Review Questions

1. 

Which type of attack denies authorized users access to network resources?

  1. DoS

  2. Worm

  3. Logic bomb

  4. Social engineering

a. a dos or denial of service attack is intended to prevent access tonetwork resources by overwhelming or flooding a service or network.

2. 

Which type of attack uses more than one computer to attack the victim?

  1. DoS

  2. DDoS

  3. Worm

  4. UDP attack

b. a ddos or distributed denial of service attack uses multiplecomputer systems to attack a server or host in the network.

3. 

A server in your network has a program running on it that bypasses authorization. Which type of attack has occurred?

  1. DoS

  2. DDoS

  3. Back door

  4. Social engineering

c. a back door attack is an attack where a program or service isplaced on a server to bypass normal security procedures.

4. 

The attack that attempts to intervene in a communications session by inserting a computer between the two systems in communications is called a ______.

  1. Man in the middle attack

  2. Back door attack

  3. Worm

  4. TCP/IP hijacking

a. a man in the middle attack attempts to fool both ends of a communications session into believing the system in the middle is theother end.

5. 

You have discovered that an expired certificate is being used repeatedly to gain logon privileges. Which type of attack is this most likely to be?

  1. Man in the middle attack

  2. Back door attack

  3. Replay attack

  4. TCP/IP hijacking

c. a replay attack attempts to replay the results of a previouslysuccessful session to gain access.

6. 

An attacker is attempting to use an IP address to replace another system in your network to gain access. Which type of attack is this?

  1. Man in the middle attack

  2. Back door attack

  3. Worm

  4. TCP/IP hijacking

d. tcp/ip hijacking is an attempt to steal a valid ip address and useit to gain authorization or information from a network.

7. 

A server on your network will no longer accept connections using the TCP protocol. The server indicates that it has exceeded its session limit. Which type of attack is probably occurring?

  1. TCP ACK attack

  2. Smurf attack

  3. Virus attack

  4. TCP/IP hijacking

a. a tcp ack attack will create multiple incomplete sessions.eventually, the tcp protocol will hit a limit and refuse additionalconnections.

8. 

A Smurf attack uses which protocol to conduct the attack?

  1. TCP

  2. IP

  3. UDP

  4. ICMP

d. a smurf attack attempts to use a broadcast ping on a network. thereturn address of the ping may be a valid system in your network. thissystem will be flooded with responses in a large network.

9. 

Your help desk has informed you that they received an urgent call from the vice president last night requesting his logon ID and password. What type of attack is this?

  1. Spoofing

  2. Replay attack

  3. Social engineering

  4. Trojan horse

c. someone trying to con your organization into revealing accountand password information is launching a social engineering attack.

10. 

You are receiving e-mails from people indicating that you are sending viruses to them. You have received 200 today. Which type of attack has occurred?

  1. Virus

  2. Back door attack

  3. Worm

  4. TCP/IP hijacking

c. a worm is a type of malicious code that attempts to replicateusing whatever means available. these people have been attacked bya worm that may not have come from your system, but from a systemwith your name in the address book.

11. 

Your system has just stopped responding to keyboard commands. You noticed that this occurred when your spreadsheet was open and you dialed into the Internet. Which kind of attack has probably occurred?

  1. Logic bomb

  2. Worm

  3. Virus

  4. ACK attack

a. a logic bomb notifies an attacker when a certain set of circumstances has occurred. this may in turn trigger an attack on your system.

12. 

What do you call the type of virus that attempts to mask itself by hiding code from antivirus software?

  1. Armored virus

  2. Polymorphic virus

  3. Worm

  4. Stealth virus

a. an armored virus is designed to hide the signature of the virusbehind code that confuses or blocks the antivirus software fromdetection.

13. 

What is a virus that attaches itself to the boot sector of your disk and reports false information about file sizes called?

  1. Trojan horse virus

  2. Stealth virus

  3. Worm

  4. Polymorphic virus

b. a stealth virus reports false information to hide itself from theantivirus software. stealth viruses often attach themselves to the bootsector of an operating system.

14. 

A program that enters into a system in another program is called a _____.

  1. Trojan horse virus

  2. Polymorphic virus

  3. Worm

  4. Armored virus

a. a trojan horse enters with a legitimate program to accomplish itsnefarious deeds.

15. 

Your system has been acting unusual since you downloaded a file from a colleague. Upon examining your antivirus software, you notice that the virus definition file is missing. Which type of virus probably infected your system?

  1. Polymorphic virus

  2. Retrovirus

  3. Worm

  4. Armored virus

b. retroviruses are often referred to as anti-antiviruses. they canrender your antivirus software unusable and leave you exposed toother less formidable viruses.

16. 

Internal users are reporting repeated attempts to infect their systems. The virus seems to be the same one in each case. What is the most likely culprit?

  1. A server is acting as a carrier for a virus.

  2. You have a worm virus.

  3. Your antivirus software has malfunctioned.

  4. A DoS attack is underway.

a. some viruses will not damage a system in an attempt to spreadinto all the other systems in a network. these viruses use that systemas the carrier of the virus.

17. 

Your system log files report an ongoing attempt to gain access to a single account. This attempt has been unsuccessful to this point. What type of attack are you most likely experiencing?

  1. Password guessing attack

  2. Back door attack

  3. Worm attack

  4. TCP/IP hijacking

a. a password guessing attack occurs when a user account isrepeatedly attacked using a variety of different passwords.

18. 

A user reports that he is receiving an error indicating that his TCP/IP address is already in use when he turns his computer on. Which attack is probably underway?

  1. Man in the middle attack

  2. Back door attack

  3. Worm

  4. TCP/IP hijacking

d. one of the symptoms of a tcp/ip hijacking attack may be theunavailability of a tcp/ip address when the system is started.

19. 

You are working late one night and you notice that your hard disk is very active even though you are not doing anything on the computer. What would be a likely suspect?

  1. A disk failure is imminent.

  2. A virus is spreading in your system.

  3. Your system is under a DoS attack.

  4. TCP/IP hijacking is being attempted.

b. a symptom for many viruses is unusual disk activity on the systemdisk. the virus spreading to other files on your system causes this.

20. 

Your e-mail system error log reports a large number of unsuccessful attempts to logon. Which type of attack is probably occurring?

  1. Software exploitation attack

  2. Back door attack

  3. Worm

  4. TCP/IP hijacking

a. a software exploitation attack attempts to exploit weaknessesin software. a common attack attempts to communicate with anestablished port to gain unauthorized access. most e-mail serversuse port 25 for e-mail connections using smtp.

Answers

1. 

A. A DoS or Denial of Service attack is intended to prevent access to network resources by overwhelming or flooding a service or network.

2. 

B. A DDoS or Distributed Denial of Service attack uses multiple computer systems to attack a server or host in the network.

3. 

C. A back door attack is an attack where a program or service is placed on a server to bypass normal security procedures.

4. 

A. A man in the middle attack attempts to fool both ends of a communications session into believing the system in the middle is the other end.

5. 

C. A replay attack attempts to replay the results of a previously successful session to gain access.

6. 

D. TCP/IP hijacking is an attempt to steal a valid IP address and use it to gain authorization or information from a network.

7. 

A. A TCP ACK attack will create multiple incomplete sessions. Eventually, the TCP protocol will hit a limit and refuse additional connections.

8. 

D. A Smurf attack attempts to use a broadcast ping on a network. The return address of the ping may be a valid system in your network. This system will be flooded with responses in a large network.

9. 

C. Someone trying to con your organization into revealing account and password information is launching a social engineering attack.

10. 

C. A worm is a type of malicious code that attempts to replicate using whatever means available. These people have been attacked by a worm that may not have come from your system, but from a system with your name in the address book.

11. 

A. A logic bomb notifies an attacker when a certain set of circumstances has occurred. This may in turn trigger an attack on your system.

12. 

A. An armored virus is designed to hide the signature of the virus behind code that confuses or blocks the antivirus software from detection.

13. 

B. A stealth virus reports false information to hide itself from the antivirus software. Stealth viruses often attach themselves to the boot sector of an operating system.

14. 

A. A Trojan horse enters with a legitimate program to accomplish its nefarious deeds.

15. 

B. Retroviruses are often referred to as anti-antiviruses. They can render your antivirus software unusable and leave you exposed to other less formidable viruses.

16. 

A. Some viruses will not damage a system in an attempt to spread into all the other systems in a network. These viruses use that system as the carrier of the virus.

17. 

A. A password guessing attack occurs when a user account is repeatedly attacked using a variety of different passwords.

18. 

D. One of the symptoms of a TCP/IP hijacking attack may be the unavailability of a TCP/IP address when the system is started.

19. 

B. A symptom for many viruses is unusual disk activity on the system disk. The virus spreading to other files on your system causes this.

20. 

A. A software exploitation attack attempts to exploit weaknesses in software. A common attack attempts to communicate with an established port to gain unauthorized access. Most e-mail servers use Port 25 for e-mail connections using SMTP.



CompTIA Security+ Study Guide. Exam SY0-101
Security+ Study Guide
ISBN: 078214098X
EAN: 2147483647
Year: 2006
Pages: 167

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net