True/False
Indicate whether the sentence or statement is true
or false.
|
|
1.
|
A SYN
flood exploits the nature of the TCP three-way handshake.
|
|
2.
|
Smurf
is an OS-specific attack that uses the network to amplify its effect on the victim.
|
|
3.
|
Spoofing ARP packets and performing man-in-the-middle attacks is called ARP
poisoning.
|
|
4.
|
Viruses are self-replicating programs that spread by infecting other
programs.
|
Multiple Choice
Identify the
letter of the choice that best completes the statement or answers the question.
|
|
5.
|
An
attack that belongs to a family of attack methods that have the objective of making target systems
unavailable to their legitimate users is called a(n): a. | kiddie
script | c. | brute
force | b. | denial-of-service | d. | spoofing | | | | |
|
|
|
|
|
6.
|
What
type of attack is being illustrated in the figure above? a. | UDP
flooding | c. | denial-of-service | b. | spoofing | d. | distributed denial-of-service | | | | |
|
|
7.
|
What
method is used on LANs to map a host's IP address with it's physical address?
|
|
8.
|
An
attack method in which the attacker places himself between two communicating hosts and listens in on
their session is called: a. | ARP poisoning | c. | Man in the middle | b. | DNS
spoofing | d. | All of the
above | | | | |
|
|
9.
|
What
exploits trust in the real world between people to gain information that attackers can then use to
gain access to computer system? a. | dumpster diving | c. | social engineering | b. | online
attacks | d. | birthday
attack | | | | |
|
|
10.
|
What
type of attack uses chat and e-mail to exploit trust relationships? a. | online
attack | c. | mathematical
attack | b. | birthday attack | d. | password guessing | | | | |
|
|
11.
|
What
type of attack will use properties of the cryptographic algorithm to discover its secret
keys? a. | birthday
attack | c. | password
guessing | b. | mathematical attack | d. | All of the above | | | | |
|
|
12.
|
An
example of malicious software or malware might be: a. | viruses | c. | Trojan
horses | b. | worms | d. | All of the above | | | | |
|
|
13.
|
An
example of the type of worms that exploited Microsoft's IIS Server is: a. | Melissa | c. | ILOVEYOU | b. | Nimda | d. | All of the above | | | | |
|
|
14.
|
A
type of malware that allows a malevolent user to gain remote access with the knowledge or permission
of its owner is called a(n): a. | virus | c. | backdoor | b. | worm | d. | All of the
above | | | | |
|
|
15.
|
An
example of a backdoor program is: a. | Back Office | c. | NetBus | b. | Naked
Wife | d. | All of the
above | | | | |
|
|
|
|
|
16.
|
What
action is taking place in the figure above? a. | egress filtering | c. | IP address spoofing | b. | ingress
filtering | d. | DNS
spoofing | | | | |
|
|
17.
|
Which
of the following should be done to prevent IP spoofing? a. | leave the DNS
server unsecure | b. | enable source routing on all internal
routers | c. | filter out packets entering the LAN from the Internet that have
a source address of the LAN | d. | All of the above | | |
|
|
18.
|
What
is the attack called in which the aggressor poses as the victim's legitimate DNS
server? a. | ARP
poisoning | c. | man in the
middle | b. | DNS spoofing | d. | Web spoofing | | | | |
|
|
|
|
|
19.
|
What
type of attack is being illustrated in the figure above? a. | birthday | c. | replay | b. | guess | d. | brute force | | | | |
|
|
20.
|
What
technique is used so that a file is encoded so only the intended recipient may read the original
contents? a. | encryption | c. | key | b. | algorithm | d. | password | | | | |
|
|
21.
|
How
can you void exploits by dumpster diving? a. | use a paper shredder | c. | bulk erase magnetic media | b. | secure
dumpsters | d. | all of the
above | | | | |
|
|
22.
|
Virus
databases can be found at the following company(ies) a. | Network
Associates | c. | Computer
Associates | b. | Symantec | d. | All of the above | | | | |
|
|
23.
|
Backdoor programs can be installed on victim machines by which of the following
methods: a. | Trojan
horse | c. | worms | b. | uploading control software | d. | All of the above | | | | |
|
|
24.
|
What
approach to password cracking uses a predetermined list of words? a. | filtering | c. | thesaurus | b. | dictionary | d. | guessing | | | | |
|
|
25.
|
You
can protect your company from social engineering attacks by: a. | having a solid
organizational policy | b. | communicating security needs only to the CEO and
CIO | c. | sharing
passwords with others | d. | All of the above | | |
|
Matching
|
|
|
Please match the best term from the list below to the most appropriate
concept. a. | handler | e. | brute
force | b. | smurf | f. | malware | c. | DNS
spoofing | g. | software
exploitation | d. | backdoor | h. | social engineering | | | | |
|
|
26.
|
A DoS
attack that uses directed broadcasts to swamp the victim in traffic.
|
|
27.
|
A
piece of malware that allows a malevolent user to gain remote access without the knowledge of the
owner.
|
|
28.
|
A
class of attacks that use trickery on people to accomplish a goal.
|
|
29.
|
A DoS
attack program that controls agents or zombies.
|
|
30.
|
Examples of this are a virus and a Trojan horse
|
|
|
Please match the best term from the list below to the most appropriate
concept. a. | loopback
address | e. | worm | b. | sniffer | f. | SMTP | c. | MAC | g. | SYN flood | d. | TCP/IP | h. | spoofing | | | | |
|
|
31.
|
A
program that intercepts and reads each network packet on an Ethernet LAN.
|
|
32.
|
A
protocol used to exchange e-mail between servers on the Internet
|
|
33.
|
A DoS
attack against servers that makes it impossible for the victim to accept new TCP
connections.
|
|
34.
|
The
act of falsely identifying a packet's IP address.
|
|
35.
|
A
hardware address that uniquely identified each node of a LAN subnet.
|