Threats and Attacks Group Chapter 13-17
What are three functionalities provided by SOAR? (Choose three.) a. it provides case management tools that allow cybersecurity personnel to research and investigate incidents. b. it uses artificial intelligence to detect incidents and aid in incident analysis and response c. it automates complex incident response procedures and investigations d. it provides 24x7 statistics on packets that flow through a Cisco router or multilayer switch e. it provides a complete audit trail of basic information about every IP flow forwarded on a device f. it presents the correlated and aggregated event data in real-time monitoring and long-term summaries.
a, b, c
Which two types of attacks are examples of reconnaissance attacks? a. port scan b. SYN flood c. ping sweep d. brute force e. man-in-the-middle
a, c
What are the three major components of a worm attack? (Choose three.) a. an enabling vulnerability b. an infecting vulnerability c. a payload d. a penetration mechanism e. a probing mechanism f. a propagation mechanism
a, c, f
What are two evasion methods used by hackers? (Choose two.) a. encryption b. phishing c. access attack d. resource exhaustion e. scanning
a, d
A network administrator is checking the system logs and notices unusual connectivity tests to multiple well-known ports on a server. What kind of potential network attack could this indicate? a. access b. reconnaissance c. denial of service d. information theft
b
An administrator discovers a vulnerability in the network. On analysis of the vulnerability the administrator decides the cost of managing the risk outweighs the cost of the risk itself. The risk is accepted, and no action is taken. What risk management strategy has been adopted? a. risk avoidance b. risk acceptance c. risk reduction d. risk transfer
b
An attacker is redirecting traffic to a false default gateway in an attempt to intercept the data traffic of a switched network. What type of attack could achieve this? a. DHCP snooping b. DHCP spoofing c. MAC address starvation d. MAC address snooping
b
Once a cyber threat has been verified, the US Cybersecurity Infrastructure and Security Agency (CISA) automatically shares the cybersecurity information with public and private organizations. What is this automated system called? a. NCASM b. AIS c. NCSA d. ENISA
b
The IT department is reporting that a company web server is receiving an abnormally high number of web page requests from different locations simultaneously. Which type of security attack is occurring? a. adware b. DDoS c. phishing d. social engineering e. spyware
b
What is a weakness in a system? a. threat b. vulnerability c. exploit d. risk
b
What is the significant characteristic of worm malware? a. worm malware disguises itself as legitimate software b. a worm can execute independently of the host system c. a worm must be triggered by an event on the host system d. once installed on a host system, a worm does not replicate itself
b
What scenario describes a vulnerability broker? a. a teenager running existing scripts, tools, and exploits to cause harm, but typically not for profit b. a threat actor attempting to discover exploits and report them to vendors, sometimes for prizes or rewards c. a threat actor publicly protesting against governments by posting articles and leaking sensitive information d. a State-Sponsored threat actor who steals government secrets and sabotages networks of foreign governments
b
Which network monitoring solution copies frames received on one or more ports to a port connected to an analysis device? a. IPS b. SPAN c. protocol analyzer
b
Which threat actor publicly protests against organizations or governments by posting articles, videos, leaking sensitive information, and performing distributed denial of service (DDoS) attacks? a. script kiddies b. hacktivists c. cybercriminals d. State-sponsored
b
Which type of Trojan horse security breach uses the computer of the victim as the source device to launch other attacks? a. DoS b. proxy c. FTP d. data-sending
b
Which type of attack is carried out by threat actors against a network to determine which IP addresses, protocols, and ports are allowed by ACLs? a. phishing b. reconnaissance c. denial of service d. social engineering
b
What are two purposes of launching a reconnaissance attack on a network (Choose two.) a. to retrieve and modify data b. to scan for accessibility c. to escalate privileges d. to gather information about the network and devices e. to prevent other users from accessing the system
b, d
Which two characteristics describe a virus? (Choose two.) a. a self-replicating attack that is independently launched. b. malicious code that can remain dormant before executing an unwanted action c. program code specifically designed to corrupt memory in network devices d. malware that relies on the action of a user or a program to activate e. malware that executes arbitrary code and installs copies of itself in memory
b, d
What are two examples of DoS attacks? (Choose two.) a. phishing b. ping of death c. SQL injection d. port scanning e. buffer overflow
b, e
Which two characteristics describe a worm? (Choose two.) a. executes when software is run on a computer b. is self-replicating c. hides in a dormant state until needed by an attacker d. infects computers by attaching to software code e. travels to new computers without any intervention of knowledge of the user
b, e
Which two types of hackers are typically classified as grey hat hackers? (Choose two.) a. state sponsored hackers b. hacktivists c. script kiddies d. cyber criminals e. vulnerability brokers
b, e
A user receives a phone call from a person who claims to represent IT services and then asks that user for confirmation of username and password for auditing purposes. Which security threat does this phone call represent? a. DDoS b. spam c. social engineering d. anonymous keylogging
c
This is a wireless hacking tool that can be used to hack into a wireless network to detect security vulnerabilities. a. IDA Pro b. Netfilter c. NetStumbler d. Socat e. Helix
c
What causes a buffer overflow? a. launching a security countermeasure to mitigate a Trojan horse b. downloading and installing too many software updates at one time c. attempting to write more data to a memory location than that location can hold d. sending too much information to two or more interfaces of the same devices, thereby causing dropped packets e. sending repeated connections such as Telnet to a particular device, thus denying other data sources
c
What functionality is provided by Cisco SPAN in a switched network? a. it mitigates MAC address overflow attacks b. it prevents traffic on a LAN from being disrupted by a broadcast storm c. it mirrors traffic that passes through a switch port or VLAN to another port for traffic analysis d. it protects the switched network from receiving BPDUs on ports that should not be receiving them e. it inspects voice protocols to ensure that SIP, SCCP, H.323, and MGCP requests conform to voice standards f. it copies traffic that passes through a switch interface and send the data directly to a syslog or SNMP server for analysis
c
What is a mechanism used to compromise an asset? a. threat b. vulnerability c. exploit d. risk
c
Which devices should be secured to mitigate against MAC address spoofing attacks? a. Layer 7 devices b. Layer 4 devices c. Layer 2 devices d. Layer 3 devices
c
Which field in the IPv6 header points to optional network layer information that is carried in the IPv6 packet? a. flow label b. version c. next header d. traffic class
c
Which network monitoring solution is used to capture traffic and show what is happening on the network? a. IPS b. SPAN c. protocol analyzer
c
Which protocol is exploited by cybercriminals who create malicious iFrames? a. DNS b. DHCP c. HTTP d. ARP
c
Which type of cyberattacker discovers exploits and reports them to vendors? a. hacktivist b. script kiddies c. vulnerability brokers d. state-sponsored attackers
c
Which type of network attack involves randomly opening many Telnet requests to a router and results in a valid network administrator not being able to access the device? a. spoofing b. man-in-the-middle c. SYN flooding d. DNS poisoning
c
Which type of security attack would attempt a buffer overflow? a. reconnaissance b. ransomware c. DoS d. scareware
c
Which type of security threat would be responsible if a spreadsheet add-on disables the local software firewall? a. DoS b. buffer overflow c. Trojan Horse d. brute-force attack
c
What are two methods used by cybercriminals to mask DNS attacks? (Choose two.) a. reflection b. tunneling c. fast flux d. domain generation algorithms e. shadowing
c, d
A user is curious about how someone might know a computer has been infected with malware. What are two common malware behaviors? (Choose two.) a. the computer beeps once during the boot process b. the computer emits a hissing sound every time the pencil sharpener is used c. the computer gets increasingly slower to respond d. no sound emits when an audio CD is played e. the computer freezes and requires reboots
c, e
A white hat hacker is using a security tool called Skipfish to discover the vulnerabilities of a computer system. What type of tool is this? a. debugger b. packet sniffer c. vulnerability scanner d. fuzzer
d
This is a packet crafting tool that uses specially crafted forged packets to probe and test the robustness of a firewall. a. IDA Pro b. Netfilter c. NetStumbler d. Socat e. Helix
d
What is the function of a gratuitous ARP sent by a networked device when it boots up? a. to request the netbios name of the connected system b. to request the IP address of the connected network c. to request the MAC address of the DNS server d. to advise connected devices of its MAC address
d
What is the likelihood of undesireable consequences? a. threat b. vulnerability c. exploit d. risk
d
What kind of ICMP message can be used by threat actors to create a man-in-the-middle attack? a. ICMP echo request b. ICMP unreachable c. ICMP mask reply d. ICMP redirects
d
What technique is a security attack that depletes the pool of IP addresses available for legitimate hosts? a. reconnaissance attack b. DHCP spoofing c. DHCP snooping d. DHCP starvation
d
Which attack involves threat actors positioning themselves between a source and destination with the intent of transparently monitoring, capturing, and controlling the communication? a. DoS attack b. ICMP attack c. SYN flood attack d. man-in-the-middle
d
Which statement describes an operational characteristic of NetFlow? a. NetFlow captures the entire contents of a packet b. NetFlow can provide services for user access control c. NetFlow flow records can be viewed by the tcpdump tool d. NetFlow collects basic information about the packet flow, not the flow data itself
d
Which statement describes the function of the SPAN tool used in a Cisco switch? a. it supports the SNMP trap operation on a switch b. it provides interconnection between VLANs over multiple switches c. it is a secure channel for a switch to send logging to a syslog server d. it copies the traffic from one switch port and send it to another switch port that is connected to a monitoring device
d
Which technology is a proprietary SIEM system? a. StealthWatch b. SNMP agent c. NetFlow collector d. Splunk
d
Which threat actor is a threat actor who steal government secrets, gather intelligence, and sabotage networks of foreign governments, terrorist groups, and corporations? a. script kiddies b. hacktivists c. cybercriminals d. State-sponsored
d
Which type of cyberattackers gather intelligence or commit sabotage on specific goals on behalf of their government? a. hacktivist b. script kiddies c. vulnerability brokers d. state-sponsored attackers
d
Why would a rootkit be used by a hacker? a. to reverse engineer binary files b. to do reconnaissance c. to try to guess a password d. to gain access to a device without being detected
d
This is a security tool that can be used by white hat hackers to find any trace of evidence existing in a particular computer system. a. IDA Pro b. Netfilter c. NetStumbler d. Socat e. Helix
e
How can a DNS tunneling attack be mitigated? a. by using a filter that inspects DNS traffic b. by securing all domain owner accounts c. by using strong passwords and two-factor authentication d. by preventing devices from using gratuitous ARP
a
In what type of attack is a cybercriminal attempting to prevent legitimate users from accessing network services? a. DoS b. MITM c. session hijacking d. address spoofing
a
This is a debugger tool that can be used by black hats to reverse engineer binary files when writing exploits. it can also be used by white hats when analyzing malware. a. IDA Pro b. Netfilter c. NetStumbler d. Socat e. Helix
a
What is a potential danger to an asset? a. threat b. vulnerability c. exploit d. risk
a
What is a vulnerability that allows criminals to inject scripts into web pages viewed by users? a. cross-site scripting b. XML injection c. SQL injection d. buffer overflow
a
What is the goal of a white hat hacker? a. protecting data b. stealing data c. modifying data d. validating data
a
What is the result of a passive ARP poisoning attack? a. confidential information is stolen b. data is modified in transit or malicious data is inserted in transit c. multiple subdomains are created d. network clients experience a denial of service
a
What would be the target of an SQL injection attack? a. database b. DHCP c. DNS d. email
a
Which cyber attack involves a coordinated attack from a botnet of zombie computers? a. DDoS b. MITM c. ICMP redirect d. address spoofing
a
Which network monitoring solution monitors traffic and compared it against configured rules? a. IPS b. SPAN c. protocol analyzer
a
Which threat actor is an inexperienced threat actor running existing scripts, tools, and exploits, to cause harm, but typically not for profit? a. script kiddies b. hacktivists c. cybercriminals d. State-sponsored
a
Which type of cyberattacker makes political statements in order to create an awareness of issues that are important to them? a. hacktivist b. script kiddies c. vulnerability brokers d. state-sponsored attackers
a
Why would an attacker want to spoof a MAC address? a. so that a switch on the LAN will start forwarding frames to the attacker instead of to the legitimate host b. so that a switch on the LAN will start forwarding all frames toward the device that is under the control of the attacker (that can then capture the LAN traffic) c. so that the attacker can capture traffic from multiple VLANs rather than from just the VLAN that is assigned to the port to which the attacker device is attached d. so that the attacker can launch another type of attack in order to gain access to the switch
a
Which two functions are provided by NetFlow? (Choose two.) a. it provides a complete audit trail of basic information about every IP flow forwarded on a device. b. it provides 24x7 statistics on packets that flow through a Cisco router or multilayer swtich c. it uses artificial intelligence to detect incidents and aid in incident analysis and response d. it allows an administrator to capture real-time network traffic and analyze the entire contents of packets e. it presents correlated and aggregated event data in real-time monitoring and long-term summaries
a, b
