Cyber defense MID-TERM
IPv6 loopback address?
::1
Which of the following is NOT information that a packet filter uses to determine whether to block a packet? checksum port ip ddress protocol
Checksum
An attack in which many computers are hijacked and target with so many false requests that the server cannot process them all, and normal traffic is blocked is __________
DDoS attack
A semi-trusted subnet that lies outside the trusted internal network but is connected to the firewall to make services publicly available while still protecting the internal LAN is _________
DMZ
The ________________ is one of the technologies in SDN. It provides the ability to manage policies that help protect virtual machines. RDP certificate Hyper-V Virtual Switch Datacenter Firewall Host Guardian Service
Datacenter firewall
Which management frame type is sent by a station wanting to terminate the connection? Disassociation Probe response Reassociation request Deauthentication
Disassociation
What is the typical packet sequence for closing a TCP session? FIN, FIN ACK, RST FIN, ACK, FIN ACK, ACK FIN ACK, FIN, ACK, RST FIN, FIN ACK
FIN, ACK, FIN ACK, ACK
A packet monkey is an unskilled programmer who spreads viruses to victims. True False
False
All devices interpret attack signatures uniformly. True False
False
Which security tool works by recognizing sign of a possible attack and sending notification to an administrator? DiD IDPS DMZ VPN
IDPS
which of the following is NOT one of the three primary goals of information security integrity availability confidentiality impartiality
Impatiality
Which popular wireless sniffer is an IDS that is passive and undetectable in operation? Aircrack-ng AirSnort NetStumbler Kismet
Kismet
Hardware or software tools that allow or deny packets based on specified criteria, such as port, IP address, or protocol is _________
Packet filters
A _____________ is reserved for a program that runs in the background to listen for requests for the service it offers.
Port
what is a VPN typically used for? secure remote access blocks open ports detection of security threats filter harmful scripts
secure remote access
Which of the following is NOT a field in a control frame? Frame control Sequence control Frame check sequence Duration
sequence control
__________ events usually track the operations of the firewall or IDPS, making a log entry whenever it starts or shuts down.
system
which term is best described as an attack that relies on gullibility or trust of people? Social engineering malicious code back door script kiddie
Social engineering
which of the following is not a category of suspicious TCP/IP packet? bad header information signle-packet attacks suspicious data payload suspicious CRC value
Suspicious CRC value
an encryption method devised as a replacement for WEP in WPA
TKIP
There are suspicious activities that should not occur on a server, such as the following. Which of the following events below is not a suspicious activity on a server: A user logging in Remotely accessing the Security Account Magager (SAM) database Plugging a USB device into a server Resetting a password that is not expected
A user logging in
The ATA is: Advanced Threat Analytics Advanced Threat Automation Attack Threat Auditing Anomalous Threat Attacks
Advanced Threat Analytics
What type of attack does a remote-access Trojan attempt to perpetrate? worm back door remote denial of service composite attack
Back door
Which type of frame advertises services or information on a wireless network? Probe response Probe request Association response Beacon
Beacon
Which of the following is a type of script that automates repetitive tasks in an application such as a word processor but can also be programmed to be a virus? WOrm Trojan Macro Back door
Macro
Just Enough Administration (JEA) for the following attack vector: Compromised identity and Pass-The-Hash attacks Pass-The-Hash attacks More privileges than are necessary Remote root login
More privileges than are necessary
______________ is the capability to prevent a participant in an electronic transaction from denying that it performed an action.
Nonrepudiation
what can an attacker use a port scanner to test for on a target computer ? Open sockets invalid IP addresses ping floods SYN flags
Open sockets
What is the name of a storage area where viruses are placed by antivirus software so they cannot replicate or do harm to other files? Quarantine Demilitarized zone recycle bin firewall
Quarantine
AN access control method that establishes organizational roles to control access to information is _________
RBAC
which type of attack causes the operating system to crash because it is unable to handle arbitrary data sent to a port? malicious port scanning ICMP message abuse rpc attacks SYN flood
RPC attacks
Which TCP flag can be the default response to a probe on a closed port? RST URG PSH SYN
RST
List the four most common types of control frames.
Request to send (RTS) Clear to send (CTS) Acknowledgement (ACK) Power-save poll (PA-Poll)
which type of firewall policy calls for a firewall to deny all traffic by default? restrictive policy perimeter policy demilitarized policy permissive policy
Restrictive policy
MIBs gather data and report it to a(n) ____________________ management station.
SNMP
Each access point has a(n) ______________ that essentially functions as the name of the network.
SSID
What is the sequence of packets for a successful three-way handshake? SYN, ACK, ACK SYN, SYN ACK, RST SYN, SYN ACK, ACK SYN, ACK, FIN
SYN, SYN ACK, ACK
How does the CVE standard make network security devices and tools more effective? the layered approach makes attacks nearly impossible they can share information about attack signatures it requires you to use compatible device from one vendor it worms an attacker that your site is being monitored
They can share information about attacks signatures
what is a program that appears to do something useful but is actually malware? back door virus trojan logic bomb
Trojan
A worm creates files that copy themselves repeatedly and consume disk space false true
True
a hacktivist can best be described as which of the following? Use DoS attacks on Web sites with which they disagree consider themselves seekers of knowledge an unskilled programmer that spreads malicious scripts deface web sites by leaving messages fro their friends to read
Use DoS attacks on web sites with which they disagree
what tool do you use to secure remote access by users who utilize the Internet? IDS DiD DMZ VPN
VPN
Windows Server supports TPM for ___________, which allows you to support advanced security technologies such as BitLocker® Drive Encryption. server management virtual private networks virtual machines software defined networking
Virtual Machine
____________ are spread by several methods, including running executable code, sharing disks or memory stick, opening email attachments, and viewing infected or malicious web pages.
Viruses
the encryption and authentication architecture based on the final ratified IEEE 802.11i standard
WPA2
Computer files that copy themselves repeatedly and consume dis space or other resources is ________
Worm
______________ do not require user intervention to be launched; they are self-propagating.
Worm
Defense in depth can best be described as which of the following? a firewall that protects the network and the server Antivirus software and firewalls authentication and encryption a layered approach to security
a layered approach to security
Which of the following is true about the association process? the AP transmits an invitation to associate a station first listens for beacons a station first send an association request it is a three-step process
a station first listens for beacons
attacks that attempt to gather information for subsequent attacks by sending probe request frames on each available channel
active attacks
Windows Defender can be configured using: (select any that apply) Windows Powershell Group Policy Security Services Tab Windows Management Instrumentation
all 3 not security service tab
What is a best practice for hardening linux? (Select all that apply.) Encrypt your drive Enable Root Mode Disable USB Port Disabling uncessary services
all of the above
In our environment we are using Ubuntu. What command is used for updating the linux system installed software? app-update autoupdater apt-get up2date
apt-get
a two-step process of being accepted into a wireless network
association
which of the following is NOT among the items of information that a CVE reference reports? Description of vulnerability reference in other databases attack signature name of the vulnerability
attack signature
Which of the following is true about wardriving? attackers use RF monitor mode the hardware is very expensive their goal is simply to hijack a connection the software is very expensive
attackers use RF monitor mode
The process of recording which computers are accessing a network and what resources are being accessed, and then recording the information in a log file is _______
auditing
What function does a RADIUS server provide to a wireless network? authentication decryption association encryption
authentication
which security layer verifies the identity of a user, service, or computer? physical security authorization repudiation authentication
authentication
A method of authenticating a user using physical information, such as retinal scans, fingerprints, or voice-prints is _____-
bio-metrics
Malware that creates networks of infected computers that can be controlled from a central station is referred to as which of the following? packet monkey trojan botnet logic bomb
botnet
in which form of authentication does the authenticating device generate a random code and sen it to the user who wants to be authenticated? challenge/response bio-metrics signature basic
challenge/response
a type of control frame that gives a station clearance to begin transmitting packets
clear to send
Under which suspicious traffic signature category would a port scan fall? informational reconnaissance denial of service unauthorized access
denial of service
Privilege identities get compromised when organizations: (select the best answer) have complex password management security awareness training do not use single-sign-on do not have identity management guidelines
do not have identity management guidelines
Most credential threats start out by researching the organization and then conducted through social engineering. For example, an attacker may perform _____________________ to compromise legitimate account that have access to an organization's network. dumpster diving pass-the-token attack email phishing priviledge escal
email phishing
An atomic attack is a barrage of hundreds of packets directed at a host. True False
false
Newer Trojans listen at a predetermined port on the target computer so that detection is more difficult. True False
false
Reviewing log files is a time-consuming task and therefore should only be done when and attack on the network has occurred. true false
false
Wireless networks are essentially the same as wired networks when it comes to the security threats each faces. True False
false
ipv4 and ipv6 headers are interopearable true false
false
what is the term used when and IDPS doesn't recognize that an attack is underway? false negative true positive negative activity positive signature
false negative
Which of the following is an element of the TCP header that can indicate that a connection has been established? Flags stream index seq/ack analysis sequence number
flags
A _____________ device is a wireless device that employees connect and use without authorization or verified configurations.
rogue
Which of the following is true about IEEE 802.11i? temporal key integrity protocol is used for encryption it uses a symmetric block cipher for encryption it uses PMK to generate data encryption keys it uses WEP2 for authentication and encryption
it uses a symmetric block cipher for encryption
Which type of attack works by an attacker operating between two computers in a network and impersonating one computer to intercept communication? malicious port scanning remote procedure call denial of service man-in-the-middle
man-in-the middle
In which type of attack do attackers intercept the transmissions of two communicating nodes without the user's knowledge? wardriver man-in-the-middle rogue device brute force
man-in-the-middle
List the three types of MAC frames defined by the 802.11 standard.
management frames control frames data frames
With which access control method do system administrators establish what information users can share? mandatory access control discretionary access control role-based access control administrative access control
mandatory access control
Because virtual machine state and memory is stored in a file it is unacceptable to attacks via: (select all that apply). the network while it is backed up the paging system the storage system
not paging system
any keys used between a pair of devices in TKIP
pairwise keys
the process of using a variety of tools and techniques to attempt to break into a network
penetration testing
An area in random access memory (RAM) reserved for the use of a program tat "listens" for requests for the service it provides is ______
port
A ____________ response is sent by a station in response to a request frame and indicates capabilities, supported data rates, and other information.
probe
What command to list types of services running? pwd ls -l ps -ef netstat -a
ps -ef
a type of control frame that a station sends when it wants to transmit
request to send
In which type of wireless attack does the attacker cause valid users to lose their connections by sending a forged deauthentication frame to their stations? MAC address spoofing association flood jamming session hijacking
session hijacking
___________ key encryption in WEP uses the RC4 encryption algorithm.
shared
Signs of possible attacks that include an IP address, a port number, and the frequency of access attempts; an IDPS uses signatures to detect possible attacks is ____
signatures
an in-depth examination of a proposed wireless network site
site survey
capturing network traffic during transmission
sniffing
why might you want your security system to provide non-repudiation? To prevent a user from capturing packets and viewing sensitive information To prevent an unauthorized user from logging into the system to trace the origin of a worm spread through email so a user can't deny sending or receiving a communication
so a user can't deny sending or receiving a communication
Which of the following is the description of a land attack? the local host soure address accurs in the packet source and destination IP address/port are the same an illegal TCP flag is found in the segment header the attacker uses an undefined protocol number
source and destination ip address/port the same
Which of the following is true about the SSID? they are found in control frames they are not found in beacon frames they are registered they can be Null
they can be null
How does the CVE standard make network security devices and tools more effective? the layered approach makes attacks nearly impossible they can share information about attack signatures it requires you to use compatible devices from one vendor it warns an attacker that your site is being monitored
they can share information about attack signatures
A RTS frame is the first step of the two-way handshake before sending a data frame. True False
true
Physical security protects a system from theft, fire, or environment disaster true false
true
SNMP requires the installation of an SNMP agent on the device you want to monitor. True False
true
The linux file system is designed for multi-users. What are the possible ownership combinations for files and directories? User , Group, Root User, Group User, Group, Other User, Group, Adm
user, group, other
Windows Defender has been included in Windows operating systems since: Windows 2000 Windows 8 Windows 10 Windows 8.1
windows 8