Module 5: Threats

Module 5 Assessment

True/False

Indicate whether the statement is true or false.

____ 1. An attacker has successfully committed a denial-of-service attack against a website, bringing it down for three hours until network engineers could resolve the problem. This is classified as a threat.

____ 2. Vulnerabilities are weaknesses that allow a threat to occur.

____ 3. Attacks require malicious intent, so they are always caused by people who intend to violate security.

____ 4. Lightning is an example of a threat agent.

 

Multiple Choice

Identify the choice that best completes the statement or answers the question.

____ 5. Which of the following is not an example of a threat category?

a. Attacks c. Natural event
b. Buggy software d. Human error

 

____ 6. Which of the following is not a threat to critical infrastructure?

a. Availability of very sophisticated tools that don’t require much skill to use c. The rapid development of technology
b. The high-profile nature of critical infrastructure systems d. The interconnected nature of industrial control systems

 

____ 7. An attacker that breaks into computers for profit or bragging rights is a/an . . .

a. Cracker c. Terrorist
b. Insider d. Hostile country

 

Completion

Complete the sentence.

8. The types of attacks and attackers specific to a company is known as the threat ___________.

9. A social engineering attack in which victims are tricked into clicking an emailed link that infects their system with malware or sends their user IDs and passwords to the attacker is known as ____________.

10. A security control that creates a list of authorized applications, preventing unauthorized applications from downloading and installing, is called a/an ___________.

 

Matching

Match each threat to its definition.

A. Denial-of-service (DoS) attack F. SQL injection
B. Hijacking G. Trojan horse
C. Ransomware H. Virus
D. Distributed denial-of-service (DDoS) attack I. SMTP spam engine
E. Buffer overflow J. Worm

____ 11. An attack in which multiple attackers attempt to flood a device

____ 12. Malware that replicates autonomously

____ 13. A web application attack against a connected database

____ 14. Malicious code attached to a file that, when executed, delivers its payload

____ 15. Malware that encrypts the victims files on their computer until money is sent to the attacker

____ 16. An attack that leverages email protocols to send out messages from the infected device

____ 17. An attack that seizes control of communications, sending the communications to the attacker’s system

____ 18. An attack in which a single attacker overwhelms a system with a flood of traffic in order to make it unavailable

____ 19. An attack that writes data to unexpected areas of memory, causing the device to crash

____ 20. Malware embedded in what appears to be a useful file

 

 

 

For the answers to these questions, email your name, the name of your college or other institution, and your position there to info@cyberwatchwest.org. CyberWatch West will email you a copy of the answer key.

License

Icon for the Creative Commons Attribution 4.0 International License

Critical Infrastructure Cybersecurity by Whatcom Community College and CyberWatch West is licensed under a Creative Commons Attribution 4.0 International License, except where otherwise noted.

Share This Book