Understanding Security Threats

18. An IT professional makes a backup of critical information from a company’s system so it can still be accessed if the system is attacked. Which key principle for designing information security policies does this represent?

  • The availability principle
  • The intelligence principle
  • The risk principle
  • The integrity principle

19. Which of the following is true of black hat and white hat hackers?

  • Black hats are malicious. White hats identify weaknesses to help mitigate threats.
  • Black hats try to find weaknesses, but white hats don’t.
  • Neither black hats nor white hats can be trusted.
  • Black hats work with owners to fix problems. White hats just try to get into a system.

20. After a user downloads a free software product, the computer’s browser automatically opens and jumps to random product pages. What kind of malicious software is this?

  • Adware
  • A worm
  • A Keylogger
  • A rootkit

21. An unhappy systems administrator installed malware that attacked after a timed event, rather than when it was installed. What type of malware does this describe?

  • Ransomware
  • A logic bomb
  • A rootkit
  • Spyware

22. A victim connects to a network they think is legitimate, but the network is really an identical network controlled by a hacker. What type of network attack are they a victim of?

  • A Denial of Service (DoS)
  • A logic bomb
  • An evil twin
  • DNS cache poisoning

23. Which type of network-based attack prevents legitimate users from accessing a system by overwhelming the network?

  • A brute force password attack
  • An injection attack
  • A Denial of Service (DoS) attack
  • A malware attack

24. An attacker sends a large number of SYN packets, but does not send any ACK messages back. The connection stays open and uses up the source’s resources. What is this attack called?

  • A zero day exploit
  • A half-open attack
  • A DNS cache poisoning attack
  • A ping flood

25. Which of the following measures can prevent injection attacks? Select all that apply.

  • Data sanitization
  • Log analysis systems
  • Input validation
  • Flood guards

26. What kind of attack keeps trying different combinations of characters and letters until it gets password access to a system?

  • An Injection attack
  • A phishing attack
  • A dictionary attack
  • A brute force attack

27. An email message tells a user there is a problem with the user’s bank account. The email directs the user to a login page that steals the user’s information. What is this called?

  • Phishing
  • Tailgating
  • Injection
  • Denial of Service

Shuffle Q/A 1

28. Which of the following is an example of the CIA triad’s confidentiality principle in action?

  • Preventing an unwanted download
  • Making sure data hasn’t been tampered with
  • Protecting online accounts with a password
  • Preventing data loss

29. Which of the following is an example of a zero-day vulnerability?

  • A user accidentally loads malware onto a computer that logs the user’s keypresses and uses them to get confidential information.
  • After a user downloads and starts a piece of software, it starts showing ads and collecting data.
  • A group of hackers finds a flaw in a new software product and takes advantage of it before the vendor or developer finds it.
  • A user voluntarily downloads a piece of software hoping it will be useful, but instead it lets hackers access the user’s computer.

Devendra Kumar

Project Management Apprentice at Google

Leave a Reply