Chapter 3 Test Bank

Multiple-Choice Questions

1. Maria's company recently experienced a major system outage due to the failure of a
critical component. During that time period, the company did not register any sales
through its online site. Which type of loss did the company experience as a result of lost
sales?

A. Replacement cost
B. Opportunity cost
C. Manpower cost
D. Cost of good sold

Answer: B Reference: Service Availability and Productivity

Explanation: Opportunity cost is the amount of money a company loses due to

downtime. Downtime can be either intentional or unintentional, but either kind directly
affects system availability.

Type: Multiple Choice Difficulty: Medium Category: Understand

2. Yuri is a skilled computer security expert who attempts to break into the systems
belonging to his clients. He has permission from the clients to perform this testing as
part of a paid contract. What type of person is Yuri?

A. Cracker
B. White-hat hacker
C. Black-hat hacker
D. Grey-hat hacker

Answer: B Reference: Whom Are You Trying to Catch?

Explanation: White-hat hackers are information security professionals who have

authorization to identify vulnerabilities and perform penetration testing. The difference
between white-hat hackers and black-hat hackers is that white-hat hackers will identify
weaknesses for the purpose of fixing them, and black-hat hackers find weaknesses just
for the fun of it or to exploit them.

Type: Multiple Choice Difficulty: Medium Category: Understand

3. Which tool can capture the packets transmitted between systems over a network?

A. Wardialer
B. OS fingerprinter
C. Port scanner
D. Protocol analyzer

Answer: D Reference: Attack tools

Explanation: A protocol analyzer, or packet sniffer, is a software program that enables a

computer to monitor and capture network traffic, whether on a LAN or a wireless
network.

Type: Multiple Choice Difficulty: Medium Category: Remember

4. Bob is using a port scanner to identify open ports on a server in his environment. He is
scanning a web server that uses Hypertext Transfer Protocol (HTTP). Which port should
Bob expect to be open to support this service?

A. 21
B. 23
C. 80
D. 443

Answer: C Reference: Port Scanners

Explanation: The unencrypted HTTP protocol uses port 80 to support web traffic.
Encrypted web traffic uses the HTTPS protocol over port 443.

Type: Multiple Choice Difficulty: Medium Category: Analyze

5. Which type of denial of service attack exploits the existence of software flaws to
disrupt a service?

A. SYN flood attack

B. Smurf attack
C. Logic attack
D. Flooding attack
Answer: C Reference: Denial-of-Service Attacks

Explanation: Logic attacks use software flaws to crash or seriously hinder the
performance of remote servers. Flooding attacks, such as Smurf and SYN flood attacks,
overwhelm the victim computer's CPU, memory, or network resources.

Type: Multiple Choice Difficulty: Medium Category: Understand

6. Tony is working with a law enforcement agency to place a wiretap pursuant to a

legitimate court order. The wiretap will monitor communications without making any
modifications. What type of wiretap is Tony placing?

A. Active wiretap
B. Between-the-lines wiretap
C. Piggyback-entry wiretap
D. Passive wiretap

Answer: D Reference: Wiretapping

Explanation: Wiretapping can be active, where the attacker makes modifications to the
line, or it can be passive, where an unauthorized user simply listens to the transmission
without changing the contents. Between-the-lines wiretaps and piggyback-entry
wiretaps are examples of active wiretaps.

Type: Multiple Choice Difficulty: Hard Category: Understand

7. Users throughout Alison's organization have been receiving unwanted commercial

messages over the organization's instant messaging program. What type of attack is
taking place?

A. Spam
B. Phishing
C. Social engineering
D. Spim

Answer: D Reference: Spam and Spim

Explanation: Spim attacks send unwanted commercial messages over instant messaging.
There is no indication in the scenario that the messages are trying to trick users, which
would place them into the categories of phishing and/or social engineering.

Type: Multiple Choice Difficulty: Easy Category: Understand

8. Which term describes an action that can damage or compromise an asset?

A. Risk
B. Vulnerability
C. Countermeasure
D. Threat

Answer: D Reference: What Are Risks, Threats, and Vulnerabilities?

Explanation: A threat is any action that can damage or compromise an asset. Risk is the
probability that something bad is going to happen. A vulnerability is a weakness, such as
in the design of a system or in software code. A countermeasure is an action or control
that detects vulnerabilities, prevents attacks, and responds to the effects of successful
attacks.

Type: Multiple Choice Difficulty: Easy Category: Remember

9. Which one of the following is an example of a disclosure threat?

A. Espionage
B. Alteration
C. Denial
D. Destruction

Answer: A Reference: Disclosure Threats

Explanation: Espionage is an example of a disclosure threat. It is the act of spying to

obtain secret information, typically to aid another nation state. Terrorists and enemy
agents might well be involved in activities to obtain sensitive government information
that they can use to perpetuate future attacks.

Type: Multiple Choice Difficulty: Medium Category: Understand

10. Which type of attack involves the creation of some deception in order to trick
unsuspecting users?

A. Interception
B. Interruption
C. Fabrication
D. Modification

Answer: C Reference: What Is a Malicious Attack?

Explanation: The four general categories of attack are fabrications, interceptions,

interruptions, and modifications. Fabrications involve the creation of some deception in
order to trick unsuspecting users.

Type: Multiple Choice Difficulty: Easy Category: Remember

11. Which password attack is typically used specifically against password files that
contain cryptographic hashes?

A. Brute-force attacks
B. Dictionary attacks
C. Birthday attacks
D. Social engineering attacks

Answer: C Reference: Birthday Attacks

Explanation: While all of the attack types mentioned may be used against passwords,
only the birthday attack specifically targets the cryptographic hashes stored in a system's
password file.

Type: Multiple Choice Difficulty: Medium Category: Understand

12. Brian notices an attack taking place on his network. When he digs deeper, he realizes
that the attacker has a physical presence on the local network and is forging Media
Access Control (MAC) addresses. Which type of attack is most likely taking place?

A. Address Resolution Protocol (ARP) poisoning

B. Internet Protocol (IP) spoofing
C. URL hijacking
D. Christmas attack
Answer: A Reference: IP Address Spoofing

Explanation: ARP poisoning is an example of a spoofing attack. In this attack, the attacker
spoofs the MAC address of a targeted device, such as a server, by sending false ARP
resolution responses with a different MAC address. This causes duplicate network traffic
to be sent from the server.

Type: Multiple Choice Difficulty: Hard Category: Analyze

13. In which type of attack does the attacker attempt to take over an existing connection
between two systems?

A. Man-in-the-middle attack
B. URL hijacking
C. Session hijacking
D. Typosquatting

Answer: C Reference: Hijacking

Explanation: In a session hijacking attack, the attacker attempts to take over an existing
connection between two network computers.

Type: Multiple Choice Difficulty: Medium Category: Remember

14. Which group is the most likely target of a social engineering attack?

A. Receptionists and administrative assistants

B. Information security response team
C. Internal auditors
D. Independent contractors

Answer: A Reference: Social Engineering

Explanation: While any employee or contractor may be the target of a social engineering
attack, these attacks often target initial contacts within an organization, such as
receptionists and administrative assistants.

Type: Multiple Choice Difficulty: Medium Category: Analyze

15. What type of malicious software masquerades as legitimate software to entice the
user to run it?

A. Virus
B. Worm
C. Trojan horse
D. Rootkit

Answer: C Reference: What Is Malicious Software?

Explanation: A Trojan horse, also called a Trojan, is malware that masquerades as a

useful program. Trojan horse programs use their outward appearance to trick users into
running them. They look like programs that perform useful tasks, but actually, they hide
malicious code.

Type: Multiple Choice Difficulty: Easy Category: Remember

16. An attacker attempting to break into a facility pulls the fire alarm to distract the
security guard manning an entry point. Which type of social engineering attack is the
attacker using?

A. Vishing
B. Urgency
C. Whaling
D. Authority

Answer: B Reference: Social Engineering Attacks

Explanation: In an urgency attack, the attacker uses some sort of urgent or emergency
situation to get someone to perform an action or divulge information.

Type: Multiple Choice Difficulty: Medium Category: Understand

17. Barry discovers that an attacker is running an access point in a building adjacent to
his company. The access point is broadcasting the security set identifier (SSID) of an
open network owned by the coffee shop in his lobby. Which type of attack is likely taking
place?

A. Evil twin
B. Wardriving
C. Bluesnarfing
D. Replay attack

Answer: A Reference: Wireless Network Attacks

Explanation: In an evil twin attack, the attacker deploys a fake open or public wireless
network to use a packet sniffer on any user who connects to it.

Type: Multiple Choice Difficulty: Medium Category: Analyze

18. Which type of attack against a web application uses a newly discovered vulnerability
that is not patchable?

A. SQL injection
B. Cross-site scripting
C. Cross-site request forgery
D. Zero-day attack

Answer: D Reference: Web Application Attacks

Explanation: Zero-day attacks exploit new vulnerabilities that have not yet been patched
by the vendor, making them very difficult to defeat.

Type: Multiple Choice Difficulty: Medium Category: Understand

19. Which control is not designed to combat malware?

A. Firewalls
B. Antivirus software
C. Awareness and education efforts
D. Quarantine computers

Answer: A Reference: What Is a Countermeasure?

Explanation: Firewalls are designed to control connections between networks of

differing trust levels and do not specifically target malware. Antivirus software,
quarantine systems, and awareness/education efforts are all effective controls against
malware.
Type: Multiple Choice Difficulty: Easy Category: Understand

20. Florian recently purchased a set of domain names that are similar to those of
legitimate websites and used the newly purchased sites to host malware. Which type of
attack is Florian using?

A. Cross-site scripting
B. Session hijacking
C. SQL injection
D. Typosquatting

Answer: D Reference: Hijacking

Explanation: In a typosquatting attack, the attacker purchases domain names similar to

those of legitimate sites and hosts malicious sites in their place.

Type: Multiple Choice Difficulty: Medium Category: Understand

True/False Questions

1. When servers need operating system upgrades or patches, administrators take them
offline intentionally so they can perform the necessary work without risking malicious
attacks.

A. True
B. False

Answer: A Reference: Service Availability and Productivity

Explanation:

Type: True/False

2. An attacker uses exploit software when wardialing.

A. True
B. False
Answer: B Reference: Exploit Software

Explanation: An attacker will use exploit software when performing vulnerability

assessments and intrusive penetration testing, not wardialing.

Type: True/False

3. Wardialers are becoming more frequently used given the rise of Voice over IP (VoIP).

A. True
B. False

Answer: B Reference: Wardialers

Explanation: Wardialers are becoming more archaic and less often used.

Type: True/False

4. Failing to prevent an attack all but invites an attack.

A. True
B. False

Answer: A Reference: Operation Get Rich or Die Tryin'

Explanation:

Type: True/False

5. A DoS attack is a coordinated attempt to deny service by occupying a computer to

perform large amounts of unnecessary tasks.

A. True
B. False

Answer: A Reference: Denial-of-Service Attacks

Explanation:

Type: True/False

6. A rootkit uses a directed broadcast to create a flood of network traffic for the victim
computer.

A. True
B. False

Answer: B Reference: Denial-of-Service Attacks

Explanation: The smurf attack uses a directed broadcast to create a flood of network
traffic for the victim computer.

Type: True/False

7. Denial of service (DoS) attacks are larger in scope than distributed denial of service
(DDoS) attacks.

A. True
B. False

Answer: B Reference: Distributed Denial-of-Service Attacks

Explanation: DDoS attacks are larger in scope than DoS attacks. In a DDoS attack,
attackers hijack hundreds or even thousands of Internet computers, planting automated
attack agents on those systems.

Type: True/False

8. A phishing email is a fake or bogus email intended to trick the recipient into clicking
on an embedded URL link or opening an email attachment.

A. True
B. False

Answer: A Reference: Spam and Spim

Explanation:

Type: True/False

9. Rootkits are malicious software programs designed to be hidden from normal

methods of detection.

A. True
B. False

Answer: A Reference: Backdoors

Explanation:

Type: True/False

10. The anti-malware utility is one of the most popular backdoor tools in use today.

A. True
B. False

Answer: B Reference: Backdoors

Explanation: The netcat utility is one of the most popular backdoor tools in use today.

Type: True/False

11. Spam is some act intended to deceive or trick the receiver, normally in email
messages.

A. True
B. False

Answer: B Reference: Hoaxes

Explanation: A hoax is some act intended to deceive or trick the receiver. In this context,
hoaxes normally travel in email messages.
Type: True/False

12. An alteration threat violates information integrity.

A. True
B. False

Answer: A Reference: Alteration Threats

Explanation:

Type: True/False

13. A birthday attack is a type of cryptographic attack that is used to make brute-force
attack of one-way hashes easier.

A. True
B. False

Answer: A Reference: Birthday Attacks

Explanation:

Type: True/False

14. A dictionary password attack is a type of attack in which one person, program, or
computer disguises itself as another person, program, or computer to gain access to
some resource.

A. True
B. False

Answer: B Reference: What Is a Malicious Attack?

Explanation: Spoofing is a type of attack in which one person, program, or computer

disguises itself as another person, program, or computer to gain access to some
resource.
Type: True/False

15. A man-in-the-middle attack takes advantage of the multihop process used by many
types of networks.

A. True
B. False

Answer: A Reference: Man-in-the-Middle Attacks

Explanation:

Type: True/False

16. A phishing attack "poisons" a domain name on a domain name server.

A. True
B. False

Answer: B Reference: Pharming

Explanation: Pharming "poisons" a domain name on a domain name server. Phishing

attempts to scam people one at a time with an email or instant message.

Type: True/False

17. The main difference between a virus and a worm is that a virus does not need a host
program to infect.

A. True
B. False

Answer: B Reference: Worms

Explanation: The main difference between a virus and a worm is that a worm does not
need a host program to infect. The worm is a standalone program.
Type: True/False

18. Spyware gathers information about a user through an Internet connection, without
his or her knowledge.

A. True
B. False

Answer: A Reference: Spyware

Explanation:

Type: True/False

19. Vishing is a type of wireless network attack.

A. True
B. False

Answer: B Reference: What Are Common Types of Attacks?

Explanation: Vishing is a type of social engineering attack where a person performs a

phishing attack by telephone in order to elicit personal information.

Type: True/False

20. Using a secure logon and authentication process is one of the six steps used to
prevent malware.

A. True
B. False

Answer: A Reference: Countering Malware

Explanation:

Type: True/False
True/False Question Stats
Total True/False Questions: 20

Multiple-Choice Question Stats

Total Multiple-Choice Questions: 20

Category Stats
Analyze: 4
Apply: 0
Evaluate: 0
Remember: 5
Understand: 11

Difficulty Stats
Easy: 5 Medium: 13 Hard: 2

Total Questions in Test Bank: 40