IT Security & Ethical Hacking
This exam is meant for the final module for WCSE
Questions and Answers
- 1.
Which of the following is a remote administration tool used by attackers to take control of Windows-based systems in a backdoor type of attack?
- A.
Back Orifice
- B.
Dictionary
- C.
Man-in-the-middle
- D.
Brute force
Correct Answer
A. Back OrificeExplanation
Back Orifice is a remote administration tool used by attackers to take control of Windows-based systems in a backdoor type of attack. Brute-force attacks and dictionary attacks are password-guessing attacks, while man-in-the-middle is its own type of attack and not a type of remote administration attack.Rate this question:
-
- 2.
Which of the following are popular examples of denial-of-service attacks? (Choose all that apply.)
- A.
Buffer overflow
- B.
Star of pain
- C.
Ping of death
- D.
Memlock
Correct Answer(s)
A. Buffer overflow
C. Ping of deathExplanation
Both the ping of death and buffer overflow attacks are popular examples of denial-of-service (DoS) attacks. The other options given are fictitious and not popular examples of DoS attacks.Rate this question:
-
- 3.
Which of the following is another name for active sniffing?
- A.
War driving
- B.
Chalking
- C.
TCP/IP hijacking
- D.
Apt cleanup
Correct Answer
C. TCP/IP hijackingExplanation
Active sniffing is more commonly known as TCP/IP hijacking. The other choices given are not valid names for active sniffing.Rate this question:
-
- 4.
During which general type of attack does someone try to disrupt your network and services?
- A.
Access
- B.
Modification and repudiation
- C.
Denial-of-service
- D.
Interception
Correct Answer
C. Denial-of-serviceExplanation
A denial-of-service (DoS) attack tries to disrupt your network and services. In an access attack, someone who should not be able to have access wants access to your resources. During a modification and repudiation attack, someone wants to modify information in your system(s). Interception is a type of access attack but not a general attack category type.Rate this question:
-
- 5.
Which of the following goals of information security refers to identifying events when they occur?
- A.
Detection
- B.
Prevention
- C.
Recursion
- D.
Response
Correct Answer
A. DetectionExplanation
The three primary goals of information security are prevention, detection, and response. Detection refers to identifying events when they occur. Prevention refers to preventing computer or information violations from occurring. Response refers to developing strategies and techniques to deal with an attack or loss.Rate this question:
-
- 6.
Which language is seen as a successor to HTML and offers many capabilities that HTML does not?
- A.
XML
- B.
SGML
- C.
CSS
- D.
CML
Correct Answer
A. XMLExplanation
eXtensible Markup Language (XML) is seen as a successor to HTML and offers many capabilities that HTML does not. The other choices are all languages that predate HTML or are not seen as successors to HTML.Rate this question:
-
- 7.
Which of the following are common ways to provide secure connections between a web client and a web server? (Choose two.)
- A.
ActiveX
- B.
SSL/TLS
- C.
SML
- D.
HTTPS
Correct Answer(s)
B. SSL/TLS
D. HTTPSExplanation
Both Secure Socket Layer/Transport Layer Security (SSL/TLS) and HTTP Secure (HTTPS) are common ways to provide secure connections between a web client and a web server. Regardless of which is used, port 443 is utilized. The other two choices are not valid protocols for providing secure connections between a web client and a web server.Rate this question:
-
- 8.
Java applets run in a restricted area of memory. What is this restricted area known as?
- A.
DMZ
- B.
Parking lot
- C.
Sandbox
- D.
No-fly zone
Correct Answer
C. SandboxExplanation
The restricted area of memory that Java applets run in is the sandbox. The other options do not represent the restricted area of memory that Java applets run in.Rate this question:
-
- 9.
What is the term used when an application receives more data than it is programmed to accept?
- A.
Buffer overflow
- B.
Cookie
- C.
SMTP Relay
- D.
Open Relay
Correct Answer
A. Buffer overflowExplanation
When an application receives more data than it is programmed to accept, it is a buffer overflow. The application will either terminate or write data beyond the allocated space. A cookie is a text file that a browser maintains on a user's hard disk in order to store information about the user. SMTP Relay is an email feature that is intended to allow the server to forward email to other servers. Open Relay is a type of SMTP Relay that is being exploited.Rate this question:
-
- 10.
Which file extension is used to indicate a JavaScript file?
- A.
.jar
- B.
.java
- C.
.js
- D.
.jpg
Correct Answer
C. .jsExplanation
The extension for a JavaScript file is .js. The extension for a JPEG file is .jpg. The extension for a Java applet is .jar. The extension on Java source code is .java.Rate this question:
-
- 11.
What is the term used for a text file that a browser maintains on a user's hard disk in order to store information about the user?
- A.
Buffer overflow
- B.
Cookie
- C.
SMTP Relay
- D.
Open Relay
Correct Answer
B. CookieExplanation
A cookie is a text file that a browser maintains on a user's hard disk in order to store information about the user. When an application receives more data than it is programmed to accept, it is a buffer overflow. The application will either terminate or write data beyond the allocated space. SMTP Relay is an email feature that is intended to allow the server to forward email to other servers. Open Relay is a type of SMTP Relay that is being exploited.Rate this question:
-
- 12.
Which of the following is the process of systematically identifying a network and its security posture?
- A.
Packet sniffing
- B.
Footprinting
- C.
Scanning
- D.
Signal analysis/intelligence
Correct Answer
B. FootprintingExplanation
Footprinting is the process of systematically identifying a network and its security posture. Packet sniffing is the process of monitoring data that is transmitted across a network. Scanning is the process that attackers use to gather information about how your network is configured. Signal analysis/intelligence involves methods used to gain information about your environment including footprinting and scanning.Rate this question:
-
- 13.
Which type of instant messaging (IM) attack can occur when a user closes one window and dozens of others suddenly pop open?
- A.
Jamming
- B.
DoS
- C.
Buffer overflow
- D.
Flooding
Correct Answer
B. DoSExplanation
A denial-of-service (DoS) attack in IM can take the form of many windows popping open as soon as the user tries to close one. Jamming is intended to disrupt existing systems by injecting or flooding a channel with garbage data. A malformed MIME message can cause buffer overflow.Rate this question:
-
- 14.
What is the term used for an email feature intended to allow the server to forward email to other servers?
- A.
Buffer overflow
- B.
Cookie
- C.
SMTP Relay
- D.
Open Relay
Correct Answer
C. SMTP RelayExplanation
SMTP Relay is an email feature that is intended to allow the server to forward email to other servers. When an application receives more data than it is programmed to accept, it is a buffer overflow. The application will either terminate or write data beyond the allocated space. A cookie is a text file that a browser maintains on a user's hard disk in order to store information about the user. Open Relay is a type of SMTP Relay that is being exploited.Rate this question:
-
- 15.
Which protocol is used to manage group or multicasting sessions?
- A.
SNMP
- B.
ICMP
- C.
IGMP
- D.
TFTP
Correct Answer
C. IGMPExplanation
Internet Group Management Protocol (IGMCP) is used to manage group or multicasting sessions. Simple Network Management Protocol (SNMP) is used to manage and monitor devices in a network. Internet Control Message Protocol (ICMP) is used to report errors and reply to requests from programs such as ping and traceroute. Trivial File Transfer Protocol (TFTP) is an anonymous version of FTP.Rate this question:
-
- 16.
Which type of instant messaging (IM) problem can occur from a malformed MIME message?
- A.
Jamming
- B.
DoS
- C.
Buffer overflow
- D.
Flooding
Correct Answer
C. Buffer overflowExplanation
A malformed MIME message can cause buffer overflow. Jamming is intended to disrupt existing systems by injecting or flooding a channel with garbage data. A DoS attack in IM can take the form of many windows popping open as soon as the user tries to close one.Rate this question:
-
- 17.
Which of the following file extensions would not indicate an executable file?
- A.
.bat
- B.
.com
- C.
.exe
- D.
None of the above
Correct Answer
D. None of the aboveExplanation
The .bat extension is used for batch files. The .com extension is used on command files. The .exe extension is used on executable files. All of these are executable files.Rate this question:
-
- 18.
What is the term used for an exploited email feature originally intended to allow the server to forward email to other servers?
- A.
Buffer overflow
- B.
Cookie
- C.
SMTP Relay
- D.
Open Relay
Correct Answer
D. Open RelayExplanation
Open Relay is a type of SMTP Relay that is being exploited. When an application receives more data than it is programmed to accept, it is a buffer overflow. The application will either terminate or write data beyond the allocated space. A cookie is a text file that a browser maintains on a user's hard disk in order to store information about the user. SMTP Relay is an email feature that is intended to allow the server to forward email to other servers.Rate this question:
-
- 19.
Which of the following is the process that attackers use to gather information about how your network is configured?
- A.
Packet sniffing
- B.
Footprinting
- C.
Scanning
- D.
Signal analysis/intelligence
Correct Answer
C. ScanningExplanation
Scanning is the process that attackers use to gather information about how your network is configured. Packet sniffing is the process of monitoring data that is transmitted across a network. Footprinting is the process of systematically identifying a network and its security posture. Signal analysis/intelligence involves methods used to gain information about your environment including footprinting and scanning.Rate this question:
-
- 20.
Which file extension is used to indicate a JPEG file?
- A.
.jar
- B.
.java
- C.
.js
- D.
.jpg
Correct Answer
D. .jpgExplanation
The extension for a JPEG file is .jpg. The extension for a Java applet is .jar. The extension on Java source code is .java. The extension for a JavaScript file is .js.Rate this question:
-
- 21.
Which type of IM attack is intended to disrupt existing systems by injecting or flooding a channel with garbage data?
- A.
Jamming
- B.
DoS
- C.
Buffer overflow
- D.
Flooding
Correct Answer
A. JammingExplanation
Jamming is intended to disrupt existing systems by injecting or flooding a channel with garbage data. A DoS attack in IM can take the form of many windows popping open as soon as the user tries to close one. A malformed MIME message can cause buffer overflow.Rate this question:
-
- 22.
You want to block all web traffic on the firewall, with and without SSL. Which port(s) should you block? (Choose all that apply.)
- A.
80
- B.
334
- C.
443
- D.
801
Correct Answer(s)
A. 80
C. 443Explanation
Standard web traffic uses port 80. When SSL is used (HTTPS), traffic is conducted on port 443. You don't need to block the other ports.Rate this question:
-
- 23.
Which of the following is not one of the main components of the security triad?
- A.
Distributed
- B.
Physical
- C.
Operational
- D.
Management
Correct Answer
A. DistributedExplanation
The three components of the computer security triad that interact to provide a reasonably secure environment are physical, operational, and management.Rate this question:
-
- 24.
Which of the following goals of information security refers to preventing computer or information violations from occurring?
- A.
Detection
- B.
Prevention
- C.
Recursion
- D.
Response
Correct Answer
B. PreventionExplanation
The three primary goals of information security are prevention, detection, and response. Prevention refers to preventing computer or information violations from occurring. Detection refers to identifying events when they occur. Response refers to developing strategies and techniques to deal with an attack or loss.Rate this question:
-
- 25.
During which general type of attack does someone who should not be able to get access attempt to get to your resources?
- A.
Access
- B.
Modification and repudiation
- C.
Denial-of-service
- D.
Interception
Correct Answer
A. AccessExplanation
In an access attack, someone who should not be able to get it wants access to your resources. During a modification and repudiation attack, someone wants to modify information in your system(s). A denial-of-service (DoS) attack tries to disrupt your network and services. Interception is a type of access attack but not a general attack category type.Rate this question:
-
- 26.
Which of the following are the most popular spoofing attacks? (Choose two.)
- A.
TCP spoofing
- B.
DHCP spoofing
- C.
IP spoofing
- D.
DNS spoofing
Correct Answer(s)
C. IP spoofing
D. DNS spoofingExplanation
The two most common, or popular, spoofing attacks today are IP spoofing and DNS spoofing. The other choices do not represent the most popular spoofing attacks.Rate this question:
-
- 27.
Which of the following is a remote administration tool used by attackers to take control of Windows-based systems in a backdoor type of attack?
- A.
Brute force
- B.
Dictionary
- C.
Man-in-the-middle
- D.
NetBus
Correct Answer
D. NetBusExplanation
NetBus is a remote administration tool used by attackers to take control of Windows-based systems in a backdoor type of attack. Brute-force attacks and dictionary attacks are password-guessing attacks, while man-in-the-middle is its own type of attack and not a type of remote administration attack.Rate this question:
-
- 28.
What type of software hides certain things from the operating system?
- A.
Rootkit
- B.
Spyware
- C.
Adware
- D.
SCR
Correct Answer
A. RootkitExplanation
Rootkits have become popular and work by hiding certain things (such as running processes) from the operating system. Spyware is software that acts on behalf of a third party and collects information. Adware is a type of spyware that is often used to generate unwanted/unsolicited pop-up advertisements. SCR viruses are those that are disguised as or within screen savers.Rate this question:
-
- 29.
Which type of virus will change its form in order to avoid detection?
- A.
Stealth
- B.
Retrovirus
- C.
Multipartite
- D.
Polymorphic
Correct Answer
D. PolymorphicExplanation
A polymorphic virus will change its form in order to avoid detection. A stealth virus avoids detection by making itself indistinguishable from other applications. A retrovirus attacks, or bypasses, the antivirus software installed on a computer. A multipartite virus attacks a system in multiple ways.Rate this question:
-
- 30.
Which of the following types of viruses modifies and alters other programs and databases?
- A.
Phage
- B.
Companion
- C.
Macro
- D.
Armored
Correct Answer
A. PhageExplanation
A phage virus modifies and alters other programs and databases. A companion virus attaches itself to a legitimate program and then creates a program with a different file extension. A macro virus exploits the macro ability in many application programs. An armored virus is designed to make itself difficult to detect or analyze.Rate this question:
-
- 31.
Which of the following goals of information security refers to developing strategies and techniques to deal with an attack or loss?
- A.
Detection
- B.
Prevention
- C.
Recursion
- D.
Response
Correct Answer
D. ResponseExplanation
The three primary goals of information security are prevention, detection, and response. Response refers to developing strategies and techniques to deal with an attack or loss. Detection refers to identifying events when they occur. Prevention refers to preventing computer or information violations from occurring.Rate this question:
-
- 32.
Which of the following access attacks amounts to someone routinely monitoring network traffic?
- A.
Snooping
- B.
Passive interception
- C.
Eavesdropping
- D.
Active interception
Correct Answer
B. Passive interceptionExplanation
All the choices listed are various types of access attacks. In a passive interception attack, someone routinely monitors network traffic. In a snooping attack, someone looks through your files in hopes of finding something interesting. In an eavesdropping attack, the attacker listens in on or overhears parts of a conversation. In an active interception attack, a computer is placed between the sender and receiver to capture information while it's sent.Rate this question:
-
- 33.
During which general type of attack does someone want to modify information in your system?
- A.
Access
- B.
Modification and repudiation
- C.
Denial-of-service
- D.
Interception
Correct Answer
B. Modification and repudiationExplanation
During a modification and repudiation attack, someone wants to modify information in your system(s). A denial-of-service (DoS) attack tries to disrupt your network and services. In an access attack, someone who should not be able to have access wants access to your resources. Interception is a type of access attack but not a general attack category.Rate this question:
-
- 34.
Which type of virus attacks a system in multiple ways?
- A.
Stealth
- B.
Retrovirus
- C.
Multipartite
- D.
Polymorphic
Correct Answer
C. MultipartiteExplanation
A multipartite virus attacks a system in multiple ways. A polymorphic virus will change its form in order to avoid detection. A stealth virus avoids detection by making itself indistinguishable from other applications. A retrovirus attacks, or bypasses, the antivirus software installed on a computer.Rate this question:
-
- 35.
Which of the following is a type of spyware that is often used to generate unwanted/unsolicited pop-up advertisements?
- A.
Rootkit
- B.
Grayware
- C.
Adware
- D.
SCR
Correct Answer
C. AdwareExplanation
Spyware is software that acts on behalf of a third party and collects information. Adware is a type of spyware that is often used to generate unwanted/unsolicited pop-up advertisements. Rootkits have become popular and work by hiding certain things (such as running processes) from the operating system. SCR viruses are those that are disguised as or within screen savers.Rate this question:
-
- 36.
Which of the following authentication protocols employs certificates that contain rights and access privileges of a bearer as part of its payload?
- A.
CHAP
- B.
Security token
- C.
PAP
- D.
Kerberos
Correct Answer
B. Security tokenExplanation
Security tokens are forms of certificates that contain rights and access privileges of a token bearer as part of their token. Challenge Handshake Authentication Protocol (CHAP) challenges a system to verify identity and employs an encrypted challenge. Password Authentication Protocol (PAP) offers no true security and is one of the simplest forms of authentication: both the username and the password are sent as clear text and checked for a match. Kerberos authenticates a principal (user, system, program, and so on) and provides it with a ticket.Rate this question:
-
- 37.
Which of the following is a type of virus disguised as or within screen savers?
- A.
Rootkit
- B.
Grayware
- C.
Adware
- D.
SCR
Correct Answer
D. SCRExplanation
SCR viruses are those that are disguised as or within screen savers. Grayware is a classification for software that is annoying; this includes spyware (which acts on behalf of a third party and collects information) and adware. Adware is often used to generate unwanted/unsolicited pop-up advertisements. Rootkits have become popular and work by hiding certain things (such as running processes) from the operating system.Rate this question:
-
- 38.
Which type of virus often attacks the antivirus software installed on a computer?
- A.
Stealth
- B.
Retrovirus
- C.
Multipartite
- D.
Polymorphic
Correct Answer
B. RetrovirusExplanation
A retrovirus attacks, or bypasses, the antivirus software installed on a computer. A stealth virus avoids detection by making itself indistinguishable from other applications. A multipartite virus attacks a system in multiple ways. A polymorphic virus will change its form in order to avoid detection.Rate this question:
-
- 39.
Which type of virus avoids detection by making itself indistinguishable from other applications?
- A.
Stealth
- B.
Retrovirus
- C.
Multipartite
- D.
Polymorphic
Correct Answer
A. StealthExplanation
A stealth virus avoids detection by making itself indistinguishable from other applications. A retrovirus attacks, or bypasses, the antivirus software installed on a computer. A multipartite virus attacks a system in multiple ways. A polymorphic virus will change its form in order to avoid detection.Rate this question:
-
- 40.
What type of software acts on behalf of a third party and collects information?
- A.
Rootkit
- B.
Spyware
- C.
Adware
- D.
SCR
Correct Answer
B. SpywareExplanation
Spyware is software that acts on behalf of a third party and collects information. Rootkits have become popular and work by hiding certain things (such as running processes) from the operating system. Adware is a type of spyware that is often used to generate unwanted/unsolicited pop-up advertisements. SCR viruses are those that are disguised as or within screen savers.Rate this question:
-
- 41.
Which of the following is a device that looks for open ports on a server?
- A.
Scanner
- B.
Freezer
- C.
Sniffer
- D.
Watchdog
Correct Answer
A. ScannerExplanation
A scanner is a device that looks for open ports. A sniffer is a device that captures and displays network traffic. Neither a freezer nor a watchdog is a valid network device used for this purpose.Rate this question:
-
- 42.
Which of the following access attacks amounts to someone placing a computer between the sender and the receiver to capture information while it's sent?
- A.
Snooping
- B.
Passive interception
- C.
Eavesdropping
- D.
Active interception
Correct Answer
D. Active interceptionExplanation
While all the choices listed are various types of access attacks, only in an active interception attack is a computer placed between the sender and receiver to capture information while it's sent. In a snooping attack, someone looks through your files in hopes of finding something interesting. In a passive interception attack, someone routinely monitors network traffic. In an eavesdropping attack, the attacker listens in on or overhears parts of a conversation.Rate this question:
-
- 43.
Which type of policy defines the configuration of systems and networks, including the installation of software, hardware, and network connections?
- A.
Administrative
- B.
Usage
- C.
User management
- D.
Security
Correct Answer
D. SecurityExplanation
A security policy defines the configuration of systems and networks, including the installation of software, hardware, and network connections. An administrative policy lays out guidelines and expectations for upgrades, monitoring, backups, and audits. A usage policy covers how information and resources are used. A user management policy identifies the various actions that must occur in the normal course of employee activities.Rate this question:
-
- 44.
Which type of policy lays out guidelines and expectations for upgrades, monitoring, backups, and audits?
- A.
Administrative
- B.
Usage
- C.
User management
- D.
Security
Correct Answer
A. AdministrativeExplanation
An administrative policy lays out guidelines and expectations for upgrades, monitoring, backups, and audits. A usage policy covers how information and resources are used. A user management policy identifies the various actions that must occur in the normal course of employee activities. A security policy defines the configuration of systems and networks, including the installation of software, hardware, and network connections.Rate this question:
-
- 45.
Which of the following access attacks amounts to listening in on or overhearing parts of a conversation?
- A.
Snooping
- B.
Passive interception
- C.
Eavesdropping
- D.
Active interception
Correct Answer
C. EavesdroppingExplanation
All of the choices listed are various types of access attacks. In an eavesdropping attack, the attacker listens in on or overhears parts of a conversation. In a snooping attack, someone looks through your files in hopes of finding something interesting. In a passive interception attack, someone routinely monitors network traffic. In an active interception attack, a computer is placed between the sender and receiver to capture information while it's sent.Rate this question:
-
- 46.
Which type of policy covers how information and resources are used?
- A.
Administrative
- B.
Usage
- C.
User management
- D.
Security
Correct Answer
B. UsageExplanation
A usage policy covers how information and resources are used. An administrative policy lays out guidelines and expectations for upgrades, monitoring, backups, and audits. A user management policy identifies the various actions that must occur in the normal course of employee activities. A security policy defines the configuration of systems and networks, including the installation of software, hardware, and network connections.Rate this question:
-
- 47.
Which type of policy identifies the various actions that must occur in the normal course of employee activities?
- A.
Administrative
- B.
Usage
- C.
User management
- D.
Security
Correct Answer
C. User managementExplanation
A user management policy identifies the various actions that must occur in the normal course of employee activities. An administrative policy lays out guidelines and expectations for upgrades, monitoring, backups, and audits. A usage policy covers how information and resources are used. A security policy defines the configuration of systems and networks, including the installation of software, hardware, and network connections.Rate this question:
-
- 48.
Which of the following is not a common level within an information policy?
- A.
Confidential
- B.
External
- C.
Private
- D.
Public
Correct Answer
B. ExternalExplanation
The common levels within an information policy are public (for all advertisements and information posted on the Web), internal (for all intranet-type information), private (for personnel records, client data, and so on), and confidential (PKI information and other restricted data).Rate this question:
-
- 49.
Which of the following is the term used to represent availability of 99.999 percent?
- A.
Five nines
- B.
Real time
- C.
Fail over
- D.
Surge time
Correct Answer
A. Five ninesExplanation
Availability of 99.999 percent is known as five nines availability.Rate this question:
-
- 50.
What is the minimum number of disks necessary to implement RAID 0?
- A.
1
- B.
2
- C.
3
- D.
4
Correct Answer
B. 2Explanation
RAID 0, disk striping, requires a minimum of two disks. RAID 1, mirroring, requires a minimum of two disks. RAID 3, disk striping with a dedicated parity disk, requires a minimum of three disks. RAID 5, disk striping with parity, requires a minimum of three disks.Rate this question:
-
Quiz Review Timeline +
Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.
-
Current Version
-
Mar 20, 2023Quiz Edited by
ProProfs Editorial Team -
Apr 27, 2012Quiz Created by
Ashwaniwetech
Back to top