Information Systems Security Chapter 11

Home > Preview

The flashcards below were created by user jerk7600 on FreezingBlue Flashcards.


  1. T/F: A computer virus is an executable program that attaches to, or infects, other executable programs.
    True
  2. T/F: A smurf attack tricks users into providing logon information on what appears to be a legitimate website but is in fact a website set up by an attacker to obtain this information.
    False
  3. T/F: A successful denial of service (DoS) attack may create so much network congestion that authorized users cannot access network resources.
    True
  4. T/F: A worm is a self-contained program that has to trick users into running it.
    False
  5. T/F: ActiveX is used by developers to create active content.
    True
  6. T/F: An electronic mail bomb is a form of malicious macro attack that typically involves an email attachment that contains macros designed to inflict maximum damage.
    True
  7. T/F: Attacks against confidentiality and privacy, data integrity, and availability of services are all ways malicious code can threaten businesses.
    True
  8. T/F: Backdoor programs are typically more dangerous than computer viruses.
    True
  9. T/F: Because people inside an organization generally have more detailed knowledge of the IT infrastructure than outsiders do, they can place logic bombs more easily.
    True
  10. T/F: Defense in depth is the practice of layering defenses to increase overall security and provide more reaction time to respond to incidents.
    True
  11. T/F: It is common for rootkits to modify parts of the operating system to conceal traces of their presence.
    True
  12. T/F: Retro viruses counter the ability of antivirus programs to detect changes in infected files.
    False
  13. T/F: Spyware does NOT use cookies.
    False
  14. T/F: System infectors are viruses that attack document files containing embedded macro programming capabilities.
    False
  15. T/F: The four primary types of malicious code attacks are unplanned attacks, planned attacks, direct attacks, and indirect attacks.
    False
  16. T/F: The function of homepage hijacking is to change a browser's homepage to point to the attacker's site.
    True
  17. T/F: The goal of a command injection is to execute commands on a host operating system.
    True
  18. T/F: The term “web defacement” refers to someone gaining unauthorized access to a web server and altering the index page of a site on the server.
    True
  19. T/F: Trojans are self-contained programs designed to propagate from one host machine to another using the host's own network communications protocols.
    False
  20. T/F: Unlike viruses, worms do NOT require a host program in order to survive and replicate.
    True
  21. Which type of malware attaches to, or infects, other programs?
    A) Spyware
    B) Worm
    C) Rootkit
    D) Virus
    D) Virus
    (this multiple choice question has been scrambled)
  22. ________ is any unwanted message.
    A) Spyware
    B) Virus
    C) Worm
    D) Spam
    D) Spam
    (this multiple choice question has been scrambled)
  23. Which type of malicious software is a standalone program that propagates from one computer to another?
    A) Snake
    B) Worm
    C) Spyware 
    D) Virus
    B) Worm
    (this multiple choice question has been scrambled)
  24. In the malware context, which of the following best defines the term mobile code?
    A) Website active content
    B) Malware targeted at PDAs and smartphones
    C) Software that runs on multiple operating systems
    D) Malware that uses networks to propagate
    A) Website active content
    (this multiple choice question has been scrambled)
  25. A(n) ________ is a network of compromised computers that attackers use to launch attacks and spread malware.
    A) Attacknet
    B) Black network
    C) Botnet
    D) Trojan store
    C) Botnet
    (this multiple choice question has been scrambled)
  26. What does the TCP SYN flood attack do to cause a DDoS?
    A) Crashes the host computer
    B) Fills up the pending connection table
    C) Causes the network daemon to crash
    D) Saturates the available network bandwidth
    B) Fills up the pending connection table
    (this multiple choice question has been scrambled)
  27. Which type of attack tricks a user into providing personal information by masquerading as a legitimate Web site?
    A) Trolling
    B) Phreaking
    C) Phishing
    D) Keystroke logging
    C) Phishing
    (this multiple choice question has been scrambled)
  28. T/F: The best defense from keystroke loggers is to carefully inspect the keyboard cable before using a computer because the logger must connect to the keyboard's cable.
    False
  29. How did viruses spread in the early days of malware?
    A) As program bugs
    B) Diskettes
    C) Wired network connections
    D) Punch cards
    B) Diskettes
    (this multiple choice question has been scrambled)
  30. What is the most common first phase of an attack?
    A) Reconnaissance and probing
    B) Vulnerability identification
    C) Evidence containment
    D) Target selection
    A) Reconnaissance and probing
    (this multiple choice question has been scrambled)
  31. Which software tool provides extensive port-scanning capabilities?
    A) Ping
    B) Rpcinfo
    C) Whois
    D) Nmap
    D) Nmap
    (this multiple choice question has been scrambled)
  32. The ________ strategy ensures that an attacker must compromise multiple controls to reach any protected resource.
    A) Defcon 5
    B) Defense in depth
    C) Defense in layers
    D) Defense in onions
    B) Defense in depth
    (this multiple choice question has been scrambled)
  33. T/F: A honeypot is a sacrificial host with deliberately insecure services deployed at the edges of a network to act as bait for potential hacking attacks.
    True

Card Set Information

Author:
jerk7600
ID:
335986
Filename:
Information Systems Security Chapter 11
Updated:
2017-11-14 03:13:38
Tags:
information systems security
Folders:

Description:
Suckers
Show Answers:

Home > Flashcards > Print Preview