Issuu on Google+

Full file at http://testbank360.eu/test-bank-security-guide-to-network-security-fundamentals-2nd-edition-mark-ciampa

Chapter 2: Attackers and Their Attacks TRUE/FALSE 1. Those who call themselves crackers like to think of themselves as an elite group of people who are adept at exploring computers and networks and use their skills to expose security flaws. ANS: F

REF: 31

2. One of the targets highest on the list of cyberterrorists is the Internet itself. ANS: T

REF: 34

3. During World War II, British code breakers used a brute force attack to help break German coded messages. ANS: F

REF: 39

4. A replay attack takes advantage of the communications between a network device and a file server. ANS: T

REF: 43

5. According to the security organization Sandvine, twenty-five percent of all daily Internet traffic contains DoS code. ANS: F

REF: 48

MODIFIED TRUE/FALSE 1. A virus does not always require action by the computer user to start. _________________________ ANS: F, worm REF: 49 2. Back doors are often designed into computer systems to help during the testing phase of the program. _________________________ ANS: T

REF: 52

3. Crackers do their work by downloading automated hacking software from Web sites and then using it to break into computers. _________________________ ANS: F, Script kiddies REF: 32 4. Basic attacks are those that do not always require a high degree of technical skill, but sometimes rely more on guesswork and cunning than anything else. _________________________ ANS: T

REF: 35


Full file at http://testbank360.eu/test-bank-security-guide-to-network-security-fundamentals-2nd-edition-mark-ciampa

5. Windows 2000 and XP passwords are stored in a file called SAM (Security Accounts Manager) that is located in the Windows\System32\Sysvol directory. _________________________ ANS: F, Windows\System32\Config REF: 38 MULTIPLE CHOICE 1. One of the motivations for a hacker to attack network and computer systems is to _____. a. harm systems c. improve security b. earn money d. gain recognition ANS: C

REF: 30

2. One of the motivations for a cracker to attack network and computer systems is to _____. a. improve security c. earn money b. harm systems d. support ideology ANS: B

REF: 31

3. The _____ Supreme Court has ruled that hackers who simply probe computer networks linked to the Internet have not violated any laws. a. United States c. Swedish b. Canadian d. Norwegian ANS: D

REF: 31

4. Maria is a customer service representative who receives a telephone call from someone claiming to be a client asking for their password. This person has a thick accent that makes his speech hard to understand. Instead of asking the caller to continue repeating himself, Maria provides him with the password. This type of attack is known as a _____ attack. a. Birthday c. Password Guessing b. Social Engineering d. Masquerading ANS: B

REF: 35

5. _____ involves digging through trash receptacles to find computer manuals, printouts, or password lists that have been thrown away. a. Dumpster diving c. Trash sifting b. Phishing d. Garbage collecting ANS: A

REF: 36

6. Which of the following would be an example of a weak password? a. Unstoppable d. &uytK%wJGhh b. brutus e. both a and b c. un42n8@ne ANS: E

REF: 37


Full file at http://testbank360.eu/test-bank-security-guide-to-network-security-fundamentals-2nd-edition-mark-ciampa

7. In a _____ attack, an attacker attempts to create every possible password combination by systematically changing one character at a time in a hypothetical password, and then using each newly generated password to access the system. a. dictionary c. brute force b. software exploitation d. hashing ANS: C

REF: 37

8. A _____ attack takes advantage of any weakness in software to bypass security that requires a password. a. weak key c. dictionary b. software exploitation d. brute force ANS: B

REF: 39

9. What does the Greek word crypto mean? a. writing b. secure ANS: C

c. hidden d. secret

REF: 40

10. What number did Caesar use for a key when he was devising his simple substitution method of cryptography? a. 1 c. 5 b. 3 d. 18 ANS: B

REF: 41

11. When you meet 23 people, what are the odds that someone will have the same birthday as you? a. .27% c. 50% b. 6.3% d. 99% ANS: C

REF: 41

12. A _____ attack makes it seem that two computers are communicating with each other, when actually they are sending and receiving data with a computer between them. a. man-in-the-middle c. TCP/IP hijacking b. replay d. spoofing ANS: A

REF: 42

13. With TCP/IP hijacking, the attacker uses _____ spoofing to send information from the users computer to the attackers computer instead of to a valid computer. a. IP c. MAC b. ARP d. ICMP ANS: B

REF: 44

14. A _____ is a common type of malware. a. worm b. logic bomb ANS: D

REF: 48

c. virus d. all of the above


Full file at http://testbank360.eu/test-bank-security-guide-to-network-security-fundamentals-2nd-edition-mark-ciampa

15. Microsoft claims that fewer than _____ percent of all users have up-to-date antivirus software installed. a. 15 c. 60 b. 30 d. 80 ANS: B

REF: 49

16. A _____ is a computer program that lies dormant until it is triggered by a specific event, such as a certain date being reached on the system calendar or a persons rank in an organization dropping below a specified level. a. logic bomb c. worm b. Trojan horse d. virus ANS: A

REF: 50

YES/NO 1. Do some computer programming languages automatically check for buffer overflow and prevent it from occurring? ANS: Y

REF: 39

2. To defend against a birthday attack, should the encryption software use unlinked session keys? ANS: N

REF: 42

3. Is a replay attack similar to an active mathematical attack? ANS: N

REF: 43

4. Are worms usually distributed via e-mail attachments as separate executable programs? ANS: Y

REF: 49

5. Does one of the simplest Trojan horse strategies involve giving a malicious program the name of a file associated with a benign program? ANS: Y

REF: 51

COMPLETION 1. ____________________ tend to be young computer users who have almost unlimited amounts of leisure time, which they can use to attack systems. ANS: Script kiddies REF: 32 2. ____________________ is the easiest way to attack a computer system, requires very little technical ability, and is usually highly successful. ANS: Social engineering


Full file at http://testbank360.eu/test-bank-security-guide-to-network-security-fundamentals-2nd-edition-mark-ciampa

REF: 35 3. Most users today have an average of 10 different ____________________ for the computers and applications they access, such as computers at work, school, and home, e-mail accounts, banks, and Internet stores. ANS: passwords REF: 36 4. One of the most common software exploitations is a ____________________, which occurs when a computer program attempts to stuff more data into a temporary storage area than it can hold. ANS: buffer overflow REF: 39 5. ____________________ attacks can best be resisted by not sending the same encrypted message more than once. ANS: Mathematical REF: 41 MATCHING Match the following terms to the appropriate definitions. a. ARP spoofing f. hash b. algorithm g. key c. buffer h. phish d. cryptanalysis i. spoof e. handler 1. 2. 3. 4. 5. 6. 7. 8. 9.

A temporary storage area A computer used to coordinate a distributed denial-of-service attack To send requests for information that appear to come from a valid source A value that an algorithm uses to encrypt or decrypt messages The underlying process for encrypting and decrypting messages The process of attempting to decode an encrypted message To encode a password To pretend to be a legitimate owner Changes an internal computer table to redirect messages to another destination

1. 2. 3. 4. 5. 6. 7.

ANS: ANS: ANS: ANS: ANS: ANS: ANS:

C E H G B D F

REF: REF: REF: REF: REF: REF: REF:

54 55 55 55 54 54 55


Full file at http://testbank360.eu/test-bank-security-guide-to-network-security-fundamentals-2nd-edition-mark-ciampa

8. ANS: I 9. ANS: A

REF: 55 REF: 54

SHORT ANSWER 1. List five policies that can minimize password-guessing attacks. ANS: 1. Passwords must have at least eight characters. 2. Passwords must contain a combination of letters, numbers, and special characters. 3. Passwords should expire at least every 30 days. 4. Passwords cannot be reused for 12 months. 5. The same password should not be duplicated and used on two or more systems. REF: 40 2. List four characteristics of weak passwords. ANS: 1. Passwords that are short (such as XYZ) 2. A common word is used as a password (such as blue) 3. Personal information used in a password (such as the name of a pet) 4. Using the same password for all accounts 5. Writing the password down and leaving it under the mouse pad or keyboard 6. Not changing passwords unless forced to do so REF: 37 3. What are the best two methods to defeat social engineering? ANS: 1. By developing strong procedures in the form of instructions or company policies regarding when passwords are given out, who can enter the premises, and what to do when asked questions by another employee that may reveal protected information. 2. By educating all employees about the policies and ensuring that these policies are followed. REF: 36 4. What are the five types of basic attacks? ANS: 1. Social engineering 2. Password guessing 3. Weak keys 4. Mathematical attacks 5. Birthday attacks REF: 35 5. What are the three goals of cyberattacks as listed in a report distributed by the Institute for Security Technology Studies at Dartmouth College?


Full file at http://testbank360.eu/test-bank-security-guide-to-network-security-fundamentals-2nd-edition-mark-ciampa

ANS: 1. Deface electronic information (such as Web sites) to spread disinformation and propaganda. 2. Deny service to legitimate computer users. 3. Commit unauthorized intrusions into systems and networks that result in critical infrastructure outages and corruption of vital data. REF: 33


Test bank security guide to network security fundamentals 2nd edition mark ciampa