Assignment
1. Why are database attacks that inject data a concern for organizations?
A. False data might be added
B. Malicious code could be injected
C. Databases could be filled
D. All of the above
2. Which of the following options is a useful defense against database attacks?
A. Nonstandard ports
B. Firewalls
C.OS security
D. All of the above
3. What is XSS?
A. eXtensible Security Scanner
B. Cross-site Scripting
C. Both A and B
D. Neither A nor B
4. What type of malware attempts to trick victims into purchasing software or providing their credit card numbers?
A. Virus
B. Scareware
C. Hoax
D. Logic Bomb
5. What is the name of a virus that changes itself when it spreads?
A. Multipartite
B. Macro
C. Polymorphic
D. Boot sector
6. Which of the following is a piece of code or software designed to lie in wait on a system until a specified event occurs?
A. Logic bomb
B. Scareware
C. Hoax
D. Virus
7. Which of the following types of viruses is designed to make the user take action even though no infection or threat exists?
A. Hoax
B. Macro
C. Polymorphic
D. Multipartite
8. Which of the following communication methods employs security mechanisms called trusted devices?
A.802.11
B. Infrared
C. Bluetooth
D.CSMA
9. WEP is vulnerable to __________.
A. cracking
B. DoS
C. sniffing
D. viruses
10. Using MAC filtering and enabling WPA2 encryption are examples of what sort of wireless security activity?
A. Security through obscurity
B. Locking down wireless access
C. Outmoded security practices
D. Methods to prevent legitimate wireless access
11. What capability is provided by inSSIDer?
A.WLAN access point troubleshooting
B. Infrared scanning
C. Bluetooth scanning
D. Wi-Fi security analysis reporting
12. In Linux, which of the following correctly denotes a hard drive in a machine?
A.mount_hda1
B.c:/drive1/
C./dev/hda1/
D./mnt/drive1/
13. Which of the following Linux directories contains system variables such as print and mail spoolers, log files, and process IDs?
/var
14. Approximately how many distributions of Linux are available in different forms and formats?
A.100
B.200
C.1,000
D.2,000
15. Who originally designed and created Linux?
A. Bill Gates
B. Linus Torvalds
C. Steve Jobs
D. Joseph Linux
16. Which of the following is best suited for environments where critical system-level assets need to be monitored?
A.HIDS
B. Firewall
C.NIDS
D.VPN
17. Which of the following best describes a proxy firewall?
A. It sends traffic through another host.
B. It acts as a gateway for requests arriving from the client.
C. It checks only the IP and protocol.
D. It is typically run on the host system
18. Which of the following provides the ability to monitor a network, host, or application, and report back when suspicious activity is detected?
A.IDS
B. Proxy server
C.VPN
D.DMZ
19. All but which of the following is commonly included in a security policy?
A. Appropriate response guidelines for the given security incident
B. The means through which responsible parties will be notified
C. The responsible person or parties that will take lead for responding
D. The city evacuation routes and emergency shelter contact information
20. Installing Netcat on a remote system by using an exploit is an example of what type of attack?
A. Privilege escalation
B. Default software exploit
C. Installing a back door
D. Rootkit installation
21. Which of the following best describes what occurs when a user attempts a connection to a Windows system without the standard username and password being provided?
A. NULL session
B. Privilege escalation
C. Enumeration
D. Backdoor
22. Which of the following best describes what occurs when a lower-level account is cracked in order to obtain increased access?
A.NULL session
B. Privilege escalation
C. Enumeration
D. Backdoor
23. Which of the following is an attack that uses the rights of a low-privilege user to assume higher privileges?
A. Root attack
B. User emulation
C. Rights modification
D. Privilege escalation
24. Which of the following is an example of inserting traffic into another system's traffic to take over its connection?
A. A session hijacking
B. An illegal activity
C. A tactic that enquires encryption
D. A user is using Wireshark
25. Which of the following attacks generally involves one computer targeting another, seeking to shut it down and deny legitimate use of its services?
A. Passive session hijacking
B. Active session hijacking
C. Denial of Service
D. Covert channel
26. Which of the following takes place on networks such as those that have a hub as the connectivity device?
A. Passive sniffing
B. Promiscuous sniffing
C. Active sniffing
D. Switched sniffing
27. Which of the following methods allows attackers to merge their intended payload with a harmless executable to create a single executable from the two?
A. Construction kit
B. Wrapper
C. Rootkit
D. Covert channel
28. Which of the following describes valid protection against malware?
A. Patching and updates
B. Antivirus
C. User education
D. All of the above
29. Which of the following is a type of Trojan designed to give an attacker control over a victim's system?
A. Data sending
B. Remote access
C. Destructive
D. Denial of Service (DoS)
30. Which of the following terms describes a malware program that helps the attacker gain remote access to a system?
A. Spyware
B. Backdoor
C. Virus
D. Worm.