18. An IT professional makes a backup of critical information from a company’s system so it can still be accessed if the system is attacked. Which key principle for designing information security policies does this represent?
19. Which of the following is true of black hat and white hat hackers?
- Black hats are malicious. White hats identify weaknesses to help mitigate threats.
- Black hats try to find weaknesses, but white hats don’t.
- Neither black hats nor white hats can be trusted.
- Black hats work with owners to fix problems. White hats just try to get into a system.
20. After a user downloads a free software product, the computer’s browser automatically opens and jumps to random product pages. What kind of malicious software is this?
21. An unhappy systems administrator installed malware that attacked after a timed event, rather than when it was installed. What type of malware does this describe?
22. A victim connects to a network they think is legitimate, but the network is really an identical network controlled by a hacker. What type of network attack are they a victim of?
23. Which type of network-based attack prevents legitimate users from accessing a system by overwhelming the network?
24. An attacker sends a large number of SYN packets, but does not send any ACK messages back. The connection stays open and uses up the source’s resources. What is this attack called?
26. What kind of attack keeps trying different combinations of characters and letters until it gets password access to a system?
27. An email message tells a user there is a problem with the user’s bank account. The email directs the user to a login page that steals the user’s information. What is this called?
Shuffle Q/A 1
28. Which of the following is an example of the CIA triad’s confidentiality principle in action?
29. Which of the following is an example of a zero-day vulnerability?
- A user accidentally loads malware onto a computer that logs the user’s keypresses and uses them to get confidential information.
- After a user downloads and starts a piece of software, it starts showing ads and collecting data.
- A group of hackers finds a flaw in a new software product and takes advantage of it before the vendor or developer finds it.
- A user voluntarily downloads a piece of software hoping it will be useful, but instead it lets hackers access the user’s computer.