CISSP Attacks MCQs
CISSP Attacks MCQs
Our experts have gathered these CISSP Attacks MCQs through research, and we hope that you will be able to see how much knowledge base you have for the subject of CISSP Attacks by answering these 30 multiple-choice questions.
Get started now by scrolling down!
1: Type: Brute force How: Attack hashing function via Brute force. Changes message until he gets one that produces the same hash value. - Why: Attacker wants to change your message without detection.
A. TDL-4 Bot-Net
B. ARP Spoof
C. SMiShing
D. Birthday
2: Completed by using commercially available couplers to place a microbend in the cable to allow light to radiate through the cladding and be exposed to a photodetector. photodetector is connected to an electro-optical converter that acts as an interfac
A. TDL-4 Bot-Net #3
B. Tap
C. Web Spoofing Attack
D. Bluetooth DoS (1 or more attackers)
3: How: SMTP doesn't provide any authentication.E-mail address spoofing is done in quite the same way as writing a forged return address using snail mail. As long as the letter fits the protocol - (i.e. stamp - postal code) the SMTP protocol will send t
A. E-mail address spoofing
B. Buffer Overflow
C. Tap
D. Heap Overflow
4: Covert Channel ICMP comms - writes data after header Sniffing - Counter: Secure protocols -
A. Loki
B. Bluetooth DoS (1 or more attackers)
C. Hijacking Tools
D. TDL-4 Bot-Net #3
5: Type: Fun or Snoop Info - How: Attacker sends unsolicited message to Bluetooth enabled device. e.g. insert contact into address book. Why: May Enable future attacks on the device via emails - Recipent reaction or get data w/o your knowledge while con
A. Loki
B. Land
C. Race Condition
D. Bluejacking
6: Mobile device attack that seeks to dupe the recipient of an SMS (short message service - text) message into downloading malware onto their handset. Once the handset is infected - it can be turned into a 'zombie -' allowing attackers to control the de
A. SMiShing
B. TDL-4 Bot-Net
C. Slamming
D. Bluetooth DoS (1 or more attackers)
7: Change user's service provider - w/o concent
A. Pharming
B. Slamming
C. Stack Overflow
D. Tribal Flood Network (TFN) & TFN2K
8: Hacker gains access to data stored on Bluetooth enabled phone. Why: hacker make phone calls - send & receive text messages - read & write phonebook contacts - eavesdrop on phone conversations - and connect to Internet. - How: requires advanced equip
A. TDL-4 Bot-Net
B. Teardrop
C. Download and Execute
D. Bluesnarfing
9: Flood w/ Pairing requests. (spoofed or not) - Victim consumed with Responses
A. Bluetooth DoS (1 or more attackers)
B. Remote Code
C. TDL-4 Bot-Net
D. Port Scanning
10: Type: Reconn - How: Use port scanning tool to identify Listening Ports (TCP/UDP) on Servers - Tools: Nmap - Foundstone Products (Scanline - etc.) - Angry IP Scanner - etc.
A. Caller ID Spoofing
B. ARP Spoof
C. Port Scanning
D. Tap
11: Type: DoS - How: Attacker sends your packets to a non-existent address - How: One way is special type of ARP poisioning.
A. Black Hole
B. Download and Execute
C. Tap
D. Worm Names
12: Juggernaut & HUNT Project - Spy then attack
A. Trinoo
B. Hijacking Tools
C. Stack Overflow
D. Pharming
13: Type: DoS (Flood or Crashing) - How: Malformed fragmented packts - Why: Causes vulnerable host to fail and/or reboot - Countermeasure: Network IDS - drop faulty or corrupted packets - ingress filters
A. Black Hole
B. Teardrop
C. Jamming
D. Hijacking Tools
14: Bluebugging - Bluesnarfing
A. Bluetooth Malicious Threats
B. Ping of Death
C. Network Address Hijacking
D. Scrubbing
15: RF interference / blocking
A. Jamming
B. TDL-4 Bot-Net #2
C. Network Address Hijacking
D. Teardrop
16: Redirect victim to fake website - How: DNS poison -
A. Worms
B. Download and Execute
C. Pharming
D. Port Scanning
17: Social engineering technique
A. TDL-4 Bot-Net #2
B. Phishing
C. Worm Names
D. Hijacking Tools
18: If phone is vulnerable to bluesnarfing or bluebugging-- seek patches. Manufacturer or manufacturer-authorized dealer. Software patches available for many older Bluetooth phones. 2) Turn device to non-discoverable mode when not using Bluetooth tech
A. Shellcode
B. Loki
C. Bluetooth Threat Mitigation
D. Mail bombing
19: Zeus - Mariposa - Storm
A. Bluetooth DoS (1 or more attackers)
B. Trinoo
C. TDL-4 Bot-Net
D. Botnet Names
20: Attacker deletes incriminating evidence or data from audit logs. - Countermeasure: Protect log from modification via strict access control
A. Bluetooth BackDoor Attack
B. Ping of Death
C. Scrubbing
D. Download and Execute
21: Aka ARP Flooding - poisioning
A. Remote Code
B. Worms
C. ARP Spoof
D. TDL-4 Bot-Net
22: Intruder re-routes data traffic from a network device to Attacker's machine
A. Ping of Death
B. Deliberate exploit
C. Network Address Hijacking
D. Cramming
23: How: Attacker uses technologies (especially associated with VoIP) that allow callers to lie about their identity and present false names and numbers - Why: defraud or harass.
A. Caller ID Spoofing
B. Hijacking Tools
C. Shellcode
D. Wardialing
24: Attacker must win the race of responding between 2 different processes carrying out a task/function. Counter: Do not Split up critical tasks that can have results or sequence altered. - Employ Software locks to files to prevent unauthorized access.
A. Pharming
B. Race Condition
C. Bluesnarfing
D. Botnet Names
25: AKA Session Hijacking - Enables user to gain control of session read change data and/or packets. Could potentially get passwords or Paswd file if attacks admin
A. Pharming
B. Shellcode
C. Network Address Hijacking
D. Stack Overflow
26: In computer security - a shellcode is a small piece of code used as the payload in the exploitation of a software vulnerability. It is called 'shellcode' because it typically starts a command shell from which the attacker can control the compromised
A. Bluetooth BackDoor Attack
B. Shellcode
C. Cramming
D. Pharming
27: Allows skilled individuals to access phone Commands using Bluetooth wireless technology without notifying or alerting the phone's user. - Why: This vulnerability allows the hacker to initiate phone calls - send and read SMS - read and write phoneboo
A. Ping of Death
B. Bluebugging
C. Worms
D. Tribal Flood Network (TFN) & TFN2K
28: Type: Buffer Overflow in the heap data area. - Heap overflows are exploitable in a different manner to that of stack-based overflows. Memory on the heap is dynamically allocated by the application at run-time and typically contains program data. Expl
A. S-RPC
B. Heap Overflow
C. Shellcode
D. Birthday
29: Type: Worm. How: Self replicating usually Rapid over net or other means.
A. Worms
B. Bluesnarfing
C. Pharming
D. Ping of Death
30: Type: Man-in-Middle Attack - AKA: Phishing - URL Spoofing - How: Spoofs the public key of web site/server - Why: Get users to go to Attackers Website instead - Goal: usually to get user's data (ID - password - bank account info - etc.) However - coul
A. Buffer Overflow
B. Race Condition
C. Download and Execute
D. Web Spoofing Attack
List of CISSP Attacks MCQs Mul...
Available in:
CISSP Attacks MCQs
