ITN 263 Midterm Review Latest 2026-
2027. Questions & Correct Answers.
Graded A
_____ ________ __________are new and previously unknown attacks for
which no current specific defenses exist. [hint 3 words] - AnsZero day
exploits
______ __________ ____________ allows an attacker to eavesdrop on
electronic devices from a distance. The technique is to perfect or simple to
perform, but has been demonstrated on LCD and CRT monitors as well as
keyboard cables. With minor shielding, you can eliminate most of the risk
from such an attack. - AnsVan Eck phreaking
_______ resolves FQDNs into the associated IP address. [hint 3 letters
abbreviation] - AnsDNS
_______ translates internal addresses into external addresses. -
AnsNetwork address translation (NAT)
_____________ is the act of avoiding single points of failure by building in
multiple elements, pathways, or methods of accomplishing each mission-
critical task. - AnsRedundancy
1
,_______________ is the process of securing or locking down a host
against threats and attacks. - AnsHardening
- The principle of least privilege is often a good guideline as to appropriate
___________settings. - AnsAuthorization
A ________ attack occurs when a hacker intervenes in a communication
session between a client and a server. The attack usually involves fooling
or tricking the client into initiating the session with the hacker's computer
instead of with the intended server. - AnsMan-in-the-middle
A ________ is a mechanism of distribution or delivery more than a specific
type of malware. - AnsTrojan
A _________ is a boundary network that hosts resource servers for the
public Internet. - AnsDMZ
A _________ is any segment, subnet, network, or collection of networks
that represent a certain level of risk. - AnsZone of risk
A ___________ is either a hardware device or a software product you
deploy to enforce the access control policy on network communications. -
AnsFirewall
A hacker captures and retransmits authentication packets against the same
server in order to gain interactive or session access to a system. This
describes which type of attack? - AnsReplay
2
, A hacker eavesdrops on a session to learn details, such as the addresses
of the session endpoints and the sequencing numbers. With this
information, the hacker desynchronizes the client, takes on the client's
addresses, and then injects crafted packets into the data stream. Which
type of attack is being described? - AnsHijacking
A hacker posing as a contract IT consultant tricks an employee into stating
his network user name and password. Which type of attack is being
described? - AnsSocial engineering
A person receives a phishing e-mail, clicks the link in the e-mail (without
understanding the risks), and is directed to a malicious Web site. The site
downloads and installs a Trojan horse program and keystroke logger on the
user's computer without the user's knowledge. What type of attack has
occurred? - AnsCross-site scripting
An attack is composed of four packets: A, B, C, and D. the IDS signature is
a packet stream of ABCD. The hacker transmits the attack as AXBCYD,
where X and Y are invalid packets. The IDS doesn't recognize the pattern,
and the target discards X and Y, enabling the ABCD attack to occur. Which
type of attack has been described? - AnsInsertion
An IT environment with a bastion host, an intrusion prevention system, and
workstation antivirus and firewall software is an example of
_____________. - AnsDefense in depth
3
2027. Questions & Correct Answers.
Graded A
_____ ________ __________are new and previously unknown attacks for
which no current specific defenses exist. [hint 3 words] - AnsZero day
exploits
______ __________ ____________ allows an attacker to eavesdrop on
electronic devices from a distance. The technique is to perfect or simple to
perform, but has been demonstrated on LCD and CRT monitors as well as
keyboard cables. With minor shielding, you can eliminate most of the risk
from such an attack. - AnsVan Eck phreaking
_______ resolves FQDNs into the associated IP address. [hint 3 letters
abbreviation] - AnsDNS
_______ translates internal addresses into external addresses. -
AnsNetwork address translation (NAT)
_____________ is the act of avoiding single points of failure by building in
multiple elements, pathways, or methods of accomplishing each mission-
critical task. - AnsRedundancy
1
,_______________ is the process of securing or locking down a host
against threats and attacks. - AnsHardening
- The principle of least privilege is often a good guideline as to appropriate
___________settings. - AnsAuthorization
A ________ attack occurs when a hacker intervenes in a communication
session between a client and a server. The attack usually involves fooling
or tricking the client into initiating the session with the hacker's computer
instead of with the intended server. - AnsMan-in-the-middle
A ________ is a mechanism of distribution or delivery more than a specific
type of malware. - AnsTrojan
A _________ is a boundary network that hosts resource servers for the
public Internet. - AnsDMZ
A _________ is any segment, subnet, network, or collection of networks
that represent a certain level of risk. - AnsZone of risk
A ___________ is either a hardware device or a software product you
deploy to enforce the access control policy on network communications. -
AnsFirewall
A hacker captures and retransmits authentication packets against the same
server in order to gain interactive or session access to a system. This
describes which type of attack? - AnsReplay
2
, A hacker eavesdrops on a session to learn details, such as the addresses
of the session endpoints and the sequencing numbers. With this
information, the hacker desynchronizes the client, takes on the client's
addresses, and then injects crafted packets into the data stream. Which
type of attack is being described? - AnsHijacking
A hacker posing as a contract IT consultant tricks an employee into stating
his network user name and password. Which type of attack is being
described? - AnsSocial engineering
A person receives a phishing e-mail, clicks the link in the e-mail (without
understanding the risks), and is directed to a malicious Web site. The site
downloads and installs a Trojan horse program and keystroke logger on the
user's computer without the user's knowledge. What type of attack has
occurred? - AnsCross-site scripting
An attack is composed of four packets: A, B, C, and D. the IDS signature is
a packet stream of ABCD. The hacker transmits the attack as AXBCYD,
where X and Y are invalid packets. The IDS doesn't recognize the pattern,
and the target discards X and Y, enabling the ABCD attack to occur. Which
type of attack has been described? - AnsInsertion
An IT environment with a bastion host, an intrusion prevention system, and
workstation antivirus and firewall software is an example of
_____________. - AnsDefense in depth
3
