Chapter 9 Review

Question 1

A former employee discovers six months after he starts work at a new company that his account credentials still give him access to his old company’s servers. He demonstrates his access to several friends to brag about his cleverness and talk badly about the company.
What kind of attack is this?

Answer 1

Insider threat

Question 2

What type of DoS attack orchestrates an attack using uninfected computers?

Answer 2

DRDoS (Distributed Reflection DoS) attack

Question 3

Which of the following is considered a secure protocol?

Answer 3

SSH

Question 4

Which kind of attack simulation detects vulnerabilities and attempts to exploit them?

Answer 4

Penetration testing

Question 5

A company accidentally sends a newsletter with a mistyped website address. The address points to a website that has been spoofed by hackers in order to collect information from people who make the same typo. What kind of attack is this?

Answer 5

Phishing

Question 6

A company wants to have its employees sign a document that details some project-related information that should not be discussed outside the project’s team members. What type of document should they use?

Answer 6

NDA

Question 7

Your organization has just approved a special budget for a network security upgrade. What procedure should you conduct in order to make recommendations for the upgrade priorities?

Answer 7

Posture assessment

Question 8

Which of these attacks is a form of Wi-Fi DoS attack?

Answer 8

Deauthentication attack

Question 9

Leading up to the year 2000, many people expected computer systems the world over to fail when clocks turned the date to January 1,2000. What type of threat was this?

Answer 9

Logic bomb

Question 10

A spoofed DNS record spreads to other DNS servers. What is this attack called?

Answer 10

DNS poisoning