Cybersecurity on CH6
You are concerned about protecting your network from network-based attacks on the internet. Specifically, you are concerned about attacks that have not yet been identified or that do not have prescribed protections.
Anomaly-based IDS
What is the MOST common form of host-based IDS that employs signature or pattern-matching detection methods?
Antivirus software
An active IDS system often performs which of the following actions? (Select two.)
Updates filters to block suspect traffic. Performs reverse lookups to identify an intruder.
Which of the following is known as the process of walking around an office building with an 802.11 signal detector.
War driving
Which of the following are solutions that address physical security? (Select two.)
Escort visitors at all times. Require identification and name badges for all employees.
A data center must enhance its security measures to prevent unauthorized access to its facility. The center are considering different methods to achieve this goal. What should the data center implement first to ensure a strong physical barrier against intrusions?
Fencing
Which of the following processes identifies an operating system based on its response to different types of network traffic?
Fingerprinting
As a security precaution, you have implemented IPsec that is used between any two devices on your network. IPsec provides encryption for traffic between devices. You would like to implement a solution that can scan the contents of the encrypted traffic to prevent any malicious attacks. Which solution should you implement?
Host-based IDS
You are concerned about attacks directed at your network firewall. You want to be able to identify and be notified of any attacks. In addition, you want the system to take immediate action to stop or prevent the attack, if possible.
IPS
Your organization uses a web server to host an e-commerce site. Because this web server handles financial transactions, you are concerned that it could become a prime target for exploits. You want to implement a network security control that analyzes the contents of each packet going to or from the web server. The security control must be able to identify malicious payloads and block them. What should you do?
Implement an application-aware IPS in front of the web server.
You want to use a tool to see packets on a network, including the source and destination of each packet. Which tool should you use?
Wireshark
A multinational corporation has recently implemented an intrusion detection system (IDS) and intrusion prevention system (IPS) to protect its network infrastructure. The security team receives many alerts and struggles to manage false positives. The team must optimize the IDS and IPS to identify and prioritize actual threats while minimizing irrelevant alerts. Which primary strategy should the team adopt to achieve this objective?
Implement trend analysis to identify patterns and anomalies, tune the IDS/IPS over time, and prioritize genuine threats.
To increase the physical security of a secured location, an organization deploys motion detection sensors throughout the grounds and building. What type of sensor uses this technology?
Infrared sensor
Which of the following describes a false positive when using an IPS device?
Legitimate traffic being flagged as malicious.
Which of the following controls is an example of a physical access control method?
Locks on doors
You decide to use a packet sniffer to identify the type of traffic sent to a router. You run the packet sniffing software on a device that is connected to a hub with three other computers. The hub is connected to a switch that is connected to the router. When you run the software, you see frames addressed to the four workstations, but not to the router. Which feature should you configure on the switch?
Port mirroring
You want to identify traffic that is generated and sent through a network by a specific application running on a device. Which tool should you use?
Protocol analyzer
As the head of physical security at a large tech company, you have been tasked with investigating a series of unauthorized entries into secure areas of your facilities. The intrusions have been sporadic and seemingly random, with no clear pattern or motive. The intruders have not been caught on camera, and no physical damage or theft has been reported. However, you notice that the access logs show entries made using the credentials of employees who were not on-site at the time of the incidents. Which of the following is the MOST likely method the intruders are using to gain access?
RFID cloning
Which of the following roles would be MOST likely to use a protocol analyzer to identify frames that might cause errors?
Security operations team
Which of the following tools can be used to see if a target has any online IoT devices without proper security?
Shodan
Which IDS method searches for intrusion or attack attempts by recognizing patterns or identifying entities listed in a database?
Signature-based IDS
Which kind of access control technology allows more than just the identity of an individual to be transmitted wirelessly to either allow or deny access?
Smart card
You need to check network connectivity from your computer to a remote computer. Which of the following tools would be the BEST option to use?
ping
You are a cybersecurity analyst tasked with performing passive reconnaissance on a potential client's network. You need to gather information from a variety of public sources including emails, names, subdomains, IPs, and URLs. Which of the following tools would be most appropriate for this task?
theHarvester
Which passive reconnaissance tool is used to gather information from a variety of public sources?
theHarvester
A company wants to improve the physical security at its headquarters. They need a solution that can help regulate access to the building and deter potential intruders during nighttime. Which physical security measure should they prioritize?
Access control vestibule
Which of the following accurately describes what a protocol analyzer is used for? (Select two.)
A passive device that is used to copy frames and allow you to view frame contents. A device that does NOT allow you to capture, modify, and retransmit frames (to perform an attack).
As a cybersecurity analyst, you are tasked with performing active reconnaissance on a potential client's network to identify vulnerabilities. You have already completed the passive reconnaissance phase. Which of the following steps would you take next, and why?
Begin with port scanning to identify open ports and the services running on them.
If a fingerprint or retina scan is required to open a secured door, which kind of physical security has been implemented?
Biometric locks
A security manager decides to enhance the physical security of a warehouse storing high-value tech equipment by installing a deterrent at the perimeter to prevent vehicle-based attacks. Which security measure would be the MOST suitable for this purpose?
Bollards
You are using a protocol analyzer to capture network traffic. You want to only capture the frames coming from a specific IP address. Which of the following can you use to simplify this process?
Capture filters
You are running a packet sniffer on your workstation so you can identify the types of traffic on your network. You expect to see all the traffic on the network, but the packet sniffer only seems to be capturing frames that are addressed to the network interface on your workstation. Which of the following must you configure in order to see all of the network traffic?
Configure the network interface to use promiscuous mode.
You want to use a tool to scan a system for vulnerabilities, including open ports, running services, and missing patches. Which tool should you use?
Nessus
You want to identify all devices on a network along with a list of open ports on those devices. You want the results displayed in a graphical diagram. Which tool should you use?
Network mapper
Gathering as much personally identifiable information (PII) on a target as possible is a goal of which reconnaissance method?
OSINT
You want to use CCTV to increase your physical security, and you want the ability to remotely control the camera position. Which camera type should you choose?
PTZ
You are concerned about attacks directed against the firewall on your network. You would like to examine the content of individual frames sent to the firewall. Which tool should you use?
Packet sniffer
You want to know which protocols are being used on your network. You'd like to monitor network traffic and sort traffic by protocol. Which tool should you use?
Packet sniffer
Which type of reconnaissance is associated with dumpster diving?
Passive
Which of the following describes the worst possible action by an IDS?
The system identified harmful traffic as harmless and allowed it to pass without generating any alerts.
