CTN277

1.

1 point

What type of malware consists of a set of software tools used by an attacker to hide the actions or presence of other types of malicious software, such as Trojans, viruses, or worms?

rootkit

backdoor

shield

wrapper

2.

1 point

Successful attacks on computers today generally consist of two elements.

True

False

3.

1 point

Although traditional network security devices can block traditional network attacks, they cannot always block Web application attacks.

True

False

4.

1 point

Which of the following is not one of the four methods for classifying the various types of malware?

Source

Concealment

Infection

Circulation

5.

1 point

Because of how a rootkit replaces operating system files, it can be difficult to remove a rootkit from a system.

True

False

6.

1 point

HTML uses which option below within embedded brackets (< >) causing a web browser to display text in a specific format?

marks

tags

taps

blocks

7.

1 point

How can an attacker substitute a DNS address so that a computer is automatically redirected to another device?

DNS poisoning

DNS marking

Phishing

DNS overloading

8.

1 point

What type of malware is heavily dependent on a user in order to spread?

Trojan

virus

worm

rootkit

9.

1 point

What type of attack is targeted against a smaller group of specific individuals, such as the major executives working for a manufacturing company?

Watering Hole

Spam

Typo Squatting

Adware

10.

1 point

Choose the SQL injection statement example below that could be used to find specific users:

whatever’ OR full_name IS ‘%Mia%’

whatever’ OR full_name LIKE ‘%Mia%’

whatever’ OR full_name equals ‘%Mia%’

whatever’ OR full_name = ‘%Mia%’

11.

1 point

Select below the type of malware that appears to have a legitimate use, but actually contains or does something malicious:

virus

worm

script

Trojan

12.

1 point

To what specific directory are users generally restricted to on a web server?

tap

base

root

top

13.

1 point

What country is now the number one source of attack traffic?

China

Indonesia

India

Russia

14.

1 point

Which term below is used to describe the tasks of protecting resources stored in a digital format?

logical security

physical security

information security

network security

15.

1 point

A(n) ____________________ cookie is stored in Random Access Memory (RAM), instead of on the hard drive, and only lasts for the duration of visiting the Web site.

16.

1 point

Of the three types of mutating malware, what type changes its internal code to one of a set number of predefined mutations whenever it is executed?

Statimorphic malware

Oligomorphic malware

Metamorphic malware

Polymorphic malware

17.

1 point

Select below the string of characters that can be used to traverse up one directory level from the root directory:

;/

../

./

%20/

18.

1 point

The ____ Act requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information.

USA Patriot

Gramm-Leach-Bliley

California Database Security Breach

Sarbanes-Oxley

19.

1 point

Today's software attack tools do not require that the attacker be a sophisticated computer user.

True

False

20.

1 point

Because of the minor role it plays, DNS is never the focus of attacks.

True

False

21.

1 point

A user has become compromised as a result of visiting a specific web page, without clicking on any kind of content. What type of attack has occurred?

denial of service

drive-by-download

stack underflow

buffer overflow

22.

1 point

What language below is used to view and manipulate data that is stored in a relational database?

SQL

ISL

C

DQL

23.

1 point

Which type of attack below is similar to a passive man-in-the-middle attack?

buffer overflow

hijacking

replay

denial

24.

1 point

When TCP/IP was developed, the host table concept was expanded into a hierarchical name system for matching computer names and numbers using this service:

HTTP

NSDB

URNS

DNS

25.

1 point

What type of theft involves stealing another person’s personal information, such as a Social Security number, and then using the information to impersonate the victim, generally for financial gain?

Phishing

Identity theft

Scam

Cyberterrorism

26.

1 point

In what kind of attack can attackers make use of hundreds of thousands of computers under their control in an attack against a single server or network?

remote

centered

local

distributed

27.

1 point

What type of system security malware allows for access to a computer, program, or service without authorization?

Backdoor

Botnet

Command and Control

Zombie

28.

1 point

A series of instructions that can be grouped together as a single command and are often used to automate a complex set of tasks or a repeated series of tasks are known as:

A program

A macro

A rootkit

A process

29.

1 point

Malware that locks or prevents a device from functioning properly until a fee has been paid is known as:

Lockware

Ransomware

Hostageware

Stealware

30.

1 point

Security is the goal to be free from danger as well as the process that achieves that freedom.

True

False

31.

1 point

A macro virus takes advantage of the “____________________” relationship between the application and the operating system.

32.

1 point

What portion of the HTTP packet consists of fields that contain information about the characteristics of the data being transmitted?

SSL header

HTTP header

XML header

HTML header

33.

1 point

What term below is used to describe a means of gathering information for an attack by relying on the weaknesses of individuals?

Hacking

Social engineering

Phreaking

Reverse engineering

34.

1 point

Attacks that take place against web based services are considered to be what type of attack?

relationship

client-side

server-side

hybrid

35.

1 point

What language below is for the transport and storage of data, with the focus on what the data is?

XML

SML

SGML

HTML

36.

1 point

The security protection item that ensures that the individual is who they claim to be (the authentic or genuine person) and not an imposter is known as?

Encryption

Accounting

Authorization Authorization

Authentication

37.

1 point

Which of the following is not a category for mutating malware?

Statimorphic malware

Oligomorphic malware

Metamorphic malware

Polymorphic malware

38.

1 point

The physical procedure whereby an unauthorized person gains access to a location by following an authorized user is known as?

Dumpster diving

Tailgating

Shadowing

Stalking

39.

1 point

On a compromised computer, you have found that a user without administrative privileges was able to perform a task limited to only administrative accounts. What type of exploit has occurred?

Privilege escalation

DNS cache poisoning

ARP poisoning

Man-in-the-middle

40.

1 point

XSS attacks occur when an attacker takes advantage of web applications that accept user input without validating it and then present it back to the user.

True

False

41.

1 point

The demand for certified IT professionals who know how to secure networks and computers is at an all-time low.

True

False

42.

1 point

Computer code that is added to a program but lies dormant until it is triggered by a specific event or series of events is known as a?

logic bomb

macro virus

metamorphic virus

Trojan

43.

1 point

An attack in which the attacker attempts to impersonate the user by using his or her session token is known as:

Session hijacking

Session replay

Session spoofing

Session blocking

44.

1 point

CGI attacks occur when an attacker takes advantage of web applications that accept user input without validating it and then present it back to the user.

True

False

45.

1 point

An example of a(n) ____________________ that information security must deal with is a software defect in an operating system that allows an unauthorized user to gain access to a computer without the user’s knowledge or permission.

46.

1 point

The default root directory of the Microsoft Internet Information Services (IIS) Web server is located at which directory below?

/var/html

/var/www

C:\Inetpub\ wwwroot

C:\wwwroot

47.

1 point

An _______________ is a type of threat that can come from employees, contractors, and business partners, such as a disgruntled worker.

48.

1 point

ARP poisoning is successful because there are few authentication procedures to verify ARP requests and replies.

True

False

49.

1 point

A web browser makes a request for a web page using the

50.

1 point

What are the three protections that must be extended over information that provides value to people and organizations?