## Understanding Security Threats **Latest Submission Grade: 84.

61%**
### Question 1 A network-based attack where one attacking machine overwhelms a target with
traffic is a(n) _______ attack. * Injection * Malware * **Denial of Service** * Brute force
password > This is a classic denial-of-service attack. Note that this is not a distributed denial-of-
service attack, as the attack traffic is coming from a single source and not distributed over many
attacking hosts
### Question 2 When cleaning up a system after a compromise, you should look closely for any
______ that may have been installed by the attacker. * Poisoned DNS caches [INCORRECT] *
Backdoors * Rogue APs * Injection attacks
### Question 3 A(n) _____ attack is meant to prevent legitimate traffic from reaching a service.
* Denial of Service * Injection * Password * DNS Cache poisoning [INCORRECT]
### Question 4 The best defense against password attacks is using strong _______. *
**Passwords** * Encryption * Firewall configs * Antimalware software > Strong passwords will
make password attacks too time-consuming to be viable for an attacker.
### Question 5 Which of these is an example of the confidentiality principle that can help keep
your data hidden from unwanted eyes? * **Protecting online accounts with password
protection** * Making sure the data hasn't been tampered with * Preventing data loss *
Preventing an unwanted download > Password protection can help limit access to your data so
that only those who need it can see it.
### Question 6 What could potentially decrease the availability of security and also test the
preparedness of data loss? * Adware * Keylogger * Spyware * **Ransomware** > Ransomware
could prevent access to your data by holding the data hostage until you pay a ransom.
### Question 7 Which of these is a characteristic of Trojan malware? * A Trojan is basically
backdoor malware. * A Trojan may get installed without the user’s consent. * A Trojan is the
same thing as a rootkit. * **A Trojan infection needs to be installed by the user.** > Just like how
the historical Trojan horse was accepted into the city by the citizens of Troy, a malicious Trojan
disguised in a trusted program has to be accepted and executed by the user.
### Question 8 What is it called when a hacker is able to get into a system through a secret
entryway in order to maintain remote access to the computer? * **A backdoor** * Ransomware *
A Trojan * Adware > A backdoor is a way for a hacker to get into a system through a secret
entryway.
### Question 9 An unhappy Systems Administrator wrote a malware program to bring down the
company's services after a certain event occurred. What type of malware does this describe? *
**A logic bomb** * A rootkit * Ransomware * Spyware > A logic bomb is malware that is
intentionally triggered by a hacker once a certain event or time has occurred.
### Question 10 Which of these is where a victim connects to a network that the victim thinks is
legitimate, but is really an identical network controlled by a hacker to monitor traffic? * A Denial
of Service (DoS) * **Evil Twin** * A logic bomb * DNS Cache Poisoning > The premise of an Evil
Twin is for the victim to connect to a network that is identical to a legit one, but it is actually
controlled by a hacker.
### Question 11 How can injection attacks be prevented? Check all that apply. * **Data
sanitization** * Flood guards * Log analysis systems * **Input validation** > Injection attacks can
be mitigated with good software development principles such as validating input.
### Question 12 If a hacker targets a vulnerable website by running commands that delete the
website's data in its database, what type of attack did the hacker perform? * A Denial-of-Service
(DoS) attack * A dictionary attack * Cross-site Scripting (XSS) * **SQL injection** > A SQL
injection targets an entire website if the site uses a SQL database. If vulnerable, hackers can
run SQL commands that allow them to delete web data, copy it, and run other malicious
commands.
### Question 13 An attacker, acting as a postal worker, used social engineering tactics to trick
an employee into thinking she was legitimately delivering packages. The attacker was then able
to gain physical access to a restricted area by following behind the employee into the building.
What type of attack did the attacker perform? Check all that apply. * Tailgating * Phishing *
Spoofing * **Social engineering** > Social engineering is an attack method that relies heavily on
interactions with humans. Humans will always be the weakest link in a security system.