Network Security Exam 1 Questions with Answers

Threat environment consists of the types of attackers and attacks that companies face. - ANSWER TRUE Confidentiality means that attackers cannot change or destroy information. - ANSWER FALSE The three common core g ...

Threat environment consists of the types of attackers and attacks that companies face. - ANSWER TRUE Confidentiality means that attackers cannot change or destroy information. - ANSWER FALSE The three common core goals of security are - ANSWER confidentiality, integrity, and availability If an attacker breaks into a corporate database and deletes critical files, this is a attack against the ________ security goal. - ANSWER integrity Which of the following are types of countermeasures? - ANSWER Preventative, Detective, Corrective When a threat succeeds in causing harm to a business, this is called a - ANSWER breach, compromise, incident Another name for safeguard is - ANSWER countermeasure Which of the following is a type of countermeasure? - ANSWER Detective,Corrective Preventative countermeasures identify when a threat is attacking and especially when it is succeeding. - ANSWER FALSE Detective countermeasures identify when a threat is attacking and especially when it is succeeding. - ANSWER TRUE Detective countermeasures keep attacks from succeeding. - ANSWER FALSE Preventative countermeasures keep attacks from succeeding. - ANSWER TRUE Most countermeasure controls are preventative controls. - ANSWER TRUE Most countermeasure controls are detective controls. - ANSWER FALSE The attack method used in the Sony data breaches was - ANSWER SQL injection About how long was the Sony PlayStation Network offline as a result of the cyber attacks? - ANSWER 3 weeks Which hacker group was likely involved in the Sony data breaches? - ANSWER LulzSec Why did hackers attack Sony Corp? - ANSWER Because Sony was suing a fellow hacker What were the approximate dollar losses for the series of data breaches against Sony Corp? - ANSWER $171 million Employees pose an increased risk to organizations as they ofter have access to sensitive parts of systems. - ANSWER TRUE Employees often have extensive knowledge of systems and can pose a greater risk than external attackers. - ANSWER TRUE Employees are very dangerous because they - ANSWER often have access to sensitive parts of the system, are trusted by companies What type of employee is the most dangerous when it comes to internal IT attacks? - ANSWER IT security professionals ________ is the destruction of hardware, software, or data. - ANSWER Sabotage Misappropriation of assets is an example of employee financial theft. - ANSWER TRUE Downloading pornography can lead to sexual harassment lawsuits. - ANSWER TRUE You accidentally find someone's password and use it to get into a system. This is hacking. - ANSWER TRUE Someone sends you a "game." When you run it, it logs you into an IRS server. This is hacking. - ANSWER FALSE You have access to your home page on a server. By accident, you discover that if you hit a certain key, you can get into someone else's files. You spend just a few minutes looking around. This is hacking. - ANSWER TRUE The definition of hacking is "accessing a computer resource without authorization or in excess of authorization." - ANSWER FALSE When considering penalties for hacking, motivation is irrelevant. - ANSWER TRUE The definition of hacking is "intentionally accessing a computer resource without authorization or in excess of authorization." - ANSWER TRUE Penalties for hacking are ________. - ANSWER irrelevant of the amount stolen The terms "intellectual property" and "trade secret" are synonymous. - ANSWER FALSE In ________, the perpetrator tries to obtain money or other goods by threatening to take actions that would be against the victim's interest. - ANSWER extortion In hacking, the perpetrator tries to obtain money or other goods by threatening to take actions that would be against the victim's interest. - ANSWER FALSE In fraud, the perpetrator tries to obtain money or other goods by threatening to take actions that would be against the victim's interest. - ANSWER FALSE ________ consists of activities that violate a company's IT use policies or ethics policies. - ANSWER Abuse ________ is a generic term for "evil software." - ANSWER Malware ________ are programs that attach themselves to legitimate programs. - ANSWER Viruses ________ can spread through e-mail attachments. - ANSWER Viruses, Worms Some ________ can jump directly between computers without human intervention. - ANSWER worms The fastest propagation occurs with some types of ________. - ANSWER worms In a virus, the code that does damage is called the ________. - ANSWER payload Nonmobile malware can be on webpages that users download. - ANSWER TRUE A Trojan horse is a program that hides itself by deleting a system file and taking on the system file's name. - ANSWER TRUE A program that gives the attacker remote access control of your computer is specifically called a ________. - ANSWER RAT A ________ is a small program that, after installed, downloads a larger attack program. - ANSWER Downloader Which of the following can be a type of spyware? - ANSWER A cookie, A keystroke logger Most cookies are dangerous. - ANSWER FALSE Rootkits replace legitimate programs and are considered a deeper threat than a set of programs called Trojan horses. - ANSWER FALSE Which type of program can hide itself from normal inspection and detection? - ANSWER Rootkit Mobile code usually is delivered through ________. - ANSWER webpages Mobile code usually is contained in webpages. - ANSWER TRUE ________ attacks take advantage of flawed human judgment by convincing the victim to take actions that are counter to security policies. - ANSWER Social engineering The definition of spam is "unsolicited commercial e-mail." - ANSWER TRUE You receive an e-mail that seems to come from your bank. Clicking on a link in the message takes you to a website that seems to be your bank's website. However, the website is fake. This is called a ________ attack. - ANSWER phishing You receive an e-mail that seems to come from a frequent customer. It contains specific information about your relationship with the customer. Clicking on a link in the message takes you to a website that seems to be your customer's website. However, the website is fake. This is ________. - ANSWER spear fishing Most traditional external attackers were heavily motivated by ________. - ANSWER the thrill of breaking in Most traditional external hackers cause extensive damage or commit theft for money. - ANSWER FALSE Most traditional external hackers do not cause extensive damage or commit theft for money. - ANSWER TRUE Traditional hackers are motivated by ________. - ANSWER thrill, validation of power, doing damage as a by-product Attackers rarely use IP address spoofing to conceal their identities. - ANSWER FALSE In response to a chain of attack, victims can often trace the attack back to the final attack computer. - ANSWER TRUE ICMP Echo messages are often used in ________. - ANSWER IP address scanning Sending packets with false IP source addresses is called ________. - ANSWER IP address spoofing Attackers cannot use IP address spoofing in port scanning attack packets. - ANSWER TRUE The primary purpose for attackers to send port scanning probes to hosts is to identify which ports are open. - ANSWER FALSE To obtain IP addresses through reconnaissance, an attacker can use ________. - ANSWER a chain of attack computers Following someone through a secure door for access without using an authorized ID card or pass code is called ________. - ANSWER piggybacking Watching someone type their password in order to learn the password is called ________. - ANSWER shoulder surfing In pretexting, an attacker calls claiming to be a certain person in order to ask for private information about that person. - ANSWER TRUE Social engineering is rarely used in hacking. - ANSWER FALSE A(n) ________ attack attempts to make a server or network unavailable to serve legitimate users by flooding it with attack packets. - ANSWER DoS Which of the following are examples of social engineering? - ANSWER Wearing a uniform to give the appearance that you work at a business Gaining unauthorized access by following an authorized individual in to a business Generally speaking, script kiddies have high levels of technical skills. - ANSWER FALSE A(n) ________ attack requires a victim host to prepare for many connections, using up resources until the computer can no longer serve legitimate users. - ANSWER SYN Flooding A botmaster can remotely ________. - ANSWER fix a bug in the bots, update bots with new functionality Botnets usually have multiple owners over time. - ANSWER TRUE One of the two characterizations of expert hackers is ________. - ANSWER dogged persistence Sophisticated attacks often are difficult to identify amid the "noise" of many ________ attacks. - ANSWER script kiddie The dominant type of attacker today is the ________. - ANSWER career criminal