1.6.2 Cybersecurity Threats, Vulnerabilities, and Attacks Quiz Answers
1. What type of attack occurs when data goes beyond the memory areas allocated to an application?
- SQL injection
- RAM injection
- RAM spoofing
- Buffer overflow
2. Which of the following statements describes a distributed denial of service (DDoS) attack?
- An attacker sends an enormous quantity of data that a server cannot handle
- An attacker monitors network traffic to learn authentication credentials
- One computer accepts data packets based on the MAC address of another computer
- A botnet of zombies, coordinated by an attacker, overwhelms a server with DoS attacks
3. Employees in an organization report that the network access is slow. Further investigation reveals that one employee downloaded a third-party scanning program for the printer. What type of malware may have been introduced?
- Trojan horse
4. Employees in an organization report that they cannot access the customer database on the main server. Further investigation reveals that the database file is now encrypted. Shortly afterward, the organization receives a threatening email demanding payment for the decryption of the database file. What type of attack has the organization experienced?
- DoS attack
- Man-in-the-middle attack
- Trojan horse
5. A penetration test carried out by an organization identified a backdoor on the network. What action should the organization take to find out if their systems have been compromised?
- Scan the systems for viruses
- Look for policy changes in Event Viewer
- Look for unauthorized accounts
- Look for usernames that do not have passwords
6. What non-technical method could a cybercriminal use to gather sensitive information from an organization?
- Social engineering
7. A secretary receives a phone call from someone claiming that their manager is about to give an important presentation but the presentation files are corrupted. The caller sternly asks that the secretary email the presentation right away to a personal email address. The caller also states that the secretary is being held personally responsible for the success of this presentation. What type of social engineering tactic is the caller using?
- Trusted partners
8. All employees in an organization receive an email stating that their account password will expire immediately and that they should reset their password within five minutes. Which of the following statements best describes this email?
- It is an impersonation attack
- It is a piggyback attack
- It is a hoax
- It is a DDoS attack
9. Which best practices can help defend against social engineering attacks? (Choose three.)
- Deploy well-designed firewall appliances
- Add more security guards
- Educate employees regarding security policies
- Enable a policy that states that the IT department should supply information over the phone only to managers
- Do not provide password resets in a chat window
- Resist the urge to click on enticing web links
10. What do you call an impersonation attack that takes advantage of a trusted relationship between two systems?
11. A cybercriminal sends a series of maliciously formatted packets to a database server, which causes the server to crash. What do you call this type of attack?
- Packet injection
- SQL injection
12. The awareness and identification of vulnerabilities is a critical function of a cybersecurity specialist. Which of the following resources can they use to identify specific details about vulnerabilities?
- NIST/NICE framework
- ISO/IEC 27000 model
- CVE national database