Chpt 7 Review Questions - Networking Protocols and Threats
From the list of ports, select two that are used for e-mail. (Select the two best answers.) A. 110 B. 3389 C. 143 D. 389
A and C. POP3 uses port 110; IMAP uses port 143.
A coworker goes to a website but notices that the browser brings her to a different website and that the URL has changed. What type of attack is this? A. DNS poisoning B. Denial of service C. Buffer overflow D. ARP poisoning
A. DNS poisoning can occur at a DNS server and can affect all clients on the network. It can also occur at an individual computer. Another possibility is that spyware has compromised the browser.
What is the best way to utilize FTP sessions securely? A. FTPS B. FTP passive C. FTP active D. TFTP
A. FTPS (FTP Secure) uses encryption in the form of SSL or TLS to secure file transfers.
Which port number is ultimately used by SCP? A. 22 B. 23 C. 25 D. 443
A. SCP (Secure Copy) uses SSH, which runs on port 22 by default.
Which of the following is the best option if you are trying to monitor network devices? A. SNMP B. Telnet C. FTPS D. IPsec
A. SNMP (Simple Network Management Protocol) is the best protocol to use to monitor network devices.
Which port number does the Domain Name System use? A. 53 B. 80 C. 110 D. 88
A. The Domain Name System (DNS) uses port 53.
Which TCP port does LDAP use? A. 389 B. 80 C. 443 D. 143
A. The Lightweight Directory Access Protocol (LDAP) uses port TCP 389. Note: If you are working with secure LDAP, then you will be using port 636.
You have three e-mail servers. What is it called when one server forwards e-mail to another? A. SMTP relay B. Buffer overflows C. POP3 D. Cookie
A. The SMTP relay is when one server forwards e-mail to other e-mail servers.
When users in your company attempt to access a particular website, the attempts are redirected to a spoofed website. What are two possible reasons for this? A. DoS B. DNS poisoning C. Modified hosts file D. Domain name kiting
B and C. DNS poisoning and a DNS server's modified hosts files are possible causes for why a person would be redirected to a spoofed website.
Which of the following protocols allow for the secure transfer of files? (Select the two best answers.) A. SNMP B. SFTP C. TFTP D. SCP E. ICMP
B and D. The Secure FTP (SFTP) and Secure Copy (SCP) protocols provide for the secure transfer of files.
Your web server that conducts online transactions crashed, so you examine the HTTP logs and see that a search string was executed by a single user masquerading as a customer. The crash happened immediately afterward. What type of network attack occurred? A. DDoS B. DoS C. MAC spoofing D. MITM E. DNS amplification attack
B. A denial-of-service (DoS) attack probably occurred. The attacker most likely used code to cause an infinite loop or repeating search, which caused the server to crash. It couldn't have been a DDoS (distributed denial-of-service) because only one attacker was involved.
Which of the following misuses the Transmission Control Protocol handshake process? A. Man-in-the-middle attack B. SYN attack C. WPA attack D. Replay attack
B. A synchronize (SYN) attack misuses the TCP three-way handshake process. The idea behind this is to overload servers and deny access to users.
A person attempts to access a server during a zone transfer to get access to a zone file. What type of server is that person trying to manipulate? A. Proxy server B. DNS server C. File server D. Web server
B. DNS servers are the only types of servers listed that do zone transfers. The purpose of accessing the zone file is to find out what hosts are on the network.
Don must confi gure his firewall to support TACACS+. Which port(s) should he open on the firewall? A. Port 53 B. Port 49 C. Port 161 D. Port 22
B. Port 49 is used by TACACS+.
What is a secure way to remotely administer Linux systems? A. SCP B. SSH C. SNMP D. SFTP
B. SSH (Secure Shell) is used to remotely administer Unix/Linux systems and network devices.
A malicious insider is accused of stealing confidential data from your organization. What is the best way to identify the insider's computer? A. IP address B. MAC address C. Computer name D. NetBIOS name
B. The MAC address is the best way because it is unique and is the hardest to modify or spoof.
A DDoS attack can be best defined as what? A. Privilege escalation B. Multiple computers attacking a single server C. A computer placed between a sender and receiver to capture data D. Overhearing parts of a conversation
B. When multiple computers attack a single server, it is known as a distributed denial-of-service attack, or DDoS.
Which of the following attacks is a type of DoS attack that sends large amounts of UDP echoes to ports 7 and 19? A. Teardrop B. IP spoofi ng C. Fraggle D. Replay
C. A Fraggle attack is a type of DoS attack that sends large amounts of UDP echoes to ports 7 and 19. This is similar to the Smurf attack.
Which of the following is the most secure protocol for transferring files? A. FTP B. SSH C. FTPS D. Telnet
C. FTPS (FTP Secure) is the most secure protocol (listed) for transferring files. It uses SSL or TLS to secure FTP transmissions utilizing ports 989 and 990.
John needs to install a web server that can offer SSL-based encryption. Which of the following ports is required for SSL transactions? A. Port 80 inbound B. Port 80 outbound C. Port 443 inbound D. Port 443 outbound
C. For clients to connect to the server via SSL, the server must have inbound port 443 open. The outbound ports on the server are of little consequence for this concept, and inbound port 80 is used by HTTP.
For a remote tech to log in to a user's computer in another state, what inbound port must be open on the user's computer? A. 21 B. 389 C. 3389 D. 8080
C. Port 3389 must be open on the inbound side of the user's computer to enable a remote tech to log in remotely and take control of that computer.
21. Which of the following ports is used by Kerberos by default? A. 21 B. 80 C. 88 D. 443
C. Port 88 is used by Kerberos by default.
If a person takes control of a session between a server and a client, it is known as what type of attack? A. DDoS B. Smurf C. Session hijacking D. Malicious software From
C. Session hijacking (or TCP/IP hijacking) is when an unwanted mediator takes control of the session between a client and a server (for example, an FTP or HTTP session).
What is the best defi nition for ARP? A. Resolves IP addresses to DNS names B. Resolves IP addresses to hostnames C. Resolves IP addresses to MAC addresses D. Resolves IP addresses to DNS addresses
C. The Address Resolution Protocol, or ARP, resolves IP addresses to MAC addresses.
What kind of attack is it when the packets sent do not require a synchronization process and are not connection-oriented? A. Man-in-the-middle B. TCP/IP hijacking C. UDP attack D. ICMP flood
C. User Datagram Protocol (UDP) attacks, or UDP flood attacks, are DoS attacks that use a computer to send a large number of UDP packets to a remote host. The remote host will reply to each of these with an ICMP Destination Unreachable packet, which ultimately makes it inaccessible to clients.
Your organization wants to implement a secure e-mail system using the POP3 and SMTP mail protocols. All mail connections need to be secured with SSL. Which of the following ports should you be using? (Select the two best answers.) A. 25 B. 110 C. 143 D. 465 E. 993 F. 995
D and F. To implement SSL encrypted e-mail communications you would use port 465 for SMTP (or perhaps 587) and port 995 for POP3.
Which one of the following can monitor and protect a DNS server? A. Ping the DNS server. B. Block port 53 on the firewall. C. Purge PTR records daily. D. Check DNS records regularly.
D. By checking a DNS server's records regularly, a security admin can monitor and protect it. Blocking port 53 on a firewall might protect it (it also might make it inaccessible depending on the network configuration) but won't enable you to monitor it.
Making data appear as if it is coming from somewhere other than its original source is known as what? A. Hacking B. Phishing C. Cracking D. Spoofing
D. Spoofing is when a malicious user makes data or e-mail appear to be coming from somewhere else.
Which of the following is an example of a nonessential protocol? A. DNS B. ARP C. TCP D. TFTP
D. TFTP (Trivial File Transfer Protocol) is a simpler version of FTP that uses a small amount of memory. It is generally considered to be a nonessential protocol.
Which of the following enables an attacker to float a domain registration for a maximum of five days? A. Kiting B. DNS poisoning C. Domain hijacking D. Spoofing
Kiting is the practice of monopolizing domain names without paying for them. Newly registered domain names can be canceled with a full refund during an initial five-day window known as an AGP, or add grace period.
