160. Which of the following does
a. Honeypots
b. Inference cells
c. Padded cells
d. Vulnerability assessment tools
160.b. Honeypot systems, padded cell systems, and vulnerability assessment tools complement IDS to enhance an organization’s ability to detect intrusion. Inference cells do not complement IDS. A honeypot system is a host computer that is designed to collect data on suspicious activity and has no authorized users other than security administrators and attackers. Inference cells lead to an inference attack when a user or intruder is able to deduce privileged information from known information. In padded cell systems, an attacker is seamlessly transferred to a special padded cell host. Vulnerability assessment tools determine when a network or host is vulnerable to known attacks.
161. Sniffing precedes which of the following?
a. Phishing and pharming
b. Spoofing and hijacking
c. Snooping and scanning
d. Cracking and scamming
Snooping, scanning, and sniffing are all actions searching for required and valuable information. They involve looking around for vulnerabilities and planning to attack. These are preparatory actions prior to launching serious penetration attacks.
Phishing is tricking individuals into disclosing sensitive personal information through deceptive computer-based means. Phishing attacks use social engineering and technical subterfuge to steal consumers’ personal identity data and financial account credentials. It involves Internet fraudsters who send spam or pop-up messages to lure personal information (e.g., credit card numbers, bank account information, social security number, passwords, or other sensitive information) from unsuspecting victims. Pharming is misdirecting users to fraudulent websites or proxy servers, typically through DNS hijacking or poisoning.
Cracking is breaking for passwords and bypassing software controls in an electronic authentication system such as user registration. Scamming is impersonating a legitimate business using the Internet. The buyer should check out the seller before buying goods or services. The seller should give out a physical address with a working telephone number.
162. Passwords and personal identification numbers (PINs) are examples of which of the following?
a. Procedural access controls
b. Physical access controls
c. Logical access controls
d. Administrative access controls
163. Which of the following statements is
a. Honeypots are deceptive measures.
b. Honeypots collect data on indications.
c. Honeypots are hosts that have no authorized users.
d. Honeypots are a supplement to properly securing networks, systems, and applications.