5.5: Assessment
True/False
Indicate whether the statement is true or false.
____ 1. An attacker has successfully committed a denial-of-service attack against a website, bringing it down for three hours until network engineers could resolve the problem. This is classified as a threat.
____ 2. Vulnerabilities are weaknesses that allow a threat to occur.
____ 3. Attacks require malicious intent, so they are always caused by people who intend to violate security.
____ 4. Lightning is an example of a threat agent.
Multiple Choice
Identify the choice that best completes the statement or answers the question.
____ 5. Which of the following is not an example of a threat category?
| a. Attacks | c. Natural event |
| b. Buggy software | d. Human error |
____ 6. Which of the following is not a threat to critical infrastructure?
| a. Availability of very sophisticated tools that don’t require much skill to use | c. The rapid development of technology |
| b. The high-profile nature of critical infrastructure systems | d. The interconnected nature of industrial control systems |
____ 7. An attacker that breaks into computers for profit or bragging rights is a/an . . .
| a. Cracker | c. Terrorist |
| b. Insider | d. Hostile country |
Completion
Complete the sentence.
8. The types of attacks and attackers specific to a company is known as the threat ___________.
9. A social engineering attack in which victims are tricked into clicking an emailed link that infects their system with malware or sends their user IDs and passwords to the attacker is known as ____________.
10. A security control that creates a list of authorized applications, preventing unauthorized applications from downloading and installing, is called a/an ___________.
Matching
Match each threat to its definition.
| A. Denial-of-service (DoS) attack | F. SQL injection |
| B. Hijacking | G. Trojan horse |
| C. Ransomware | H. Virus |
| D. Distributed denial-of-service (DDoS) attack | I. SMTP spam engine |
| E. Buffer overflow | J. Worm |
____ 11. An attack in which multiple attackers attempt to flood a device
____ 12. Malware that replicates autonomously
____ 13. A web application attack against a connected database
____ 14. Malicious code attached to a file that, when executed, delivers its payload
____ 15. Malware that encrypts the victims files on their computer until money is sent to the attacker
____ 16. An attack that leverages email protocols to send out messages from the infected device
____ 17. An attack that seizes control of communications, sending the communications to the attacker’s system
____ 18. An attack in which a single attacker overwhelms a system with a flood of traffic in order to make it unavailable
____ 19. An attack that writes data to unexpected areas of memory, causing the device to crash
____ 20. Malware embedded in what appears to be a useful file
For the answers to these questions, email your name, the name of your college or other institution, and your position there to info@cyberwatchwest.org . CyberWatch West will email you a copy of the answer key.