14.5.7 Practice Questions
Which type of DoS attack exhausts the target's resources by overloading a specific program or service?
> Application layer Explanation: The goal of an Application layer DoS is to exhaust the target's resources by overloading a specific program or service. A distributed DoS attack uses multiple computers to generate the necessary traffic. A protocol DoS targets different protocols, such as TCP flags, to overload a network device, such as a firewall. An amplification DoS attack consumes the bandwidth between the target server and the internet, effectively cutting off the target.
Which of the following are risks of implementing a BYOD policy? (Select three.)
> Data leakage > Number of different devices > Improper disposal Explanation: BYOD risks include: - Data leakage - Confidential data exposure - Improper disposal - Variety of devices - Mixing of personal and corporate data - Bypassing of security policies BYOD benefits include: - Increased productivity - Employee satisfaction - Work flexibility - Lower costs
At company headquarters, several employees are having issues with their Wi-Fi access suddenly dropping and then reconnecting to the same wireless network. You decide to investigate and determine that someone has set up a rogue access point near company headquarters and is using it to capture sensitive data from the company network. Which type of social engineering attack is being used?
> Evil twin Explanation: An evil twin attack involves an attacker setting up a rogue Wi-Fi access point, using a jamming or disassociation attack to knock users off the legitimate network, and then having users reconnect to the rogue access point in order to gain access to sensitive data. Phishing is an attempt to trick a user into compromising personal information or downloading malware. Most often, it involves an email containing a malicious attachment or hyperlink. Impersonation is an attack method where the attacker impersonates a legitimate worker that should be granted access to the building or sensitive information. Eavesdropping means to listen in on other people's conversations in order to gather sensitive information.
You have been hired to help assess the security of your client's organization. During your assessment, you have found a rogue wireless access point that is configured to look identical to the legitimate wireless network. Which of the following attacks was MOST likely being carried out?
> Evil twin attack Explanation: In this scenario, a evil twin attack (also called Wi-Fi eavesdropping) is the most likely attack being carried out. In an evil twin attack, the hacker tricks users into connecting to a malicious wireless network so they can monitor and manipulate the data packets flowing across the network. When a user logs into a website, a session cookie is generated. If the hacker can intercept this data, they will be able to access the user's account. This is known as a session hijacking attack. This is not the attack most likely being carried out in this scenario. In a DNS spoofing attack, the hacker modifies a website's address in the DNS server. When the user attempts to go that website, they are redirected to the hacker's malicious site. This is not the attack most likely being carried out in this scenario. In an HTTPS spoofing attack, the hacker uses a website name that looks similar to a real site. This is not the attack most likely being carried out in this scenario.
Which of the following should you implement to monitor and manage the risks of a BYOD policy?
> Mobile device management Explanation: The term mobile device management (MDM) generally describes the policies and procedures used by an organization to maintain security and permissions on mobile devices. More specifically, MDM software is used by administrators to secure mobile devices and to enforce enterprise policies on the devices. MDM software usually offers a suite of features, including: - Policy management - Security management - Inventory management - Telecom service management - Mobile application management A Bring Your Own Device policy is the policy that allows employees to use their own computers and mobile devices for work purposes. MDM software is often used alongside a BYOD policy. Security management is a general term for using software and documented policies to protect valuable company assets. Mobile application management (MAM) is focused on applications, not devices.
Which of the following is a form of attack that tricks victims into providing confidential information, such as identity information or logon credentials, through emails or websites that impersonate an online entity that the victim trusts, such as a financial institution or well-known e-commerce site?
> Phishing Explanation: Phishing tricks victims into providing confidential information, such as identity information or logon credentials, through emails or websites that impersonate an online entity that the victim trusts, such as a financial institution or well known e-commerce site. Phishing is a specific form of social engineering. Social engineering is the general term that covers a variety of computer-based and human-based security attacks. An evil twin attack is used to knock users off of a legitimate, secure wireless network and redirect them to a malicious wireless network with the same SSID. Impersonation is an attack method where the attacker impersonates a legitimate worker that should be granted access to the building.
You have been hired to investigate a recent cybersecurity attack. You have discovered that the attacker was able to send commands to the server using the login fields and steal user credentials from the database. Which of the following attacks was your client MOST likely the victim of?
> SQL injection Explanation: Your client is most likely the victim of an SQL injection attack. SQL is the most common database language and is used by most websites. All sorts of sensitive data, such as user credentials, are stored in these databases. If the SQL database is not properly configured, an attacker can input SQL commands into text fields on a website to gain access to the data. The attacker can steal, edit, or even destroy the data contained in the database. A cross-site scripting (XSS) attack takes advantage of improperly configured input fields on the website. The attacker can hide malicious code inside of a legitimate input field and send it to the server. If the server processes the request, the malicious code will also be processed and carry out the attack. An XSS attack is not used to gain access to the database. In an on-path attack, the hacker places themselves between two devices and intercepts all communications. It is not used to gain access to the database. In a brute force attack, the attacker attempts to guess the password by using a cracking tool that submits every possible letter, number, and symbol combination in a short amount of time. This attack is not used to gain access to the database.
What do you call a system that has no anti-malware or firewall installed?
> Unprotected Explanation: A system with no anti-malware or firewall is considered unprotected. An unpatched system is missing the latest updates and patches. An end-of-life operating system is one that no longer receives patches or updates. A compliant system means that it meets the minimum requirements as defined in the security plan.
A malicious person calls an employee from a cell phone. She tells the employee that she is the vice president over the accounting department in the employee's company. She relates that she has forgotten her password and demands that the employee give her his password so that she can access the reports she needs for an upcoming presentation. She threatens to fire the employee if he does not comply. Which of the following BEST describes the type of attack that just occurred?
> Vishing Explanation: A vishing attack has occurred. Vishing involves an attacker convincing authorized personnel over the phone to grant them access to protected information by pretending to be someone who is authorized and/or requires that access. Often, the attacker poses as a member of senior management. A sense of urgency is typically fabricated to motivate the user to act quickly. Tailgating is an attempt to closely follow an authorized user into a secure building or space without providing the appropriate control measure, such as a badge. Phishing is a computer-based social engineering attack that involves sending an email that looks legitimate, but encourages the victim to click a link that takes them to a malicious website or downloads a malware file. Eavesdropping is listening in on a conversation to gather sensitive information.
Which of the following attacks exploits a vulnerability in software that has not been discovered by the developer?
> Zero-day attack Explanation: A zero-day attack exploits a vulnerability in software that has not been discovered by the developer. These attacks are referred to as zero-day attacks because that is how many days the developer has known about the vulnerability. An insider threat is an ex-employee that still has access to the network and wants to cause damage or steal data. This is not exploiting a vulnerability in software that has not yet been discovered. In a brute force attack, the attacker attempts to guess the password by using a cracking tool that submits every possible letter, number, and symbol combination in a short amount of time. This is not exploiting a vulnerability in software that has not yet been discovered. A cross-site scripting (XSS) attack takes advantage of improperly configured input fields on a website to send an attack to the server. This is not exploiting a vulnerability in software that has not yet been discovered.
