1.6.2 Cybersecurity Threats, Vulnerabilities, and Attacks Quiz

1.6.2 Cybersecurity Threats, Vulnerabilities, and Attacks Quiz Answers

1. What type of attack occurs when data goes beyond the memory areas allocated to an application?

  • SQL injection
  • RAM injection
  • RAM spoofing
  • Buffer overflow

Explanation: A buffer overflow occurs when data is written beyond the limits of a buffer. By changing data beyond the boundaries of a buffer, the application can access memory allocated to other processes. This can lead to a system crash or data compromise, or provide escalation of privileges.

2. Which of the following statements describes a distributed denial of service (DDoS) attack?

  • An attacker sends an enormous quantity of data that a server cannot handle
  • An attacker monitors network traffic to learn authentication credentials
  • One computer accepts data packets based on the MAC address of another computer
  • A botnet of zombies, coordinated by an attacker, overwhelms a server with DoS attacks

Explanation: In a distributed denial-of-service (DDoS) attack, the attacker utilzies multiple compromized computer systems called zombies to attack a targeted server. The target is overwhelmed and cannot service requests from other hosts.

3. Employees in an organization report that the network access is slow. Further investigation reveals that one employee downloaded a third-party scanning program for the printer. What type of malware may have been introduced?

  • Worm
  • Trojan horse
  • Spam
  • Phishing

Explanation: A worm is malicous software that can spread through the network and run without user participation. Worms will usually slow down the network.

4. Employees in an organization report that they cannot access the customer database on the main server. Further investigation reveals that the database file is now encrypted. Shortly afterward, the organization receives a threatening email demanding payment for the decryption of the database file. What type of attack has the organization experienced?

  • DoS attack
  • Man-in-the-middle attack
  • Ransomware
  • Trojan horse

Explanation: In a ransomware attack, the attacker compromises the victum computer and encrypts the hard drive so that data can no longer be accessed by the user. The attacker then demands payment from the user to decrypt the drive.

5. A penetration test carried out by an organization identified a backdoor on the network. What action should the organization take to find out if their systems have been compromised?

  • Scan the systems for viruses
  • Look for policy changes in Event Viewer
  • Look for unauthorized accounts
  • Look for usernames that do not have passwords

Explanation: If a penetration test is successful, the corporation should check to locate vulnerabilities in the network and also check to see if there are new unauthorized accounts.

6. What non-technical method could a cybercriminal use to gather sensitive information from an organization?

  • Man-in-the-middle
  • Ransomware
  • Social engineering
  • Pharming

Explanation: Social Engineering is a very effective way to get personal or sensitive corpoate information from an employee. Cybercriminals may try to get to know an employee and then use trust or familiarity to gather the needed information.

7. A secretary receives a phone call from someone claiming that their manager is about to give an important presentation but the presentation files are corrupted. The caller sternly asks that the secretary email the presentation right away to a personal email address. The caller also states that the secretary is being held personally responsible for the success of this presentation. What type of social engineering tactic is the caller using?

  • Trusted partners
  • Familiarity
  • Intimidation
  • Urgency

Explanation: Intimidation is a tactic that cybercriminals will often use to bully a victim into taking an action that compromises security.

8. All employees in an organization receive an email stating that their account password will expire immediately and that they should reset their password within five minutes. Which of the following statements best describes this email?

  • It is an impersonation attack
  • It is a piggyback attack
  • It is a hoax
  • It is a DDoS attack

Explanation: A hoax is an act intended to deceive or trick someone. This type of email can cause unnecessary disruption, extra work, and fear.

9. Which best practices can help defend against social engineering attacks? (Choose three.)

  • Deploy well-designed firewall appliances
  • Add more security guards
  • Educate employees regarding security policies
  • Enable a policy that states that the IT department should supply information over the phone only to managers
  • Do not provide password resets in a chat window
  • Resist the urge to click on enticing web links

Explanation: Employees should be taught to avoid getting caught in a social engineering situation. They should never click a link in an email from an unknown source, never share a password, and never send sensitive corporate information under pressure to an unknown destination.

10. What do you call an impersonation attack that takes advantage of a trusted relationship between two systems?

  • Sniffing
  • Spamming
  • Spoofing
  • Man-in-the-middle

Explanation: In spoofing attacks, hackers can disguise their devices by using a valid address from the network and therefore bypass authentication processes. MAC addresses and IP addresses can be spoofed and can also be used to spoof ARP relationships.

11. A cybercriminal sends a series of maliciously formatted packets to a database server, which causes the server to crash. What do you call this type of attack?

  • Packet injection
  • SQL injection
  • DoS
  • Man-in-the-middle

Explanation: In a denial-of-service (DoS) attack the attacker attempts to make a server or other network resource unavailable to legitimate users.

12. The awareness and identification of vulnerabilities is a critical function of a cybersecurity specialist. Which of the following resources can they use to identify specific details about vulnerabilities?

  • NIST/NICE framework
  • ISO/IEC 27000 model
  • CVE national database
  • Infragard

Explanation: The United States Computer Emergency Readiness Team (US-CERT) and the U.S. Department of Homeland Security sponsor a dictionary of common vulnerabilities and exposures (CVE).

Each CVE entry contains a standard identifier number, a brief description of the security vulnerability and any important references to related vulnerability reports. The CVE list is maintained by a not-for-profit, the MITRE Corporation, on its public website.

Notify of

Inline Feedbacks
View all comments