1.4.2 Module 1: The Danger Quiz Answers
1. An attacker sends a piece of malware as an email attachment to employees in a company. What is one probable purpose of the attack?
- probing open ports on the firewall on the border network
- searching and obtaining trade secrets
- cracking the administrator password for a critical server
- denying external access to a web server that is open to the public
Explanation: This is a malware attack. The purpose of a typical malware attack is to disrupt computer operations, gather sensitive information, or gain access to a private computer system. Cracking a password cannot be carried out by a simple malware attack because it requires intensive CPU and memory, which will make its operation noticeable. A reconnaissance attack would be used to probe open ports on a border firewall. Similarly, denying external access to a web server is a DoS attack launched from outside the company.
2. What is cyberwarfare?
- It is an attack on a major corporation.
- It is an attack designed to disrupt, corrupt, or exploit national interests.
- It is an attack that only involves robots and bots.
- It is an attack only on military targets.
Explanation: Cyberwarfare is a subset of information warfare (IW). Its objective is to disrupt (availability), corrupt (integrity) or exploit (confidentiality or privacy). It can be directed against military forces, critical infrastructures, or other national interests, such as economic targets. It involves several teams that work together. Botnet might be one of several tools to be used for launching the attack.
3. What type of malware has the primary objective of spreading across the network?
- Trojan horse
Explanation: The main purpose of a worm is to self-replicate and propagate across the network. A virus is a type of malicious software that needs a user to spread. A trojan horse is not self-replicating and disguises itself as a legitimate application when it is not. A botnet is a series of zombie computers working together to wage a network attack.
4. What is a potential risk when using a free and open wireless hotspot in a public location?
- The Internet connection can become too slow when many users access the wireless hotspot.
- Purchase of products from vendors might be required in exchange for the Internet access.
- Network traffic might be hijacked and information stolen.
- Too many users trying to connect to the Internet may cause a network traffic jam.
Explanation: Many free and open wireless hotspots operate with no authentication or weak authentication mechanisms. Attackers could easily capture the network traffic in and out of such a hotspot and steal user information. In addition, attackers might set up a “rogue” wireless hotspot to attract unsuspecting users to it and then collect information from those users.
5. At the request of investors, a company is proceeding with cyber attribution with a particular attack that was conducted from an external source. Which security term is used to describe the person or device responsible for the attack?
- threat actor
Explanation: Some people may use the common word of “hacker” to describe a threat actor. A threat actor is an entity that is involved with an incident that impacts or has the potential to impact an organization in such a way that it is considered a security risk or threat.
6. What name is given to an amateur hacker?
- red hat
- script kiddie
- blue team
- black hat
Explanation: Script kiddies is a term used to describe inexperienced hackers.
7. What commonly motivates cybercriminals to attack networks as compared to hacktivists or state-sponsored hackers?
- political reasons
- financial gain
- fame seeking
- status among peers
Explanation: Cybercriminals are commonly motivated by money. Hackers are known to hack for status. Cyberterrorists are motivated to commit cybercrimes for religious or political reasons.
8. What is a botnet?
- a network of infected computers that are controlled as a group
- a network that allows users to bring their own technology
- a group of web servers that provide load balancing and fault tolerance
- an online video game intended for multiple players
Explanation: One method of executing a DDoS attack involves using a botnet. A botnet builds or purchases a botnet of zombie hosts, which is a group of infected devices. The zombies continue to create more zombies which carry out the DDoS attack.
9. What is a rogue wireless hotspot?
- It is a hotspot that was set up with outdated devices.
- It is a hotspot that does not implement strong user authentication mechanisms.
- It is a hotspot that does not encrypt network user traffic.
- It is a hotspot that appears to be from a legitimate business but was actually set up by someone without the permission from the business.
Explanation: A rogue wireless hotspot is a wireless access point running in a business or an organization without the official permission from the business or organization.
10. What is the best definition of personally identifiable information (PII)?
- Data that is collected from servers and websites for anonymous browsing.
- Data that is collected from servers and web browsers using cookies in order to track a consumer.
- Data that is collected by businesses to track the digital behavior of consumers.
- Data that is collected by businesses to distinguish identities of individuals.
Explanation: Personally identifiable information (PII) is data that could be used to distinguish the identity of an individual, such as mother’s maiden name, social security number, and/or date of birth.
11. What was used as a cyberwarfare weapon to attack a uranium enrichment facility in Iran?
- SQL injection
Explanation: The Stuxnet malware program is an excellent example of a sophisticated cyberwarfare weapon. In 2010, it was used to attack programmable logic controllers that operated uranium enrichment centrifuges in Iran.
12. A company pays a significant sum of money to hackers in order to regain control of an email and data server. Which type of security attack was used by the hackers?
- Trojan horse
Explanation: Ransomware involves the hackers preventing user access to the infected and controlled system until the user pays a specified amount.