Modules 13-20 Assessments

by using a filter that inspects DNS traffic

How can a DNS tunneling attack be mitigated? by securing all domain owner accounts by using strong passwords and two-factor authentication by preventing devices from using gratuitous ARP by using a filter that inspects DNS traffic

by enabling real-time exchange of cyberthreat indicators with U.S. Federal Government and the private sector

How does AIS address a newly discovered threat? by creating response strategies against the new threat by mitigating the attack with active response defense mechanisms by advising the U.S. Federal Government to publish internal response strategies by enabling real-time exchange of cyberthreat indicators with U.S. Federal Government and the private sector

by addressing all stages of an attack lifecycle with a signature-less engine utilizing stateful attack analysis

How does FireEye detect and prevent zero-day attacks? by only accepting encrypted data packets that validate against their configured hash values by addressing all stages of an attack lifecycle with a signature-less engine utilizing stateful attack analysis by keeping a detailed analysis of all viruses and malware by establishing an authentication parameter prior to any data exchange

Resource exhaustion

In which type of attack does an IPS receive a lot of traffic/packets? DoS (Denial of Service) Resource exhaustion Smoke and mirrors Timing attack

reconnaissance

A network administrator is checking the system logs and notices unusual connectivity tests to multiple well-known ports on a server. What kind of potential network attack could this indicate? access denial of service information theft reconnaissance

confidentiality

A web server administrator is configuring access settings to require users to authenticate first before accessing certain web pages. Which requirement of information security is addressed through the configuration? confidentiality scalability integrity availability

fuzzer

A white hat hacker is using a security tool called Skipfish to discover the vulnerabilities of a computer system. What type of tool is this? fuzzer debugger vulnerability scanner packet sniffer

IPS- monitors traffic and compares it against configured rules SPAN-copies frames received on one or more ports to a port connected to an analysis device protocol analyzer-used to capture traffic and show what is happening on the network

Match the network monitoring solution with a description. (Not all options are used.) IPS SPAN protocol analyzer forwards all traffic, including Layer 1 errors, to an analysis device used to capture traffic and show what is happening on the network monitors traffic and compares it against configured rules copies frames received on one or more ports to a port connected to an analysis device

TAXII- This is the specification for an application layer protocol that allows the communication of CTI over HTTPS. STIX- This is a set of specifications for exchanging cyberthreat information between organizations. CybOX- This is is a set of standardized schemata for specifying, capturing, characterizing, and communicating events and properties of network operations.

Match the threat intelligence sharing standards with the description. STIX TAXII CybOX This is the specification for an application layer protocol that allows the communication of CTI over HTTPS. This is a set of specifications for exchanging cyberthreat information between organizations. This is is a set of standardized schemata for specifying, capturing, characterizing, and communicating events and properties of network operations.

security- defines system requirements and objectives, rules, and requirements for users when they attach to or on the network company- protects the rights of workers and the company interests employee- identifies salary, pay schedule, benefits, work schedule, vacations, etc.

Match the type of business policy to the description. company employee security defines system requirements and objectives, rules, and requirements for users when they attach to or on the network protects the rights of workers and the company interests identifies salary, pay schedule, benefits, work schedule, vacations, etc.

hacktivist- make political statements in order to create an awareness of issues that are important to them vulnerability brokers- discover exploits and report them to vendors state sponsored attackers- gather intelligence or commit sabotage on specific goals on behalf of their government

Match the type of cyberattackers to the description. (Not all options are used.) hacktivist script kiddies vulnerability brokers state-sponsored attackers gather intelligence or commit sabotage on specific goals on behalf of their government discover exploits and report them to vendors make political statements in order to create an awareness of issues that are important to them

AIS (Automated Indicator Sharing)

Once a cyber threat has been verified, the US Cybersecurity Infrastructure and Security Agency (CISA) automatically shares the cybersecurity information with public and private organizations. What is this automated system called? NCSA ENISA NCASM AIS

authentication

Passwords, passphrases, and PINs are examples of which security term? authorization identification authentication access

It provides case management tools that allow cybersecurity personnel to research and investigate incidents. It automates complex incident response procedures and investigations. It uses artificial intelligence to detect incidents and aid in incident analysis and response.

What are three functionalities provided by SOAR? (Choose three.) It presents the correlated and aggregated event data in real-time monitoring and long-term summaries. It provides 24x7 statistics on packets that flow through a Cisco router or multilayer switch. It provides case management tools that allow cybersecurity personnel to research and investigate incidents. It provides a complete audit trail of basic information about every IP flow forwarded on a device. It automates complex incident response procedures and investigations. It uses artificial intelligence to detect incidents and aid in incident analysis and response.

accounting

Which term describes the ability of a web server to keep a log of the users who access the server, as well as the length of time they use it? authorization authentication accounting assigning permissions

the use of UDP ports for authentication and accounting encryption of the password only

What are two characteristics of the RADIUS protocol? (Choose two.) the use of UDP ports for authentication and accounting encryption of the password only the separation of the authentication and authorization processes the use of TCP port 49 encryption of the entire body of the packet

ping of death buffer overflow

What are two examples of DoS attacks? (Choose two.) ping of death phishing buffer overflow port scanning SQL injection

domain generation algorithms fast flux

What are two methods used by cybercriminals to mask DNS attacks? (Choose two.) tunneling reflection domain generation algorithms fast flux shadowing

It describes how security incidents are handled.

What does the incident handling procedures security policy describe? It describes the procedure for mitigating cyberattacks. It describes how security incidents are handled. It describes the procedure for auditing the network after a cyberattack. It describes how to prevent various cyberattacks.

It mirrors traffic that passes through a switch port or VLAN to another port for traffic analysis.

What functionality is provided by Cisco SPAN in a switched network? It protects the switched network from receiving BPDUs on ports that should not be receiving them. It mitigates MAC address overflow attacks. It inspects voice protocols to ensure that SIP, SCCP, H.323, and MGCP requests conform to voice standards. It mirrors traffic that passes through a switch port or VLAN to another port for traffic analysis. It copies traffic that passes through a switch interface and sends the data directly to a syslog or SNMP server for analysis. It prevents traffic on a LAN from being disrupted by a broadcast storm.

It is a set of standardized schemata for specifying, capturing, characterizing, and communicating events and properties of network operations.

What is CybOX? It is a set of standardized schemata for specifying, capturing, characterizing, and communicating events and properties of network operations. It enables the real-time exchange of cyberthreat indicators between the U.S. Federal Government and the private sector. It is a specification for an application layer protocol that allows the communication of CTI over HTTPS. It is a catalog of known security threats called Common Vulnerabilities and Exposures (CVE) for publicly known cybersecurity vulnerabilities.

c. DNS was not created for tunneling, but a few tools have used it to encapsulate data in the payload of DNS packets.

What is a DNS tunnel? a. A type of VPN tunnel that uses DNS. b. A type of MPLS deployment that uses DNS. c. DNS was not created for tunneling, but a few tools have used it to encapsulate data in the payload of DNS packets. d. An encryption tunneling protocol that uses DNS's UDP port 53.

c. A backdoor is an application or code used by an attacker either to allow future access or to collect information to use in further attacks.

What is a backdoor? a. A backdoor is a social engineering attack to get access back to the victim. b. A backdoor is a privilege escalation attack designed to get access from the victim. c. A backdoor is an application or code used by an attacker either to allow future access or to collect information to use in further attacks. d. A backdoor is malware installed using man-in-the-middle attacks.

Threat actors no longer have to peel away each layer before reaching the target data or system.

What is a characteristic of the security artichoke, defense-in-depth approach? Threat actors can no longer penetrate any layers safeguarding the data or system. Each layer has to be penetrated before the threat actor can reach the target data or system. Threat actors no longer have to peel away each layer before reaching the target data or system. Threat actors can easily compromise all layers safeguarding the data or systems.

a. A type of web application vulnerability where malicious scripts are injected into legitimate and trusted websites

What is a cross-site scripting (XSS) vulnerability? a. A type of web application vulnerability where malicious scripts are injected into legitimate and trusted websites b. A type of cross-domain hijack vulnerability c. A type of vulnerability that leverages the crossing of scripts in an application d. A type of cross-site request forgery (CSRF) vulnerability that is used to steal information from the network

b. An amplification attack is a form of reflected attack in which the response traffic (sent by the unwitting participant) is made up of packets that are much larger than those that were initially sent by the attacker (spoofing the victim).

What is an amplification attack? a. An amplification attack is a form of directed DDoS attack in which the attacker's packets are sent at a much faster rate than the victim's packets. b. An amplification attack is a form of reflected attack in which the response traffic (sent by the unwitting participant) is made up of packets that are much larger than those that were initially sent by the attacker (spoofing the victim). c. An amplification attack is a type of man-in-the-middle attack. d. An amplification attack is a type of data exfiltration attack.

d. Deploying a proxy or inline security solution

What is the best defense for traffic fragmentation attacks? a. Deploying a passive security solution that monitors internal traffic for unusual traffic and traffic fragmentation b. Deploying a next-generation application layer firewall c. Configuring fragmentation limits on a security solution d. Deploying a proxy or inline security solution

edge router

What is the first line of defense when an organization is using a defense-in-depth approach to network security? firewall proxy server edge router IPS

protecting data

What is the goal of a white hat hacker? validating data stealing data protecting data modifying data

War driving

What is the name given to the methodology used by attackers to find wireless access points wherever they may be? Back door Packet filtering Packet sniffing War driving

to offer 24x7 cyberthreat warnings and advisories, vulnerability identification, and mitigation and incident responses

What is the primary function of the Center for Internet Security (CIS)? to offer 24x7 cyberthreat warnings and advisories, vulnerability identification, and mitigation and incident responses to provide a security news portal that aggregates the latest breaking news pertaining to alerts, exploits, and vulnerabilities to provide vendor-neutral education products and career services to industry professionals worldwide to maintain a list of common vulnerabilities and exposures (CVE) used by security organizations

to enable a variety of computer security incident response teams to collaborate, cooperate, and coordinate information sharing, incident prevention, and rapid reaction strategies

What is the primary purpose of the Forum of Incident Response and Security Teams (FIRST)? to enable a variety of computer security incident response teams to collaborate, cooperate, and coordinate information sharing, incident prevention, and rapid reaction strategies to provide vendor neutral education products and career services to industry professionals worldwide to provide a security news portal that aggregates the latest breaking news pertaining to alerts, exploits, and vulnerabilities to offer 24x7 cyberthreat warnings and advisories, vulnerability identification, and mitigation and incident response

to enable automated sharing of IOCs between people and machines using the STIX and other exports formats

What is the primary purpose of the Malware Information Sharing Platform (MISP) ? to enable automated sharing of IOCs between people and machines using the STIX and other exports formats to provide a set of standardized schemata for specifying and capturing events and properties of network operations to exchange all the response mechanisms to known threats to publish all informational materials on known and newly discovered cyberthreats

It is used to implement security policies, setting, and software configurations on mobile devices.

What is the purpose of mobile device management (MDM) software? It is used to create a security policy. It is used to identify potential mobile device vulnerabilities. It is used to implement security policies, setting, and software configurations on mobile devices. It is used by threat actors to penetrate the system.

to keep track of the actions of a user

What is the purpose of the network security accounting function? to determine which resources a user can access to keep track of the actions of a user to require users to prove who they are to provide challenge and response questions

Confidential information is stolen.

What is the result of a passive ARP poisoning attack? Multiple subdomains are created. Data is modified in transit or malicious data is inserted in transit. Confidential information is stolen. Network clients experience a denial of service.

A worm can execute independently of the host system.

What is the significant characteristic of worm malware? Once installed on a host system, a worm does not replicate itself. A worm can execute independently of the host system. Worm malware disguises itself as legitimate software. A worm must be triggered by an event on the host system.

ICMP redirects

What kind of ICMP message can be used by threat actors to create a man-in-the-middle attack? ICMP unreachable ICMP echo request ICMP redirects ICMP mask reply

DHCP starvation

What technique is a security attack that depletes the pool of IP addresses available for legitimate hosts? DHCP starvation reconnaissance attack DHCP snooping DHCP spoofing

Evil Twin

What type of attack is done when the attacker tries to create rogue access points so as to gain access to the network or steal information? SSID injection War driving Evil Twin Ping of Death

database

What would be the target of an SQL injection attack? DNS DHCP email database

least privilege

When a security audit is performed at a company, the auditor reports that new users have access to network resources beyond their normal job roles. Additionally, users who move to different positions retain their prior permissions. What kind of violation is occurring? network policy least privilege password audit

authentication

Which AAA component can be established using token cards? accounting auditing authentication authorization

workload

Which component of the zero trust security model focuses on secure access when an API, a microservice, or a container is accessing a database within an application? workplace workflow workforce workload

Layer 2 devices

Which devices should be secured to mitigate against MAC address spoofing attacks? Layer 7 devices Layer 4 devices Layer 3 devices Layer 2 devices

SQL

Which language is used to query a relational database? SQL C++ Python Java

NetFlow

Which network monitoring technology collects IP operational data on packets flowing through Cisco routers and multilayer switches? Wireshark NetFlow SNMP SIEM

SNMP (Simple Network Management Protocol)

Which network service allows administrators to monitor and manage network devices? NTP SNMP Syslog NetFlow

NTP (Network Time Protocol)

Which network service synchronizes the time across all devices on the network? NetFlow Syslog NTP SNMP

b. nmap c. Nexpose d. Nessus

Which of the following are examples of vulnerability and port scanners? (Select all that apply.) a. SuperScan b. nmap c. Nexpose d. Nessus

b. Man-in-the-middle

Which one of the following attacks results when attackers place themselves in line between two devices that are communicating, with the intent of performing reconnaissance or manipulating the data as it moves between the devices? a. Man-in-the-path b. Man-in-the-middle c. Routing protocol attacks d. Routing injection attacks

MITRE

Which organization defines unique CVE Identifiers for publicly known information-security vulnerabilities that make it easier to share data? Cisco Talos MITRE FireEye DHS

NetFlow collects basic information about the packet flow, not the flow data itself.

Which statement describes an operational characteristic of NetFlow? NetFlow flow records can be viewed by the tcpdump tool. NetFlow captures the entire contents of a packet. NetFlow can provide services for user access control. NetFlow collects basic information about the packet flow, not the flow data itself.

Splunk

Which technology is a proprietary SIEM system? StealthWatch NetFlow collector SNMP agent Splunk

is self-replicating travels to new computers without any intervention or knowledge of the user

Which two characteristics describe a worm? (Choose two.) is self-replicating infects computers by attaching to software code travels to new computers without any intervention or knowledge of the user hides in a dormant state until needed by an attacker executes when software is run on a computer

It provides 24x7 statistics on packets that flow through a Cisco router or multilayer switch. It provides a complete audit trail of basic information about every IP flow forwarded on a device.

Which two functions are provided by NetFlow? (Choose two.) It provides 24x7 statistics on packets that flow through a Cisco router or multilayer switch. It presents correlated and aggregated event data in real-time monitoring and long-term summaries. It provides a complete audit trail of basic information about every IP flow forwarded on a device. It allows an administrator to capture real-time network traffic and analyze the entire contents of packets. It uses artificial intelligence to detect incidents and aid in incident analysis and response.

Keep the device OS and software updated. Only turn on Wi-Fi when using the wireless network.

Which two options are security best practices that help mitigate BYOD risks? (Choose two.) Decrease the wireless antenna gain level. Use paint that reflects wireless signals and glass that prevents the signals from going outside the building. Keep the device OS and software updated. Only allow devices that have been approved by the corporate IT team. Use wireless MAC address filtering. Only turn on Wi-Fi when using the wireless network.

proxy

Which type of Trojan horse security breach uses the computer of the victim as the source device to launch other attacks? data-sending DoS FTP proxy

mandatory access control (MAC)

Which type of access control applies the strictest access control and is commonly used in military or mission critical applications? mandatory access control (MAC) attribute-based access control (ABAC) Non-discretionary access control discretionary access control (DAC)

reconnaissance

Which type of attack is carried out by threat actors against a network to determine which IP addresses, protocols, and ports are allowed by ACLs? phishing denial of service reconnaissance social engineering

SYN flooding

Which type of network attack involves randomly opening many Telnet requests to a router and results in a valid network administrator not being able to access the device? SYN flooding DNS poisoning spoofing man-in-the-middle

Trojan horse

Which type of security threat would be responsible if a spreadsheet add-on disables the local software firewall? DoS Trojan horse buffer overflow brute-force attack

It identifies the ever increasing attack surface to threats.

Why is asset management a critical function of a growing organization against security threats? It identifies the ever increasing attack surface to threats. It serves to preserve an audit trail of all new purchases. It prevents theft of older assets that are decommissioned. It allows for a build of a comprehensive AUP.