Difference Between DoS and DDoS Attacks Quiz

Questions and Answers

What is the core duty of cybersecurity?

• Identify, mitigate and manage risk to an organization’s digital assets (correct)
• Follow regulations or standards blindly
• Implement security controls regardless of need
• Design security controls based on business needs only

Which approach relies on regulations or standards to determine security implementations?

• Checklist-based security
• Unique risk security
• Risk-based security
• Compliance-based security (correct)

What does a 'checklist' attitude toward security refer to?

• Following business needs exclusively for security measures
• Reliance on assessing risks in cybersecurity
• Implementing controls based on unique risks
• Implementing controls without considering applicability or necessity (correct)

Why is it important to understand risk in the context of cybersecurity?

To determine, measure, and reduce risk effectively (C)

What is the main difference between compliance-based security and risk-based security?

Compliance-based implements controls without considering applicability, while risk-based addresses unique risks beyond tolerance (D)

Which function is considered one of the most critical for a cybersecurity organization?

Understanding the risk and threats faced by the organization (D)

What is the second largest source of web application malicious attacks according to the web application attack statistics in 2017?

SQL injection (C)

Which field was not mentioned as one of the top three fields badly affected by web application attacks?

Telecommunication (C)

What is the name for sending junk mails and messages to users in bulk without their consent?

Spamming (A)

Which type of cyberattack involves sending unsolicited messages through various messaging modes like emails and instant messages?

Spamming attack (B)

What type of malicious code targets data from the SQL database server and sends it to the hacker's computer?

Trojan (C)

In which year were the web application attack statistics mentioned in the text from?

2017 (A)

What are the major symptoms experienced by legitimate users during a DoS attack?

Inability to access a website, delay in accessing online service, huge delays in file opening, increased volume of spam emails, service performance degradation (D)

How can the impact of a DoS attack be mitigated?

Routing the malicious traffic, using load balancers, intrusion detection systems, intrusion prevention systems, security firewalls (A)

Which is NOT a main type of DoS attack mentioned in the text?

SSL handshake attack (B)

What is the main goal of a DDoS cyberattack?

To prevent legitimate users from accessing accounts or online services (A)

Which technology is NOT mentioned as a measure to mitigate the impact of a DoS attack?

Cloud storage (C)

What is the purpose of using security firewalls in the context of a DoS attack?

To protect against unauthorized network access and filter out malicious traffic (C)

What is the main difference between DoS and DDoS attacks?

DoS attacks are carried out without the approval or knowledge of computer owners, unlike DDoS attacks. (D)

How does a DDoS attack differ from a DoS attack in terms of traffic sources?

DDoS attacks involve controlled machines from around the globe, unlike the specific origination of traffic in DoS attacks. (D)

Why is preventing DDoS attacks considered more difficult than preventing DoS attacks?

DDoS attacks recruit computers without owner's knowledge making them hard to detect, unlike DoS attacks. (A)

What is a common characteristic of DDoS attacks according to the text?

DDoS attack recruits computers from different parts without owner's approval. (D)

Which type of attack involves HTTP, DNS, and web servers according to the text?

Connection-based application-layer attacks (C)

Why are DDoS attack types considered more challenging to prevent?

'All other techniques used in the DoS attacks' are part of DDoS attack types. (D)

What can traditional hacking tools such as phishing, worms, malwares, Trojan horses, and viruses potentially lead to?

Digital property misappropriation (D)

Which of the following is considered digital property misappropriation?

Unauthorized use of copyrighted images (C)

What did the Transparency Market Research Inc. find regarding digital property misappropriation in 2017?

Over US$6 billion were misappropriated globally (C)

What steps powered by modern technology are mentioned in the text to safeguard digital properties?

Data encryption and user controls (A)

Which of the following rules are mentioned to govern the prevention of digital property misappropriation?

Laws, patents, copyrights, trademarks (A)

What are some examples of digital resources considered under digital property misappropriation?

Videos, writings, e-books (D)

Flashcards are hidden until you start studying

Study Notes

Cybersecurity Risk

• Identifying, mitigating, and managing cybersecurity risk is the core duty of cybersecurity to protect an organization's digital assets.
• Assessing risk is a critical function of a cybersecurity organization, essential for effective policies, security implementations, resource allocation, and incident response preparedness.

Cybersecurity Risk Approaches

• There are three approaches to implementing cybersecurity:
  • Compliance-based security: relies on regulations or standards to determine security implementations, leading to a "checklist" attitude towards security.
  • Risk-based security: identifies unique risks and designs security controls to address them, considering the organization's risk tolerance and business needs.

Types of Cyberattacks

Denial of Service (DoS)

• Symptoms of a DoS attack:
  • Inability to access a website
  • Delay in accessing online services
  • Huge delays in file opening on websites
  • Increased volume of spam emails
  • Degradation of performance of services
• Mitigation steps:
  • Routing malicious traffic
  • Using load balancers to avoid heavy traffic
  • Using intrusion detection systems
  • Using intrusion prevention systems
  • Using security firewalls
• Types of DoS attacks:
  • DNS server attack
  • HTTP server attack
  • ICMP flooding
  • Network attack or buffer overflow attack
  • Large name files attack
  • Ping of death attack
  • SYN flood attack on TCP handshake protocol
  • Shrew attack

Distributed Denial of Service (DDoS)

• A type of DoS attack where multiple sources of traffic are used to attack the victim server.
• DDoS attack is more lethal than DoS attack.
• Prevention of DDoS attacks is more difficult than normal DoS attacks.
• Types of DDoS attacks:
  • Connection-based application-layer attacks
  • Connectionless volumetric attacks from multiple botnets
  • State table exhaustion attacks
  • Other techniques used in DoS attacks

SQL Injection

• SQL injection is the second largest source of web application malicious attacks (21.6%).
• SQL injection attacks:
  • Get data from the SQL database server and send it to the hacker's computer.
• Most affected fields:
  • IT
  • Banks and e-transaction websites
  • Government websites

Spamming

• Spamming is the sending of junk mails and messages in bulk without consent.
• Used for spreading malware, viruses, phishing, Trojans, worms, and spyware.
• Widespread form of malicious attacks used to send unsolicited messages through different modes of messaging.
• Can result in severe loss and damage to public lives, societies, government systems, and other critical infrastructures.

Digital Property Misappropriation

• Illegal or fraudulent use of digital resources like software and digital content without permission.
• Over US$6 billion are misappropriated in the global economy annually.
• Laws, patents, copyrights, trademarks, and other rules are in force to safeguard digital property rights.
• Steps to safeguard digital properties include:
  • Data encryption
  • Digital access control
  • User controls
  • Others