Security+ Guide to Network Security Fundamentals, 2e
Solutions 2-1
Chapter 2 Review Questions
1. Attackers known as _____ like to think of themselves as an elite group who are
performing a valuable service in identifying security weaknesses.
a. crackers
b. script kiddies
c. hackers
d. cyberterrorists
2. A _____ possesses advanced computer skills and attacks computers with a
malicious intent.
a. script kiddie
b. hacker
c. cracker
d. worm zombie
3. The motivation for a computer spy is _____________.
a. financial
b. egotism
c. ideological
d. social
4. One reason employees are so successful at attacking their company’s computers
is __________.
a. they have superior networking skills
b. employees already have access to all company information
c. a company’s information security is focused on keeping out intruders
d. employees have unlimited access to company computers
5. Each of the following is a goal of cyberterrorists except _________.
a. defacing electronic information
b. denying service to legitimate users
c. committing unauthorized intrusions into critical infrastructures
d. replacing computers with unauthorized devices
6. Today the global computing infrastructure is the most likely target of attacks.
True or false?
7. Instead of attacking the computing infrastructure directly, attackers can embed
the attack in the data itself, which makes detection harder. True or false?
8. Social engineering is the easiest way to attack a computer system, requires
almost no technical ability, and is usually highly successful. True or false?
9. There is no defense for social engineering attacks. True or false?
Security+ Guide to Network Security Fundamentals, 2e
Solutions 2-2
10. The first line and strongest defense of any computer system is passwords. True
or false?
11. When an attacker sends out counterfeit e-mail messages to direct users to his
own site this is called _____. phishing
12. With a(n) _____ attack the attacker attempts to create every possible password
combination by systematically changing one character at a time and then using
each newly generated password to access the system. brute force
13. A(n) _____ attack takes each word from a dictionary and encodes it in the same
way in which the computer would encode a user’s password. dictionary
14. A(n) _____ occurs when a computer program attempts to stuff more data into a
temporary storage area than it can hold, overwriting valid computer data. buffer
overflow
15. Cryptography is based on a procedure called an algorithm, which is given a
starting value known as a(n) _____. key
16. Explain how an attacker would use a mathematical attack.
A mathematical attack may develop a statistical analysis of the characters
in an encrypted text and then analyzes the statistics in an attempt to
discover the keys and decrypt the data. Although by hand this would take
an enormous amount of time, with modern computers mathematical
attacks of this nature are much more feasible.
17. What is the birthday paradox and how is it used by attackers?
Security+ Guide to Network Security Fundamentals, 2e
Solutions 2-3
If you were to meet a complete stranger there would be only a 1 in 365
chance (0.27%) that he would have the same birthday as you. However, the
chance of meeting someone with your birthday increases remarkably faster
as you meet more people. With the first 23 people that you meet there is
actually a 50% chance and not a 6.3% chance (23 in 365) that you will find
someone with the same birthday as you. If you meet 60 people the
probability leaps to over 99% that you will share the same birthday with
one of these people. This phenomenon is called the birthday paradox. In
cryptography the birthday paradox is significant. When encrypting a
message it would be assumed that the best approach would be to randomly
select a different key value each time. However, if you pick random values
then you will actually create duplicate values much sooner than you would
expect, much like meeting someone who shares your birthday. That is, even
with random selection duplicate values will quickly appear. A birthday
attack is an attack on a cryptographical system that exploits the
mathematics underlying the birthday paradox.
18. What is the difference between a man-in-the-middle attack and a replay?
A replay attack is similar to an active man in the middle attack. However,
whereas an active man in the middle attack will change the contents of a
message before sending it on, a replay attack will only capture the message
and then send it again later (replay it).
19. Explain how a denial of service (DoS) attack works.
A denial of service (DoS) attack attempts to make a server or other
network device unavailable by flooding it with requests, such as displaying
a Web page or accessing a stored file. The server will respond to each
request from the computers that started the process. However, with a DoS
attack, the computers that launched the denial of service attack are
programmed to not reply to the server’s response. The server will “hold
the line open” and continue to wait for a response (which is never coming)
while receiving more and more requests and keeping those lines open for
responses. After a short period of time the server runs out of resources and
can no longer function.
20. What is the difference between a worm and a virus?
Security+ Guide to Network Security Fundamentals, 2e
Solutions 2-4
Although similar in nature, worms are different from viruses in two
regards. First, a virus attaches itself to another computer document, like an
e-mail message, and is then spread by traveling along with the e-mail
message. A worm, on the other hand, does not attach to a “host” document
in order to spread. A worm can spread by itself. A second difference is that
a virus needs the user to perform some type of action, like starting a
program or reading an e-mail message, in order to start the infection. A
worm does not require any action by the computer user to start it. Worms
can continuously replicate themselves until they “clog” all available
resources, such as computer memory or the network bandwidth connection.