Cybersecurity Threats Quiz

Questions and Answers

PDF Questions PDF Answers

Which of the following is a technique used to gain unauthorized access to computers by forging or modifying source IP addresses?

Rainbow table

Spear phishing

Spoofing (correct)

Brute force

What is a rainbow table used for?

Cracking password hashes (correct)

Spreading a Trojan horse

Executing a brute force attack

Launching a virus attack

Which of the following is a type of malicious software that can replicate itself and spread to other computers?

Virus (correct)

Rainbow table

Spear phishing

Brute force

What is a Trojan horse in the context of cybersecurity?

A type of malicious software disguised as legitimate software

Which of the following is a technique that involves systematically trying every possible combination of characters to guess a password or encryption key?

Brute force

What type of phishing attack is specifically targeted at high-profile individuals or organizations?

Spear phishing

Which of the following is a type of malicious software that can be used to create a backdoor in a computer system?

Trojan horse

What is the purpose of using a rainbow table in a password cracking attack?

To reduce the time required for brute-force attacks

Which of the following is a type of attack that involves sending a large number of requests to a computer system in an attempt to overload it and cause a denial of service?

Distributed Denial of Service (DDoS)

What is the primary purpose of a Trojan horse in the context of cybersecurity?

To gain unauthorized access to a computer system

Study Notes

Types of Cyber Attacks

• Brute Force: guessing a password by attempting every possible combination of characters and numbers
• Trojan: hides its true nature and reveals its designed behavior only when activated
• Virus: malware that replicates and propagates itself to multiple systems, attached to other executable programs
• Worm: capable of activation and replication without being attached to an existing program
• Advanced Fee Fraud: conducted via e-mail, recipient is due an exorbitant amount of money and needs only a small advance fee or personal banking information to facilitate the transfer

Cyber Security Threats

• Vulnerability: weakness in an asset or its defensive control system(s)
• Malware: designed to perform malicious or unwanted actions
• Human Error or Failure: accidents, employee mistakes, and social engineering
• Social Engineering: using social skills to convince people to reveal access credentials or other valuable information to an attacker

Tools and Techniques

• Packet Sniffer: software program or hardware appliance that can intercept, copy, and interpret network traffic
• Man in the Middle: group of attacks whereby a person intercepts a communications stream and inserts himself in the conversation
• Jailbreaking: escalating privileges to gain administrator-level or root access control over a smartphone operating system
• Exploit: technique used to compromise a system

Cyber Crime and Warfare

• Cyberactivist: seeks to interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency
• Cyberwarfare: seeks to interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency
• Cyberterrorist: attacks systems to conduct terrorist activities via networks or Internet pathways
• Software Piracy: unauthorized duplication, installation, or distribution of copyrighted computer software

Information Security

• Ethics: considers nature, criteria, sources, logic, and the validity of moral judgment
• Laws: mandate or prohibit certain behavior and are enforced by the state
• Asset: organizational resource that is being protected
• Liabilities: entity’s legal obligation or responsibility

Planning and Management

• Strategic Planning: sets the long-term direction to be taken by the organization and each of its component parts
• Operational Planning: organize the ongoing, day-to-day performance of tasks
• Tactical Planning: focuses on short-term undertakings that will be completed within one or two years
• Crisis Management: actions taken during and after a disaster
• Disaster Recovery Planning: process of preparing an organization to handle a disaster and recover from it, whether the disaster is natural or man-made
• Business Continuity Planning: reestablish or relocate critical business operations during a disaster that affects operations at the primary site

Standards and Policies

• De facto standard: widely adopted or accepted by a public group rather than a formal standards organization
• De jure standard: formally evaluated, approved, and ratified by a formal standards organization
• Enterprise Information Security Policy (EISP): high-level information security policy that sets the strategic direction, scope, and tone for all of an organization’s security efforts

Description

Test your knowledge on common cybersecurity threats including brute force attacks, trojans, viruses, worms, and advanced fee fraud schemes.