Page 112 - StudyBook.pdf
P. 112
96 Chapter 2 • General Security Concepts: Attacks
US-CERT (www.us-cert.gov/cas/signup.html), Securiteam
(www.securiteam.com/mailinglist.html), and SecurityTracker (www.security-
tracker.com/signup/signup_now.html) .
Self Test
A Quick Answer Key follows the Self Test questions. For complete questions,
answers, and explanations to the Self Test questions in this chapter as well as
the other chapters in this book, see the Self Test Appendix.
1. The company’s HelpDesk begins to receive numerous calls because customers
can’t access the Web site’s e-commerce section. Customers report receiving a
message about an unavailable database system after entering their credentials.
Which type of attack could not be taking place?
A. A DDoS against the company’s Web site
B. A Web site spoofing of the company’s Web site
C. A DoS against the database system
D. A virus affecting the Web site and/or the database system.
2. Your Company’s CEO is afraid of a DDoS attack against the company Web
site, and has asked you to increase the connection to the Internet to the fastest
speed available.Why won’t this protect from a DDoS attack?
A. A DDoS attack refers to the connection to the Internet, not to Web sites.
B. A DDoS attack can marshall the bandwidth of hundreds or thousands of
computers, which can saturate any Internet pipeline the company can get.
C. A DDoS attack can also be initiated from the internal network; therefore,
increasing the Internet pipeline won’t protect against those attacks.
D. Increasing the Internet connection speed has no influence on the effective-
ness of a DDoS attack.
3. CodeRed was a mixed threat attack that used an exploitable vulnerability in
IIS to install itself, modify the Web site’s default page, and launch an attack
against a the Web site www.whitehouse.gov on August 15.Which type of mal-
ware was not part of Code Red?
www.syngress.com
