TEST BANK
Computer Security Fundamentals, 4th edition
By William Easttom
LU
XE
LI
BR
AR
Y
, Table of Content
Chapter 4: Denial of Service Attacks
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
DoS Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Illustrating an Attack . . . . . . . . . . . . . . . . . . . . . . . . . .
Common Tools Used for DoS Attacks . . . . . . . . . . . . . . . . . . .
DoS Weaknesses . . . . . . . . . . . . . . . . . . . . . . . . . . .
LU
Specific DoS Attacks . . . . . . . . . . . . . . . . . . . . . . . . .
Real-World Examples of DoS Attacks . . . . . . . . . . . . . . . . . .
How to Defend Against DoS Attacks . . . . . . . . . . . . . . . . . . .
XE
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . .
LI
BR
AR
Y
, kjhgfdsa
True / False
1. The Domain Name Service is what translates human-readable domain names into IP
addresses that computers and routers understand.
True
2. The type of hacking that involves breaking into telephone systems is called sneaking.
False—This type of hacking is called phreaking.
3. The technique for breaching a system’s security by exploiting human nature rather than
LU
technology is war-driving.
False—This describes social engineering.
4. Malware is a generic term for software that has a malicious purpose.
True
XE
5. Software that lays dormant until some specific condition is met is a Trojan horse.
False—This describes a logic bomb. Usually, the condition that is met is a
date and time.
6. Someone who breaks into a system legally to assess security deficiencies is a sneaker.
True—Companies may solicit the services of a sneaker to assess the company’s
LI
vulnerabilities.
7. Auditing is the process to determine if a user’s credentials are authorized to access a
network resource.
BR
False—This describes authentication. Auditing is the process to review logs,
records, and procedures.
8. Confidentiality, integrity, and availability are three pillars of the CIA triangle.
True
AR
9. The Health Insurance Portability and Accountability Act of 1996 requires government
agencies to identify sensitive systems, conduct computer security training, and develop
computer security plans.
False—This describes the Computer Security Act of 1987.
10The SANS Institute website is a vast repository of security-related documentation.
Y
True
Multiple Choice
1. In which type of hacking does the user block access from legitimate users without
actually accessing the attacked system?
a. Denial of service
oiuytrew
, kjhgfdsa
b. Web attack
c. Session hijacking
d. None of the above
Answer A. A denial-of-service attack is probably the most common attack on the web.
2. Your company is instituting a new security awareness program. You are responsible
for educating end users on a variety of threats, including social engineering. Which of the
following best defines social engineering?
a. Illegal copying of software
LU
b. Gathering information from discarded manuals and printouts
c. Using people skills to obtain proprietary information
d. Destruction or alteration of data
Answer D. Social Engineering is basically using people skills to gather information
XE
3. Which type of hacking occurs when the attacker monitors an authenticated session
between the client and the server and takes over that session?
a. Denial of service
b. Web attack
c. Session hijacking
d. None of the above
LI
Answer C.
BR
4. Someone who finds a flaw in a system and reports that flaw to the vendor of the
system is a .
a. White hat hacker
b. Black hat hacker
c. Gray hat hacker
d. Red hat hacker
AR
Answer A. White hat hackers are often hired by companies to do penetration tests.
5. Someone who gains access to a system and causes harm is a ?
a. White hat hacker
b. Black hat hacker
c. Grey hat hacker
Y
d. Red hat hacker
Answer B. A black hat hacker might steal data, erase files, or deface websites.
6. A black hat hacker is also called a
a. Thief
b. Cracker
c. Sneaker
d. None of the above
oiuytrew
Computer Security Fundamentals, 4th edition
By William Easttom
LU
XE
LI
BR
AR
Y
, Table of Content
Chapter 4: Denial of Service Attacks
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
DoS Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Illustrating an Attack . . . . . . . . . . . . . . . . . . . . . . . . . .
Common Tools Used for DoS Attacks . . . . . . . . . . . . . . . . . . .
DoS Weaknesses . . . . . . . . . . . . . . . . . . . . . . . . . . .
LU
Specific DoS Attacks . . . . . . . . . . . . . . . . . . . . . . . . .
Real-World Examples of DoS Attacks . . . . . . . . . . . . . . . . . .
How to Defend Against DoS Attacks . . . . . . . . . . . . . . . . . . .
XE
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . .
LI
BR
AR
Y
, kjhgfdsa
True / False
1. The Domain Name Service is what translates human-readable domain names into IP
addresses that computers and routers understand.
True
2. The type of hacking that involves breaking into telephone systems is called sneaking.
False—This type of hacking is called phreaking.
3. The technique for breaching a system’s security by exploiting human nature rather than
LU
technology is war-driving.
False—This describes social engineering.
4. Malware is a generic term for software that has a malicious purpose.
True
XE
5. Software that lays dormant until some specific condition is met is a Trojan horse.
False—This describes a logic bomb. Usually, the condition that is met is a
date and time.
6. Someone who breaks into a system legally to assess security deficiencies is a sneaker.
True—Companies may solicit the services of a sneaker to assess the company’s
LI
vulnerabilities.
7. Auditing is the process to determine if a user’s credentials are authorized to access a
network resource.
BR
False—This describes authentication. Auditing is the process to review logs,
records, and procedures.
8. Confidentiality, integrity, and availability are three pillars of the CIA triangle.
True
AR
9. The Health Insurance Portability and Accountability Act of 1996 requires government
agencies to identify sensitive systems, conduct computer security training, and develop
computer security plans.
False—This describes the Computer Security Act of 1987.
10The SANS Institute website is a vast repository of security-related documentation.
Y
True
Multiple Choice
1. In which type of hacking does the user block access from legitimate users without
actually accessing the attacked system?
a. Denial of service
oiuytrew
, kjhgfdsa
b. Web attack
c. Session hijacking
d. None of the above
Answer A. A denial-of-service attack is probably the most common attack on the web.
2. Your company is instituting a new security awareness program. You are responsible
for educating end users on a variety of threats, including social engineering. Which of the
following best defines social engineering?
a. Illegal copying of software
LU
b. Gathering information from discarded manuals and printouts
c. Using people skills to obtain proprietary information
d. Destruction or alteration of data
Answer D. Social Engineering is basically using people skills to gather information
XE
3. Which type of hacking occurs when the attacker monitors an authenticated session
between the client and the server and takes over that session?
a. Denial of service
b. Web attack
c. Session hijacking
d. None of the above
LI
Answer C.
BR
4. Someone who finds a flaw in a system and reports that flaw to the vendor of the
system is a .
a. White hat hacker
b. Black hat hacker
c. Gray hat hacker
d. Red hat hacker
AR
Answer A. White hat hackers are often hired by companies to do penetration tests.
5. Someone who gains access to a system and causes harm is a ?
a. White hat hacker
b. Black hat hacker
c. Grey hat hacker
Y
d. Red hat hacker
Answer B. A black hat hacker might steal data, erase files, or deface websites.
6. A black hat hacker is also called a
a. Thief
b. Cracker
c. Sneaker
d. None of the above
oiuytrew
