|
|
1. | Which type of attack denies authorized users access to network resources?
|
|
2. | Which type of attack uses more than one computer to attack the victim?
|
|
3. | A server in your network has a program running on it that bypasses authorization. Which type of attack has occurred?
|
|
4. | The attack that attempts to intervene in a communications session by inserting a computer between the two systems in communications is called a ______.
|
|
5. | You have discovered that an expired certificate is being used repeatedly to gain logon privileges. Which type of attack is this most likely to be?
|
|
6. | An attacker is attempting to use an IP address to replace another system in your network to gain access. Which type of attack is this?
|
|
7. | A server on your network will no longer accept connections using the TCP protocol. The server indicates that it has exceeded its session limit. Which type of attack is probably occurring?
|
|
8. | A Smurf attack uses which protocol to conduct the attack?
|
|
9. | Your help desk has informed you that they received an urgent call from the vice president last night requesting his logon ID and password. What type of attack is this?
|
|
10. | You are receiving e-mails from people indicating that you are sending viruses to them. You have received 200 today. Which type of attack has occurred?
|
|
11. | Your system has just stopped responding to keyboard commands. You noticed that this occurred when your spreadsheet was open and you dialed into the Internet. Which kind of attack has probably occurred?
|
|
12. | What do you call the type of virus that attempts to mask itself by hiding code from antivirus software?
|
|
13. | What is a virus that attaches itself to the boot sector of your disk and reports false information about file sizes called?
|
|
14. | A program that enters into a system in another program is called a _____.
|
|
15. | Your system has been acting unusual since you downloaded a file from a colleague. Upon examining your antivirus software, you notice that the virus definition file is missing. Which type of virus probably infected your system?
|
|
16. | Internal users are reporting repeated attempts to infect their systems. The virus seems to be the same one in each case. What is the most likely culprit?
|
|
17. | Your system log files report an ongoing attempt to gain access to a single account. This attempt has been unsuccessful to this point. What type of attack are you most likely experiencing?
|
|
18. | A user reports that he is receiving an error indicating that his TCP/IP address is already in use when he turns his computer on. Which attack is probably underway?
|
|
19. | You are working late one night and you notice that your hard disk is very active even though you are not doing anything on the computer. What would be a likely suspect?
|
|
20. | Your e-mail system error log reports a large number of unsuccessful attempts to logon. Which type of attack is probably occurring?
|
|
Answers
1. | A. A DoS or Denial of Service attack is intended to prevent access to network resources by overwhelming or flooding a service or network. |
2. | B. A DDoS or Distributed Denial of Service attack uses multiple computer systems to attack a server or host in the network. |
3. | C. A back door attack is an attack where a program or service is placed on a server to bypass normal security procedures. |
4. | A. A man in the middle attack attempts to fool both ends of a communications session into believing the system in the middle is the other end. |
5. | C. A replay attack attempts to replay the results of a previously successful session to gain access. |
6. | D. TCP/IP hijacking is an attempt to steal a valid IP address and use it to gain authorization or information from a network. |
7. | A. A TCP ACK attack will create multiple incomplete sessions. Eventually, the TCP protocol will hit a limit and refuse additional connections. |
8. | D. A Smurf attack attempts to use a broadcast ping on a network. The return address of the ping may be a valid system in your network. This system will be flooded with responses in a large network. |
9. | C. Someone trying to con your organization into revealing account and password information is launching a social engineering attack. |
10. | C. A worm is a type of malicious code that attempts to replicate using whatever means available. These people have been attacked by a worm that may not have come from your system, but from a system with your name in the address book. |
11. | A. A logic bomb notifies an attacker when a certain set of circumstances has occurred. This may in turn trigger an attack on your system. |
12. | A. An armored virus is designed to hide the signature of the virus behind code that confuses or blocks the antivirus software from detection. |
13. | B. A stealth virus reports false information to hide itself from the antivirus software. Stealth viruses often attach themselves to the boot sector of an operating system. |
14. | A. A Trojan horse enters with a legitimate program to accomplish its nefarious deeds. |
15. | B. Retroviruses are often referred to as anti-antiviruses. They can render your antivirus software unusable and leave you exposed to other less formidable viruses. |
16. | A. Some viruses will not damage a system in an attempt to spread into all the other systems in a network. These viruses use that system as the carrier of the virus. |
17. | A. A password guessing attack occurs when a user account is repeatedly attacked using a variety of different passwords. |
18. | D. One of the symptoms of a TCP/IP hijacking attack may be the unavailability of a TCP/IP address when the system is started. |
19. | B. A symptom for many viruses is unusual disk activity on the system disk. The virus spreading to other files on your system causes this. |
20. | A. A software exploitation attack attempts to exploit weaknesses in software. A common attack attempts to communicate with an established port to gain unauthorized access. Most e-mail servers use Port 25 for e-mail connections using SMTP. |
|
|