility pulls thefire alarm to distract the security guard manning an entry point.Which type of social engineering attack is the attacker using?
A. Vishing
B. Urgency
C. Whaling
D. Authority
17. Barry discovers that an attacker is running an access pointin a building adjacent to his company. The access point isbroadcasting the security set identifier (SSID) of an open networkowned by the coffee shop in his lobby. Which type of attack islikely taking place?
A. Evil twin
B. Wardriving
C. Bluesnarfing
D. Replay attack
18. Which type of attack against a web application uses a newlydiscovered vulnerability that is not patchable?
A. SQL injection
B. Cross-site scripting
C. Cross-site request forgery
D. Zero-day attack
19. Which control is not designed to combat malware?
A. Firewalls
B. Antivirus software
C. Awareness and education efforts
D. Quarantine computers
20. Florian recently purchased a set of domain names that aresimilar to those of legitimate websites and used the newlypurchased sites to host malware. Which type of attack is Florianusing?
A. Cross-site scripting
B. Session hijacking
C. SQL injection
D. Typosquatting
True/False Questions
1. When servers need operating system upgrades or patches,administrators take them offline intentionally so they can performthe necessary work without risking malicious attacks.
A. True
B. False
2. An attacker uses exploit software when wardialing.
A. True
B. False
3. Wardialers are becoming more frequently used given the riseof Voice over IP (VoIP).
A. True
B. False
4. Failing to prevent an attack all but invites an attack.
A. True
B. False
5. A DoS attack is a coordinated attempt to deny service byoccupying a computer to perform large amounts of unnecessarytasks.
A. True
B. False
6. A rootkit uses a directed broadcast to create a flood ofnetwork traffic for the victim computer.
A. True
B. False
7. Denial of service (DoS) attacks are larger in scope thandistributed denial of service (DDoS) attacks.
A. True
B. False
8. A phishing email is a fake or bogus email intended to trickthe recipient into clicking on an embedded URL link or opening anemail attachment.
A. True
B. False
9. Rootkits are malicious software programs designed to behidden from normal methods of detection.
A. True
B. False
10. The anti-malware utility is one of the most popular backdoortools in use today.
A. True
B. False
11. Spam is some act intended to deceive or trick the receiver,normally in email messages.
A. True
B. False
12. An alteration threat violates information integrity.
A. True
B. False
13. A birthday attack is a type of cryptographic attack that isused to make brute-force attack of one-way hashes easier.
A. True
B. False
14. A dictionary password attack is a type of attack in whichone person, program, or computer disguises itself as anotherperson, program, or computer to gain access to some resource.
A. True
B. False
15. A man-in-the-middle attack takes advantage of the multihopprocess used by many types of networks.
A. True
B. False
16. A phishing attack "poisons" a domain name on a domain nameserver.
A. True
B. False
17. The main difference between a virus and a worm is that avirus does not need a host program to infect.
A. True
B. False
18. Spyware gathers information about a user through an Internetconnection, without his or her knowledge.
A. True
B. False
19. Vishing is a type of wireless network attack.
A. True
B. False
20. Using a secure logon and authentication process is one ofthe six steps used to prevent malware.
A. True
B. False
Step by Step Solution
3.43 Rating (153 Votes )
There are 3 Steps involved in it
Step: 1
Description 8 A threat is an action that can damage or compromise an asset A threat is a potential source of harm or danger that can have negative consequences for an organization or individual Threat...See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started