Governance, risk, compliance (Grc) exam
Questions wit answers 100% correct
Spoofing (Hacking) ✔✔ faking the sending address of a transmission in order to gain illegal entry into a
secure system
Targeted Attacks (Hacking) ✔✔ attackers selected a person or asset then actively pursue and
compromise the target while maintaining anonymity
Token Impersonation (Hacking) ✔✔ mimicking a token
Token ✔✔ a physical device that is used to authenticate a user, typically in addition to a username or
password
-displays a pseudo random number that changes every few minutes
GRC ✔✔ strategy for managing an organization's overall Governance, enterprise Risk management and
Compliance with regulations.
-Structured approach to aligning IT with business objectives, while effectively managing risk and meeting
compliance requirements
War Dialing (Hacking) ✔✔ software packages that sequentially dial telephone numbers, recording any
numbers that answer
Zombies (bot) (Hacking) ✔✔ a computer that a remote attacker has accessed and set up to forward
transmission to other computers on the internet
IP (internet protocol) address ✔✔ a unique binary number used to identify devices on a network
Domain Name Systems (DNS) ✔✔ a hierarchical database that is distributed across the internet that
allows names to be resolved into IP addresses and vice versa to locate services such as web and email
servers
, Spoofing Examples ✔✔ email
caller id
web pages
ip addresses
dns
Credential Theft Attack Techniques ✔✔ key logging
man in the middle attacks
pass-the-hash
token impersonation
Credential theft and reuse types of attack ✔✔ use an iterative two-stage process:
1. an attacker captures account log-on credentials on one computer
2. the attacker uses those captured credentials to authenticate to other computers over the network
Hacking attacks that exploit software or hardware vulnerabilities ✔✔ 1. SQL injections (insertion) attack
2. Cross-site scripting (XSS)
3. Buffer (cache) overflow attack
SQL injections (insertion) attack ✔✔ an attacker manipulates SQL code by entering malicious code into a
query to gain access to database information in ways not intended during application design
Cross-site scripting (XSS) ✔✔ 1) an attacker manipulates an otherwise trusted Web site's code and
injects it with malicious code
2) unsuspecting users visit the Web site, the code is able to collect data from the user
-attacks occur when an attacker uses a web app to send malicious code (in the form of a browser side
script, to a different end user)
Questions wit answers 100% correct
Spoofing (Hacking) ✔✔ faking the sending address of a transmission in order to gain illegal entry into a
secure system
Targeted Attacks (Hacking) ✔✔ attackers selected a person or asset then actively pursue and
compromise the target while maintaining anonymity
Token Impersonation (Hacking) ✔✔ mimicking a token
Token ✔✔ a physical device that is used to authenticate a user, typically in addition to a username or
password
-displays a pseudo random number that changes every few minutes
GRC ✔✔ strategy for managing an organization's overall Governance, enterprise Risk management and
Compliance with regulations.
-Structured approach to aligning IT with business objectives, while effectively managing risk and meeting
compliance requirements
War Dialing (Hacking) ✔✔ software packages that sequentially dial telephone numbers, recording any
numbers that answer
Zombies (bot) (Hacking) ✔✔ a computer that a remote attacker has accessed and set up to forward
transmission to other computers on the internet
IP (internet protocol) address ✔✔ a unique binary number used to identify devices on a network
Domain Name Systems (DNS) ✔✔ a hierarchical database that is distributed across the internet that
allows names to be resolved into IP addresses and vice versa to locate services such as web and email
servers
, Spoofing Examples ✔✔ email
caller id
web pages
ip addresses
dns
Credential Theft Attack Techniques ✔✔ key logging
man in the middle attacks
pass-the-hash
token impersonation
Credential theft and reuse types of attack ✔✔ use an iterative two-stage process:
1. an attacker captures account log-on credentials on one computer
2. the attacker uses those captured credentials to authenticate to other computers over the network
Hacking attacks that exploit software or hardware vulnerabilities ✔✔ 1. SQL injections (insertion) attack
2. Cross-site scripting (XSS)
3. Buffer (cache) overflow attack
SQL injections (insertion) attack ✔✔ an attacker manipulates SQL code by entering malicious code into a
query to gain access to database information in ways not intended during application design
Cross-site scripting (XSS) ✔✔ 1) an attacker manipulates an otherwise trusted Web site's code and
injects it with malicious code
2) unsuspecting users visit the Web site, the code is able to collect data from the user
-attacks occur when an attacker uses a web app to send malicious code (in the form of a browser side
script, to a different end user)
