Which term describes an action that can damage or compromise an asset?

8. Which term describes an action that can damage or compromise an asset? A. Risk B. Vulnerability C. Countermeasure D. Threat 10. Which type of attack involves the creation of some deception in order to trick unsuspecting users? A. Interception B. Interruption C. Fabrication D. Modification 11. Which password attack is typically used specifically against password files that contain cryptographic hashes? A. Brute-force attacks B. Dictionary attacks C. Birthday attacks D. Social engineering attacks 15. What type of malicious software masquerades as legitimate software to entice the user to run it? A. Virus B. Worm C. Trojan horse D. Rootkit 16. An attacker attempting to break into a facility pulls the fire alarm to distract the security guard manning an entry point. Which type of social engineering attack is the attacker using? A. Vishing B. Urgency C. Whaling D. Authority 17. Barry discovers that an attacker is running an access point in a building adjacent to his company. The access point is broadcasting the security set identifier (SSID) of an open network owned by the coffee shop in his lobby. Which type of attack is likely taking place? A. Evil twin B. Wardriving C. Bluesnarfing D. Replay attack 18. Which type of attack against a web application uses a newly discovered vulnerability that is not patchable? A. SQL injection B. Cross-site scripting C. Cross-site request forgery D. Zero-day attack 19. Which control is not designed to combat malware? A. Firewalls B. Antivirus software C. Awareness and education efforts D. Quarantine computers 20. Florian recently purchased a set of domain names that are similar to those of legitimate websites and used the newly purchased sites to host malware. Which type of attack is Florian using? A. Cross-site scripting B. Session hijacking C. SQL injection D. Typosquatting True/False Questions 1. When servers need operating system upgrades or patches, administrators take them offline intentionally so they can perform the necessary work without risking malicious attacks. A. True B. False 2. An attacker uses exploit software when wardialing. A. True B. False 3. Wardialers are becoming more frequently used given the rise of Voice over IP (VoIP). A. True B. False 4. Failing to prevent an attack all but invites an attack. A. True B. False 5. A DoS attack is a coordinated attempt to deny service by occupying a computer to perform large amounts of unnecessary tasks. A. True B. False 6. A rootkit uses a directed broadcast to create a flood of network traffic for the victim computer. A. True B. False 7. Denial of service (DoS) attacks are larger in scope than distributed denial of service (DDoS) attacks. A. True B. False 8. A phishing email is a fake or bogus email intended to trick the recipient into clicking on an embedded URL link or opening an email attachment. A. True B. False 9. Rootkits are malicious software programs designed to be hidden from normal methods of detection. A. True B. False 10. The anti-malware utility is one of the most popular backdoor tools in use today. A. True B. False 11. Spam is some act intended to deceive or trick the receiver, normally in email messages. A. True B. False 12. An alteration threat violates information integrity. A. True B. False 13. A birthday attack is a type of cryptographic attack that is used to make brute-force attack of one-way hashes easier. A. True B. False 14. A dictionary password attack is a type of attack in which one person, program, or computer disguises itself as another person, program, or computer to gain access to some resource. A. True B. False 15. A man-in-the-middle attack takes advantage of the multihop process used by many types of networks. A. True B. False 16. A phishing attack “poisons” a domain name on a domain name server. A. True B. False 17. The main difference between a virus and a worm is that a virus does not need a host program to infect. A. True B. False 18. Spyware gathers information about a user through an Internet connection, without his or her knowledge. A. True B. False 19. Vishing is a type of wireless network attack. A. True B. False 20. Using a secure logon and authentication process is one of the six steps used to prevent malware. A. True B. False


8) opten D A (81 19) opti on C A 15 C D 16) B True falu 1. Tua 1 Falu 12. Taue 2. Touua 13. TRUE 3. Falre 14. False u. Toue ls True S Teuee 16 False 6. Fale l2 False Fals

Leave a Comment