Show:
Malware
Social Engineering
TCP/UDP Ports
Auth, Access, Audit
Hack Attack
100

Malicious code activated by a specific event is called:

a. Backdoor

b. Logic bomb

c. Worm

d. Trojan Horse

b. Logic bomb                    


100

This type of social engineering tactic is used to gain information relating to a specific group or user:

a. Whaling

b. Phishing

c. Spear Phishing

d. Vishing

c. Spear Phishing

100

Port 80

HTTP

100

1.What is the difference between authorization and authentication?

Authorization means granting a user account configured on the computer system the right to make use of a resource (allocating the user privileges on the resource). Authentication protects the validity of the user account by testing that the person accessing that account is who s/he says s/he is.

100

A ____ password attack that uses a list in order to try and crack a user's password.

A. Brute Force

B. Dictionary

C. CHAP

D. DNS Poisoning


 

B. Dictionary

200

Which of the following answers refers to an undocumented (and often legitimate) way of gaining access to a program, online service, or an entire computer system?

a. Logic bomb

b. Trojan horse

c. Rootkit

d. Backdoor

b. Backdoor    

200

A situation in which an unauthorized person can view another user's display or keyboard to learn their password or other confidential information is referred to as:

a. Spear phishing

b. Tailgating

c. Spoofing

d. Shoulder Surfing

d. Shoulder Surfing

200

SSH?

22

200

What authentication factor is where person uses their facial recognition?

Something You Are

200

What type of password attack:

Tries every possible combination, uses a large key to make passwords computationally difficult, and often requires multiple attempts to breach?

a. Brute Force

b. Dictionary

c. Rainbow Tables

d. Shoulder surfing

a. Brute Force

300

Which of the terms listed below applies to a collection of intermediary compromised systems that are used as a platform for a DDoS attack?

a. Honeynet

b. Botnet

c. Quarantine network

d. Malware

  b. Botnet

300

Jump in the trash and find corporate information can be categorized as . . . 

a. Adware

b. Bin bushing

c. Can Crashing

d. Dumpster Diving

d. Dumpster Diving

300

A protocol used to remote into a desktop environment. (Protocol and port #)

RDP - port 3389

300

What does OTP stand for?

a. One Task Protocol

b. On Time Password

c. One Time Protocol

d. One Tree Pass

b. One Time Password

300

Which of the following command-line tools is used for discovering hosts and services on a network?

  • Nmap                   
  • netcat        
  • Zenmap        
  • tcpdump    

Nmap

400

 Which of the following answers lists an example of spyware?

a. Keylogger

b. Vulnerability scanner

c. Computer worm

d. Packet sniffer

a. Keylogger

400

A social engineering technique whereby attackers under disguise of legitimate request attempt to gain access to confidential information they shouldn't have access to is commonly referred to as:        

a. Phishing

b. Privilege escalation

c. Backdoor access

d. Shoulder surfing

What is Backdoor access?

400

Which of the following answers refers to a TCP port used by FTP for session control?

  • 20

  • 22

  • 21

  • 19

What is port 21?

400

A security manager is implementing technologies to prohibit rogue devices from gaining net?work access. After installing a NAC, what additional tool would be able to ensure that only known and authenticated systems gain connectivity? 

A. IEEE 802.1x 

B. PFX 

C. CRL 

D. PEAP

A. IEEE 802.1x

400

Name one application-type password cracking software.

What is:

Cain and Abel

John the Ripper

THC Hydra

Aircrack

L0phtcrack

500

A standalone malicious computer program that typically propagates itself over a computer network to adversely affect system resources and network bandwidth is called...

What is a Worm?

500

A fraudulent email requesting its recipient to reveal sensitive information (e.g. user name and password) used later by an attacker for the purpose of identity theft is an example of: 

What is Phishing?

500

Which port number is used by FTP over TLS/SSL (FTPS)?

What is port 989 and 990?

500

The company you work for has suffered numerous intrusions due to poor password management by employees. Given a significant budget to mitigate the problem, what type of security control would you use?

What is Multi-factor Authentication?

500

 What is the name of a Linux command-line utility that can be used to display TCP/IP configuration settings?

What is ifconfig?