Question 1

What is the term for when a large list of words are used to try and crack a password?&#10;A)Dictionary attack&#10;B)Brute-force attack&#10;C)Hybrid attack&#10;D)Lister crack

Accepted Answer

The term for when a large list of words are used to try and crack a password is a dictionary attack. This type of attack involves using a list of commonly used passwords, words from a dictionary, and variations of those words such as adding numbers or symbols. It is often used as a first step in password cracking attempts.

Option B, brute-force attack, is a type of password cracking technique that involves trying every possible combination of characters until the correct password is found.

Option C, hybrid attack, is a combination of both dictionary and brute-force techniques.

Option D, Lister crack, is not a known term or technique for password cracking.

Question 2

An attack that takes advantage of bugs or weaknesses in the software is referred to as what?&#10;A)A brute-force attack&#10;B)Software exploitation&#10;C)A dictionary attack&#10;D)Weakness exploitation

Accepted Answer

Software exploitation occurs when an attack takes advantage of bugs or weaknesses within software to gain unauthorized access or control. Brute-force attacks involve using automated tools to guess passwords by trying every possible combination, while dictionary attacks use a list of commonly used passwords to guess credentials. Weakness exploitation is a general term that could refer to any type of vulnerability being exploited, not just those related to software bugs or weaknesses.

Question 3

In a ___________ attack,the attacker sends a spoofed packet to the broadcast address for a network,which distributes the packet to all systems on that network.&#10;A)smurf&#10;B)denial-of-service&#10;C)viral&#10;D)worm

Accepted Answer

This type of attack is known as a Smurf attack, where the attacker sends a spoofed packet to the broadcast address of a network, causing all systems on the network to receive the packet and flood the target system with responses, overwhelming its capacity and causing it to crash. Denial-of-service attacks, viral attacks, and worm attacks do not involve the broadcast of packets to all systems on a network.

Question 4

Making data look like it has come from a different source is called&#10;A)Sniffing&#10;B)A man-in-the-middle attack&#10;C)A replay attack&#10;D)Spoofing

Accepted Answer

Spoofing involves altering the source of data to make it appear as though it has come from a different source. Sniffing involves capturing data packets as they are transmitted over a network. A man-in-the-middle attack involves intercepting and altering the communication between two parties. A replay attack involves capturing and reusing previously transmitted data.

Question 5

What is it called when a person registers a domain name,relinquishes it in less than five days,and then gets the same name again,repeating this cycle over and over again?&#10;A)DNS spoofing&#10;B)DNS jacking&#10;C)DNS pilfering&#10;D)DNS kiting

Accepted Answer

This practice is known as DNS kiting, also referred to as domain tasting or grace deletion. It is a method used to test the profitability of domain names by registering them for a short period and then canceling them before any fees are incurred. Repeat registration of the same domain names can allow the person to use them for free, violating the registration policies of many domain registrars.

Question 6

SYN flooding is an example of a&#10;A)Viral attack&#10;B)Denial of service attack&#10;C)Logic bomb&#10;D)Trojan horse

Accepted Answer

SYN flooding is a type of denial of service attack where an attacker sends a flood of "SYN" requests to a target server, overwhelming it and preventing legitimate requests from being served. This is different from a viral attack, logic bomb, or Trojan horse, as those are all types of malware designed to infect or damage a system.

Question 7

What is it called when an attacker makes his data look like it is coming from a different source address,and is able to intercept information transferred between two computers?&#10;A)Spoofing&#10;B)Man-in-the-middle attack&#10;C)Sniffing&#10;D)Injecting

Accepted Answer

This is called a man-in-the-middle attack. The attacker intercepts traffic between two computers and is able to manipulate or steal the data being transmitted. Spoofing refers to faking the source address or identity of the attacker, while sniffing refers to eavesdropping on network traffic. Injecting refers to adding malicious code or data into a system.

Question 8

A _____________ is a software or hardware device that is used to observe traffic as it passes through a network on shared broadcast media.&#10;A)logic bomb&#10;B)network sniffer&#10;C)backdoor&#10;D)trapdoor

Accepted Answer

A network sniffer, also known as a packet sniffer, is a tool or device used to capture and analyze network traffic. It can be used to monitor and analyze data packets transmitted over a network, including sensitive information such as usernames, passwords, and other confidential information.  Logic bombs, backdoors, and trapdoors are types of malicious software or code used for unauthorized access, data theft, or other malicious activities.

Question 9

A(n)___________ finds weaknesses in the mechanisms surrounding the cryptography.&#10;A)viral attack&#10;B)worm attack&#10;C)indirect attack&#10;D)password attack

Accepted Answer

A cryptographic attack that finds weaknesses in mechanisms surrounding cryptography is known as an indirect attack. The other options listed are types of malware or a specific method of guessing passwords, which are not related to the cryptographic mechanisms themselves.

Question 10

A term used to refer to the process of taking control of an already existing session between a client and a server is&#10;A)TCP/IP hijacking&#10;B)Replay attacking&#10;C)Denial-of-service attack&#10;D)Password guessing

Accepted Answer

TCP/IP hijacking refers to the unauthorized takeover of an already established session between a client and a server. This can allow an attacker to intercept and modify network traffic, inject their own data, or impersonate the original client. Replay attacking involves intercepting and replaying network traffic, but does not necessarily require an already established session. Denial-of-service attacks involve overwhelming a server with traffic to prevent legitimate users from accessing it, while password guessing involves attempting to guess a user's login credentials.

Question 11

The term ___________ refers to software that has been designed for some nefarious purpose.&#10;A)virus&#10;B)worm&#10;C)Trojan horse&#10;D)malware

Accepted Answer

The answer of The term ___________ refers to software that...

Question 12

What is the automated downloading of malware that takes advantage of a browsers' ability to the download different files that compose a web page called?&#10;A)Download of death&#10;B)Trojanized download&#10;C)Drive-by download&#10;D)War-downloading

Accepted Answer

The answer of What is the automated downloading of malware...

Question 13

What is the term used to describe a hacker's attempt to discover unprotected modem connections to computer systems and networks called?&#10;A)Software exploitation&#10;B)Indirect attack&#10;C)War-dialing&#10;D)Spoofing

Accepted Answer

The answer of What is the term used to describe...

Question 14

The art of &#34;secret writing&#34; is called&#10;A)Spoofing&#10;B)Smurfing&#10;C)Cryptography&#10;D)Cryptanalysis

Accepted Answer

The answer of The art of &#34;secret writing&#34; is called&#10;A)Spoofing&#10;B)Smurfing&#10;C)Cryptography&#10;D)Cryptanalysis...

Question 15

What is the process of assessing the state of an organization's security compared against an established standard called?&#10;A)Pen testing&#10;B)Auditing&#10;C)Vulnerability testing&#10;D)Accounting

Accepted Answer

The answer of What is the process of assessing the...

Question 16

Bob gets an e-mail addressed from his bank,asking for his user ID and password.He then notices that the e-mail has poor grammar and incorrect spelling.He calls up his bank to ask if they sent the e-mail,and they promptly tell him they did not and would not ask for that kind of information.What is this type of attack called?

A)Phishing
B)Pharming
C)Spear pharming
D)Spishing

Accepted Answer

The answer of Bob gets an e-mail addressed from his...

Question 17

In a ______________,a password cracking program attempts all possible password combinations.&#10;A)brute-force attack&#10;B)dictionary attack&#10;C)man-in-the-middle attack&#10;D)replay attack

Accepted Answer

The answer of In a ______________,a password cracking program attempts...

Question 18

The activity where hackers wander throughout an area with a computer with wireless capability,searching for wireless networks they can access is referred to as which of the following?&#10;A)War-driving&#10;B)War-dialing&#10;C)Indirect attack&#10;D)Brute force attack

Accepted Answer

The answer of The activity where hackers wander throughout an...

Question 19

An attack where the attacker captures a portion of a communication between two parties and retransmits it at another time is called a(n)___________ attack.&#10;A)smurf&#10;B)denial-of-service&#10;C)viral&#10;D)replay

Accepted Answer

The answer of An attack where the attacker captures a...

Question 20

_____________ relies on lies and misrepresentation to trick an authorized user into providing information or access to an attacker.&#10;A)Social engineering&#10;B)User exploitation&#10;C)War-driving&#10;D)Indirect attack

Accepted Answer

The answer of _____________ relies on lies and misrepresentation to...

Question 21

The term _______________ is used to refer to programs that attackers install after gaining unauthorized access to a system,ensuring that they can continue to have unrestricted access to the system,even if their initial access method is discovered and blocked.

Accepted Answer

The answer of The term _______________ is used to refer...

Question 22

Targeted attacks are easier and take less time and effort than attacks on targets of opportunity.

Accepted Answer

The answer of Targeted attacks are easier and take less...

Question 23

Malicious code that sits dormant until a particular event occurs to release its payload is called what?&#10;A)Trojan&#10;B)Logic bomb&#10;C)Trigger virus&#10;D)Logic worm

Accepted Answer

The answer of Malicious code that sits dormant until a...

Question 24

An attacker will do reconnaissance by going to public sites like SEC.gov and whois.net to get important information that can be used in an attack.

Accepted Answer

The answer of An attacker will do reconnaissance by going...

Question 25

_______________ is a situation where someone examines all the network traffic that passes their NIC,whether addressed for them or not.

Accepted Answer

The answer of _______________ is a situation where someone examines...

Question 26

Attacks on computer systems can be grouped into two broad categories: attacks on specific software,and attacks on a specific protocol or service.

Accepted Answer

The answer of Attacks on computer systems can be grouped...

Question 27

The ping of death is a type of distributed denial of service.

Accepted Answer

The answer of The ping of death is a type...

Question 28

A birthday attack is a type of logic bomb virus that releases its payload on some famous person's birthday,such as Michelangelo.

Accepted Answer

The answer of A birthday attack is a type of...

Question 29

Defense begins by eliminating threats.

Accepted Answer

The answer of Defense begins by eliminating threats....

Question 30

A syn flood is type of spam that floods the inbox with pornographic material.

Accepted Answer

The answer of A syn flood is type of spam...

Question 31

A(n)_______________ attack is an attack designed to prevent a system or service from functioning normally.

Accepted Answer

The answer of A(n)_______________ attack is an attack designed to...

Question 32

When an attacker purposely sends more data for input that the program was designed to handle and it results in a system crash,what is this an example of?&#10;A)Syn flood&#10;B)Buffer overflow&#10;C)Incomplete mediation&#10;D)Logic bomb

Accepted Answer

The answer of When an attacker purposely sends more data...

Question 33

What is the term for malware that changes the way the operating system functions to avoid detection?&#10;A)Rootkit&#10;B)Boot sector virus&#10;C)Spyware&#10;D)Dieware

Accepted Answer

The answer of What is the term for malware that...

Question 34

Johnny received a &#34;new version&#34; of the game Solitaire in an e-mail.After running the program,a backdoor was installed on his computer without his knowledge.What kind of an attack is this?&#10;A)Logic bomb&#10;B)Hoax&#10;C)Trojan&#10;D)Worm

Accepted Answer

The answer of Johnny received a &#34;new version&#34; of the...

Question 35

A(n)_______________ is a connection to a Windows interprocess communications share (IPC$).

Accepted Answer

The answer of A(n)_______________ is a connection to a Windows...

Question 36

What is software that records and reports activities of the user (typically without their knowledge)called?&#10;A)Snoopware&#10;B)Malware&#10;C)Spyware&#10;D)Eyeware

Accepted Answer

The answer of What is software that records and reports...

Question 37

A computer system is attacked for one of two reasons: it is specifically targeted by the attacker,or it is a target of opportunity.

Accepted Answer

The answer of A computer system is attacked for one...

Question 38

The last step in minimizing possible avenues of attack is updating system patches.

Accepted Answer

The answer of The last step in minimizing possible avenues...

Question 39

A(n)_______________ is a 32-bit number established by the host that is incremented for each packet sent.

Accepted Answer

The answer of A(n)_______________ is a 32-bit number established by...

Question 40

Scanning is when an attacker attempts to crash the system with programs such as ping sweep or superscan.

Accepted Answer

The answer of Scanning is when an attacker attempts to...

Question 41

TCP/IP hijacking and _______________ are terms used to refer to the process of taking control of an already existing session between a client and a server.

Accepted Answer

The answer of TCP/IP hijacking and _______________ are terms used...

Question 42

What should be included in a security audit?

Accepted Answer

The answer of What should be included in a security...

Question 43

How can social engineering be used to gain access to a computer network and what is the best way to prevent it from happening?

Accepted Answer

The answer of How can social engineering be used to...

Question 44

A(n)_______________ occurs when the attacker captures a portion of a communication between two parties and retransmits it at a later time.

Accepted Answer

The answer of A(n)_______________ occurs when the attacker captures a...

Question 45

_______________ is the use of fraudulent e-mails or instant messages that appear to be genuine but are designed to trick users.

Accepted Answer

The answer of _______________ is the use of fraudulent e-mails...

Question 46

List and describe the steps a hacker takes to attack a network.

Accepted Answer

The answer of List and describe the steps a hacker...

Question 47

Describe some of the types of attacks that can be launched against a network.

Accepted Answer

The answer of Describe some of the types of attacks...

Question 48

List and describe various types of malware.

Accepted Answer

The answer of List and describe various types of malware....

Question 49

_______________ is an economic attack against the terms of using a new DNS entry.

Accepted Answer

The answer of _______________ is an economic attack against the...

Question 50

A _______________ occurs when a program is provided more data for input than it was designed to handle.

Accepted Answer

The answer of A _______________ occurs when a program is...

Deck 15: Types of Attacks and Malicious Software