TestOut ch 6
DNS poisoning
A company CEO is upset after receiving a call from a reporter at a local news station that the company is apparently at a launching point for a massive attack. The reporter provided detailed IP logs, and the network team reviewed them but could not find similar entries. What could be a possible explanation for the different records?
Access control vestibule
A company wants to improve the physical security at its headquarters. They need a solution that can help regulate access to the building and deter potential intruders during nighttime. Which physical security measure should they prioritize?
Fencing
A data center must enhance its security measures to prevent unauthorized access to its facility. The centers are considering different methods to achieve this goals. What should the data center implement first to ensure a strong physical barrier against intrusions?
Offline
A hacker successfully exfiltrates a database of user passwords and attempts to gain access to it as the hacker can now go around the authentication system. What type of attack has the hacker achieved?
Distributed denial-of-service
A major online retail company has recently been experiencing intermittent downtime of its website. Network analysts observe a massive influx of traffic from multiple sources to the server. However, the traffic seems redirected from other systems. What type of attack is the company likely experiencing?
Implement trend analysis to identify patterns and anomalies, tune the IDS/IPS over time, and prioritize genuine threats
A multinational corporation has recently implemented an intrusion section system (IDS) and irruption prevention system (IPS) to protect its network infrastructure. The security team receives many alerts and struggles to manage false positives. The team must optimize the IDS and IPS to identify and prioritize the actual threats while minimizing irrelevant alerts. Which primary strategy should the team adopt to achieve this objective?
On-path attack
A network administrator suspects an attacker is intercepting and potentially modifying communications between their organization's server and the client systems. The attacker is not detected by either party during this process. Which type of attack is the network administrator likely observing in this instance?
Bollards
A security manager decides to enhance the physical security of a warehouse storing high-value tech equipment by installing a deterrent at the perimeter to prevent vehicle-based attacks. Which security measure would be the MOST suitable for this purpose?
Reflected attack
A threat actor has launched an attack against a company's network. The threat actor spoofs the victim's IP address and attempts to open connections with multiple third-party servers. Those servers direct their response to the victim host, rapidly consuming the victim's available bandwidth. Which type of attack does this scenario represent?
Command and control
A threat actor has successfully breached a company's network and has installed malicious code on a compromised host. The threat actor is now operating the compromised host remotely and maintaining access to it over a period of time. The threat actor's activity is disguised as part of the network's regular traffic. Detection of this type of activity usually depends on identifying anomalous connection endpoints. Which stage of the cyberattack lifecycle does this scenario represent?
Client Cash poisoning
A threat actor has successfully manipulated a client's DNS cache, causing the client to resolve domain names to incorrect IP addresses controlled by the threat actor. This allows the threat actor to redirect the client's network traffic to malicious websites. What type of attack does this scenario represent?
1) Performs reverse lookups to identify an intruder, 2) Updates filters to block suspect traffic
An active IDS system often performs which of the following actions (pick 2)?
Spraying
An organization notices an external actor trying to gain access to the company network. The attack is not targeting a specific account but rather using the same password across a vast range of usernames in hopes that one might be correct. What type of attack BEST describes this scenario?
Begin with port scanning to identify open ports and the services running on them
As a cybersecurity analyst, you are tasked with performing active reconnaissance on a potential client's network to identify vulnerabilities. You have already completed the passive reconnaissance phase. Which of the followings steps would you take next, and why?
Host-based IDS
As a security precvaustion, you have implemented IPsec that is used between any two devices on your network. IPsec provides encryption for traffic between devices. You would like to implement a solution that can scan the contents of the encrypted traffic to prevent any malicious attacks. Which solution should you implement?
Fileless malware
As a system administrator, you notice unusual network activity on a company server. Upon investigation, you discover that a PowerShell script is running in the background. What type of malware is MOST likely responsible for this activity?
RFID cloning
As the head of physical security at a large tech company, you have been tasked with investigating a series of unauthorized entries to secure ares of your facilities. The intrusions have been sporadic and seemingly random, with no clear pattern or motive. You noticed that the access logs show entires made using the credentials of employees who were not on-site at the time of the incidents. Which if the following is the MOST likely method the intruders are using to gain access?
Social engineering
Carl receives a phone call forma woman who states she is calling from his bank. She tells him that someone has tried to access his checking account, and she needs him to confirm his account number and password to discuss further details. He givers her his account number and password. Which of the following types of non-technical password attack has occurred?
OSINT
Gathering as much personally identifiable information (PII) on a target as possible is a goal of which reconnaissance method?
VBA can be used to create a macro virus that opens a shell on the Windows operating system
How can Visual Basic for Applications (VBA) can be used to perform malicious attacks?
Biometric locks
If a fingerprint or retina scan is required to open a secured door, which kind of physical security has been implemented?
Infrared sensor
TO increase the physical security of a secured location, an organization deploys motion detection sensors throughout the grounds and building. What type of sensor uses this technology?
Antivirus software
What is the MOST common form of host-based IDS that employed signature or pattern-matching detection methods?
Signature-based IDS
Which IDS method searches for intrusion or attack attempts by recognizing patterns or identifying entities listed in a database
Smart card
Which kind of access control technology allows more than just the identity of an individual to be transmitted wirelessly to either allow or deny access?
Someone nearby watching you enter your password on your computer and recording it
Which of the following BEST describes shoulder surfing?
1) A passive device that is used to copy frames and allows you to view frame contents, 2) A device that does NOT allow you to capture, modify, and retransmit frame (to perform an attack)
Which of the following accurately describers what a protocol analyzer is used for? (Pick 2)
1) Require identification and name badges for all employees, 2) Escort visitors at all times
Which of the following are solutions that address physical security?
Locks on doors
Which of the following controls is an example of a physical access control method?
Legitimate traffic being flagged as malicious
Which of the following describes a false positive when using an IPS device?
The system identified harmful traffic as harmless and allowed it to pass without generating any alerts
Which of the following describes the worst possible action by an IDS?
War driving
Which of the following is known as the process of walking around an office building with an 802.11 signal detector?
ARP poisoning
Which of the following is the term used to describe what happens when an attacker sends falsified messages to link their MAC address with the IP address of a legitimate computer or server on a network?
Rainbow table attack
Which of the following password attacks uses preconfigured matrices of hashed dictionary words?
Fingerprinting
Which of the following processes identifies an operating system based on its response to different types of network traffic?
Security operations team
Which of the following roles would be MOST likely to use a protocol analyzer to identify frames that might cause errors?
Bash works in the background to execute commands using environment variables
Which of the following statements about Bash is true?
Password salting
Which of the following techniques involves adding random bits of data to a password before it is stored as a hash?
Shodan
Which of the following tools can be used to see if a target has any online IoT devices without proper security?
theHarvester
Which passive reconnaissance tool is tether information from a variety of public sources?
User manipulation
Which social engineering technique involves the attacker interacting with the user to trick them into revealing their username and password?
Passive
Which type of reconnaissance is associated with dumpster diving?
theHarvester
You are a cybersecurity analyst tasked with performing passive reconnaissance on potential client's network. You need to gather information from a verity of public sources including emails, names, subdomains, IPs, and URLs. Which of the following tool would be most appropriate for this task?
Dumpster diving
You are cleaning your desk at work. You toss several stacks of paper in the trash, including a sticky note with your password written on it. Which of the following types of non-technical password attacks have you enabled?
Packet sniffer
You are concerned about attacks directed against the firewall on your network. You would like to examine the content of individual frames sent to the firewall. Which tool should you use?
IPS
You are concerned about attacks directed at your network firewall. You want to be able to identify and be notified of any attacks. In addition, you want the system to take immediate action to stop or prevent the attack, if possible. Which tool should you use?
Anomaly-based IDS
You are concerned about protecting your network from network-based attacks on the Internet. Specifically, you are concerned about attacks that have not yet been identified or that do not have prescribed protections. Which type of device should you use?
Configure the network interface to use promiscuous mode
You are running a packet sniffer on your workstation so you can identify the types of traffic on your network. You expect toes all the traffic on the network, but the packet sniffer only seems to be capturing frames that are addressed to the network interface on your workstation. Which of the following must you configure in order to see all of the network traffic?
Brute force attack
You are using a password attack that tests every possible keystroke for every single key in a password until the correct one is found. Which of following technical password attacks are you using?
Capture filters
You are using a protocol analyzer to capture network traffic. You want to only capture the frames coming from a specific IP address. Which of the following can you use to simply this process?
Port mirroring
You decide to use a packet sniffer to identify the type of traffic sent to router. you run the packet sniffing software on a device that I connected to a hub with 3 other computers. The hub is connected to a switch that is connect to the router. When you runt he software, you see frames afforested to the 4 workstations, but not to the router Which feature should you configure on the switch?
Ping
You need to check network connectivity from your computer to a remote computer. Which of the following tools would be the BEST option to use?
John the Ripper
You want to check a sever for user accounts that have weak passwords. Which tool should you use?
Network mapper
You want to identify all devices on a network along with a list of open ports on those devices. You want the results displayed in a graphical diagram. Which tool should you use?
Protocol analyzer
You want to identify traffic that is generated and sent through a network by a specific application running on a device. Which tool should you use?
Packet sniffer
You want to know which protocols are being used on your network. You'd like to monitor network traffic and sort traffic by protocol. Which tool should you use?
PTZ
You want to use CCTV to increase your physical security, and you want the ability to remotely control the camera position. Which camera type should you choose?
Nessus
You want to use a tool to scan a system for vulnerabilities, including open ports, running services, and missing patches. Which tool should you use?
Wireshark
You want to use a tool to see packets on a network, including the source and destination of each packet. Which tool should you use?
Implement an application-aware IPS in front of the web server
Your organziation uses a web server to hose an e-commerce site. Because this web server handles financial transactions., you are concerned that it could become a prime target for exploits. You want to implement a network security control that analyzes the contents of each packet going to or from the web server. The security control must be able to identify malicious payloads and block them. What should you do?