Page 785 - StudyBook.pdf
P. 785

Self Test Appendix • Appendix  769

                 Chapter 2: General

                 Security Concepts: Attacks


                  1.  The company’s HelpDesk begins to receive numerous calls because customers can’t access the
                      Web site’s e-commerce section. Customers report receiving a message about an unavailable
                      database system after entering their credentials.Which type of attack could not be taking
                      place?

                      A. A DDoS against the company’s Web site
                      B. A Web site spoofing of the company’s Web site
                      C. A DoS against the database system
                      D. A virus affecting the Web site and/or the database system.
                  A. If a DDoS attack was being performed on the Web site, customers would not be able to
                    access the Web site.The fact that the Web site shows a database error means the Web site is still
                    operating.
                  B. If the Web site is being spoofed, customers could be entering the password in an attacker’s
                    database. C. A DoS attack to the database could cause the database to be unavailable. D. A virus
                    infecting either the Web site or the database could cause instability and the resulting message.

                  2.  Your Company’s CEO is afraid of a DDoS attack against the company Web site, and has asked
                      you to increase the connection to the Internet to the fastest speed available.Why won’t this
                      protect from a DDoS attack?
                      A. A DDoS attack refers to the connection to the Internet, not to Web sites.
                      B. A DDoS attack can marshall the bandwidth of hundreds or thousands of computers,
                         which can saturate any Internet pipeline the company can get.
                      C. A DDoS attack can also be initiated from the internal network; therefore, increasing the
                         Internet pipeline won’t protect against those attacks.
                      D. Increasing the Internet connection speed has no influence on the effectiveness of a DDoS
                         attack.
                  B. Even with a very fast Internet connection, if thousands of machines attack the same site, it
                    will eventually be overrun.
                  A. A DDoS attack refers to any DoS that comes from many sources. B A DDoS requires
                    machines in distributed networks, so an attack from the local network does not qualify as a
                    DDoS. D. Increasing the bandwidth slows down the impact of a DDoS.

                  3.  CodeRed was a mixed threat attack that used an exploitable vulnerability in IIS to install
                      itself, modify the Web site’s default page, and launch an attack against a the Web site
                      www.whitehouse.gov on August 15.Which type of malware was not part of Code Red?









                                                                              www.syngress.com
   780   781   782   783   784   785   786   787   788   789   790