IS 305 Midterm Exam | Complete Solutions (Verified)

IS 305 Midterm Exam | Complete Solutions (Verified) The Domain Name Service is what translates human-readable domain names into IP addresses that computers and routers understand. True The type of hacking that involves breaking into telephone systems is called sneaking. False The technique for breaching a system's security by exploiting human nature rather than technology is war-driving. False Malware is a generic term for software that has a malicious purpose. True Software that lays dormant until some specific condition is met is a Trojan horse. False Someone who breaks into a system legally to assess security deficiencies is a sneaker. True Auditing is the process to determine if a user's credentials are authorized to access a network resource. False Confidentiality, integrity, and availability are three pillars of the CIA triangle. True The Health Insurance Portability and Accountability Act of 1996 requires government agencies to identify sensitive systems, conduct computer security training, and develop computer security plans. False The SANS Institute website is a vast repository of security-related documentation. True In which type of hacking does the user block access from legitimate users without actually accessing the attacked system? Denial of Service Your company is instituting a new security awareness program. You are responsible for educating end users on a variety of threats, including social engineering. Which of the following best defines social engineering? Using people skills to obtain proprietary information Which type of hacking occurs when the attacker monitors an authenticated session between the client and the server and takes over that session? Session hijacking Someone who finds a flaw in a system and reports that flaw to the vendor of the system is a __________. White hat hacker Someone who gains access to a system and causes harm is a __________? Black hat hacker A black hat hacker is also called a ___________ Cracker Someone who calls himself a hacker but lacks the expertise is a ________. Script kiddy Someone who legally breaks into a system to assess security deficiencies is a ________. Penetration tester A(n) ______ is a basic security device that filters traffic and is a barrier between a network and the outside world or between a system and other systems. Firewall A(n) hides the internal network's IP address and presents a single IP address to the outside world. Proxy server Which one of these is NOT one the three pillars of security in the CIA triangle? Authentication Which of these is the process to determine if the credentials given by a user or another system are authorized to access the network resource in question? Authentication Which of these is a repository of security-related documentation and also sponsors a number of security research projects? SANS Institute Which of these was the first computer incident-response team? Computer Emergency Response Team Which of these is a repository for detailed information on virus outbreaks? F-Secure The notation used to perform variable-length subnet masking for IP addresses is CIDR. True The name you type into a browser's address bar, such as , is known as the IP locator. False The IP command-line command to determine your computer's IP address, subnet mask, and default gateway is ping. False The IP command-line command to determine the number of hops it takes to get from your computer to its destination is ping. False No protocols operate at the physical layer of the OSI model. True The session layer of the OSI model provides the mechanism to manage the dialogue between end-user application processes. True The TCP protocol works at the network layer of the OSI model. False MAC addresses are unique addresses for each NIC. True The first four bytes of the MAC address identify the vendor. False A host is a machine with data on it, to which you can connect. True Unshielded twisted-pair cable capable with a specification of 100 MHz/100 Mbps is also called Category ________. 5 Which device can connect many computers and sends packets out every port? Hub Which device is used to boost a signal? Repeater Which device can connect many computers and sends data only out of one port? Switch Which device can relay packets from one network to another and is usually programmable? Router Which TCP/IP protocol operates on port 53 and translates URLs into Web addresses? DNS Which TCP/IP protocol operates on ports 20 and 21 and is used for transferring files between computers? FTP Which TCP/IP protocol operates on port 80 and displays web pages? HTTP Which TCP/IP protocol operates on port 25 and sends email? SMTP An IP address consists of four numbers, separated by dots. Each number is called a(n) _______. Octet If an IP address has the number 192 in the first octet, it is a class _______ address. C If an IP address has the number 191 in the first octet, it is a class ______ address. B What is the binary equivalent of the decimal number 240? The IP utility used to test connectivity with a remote host is _______. Ping "Pump and dump" refers to the process in which a con artist purchases a large amount of a virtually worthless stock, then circulates rumors that inflate the stock's value, and then sells for a profit. True When fraudulent sellers bid on the seller's items to drive up the price, it is called bid shielding. False Identity theft and identity fraud refer to all types of crime in which someone wrongfully obtains and uses another person's personal data in some way that involves fraud or deception. True The process to induce you to provide personal information through a website is called cyberstalking. False Experts consider Romania the country with the strictest cybercrime laws. True Firefox is an example of a phishing site. False One good practice in a chat room is not to use your real name. True Someone who uses the Internet to harass, threaten, or intimidate another person is guilty of identity theft. False One good rule that applies to online investing is "Never invest money that you cannot afford to lose." True First-party cookies are the less likely to violate user privacy than third party cookies. True Which of the following is a type of fraud in which an auction site bidder is actually the seller with a fake identity, who bids high drive up the price? Shill bidding Which of the following occurs when a fraudulent buyer submits high bids to discourage other bidders, and then retracts the bids so people they know can get the item at a lower price? Bid shielding Which of the following occurs when a con artist lures bidders off legitimate auction sites by claiming to offer the same item at a lower price? Bid siphoning Which of the following is the process to try to induce someone to provide you with personal information? Phishing Which of the following involves using the Internet to harass, threaten, or intimidate another person? Cyberstalking A file on your computer that websites use to store information about you is a _________. Cookie Which of the following is one way to protect yourself against identity theft? Do not provide personal information to anyone if it is not absolutely necessary. Which country is described by experts as having the strictest cybercrime laws? None of the above (United State, Russia, France) Which of these could be considered a course of conduct directed at a specific person that causes substantial emotional distress in such person and serves no legitimate purpose? Harassment Why should a cybercrime law be specific? To prevent defendants from finding loopholes _____ theft and _______ fraud are terms used to refer to all types of crime in which someone wrongfully obtains and uses another person's personal data in some way that involves fraud or deception. Identity The recommended Internet Explorer privacy setting is _________. Medium high Firefox and Internet Explorer are examples of ____________. Web browsers When using a chat room, one way to protect yourself from online harassment is ______. Not to use your real name One way to protect yourself on auction sites is _____________. Use a separate credit card with a low limit. Blocking ICMP packets may help prevent denial-of-service attacks. True A smurf attack is a type of malware attack. False The ping -l option changes the size of the packet you can send. True A denial-of-service attack is one of the most common attacks on a system. True SYN cookies are a form of attack. False Stack tweaking is a method to alter the TCP stack so that a timeout takes less time when a SYN connection is left incomplete. True A teardrop attack involves sending a forged packet to the victim. False An echo-chargen attack occurs when the attacker sends a forged packet with the same source IP address and destination IP address as the target's IP address. False The group Anonymous is a supporter of Wikileaks founder Julian Assange and launched multiple distributed denial-of-service attacks on various financial companies. True A firewall can be configured to disallow certain types of incoming traffic that may be attacking. True Which type of attack attempts to overload the system with requests, denying legitimate users access? Denial of service Which defensive technique involves the server sending a wrong SYN+ACK to the client, so the client sends an RST packet notifying the server of an error? This makes the server think the client request is legitimate. RST cookies Which attack involves sending an ICMP packet to the broadcast address so that it is then sent to the spoofed source address, causing the network to perform a DoS attack on one of more of its member servers? Smurf IP attack Which defensive technique involves altering the TCP stack on the server so that it will take less time to timeout when a SYN connection is left incomplete? Stack tweaking Micro blocks, SYN cookies, RST cookies, and stack tweaking are defenses against ______. TCP SYN flood attacks The command-line command _______ 127.0.0.1 -l 65000 -w 0 -t will send multiple large packets to a computer, and when initiated by multiple senders may cause a denial-of-service attack. None of the above (tfn, ddos, dos) One tool used for a denial-of-service attack is ______________. Tribal Flood Network _________ attacks are becoming less common in modern operating systems. Buffer overflow The command-line command to display all options for the ping command is ping ____. None of the above (-i, -j, -h) The command-line command to instruct the ping utility to send packets until explicitly told to stop is ping ____. -t The attack in which the attacker sends a forged packet with the same source IP address and destination IP address in which the victim may be tricked into sending messages to and from itself is a(n) _______________ attack. Land The attack in which the attacker sends a fragmented message that the victim cannot reconstruct is a(n) ________ attack. Teardrop The attack in which the attacker sends a packet that is too large and can shut down a target machine is a(n) ________________ attack. Ping of Death One defense against denial-of-service attacks is to _______ ICMP packets. Block One classic denial-of-service attack distributed by email was _____________. myDoom The most common way for a virus to spread is by reading your email address book and emailing itself to your contacts. True After a virus is on your system, it can do anything a legitimate program can do. True The Sasser virus/buffer overflow attack spreads by copying itself to shared drives and emailing itself out to everyone in your address book. False The most common method to deliver spyware to a target system is by using a Trojan horse. True A rootkit collects user IDs and passwords to other machines on a network, giving the hacker root or privileged access. True Malware that is portable to all operating systems or platforms is considered web-based code. True Malware that executes when a specific criteria is met is a logic bomb. True In a virus attack, the victim machine is the source. False The Bagle virus contained email attachments and a fake virus warning. True A virus is any file that can self-replicate. True The most common way for a virus to spread is by __________. Use of your email contacts The Microsoft Office suite is a tempting target for viruses because ___________. It is designed so that legitimate programmers can access its internal objects. The I Love You virus caused harm because ________. It generated large numbers of emails that bogged down many networks. The virus/worm that attempts to copy itself to C:WINDOWSFVP is _______. W32/Netsky-P The virus/worm transmitted in a zip file attached to an email with an enticing message is __________. Troj/Invo-Zip The virus/worm that specifically targets Macintosh computers is ________. MacDefender The virus/worm that specifically targets Linux computers is ________. None of the above (MacDefender Troj/Invo-Zip, W32/Netsky-P) The virus/worm that collected email addresses from your address book and from other documents on your machine was the ________ virus. Mimail The virus/worm that combined email attachments along with a fake virus warning was the __________ virus. Bagle The virus/worm that sends emails to victims telling them to delete a needed system file is the __________ virus. Nonvirus A program that looks benign but actually has a malicious purpose is a _______. Trojan horse McAfee and Norton are examples of ________. Virus scanners A program that can propagate without human interference is a _______. Worm Any file that can self-replicate is a ________. Virus If a program writes more information into the computer's memory than the memory was designed to hold, it is a(n) ___________ attack. Buffer-overflow NMAP is a popular hacking tool. False Black hat hackers are also known as script kiddies. False Hacking into phone systems is also known as phreaking. True Checking an organization's websites is a form of active scanning. False