Chapter 14
The program shown is a crypter. Which of the following options best defines what this program does?
A crypter can encrypt, obfuscate, and manipulate malware to make it difficult to detect.
Which of the following best describes a DoS attack?
A hacker overwhelms or damages a system and prevents users from accessing a service.
Which of the following describes a session ID?
A unique token that a server assigns for the duration of a client's communications with the server.
The Stuxnet worm was discovered in 2010 and was used to gain sensitive information about Iran's industrial infrastructure. This worm was probably active for about five years before being discovered. During this time, the attacker had access to the target. Which type of attack was Stuxnet?
APT
Which of the following is the term used to describe what happens when an attacker sends falsified messages to link their MAC address with the IP address of a legitimate computer or server on the network?
ARP poisoning
As the cybersecurity specialist for your company, you believe a hacker is using ARP poisoning to infiltrate your network. To test your hypothesis, you have used Wireshark to capture packets and then filtered the results. After examining the results, which of the following is your best assessment regarding ARP poisoning?
ARP poisoning is occurring, as indicated by the duplicate response IP address.
Jason, an attacker, has manipulated a client's connection to disconnect the real client and allow the server to think that he is the authenticated user. Which of the following describes what he has done?
Active hijacking
Which of the following best describes the key difference between DoS and DDoS?
Attackers use numerous computers and connections.
Which of the following laws regulates emails?
CAN-SPAM Act
Which of the following are all network sniffing tools?
Cain and Abel, Ettercap, and TCPDump
You've just finished installing a wireless access point for a client. Which action best protects the access point from unauthorized tampering with its configuration settings?
Changing the default administrative password
Daphne has determined that she has malware on her Linux machine. She prefers to only use open-source software. Which anti-malware software should she use?
ClamAV
You are the network administrator for a city library. Throughout the library are several groups of computers that provide public access to the internet. Supervision of these computers has been difficult. You've had problems with patrons bringing personal laptops into the library and disconnecting the network cables from the library computers to connect their laptops to the internet. The library computers are in groups of four. Each group of four computers is connected to a hub that is connected to the library network through an access port on a switch. You want to restrict access to the network so only the library computers are permitted connectivity to the internet. What can you do?
Configure port security on the switch.
Which of the following measures will make your wireless network less visible to the casual attacker?
Disable SSID broadcast.
You are a security consultant. You've been hired to evaluate an organization's physical security practices. All employees must pass through a locked door to enter the main work area. Access is restricted using a smart card reader. Network jacks are located in the reception area so employees and vendors can access the company network for work-related purposes. Users within the secured work area are trained to lock their workstations if they will leave them for any period of time. Which of the following recommendations would you MOST likely make to this organization to increase their security?
Disable the switch ports connected to the network jacks in the reception area.
Which of the following parts of the Trojan horse packet installs the malicious code onto the target machine?
Dropper
A hacker has discovered UDP protocol weaknesses on a target system. The hacker attempts to send large numbers of UDP packets from a system with a spoofed IP address, which broadcasts out to the network in an attempt to flood the target system with an overwhelming amount of UDP responses. Which of the following DoS attacks is the hacker attempting to use?
Fraggle attack
You are configuring a new 2960 switch. You issue the following commands: switch(config)#interface fast 0/15switch(config-if)#switchport mode accessswitch(config-if)#switchport port-securityswitch(config-if)#switchport port-security maximum 1switch(config-if)#switchport port-security mac-address stickyswitch(config-if)#switchport port-security violation protect You connect a hub with two workstations to port Fa0/15. You power on Device1 and then Device2. What will be the result?
Frames from Device1 will be allowed; frames from Device2 will be dropped.
Miguel has been practicing his hacking skills. He has discovered a vulnerability on a system that he did not have permission to attack. Once Miguel discovered the vulnerability, he anonymously alerted the owner and told him how to secure the system. Which type of hacker is Miguel in this scenario?
Gray hat
Which of the following protocols is one of the most common methods used to protect packet information and defend against network attacks in VPNs?
IPsec
A small business named BigBikes, Inc. has hired you to evaluate their wireless network security practices. As you analyze their facility, you note the following: BigBikes, Inc. uses an 802.11a wireless network. The wireless network SSID is set to BWLAN. The wireless network is not broadcasting the network SSID. The wireless network uses WPA2 with AES security. Omnidirectional access points are positioned around the periphery of the building. Which of the following would you MOST likely recommend your client do to increase their wireless network security?
Implement directional access points.
Which of the following is the first step you should take if malware is found on a system?
Isolate the system from the network immediately.
A virus has replicated itself throughout systems it has infected and is executing its payload. Which of the following phases of the virus life cycle is this virus in?
Launch
Which of the following attacks, if successful, causes a switch to function like a hub?
MAC flooding
What is the least secure place to locate an omnidirectional access point when creating a wireless network?
Near a window
Your network devices are categorized into the following zone types: No-trust zone Low-trust zone Medium-trust zone High-trust zone Your network architecture employs multiple VLANs for each of these network zones. Each zone is separated by a firewall that ensures only specific traffic is allowed. Which of the following is the secure architecture concept used on this network?
Network segmentation
Using Wireshark, you have used a filter to help capture only the desired types of packets. Using the information shown in the image, which of the following best describes the effects of using the net 192.168.0.0 filter?
Only packets with either a source or destination address on the 192.168.0.0 network are captured.
Which of the following is characterized by an attacker using a sniffer to monitor traffic between a victim and a host?
Passive hijacking
While performing a penetration test, you captured a few HTTP POST packets using Wireshark. After examining the selected packet, which of the following concerns or recommendations will you include in your report?
Passwords are being sent in clear text.
Authentication, authorization, and accounting (AAA) are the three security components used to protect network access and communications. Which of the following describes the authorization security component?
Permits or denies access to the network resources a user needs to perform tasks.
Part of a penetration test is checking for malware vulnerabilities. During this process, the penetration tester needs to manually check many different areas of the system. After these checks are completed, which of the following is the next step?
Run anti-malware scans
Anti-malware software uses several methods to detect malware. One of these methods is scanning. Which of the following best describes scanning?
Scanning uses live system monitoring to detect malware immediately. This technique utilizes a database that needs to be updated regularly. Scanning is the quickest way to catch malware programs.
Which of the following malware types shows the user signs of potential harm that could occur if the user doesn't take a certain action?
Scareware
A certain attack task includes five steps as follows: Sniff the traffic between the target computer and the server. Monitor traffic with the goal of predicting the packet sequence numbers. Desynchronize the current session. Predict the session ID and take over the session. Inject commands to target the server. Which of the following tasks does the above list describe?
Session hijacking
You have just captured the following packet using Wireshark and the filter shown. Which of the following is the captured password?
St@y0ut!@
Which statement best describes a suicide hacker?
This hacker is only concerned with taking down their target for a cause. They have no concerns about being caught.
The process of analyzing an organization's security and determining its security holes is called:
Threat modeling
Heather wants to gain remote access to Randy's machine. She has developed a program and hidden it inside a legitimate program that she is sure Randy will install on his machine. Which of the following types of malware is she using?
Trojan horse
Frank, an IT tech, works for the ABC company. His friend Joe, who works for the XYZ company, informs Frank that XYZ company has been hit by a new malware attack. What is the first thing Frank should do for the ABC company?
Verify that ABC company's anti-malware software is updated and running.
Which of the following is the most secure protocol for wireless networks?
WPA2
Which type of threat actor only uses skills and knowledge for defensive purposes?
White hat
You suspect that an ICMP flood attack is taking place on your system from time to time, so you have used Wireshark to capture packets using the tcp.flags.syn==1 filter. Initially, you saw an occasional SYN or ACK packet. After a short while, you started seeing packets as shown in the image. Using the information shown, which of the following explains the difference between normal ICMP (ping) requests and an ICMP flood?
With the flood, all packets come from the same source IP address in quick succession.
Heather is performing a penetration test of her client's malware protection. She has developed a malware program that doesn't require any user interaction and wants to see how far it will spread through the network. Which of the following types of malware is she using?
Worm
In which of the following situations would you use port security?
You want to restrict the devices that can connect through a switch port.
In which of the following situations would you use port security?
You wanted to restrict the devices that could connect through a switch port.
After enabling the DHCP snooping feature, you want to apply it to your network globally. Which command will apply DHCP snooping globally?
ip dhcp snooping
Daphne suspects that a Trojan horse is installed on her system. She wants to check all active network connections to see which programs are making connections and the FQDNs of locations those programs are connecting to. Which command will allow her to do this?
netstat -f -b
You've just enabled port security on an interface of a Catalyst 2950 switch. You want to generate an SNMP trap whenever a violation occurs. Which feature should you enable?
restrict
You have been asked to perform a penetration test for a company to see if any sensitive information can be captured by a potential hacker. You have used Wireshark to capture a series of packets. Using the tcp contains invoice filter, you have found one packet. Using the captured information shown, which of the following is the account manager's email address?
