IT Security: Defense against the digital
dark arts Questions and Answers
100% Pass
Phishing, baiting, and tailgating are examples of attacks.
Malware
Password
Social engineering
Network ✔✔Social engineering
An attacker could redirect your browser to a fake website login page using what kind of attack?
Injection attack
DNS cache poisoning attack
DDoS attack
SYN flood attack ✔✔DNS cache poisoning attack
A(n) attack is meant to prevent legitimate traffic from reaching a
service. Injection
Password
Denial of Service
DNS Cache poisoning ✔✔Denial of Service
The best defense against password attacks is using strong .
Firewall configs
Passwords
Encryption
Antimalware software ✔✔Passwords
,Which of these is an example of the confidentiality principle that can help keep your data hidden
from unwanted eyes?
Preventing data loss
Making sure the data hasn't been tampered with
Preventing an unwanted download
Protecting online accounts with password protection ✔✔Protecting online accounts with password
protection
Which of these is true of vulnerabilities? Check all that apply.
A vulnerability is a flaw in the code of an application that can be exploited.
An exploit is the possibility of taking advantage of a vulnerability bug in
code. A vulnerability is the possibility of suffering a loss in the event of an
attack.
An exploit takes advantage of bugs and vulnerabilities. ✔✔A vulnerability is a flaw in the code
of an application that can be exploited.
An exploit takes advantage of bugs and vulnerabilities.
Which of these is true of blackhat and whitehat hackers?
Blackhats are malicious. Whitehats exploit weakness to help mitigate threats.
Blackhats work with owners to fix problems. Whitehats are just trying to get into a system.
Blackhats try to find weaknesses, but whitehats don't.
Blackhats and whitehats shouldn't be trusted. ✔✔Blackhats are malicious. Whitehats exploit
weakness to help mitigate threats.
A hacker infected your computer to steal your Internet connection and used your machine's
resources to mine Bitcoin. What is the name of this kind of attack?
Ransomware
Adware
Spyware
A bot ✔✔A bot
,A hacker stood outside a building and spun up a wireless network without anyone's knowledge.
At that point, the hacker was able to gain unauthorized access to a secure corporate network.
Which of these is the name of this type of attack?
A DNS Cache Poisoning attack
A Denial-of-Service (DoS) attack
A Rogue AP (Access Point) attack
SYN flood attack ✔✔A Rogue AP (Access Point) attack
What can occur during a ping of death (POD) attack? Check all that
apply. A Denial-of-Service (DoS)
A buffer overflow
Baiting
Remote code execution ✔✔A Denial-of-Service (DoS)
A buffer overflow
Remote code execution
How can injection attacks be prevented? Check all that apply.
Input validation
Flood guards
Log analysis systems
Data sanitization ✔✔Input validation
Data sanitization
Which of these is a way to help prevent brute-force attacks? Check all that apply.
Strong passwords
Password crackers
Captchas
Using a precompiled list of common passwords ✔✔Strong passwords
Captchas
, An end-user received an email stating his bank account was compromised, and that he needs to
click a link to reset his password. When the user visited the site, he recognized it as legitimate
and entered his credentials which were captured by a hacker. What type of social engineering
attack does this describe?
A baiting attack
A phishing
attack
A SQL injection attack
A tailgating attack ✔✔A phishing attack
When cleaning up a system after a compromise, you should look closely for any that may
have been installed by the attacker.
Backdoors
Poisoned DNS caches
Injection attacks
Rogue APs ✔✔Backdoors
The best defense against injection attacks is to .
Use antimalware software
Use input validation
Use strong passwords
Use a firewall ✔✔Use input validation
Which of these is an example of the integrity principle that can ensure your data is accurate and
untampered with?
Keeping a symmetric key secret
Using MACs (Message Authentication Codes)
Implementing flood guards
Using Encapsulating Security Payload ✔✔Using MACs (Message Authentication Codes)
Using Encapsulating Security Payload
What's the difference between a virus and a worm?
dark arts Questions and Answers
100% Pass
Phishing, baiting, and tailgating are examples of attacks.
Malware
Password
Social engineering
Network ✔✔Social engineering
An attacker could redirect your browser to a fake website login page using what kind of attack?
Injection attack
DNS cache poisoning attack
DDoS attack
SYN flood attack ✔✔DNS cache poisoning attack
A(n) attack is meant to prevent legitimate traffic from reaching a
service. Injection
Password
Denial of Service
DNS Cache poisoning ✔✔Denial of Service
The best defense against password attacks is using strong .
Firewall configs
Passwords
Encryption
Antimalware software ✔✔Passwords
,Which of these is an example of the confidentiality principle that can help keep your data hidden
from unwanted eyes?
Preventing data loss
Making sure the data hasn't been tampered with
Preventing an unwanted download
Protecting online accounts with password protection ✔✔Protecting online accounts with password
protection
Which of these is true of vulnerabilities? Check all that apply.
A vulnerability is a flaw in the code of an application that can be exploited.
An exploit is the possibility of taking advantage of a vulnerability bug in
code. A vulnerability is the possibility of suffering a loss in the event of an
attack.
An exploit takes advantage of bugs and vulnerabilities. ✔✔A vulnerability is a flaw in the code
of an application that can be exploited.
An exploit takes advantage of bugs and vulnerabilities.
Which of these is true of blackhat and whitehat hackers?
Blackhats are malicious. Whitehats exploit weakness to help mitigate threats.
Blackhats work with owners to fix problems. Whitehats are just trying to get into a system.
Blackhats try to find weaknesses, but whitehats don't.
Blackhats and whitehats shouldn't be trusted. ✔✔Blackhats are malicious. Whitehats exploit
weakness to help mitigate threats.
A hacker infected your computer to steal your Internet connection and used your machine's
resources to mine Bitcoin. What is the name of this kind of attack?
Ransomware
Adware
Spyware
A bot ✔✔A bot
,A hacker stood outside a building and spun up a wireless network without anyone's knowledge.
At that point, the hacker was able to gain unauthorized access to a secure corporate network.
Which of these is the name of this type of attack?
A DNS Cache Poisoning attack
A Denial-of-Service (DoS) attack
A Rogue AP (Access Point) attack
SYN flood attack ✔✔A Rogue AP (Access Point) attack
What can occur during a ping of death (POD) attack? Check all that
apply. A Denial-of-Service (DoS)
A buffer overflow
Baiting
Remote code execution ✔✔A Denial-of-Service (DoS)
A buffer overflow
Remote code execution
How can injection attacks be prevented? Check all that apply.
Input validation
Flood guards
Log analysis systems
Data sanitization ✔✔Input validation
Data sanitization
Which of these is a way to help prevent brute-force attacks? Check all that apply.
Strong passwords
Password crackers
Captchas
Using a precompiled list of common passwords ✔✔Strong passwords
Captchas
, An end-user received an email stating his bank account was compromised, and that he needs to
click a link to reset his password. When the user visited the site, he recognized it as legitimate
and entered his credentials which were captured by a hacker. What type of social engineering
attack does this describe?
A baiting attack
A phishing
attack
A SQL injection attack
A tailgating attack ✔✔A phishing attack
When cleaning up a system after a compromise, you should look closely for any that may
have been installed by the attacker.
Backdoors
Poisoned DNS caches
Injection attacks
Rogue APs ✔✔Backdoors
The best defense against injection attacks is to .
Use antimalware software
Use input validation
Use strong passwords
Use a firewall ✔✔Use input validation
Which of these is an example of the integrity principle that can ensure your data is accurate and
untampered with?
Keeping a symmetric key secret
Using MACs (Message Authentication Codes)
Implementing flood guards
Using Encapsulating Security Payload ✔✔Using MACs (Message Authentication Codes)
Using Encapsulating Security Payload
What's the difference between a virus and a worm?
