Introduction to Cybersecurity Module 2: Attacks, Concepts and Techniques Quiz Answers
1. Which of the following examples illustrates how malware might be concealed?
- A botnet of zombies carry personal information back to the hacker
- A hacker uses techniques to improve the ranking of a website so that users are redirected to a malicious site
- An attack is launched against the public website of an online retailer with the objective of blocking its response to visitors
- An email is sent to the employees of an organization with an attachment that looks like an antivirus update, but the attachment actually consists of spyware
Explanation: A bot computer is typically infected by visiting an unsafe website or opening an infected email attachment or infected media file.
2. What is the purpose of a rootkit?
- To masquerade as a legitimate program
- To deliver advertisements without user consent
- To replicate itself independently of any other programs
- To gain privileged access to a device while concealing itself
Explanation: Most rootkits take advantage of software vulnerabilities to gain access to resources that normally shouldn’t be accessible (privilege escalation) and modify system files.
3. What type of attack allows an attacker to use a brute-force approach?
- Denial of service
- Packet sniffing
- Social engineering
- Password cracking
4. What is the most common goal of search engine optimization (SEO) poisoning?
- To increase web traffic to malicious sites
- To trick someone into installing malware or divulging personal information
- To build a botnet of zombies
- To overwhelm a network device with maliciously formed packets
Explanation: The most common goal of SEO poisoning is to increase traffic to malicious sites that may host malware or attempt social engineering.
5. What do you call a program written to take advantage of a known security vulnerability?
- An exploit
- Antivirus
- A firewall
- A software update
6. Which of the following security vulnerabilities could result in the receipt of malicious information that could force a program to behave in an unintended way?
- Buffer overflow
- Non-validated input
- Race condition
- Access control problem
Explanation: Programs often require data input, but this incoming data could have malicious content, designed to force the program to behave in an unintended way.
7. A set of changes done to any program or application with the aim of updating, fixing or improving it is often referred to as what?
- A hack
- A patch
- An install
- A fix
8. Can you identify the software vulnerability from the following descriptions?
Occurs when data is written beyond the limits of memory areas that are allocated to an application
– Buffer overflow
Occurs when an ordered or timed set of processes is disrupted or altered by an exploit
– Race condition
Occurs through the improper use of practices that manage equipment, data or applications
– Access control
9. What is a miner?
- A person that solves complex mathematical puzzles to verify a transaction
- A computer that processes and verifies a blockchain transaction
- A type of blockchain
- An algorithm that predicts the next block of a chain
10. What is the primary goal of a DoS attack?
- To obtain all addresses in the address book within the server
- To prevent the target server from being able to handle additional requests
- To scan the data on the target server
- To facilitate access to external networks
11. Which of the following should be carried out to address known software vulnerabilities of a specific application?
- Change the hardware
- Change the software
- Install a security patch
- Remove the application
Explanation: A denial of service (DoS) attack attempts to overwhelm a system or process by sending large amounts of data or requests to the target. The goal is to keep the system so overwhelmed handling false requests that it is unable to respond to legitimate ones.