Cyber defense MID-TERM

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

IPv6 loopback address?

::1

Which of the following is NOT information that a packet filter uses to determine whether to block a packet? checksum port ip ddress protocol

Checksum

An attack in which many computers are hijacked and target with so many false requests that the server cannot process them all, and normal traffic is blocked is __________

DDoS attack

A semi-trusted subnet that lies outside the trusted internal network but is connected to the firewall to make services publicly available while still protecting the internal LAN is _________

DMZ

The ________________ is one of the technologies in SDN. It provides the ability to manage policies that help protect virtual machines. RDP certificate Hyper-V Virtual Switch Datacenter Firewall Host Guardian Service

Datacenter firewall

Which management frame type is sent by a station wanting to terminate the connection? Disassociation Probe response Reassociation request Deauthentication

Disassociation

What is the typical packet sequence for closing a TCP session? FIN, FIN ACK, RST FIN, ACK, FIN ACK, ACK FIN ACK, FIN, ACK, RST FIN, FIN ACK

FIN, ACK, FIN ACK, ACK

A packet monkey is an unskilled programmer who spreads viruses to victims. True False

False

All devices interpret attack signatures uniformly. True False

False

Which security tool works by recognizing sign of a possible attack and sending notification to an administrator? DiD IDPS DMZ VPN

IDPS

which of the following is NOT one of the three primary goals of information security integrity availability confidentiality impartiality

Impatiality

Which popular wireless sniffer is an IDS that is passive and undetectable in operation? Aircrack-ng AirSnort NetStumbler Kismet

Kismet

Hardware or software tools that allow or deny packets based on specified criteria, such as port, IP address, or protocol is _________

Packet filters

A _____________ is reserved for a program that runs in the background to listen for requests for the service it offers.

Port

what is a VPN typically used for? secure remote access blocks open ports detection of security threats filter harmful scripts

secure remote access

Which of the following is NOT a field in a control frame? Frame control Sequence control Frame check sequence Duration

sequence control

__________ events usually track the operations of the firewall or IDPS, making a log entry whenever it starts or shuts down.

system

which term is best described as an attack that relies on gullibility or trust of people? Social engineering malicious code back door script kiddie

Social engineering

which of the following is not a category of suspicious TCP/IP packet? bad header information signle-packet attacks suspicious data payload suspicious CRC value

Suspicious CRC value

an encryption method devised as a replacement for WEP in WPA

TKIP

There are suspicious activities that should not occur on a server, such as the following. Which of the following events below is not a suspicious activity on a server: A user logging in Remotely accessing the Security Account Magager (SAM) database Plugging a USB device into a server Resetting a password that is not expected

A user logging in

The ATA is: Advanced Threat Analytics Advanced Threat Automation Attack Threat Auditing Anomalous Threat Attacks

Advanced Threat Analytics

What type of attack does a remote-access Trojan attempt to perpetrate? worm back door remote denial of service composite attack

Back door

Which type of frame advertises services or information on a wireless network? Probe response Probe request Association response Beacon

Beacon

Which of the following is a type of script that automates repetitive tasks in an application such as a word processor but can also be programmed to be a virus? WOrm Trojan Macro Back door

Macro

Just Enough Administration (JEA) for the following attack vector: Compromised identity and Pass-The-Hash attacks Pass-The-Hash attacks More privileges than are necessary Remote root login

More privileges than are necessary

______________ is the capability to prevent a participant in an electronic transaction from denying that it performed an action.

Nonrepudiation

what can an attacker use a port scanner to test for on a target computer ? Open sockets invalid IP addresses ping floods SYN flags

Open sockets

What is the name of a storage area where viruses are placed by antivirus software so they cannot replicate or do harm to other files? Quarantine Demilitarized zone recycle bin firewall

Quarantine

AN access control method that establishes organizational roles to control access to information is _________

RBAC

which type of attack causes the operating system to crash because it is unable to handle arbitrary data sent to a port? malicious port scanning ICMP message abuse rpc attacks SYN flood

RPC attacks

Which TCP flag can be the default response to a probe on a closed port? RST URG PSH SYN

RST

List the four most common types of control frames.

Request to send (RTS) Clear to send (CTS) Acknowledgement (ACK) Power-save poll (PA-Poll)

which type of firewall policy calls for a firewall to deny all traffic by default? restrictive policy perimeter policy demilitarized policy permissive policy

Restrictive policy

MIBs gather data and report it to a(n) ____________________ management station.

SNMP

Each access point has a(n) ______________ that essentially functions as the name of the network.

SSID

What is the sequence of packets for a successful three-way handshake? SYN, ACK, ACK SYN, SYN ACK, RST SYN, SYN ACK, ACK SYN, ACK, FIN

SYN, SYN ACK, ACK

How does the CVE standard make network security devices and tools more effective? the layered approach makes attacks nearly impossible they can share information about attack signatures it requires you to use compatible device from one vendor it worms an attacker that your site is being monitored

They can share information about attacks signatures

what is a program that appears to do something useful but is actually malware? back door virus trojan logic bomb

Trojan

A worm creates files that copy themselves repeatedly and consume disk space false true

True

a hacktivist can best be described as which of the following? Use DoS attacks on Web sites with which they disagree consider themselves seekers of knowledge an unskilled programmer that spreads malicious scripts deface web sites by leaving messages fro their friends to read

Use DoS attacks on web sites with which they disagree

what tool do you use to secure remote access by users who utilize the Internet? IDS DiD DMZ VPN

VPN

Windows Server supports TPM for ___________, which allows you to support advanced security technologies such as BitLocker® Drive Encryption. server management virtual private networks virtual machines software defined networking

Virtual Machine

____________ are spread by several methods, including running executable code, sharing disks or memory stick, opening email attachments, and viewing infected or malicious web pages.

Viruses

the encryption and authentication architecture based on the final ratified IEEE 802.11i standard

WPA2

Computer files that copy themselves repeatedly and consume dis space or other resources is ________

Worm

______________ do not require user intervention to be launched; they are self-propagating.

Worm

Defense in depth can best be described as which of the following? a firewall that protects the network and the server Antivirus software and firewalls authentication and encryption a layered approach to security

a layered approach to security

Which of the following is true about the association process? the AP transmits an invitation to associate a station first listens for beacons a station first send an association request it is a three-step process

a station first listens for beacons

attacks that attempt to gather information for subsequent attacks by sending probe request frames on each available channel

active attacks

Windows Defender can be configured using: (select any that apply) Windows Powershell Group Policy Security Services Tab Windows Management Instrumentation

all 3 not security service tab

What is a best practice for hardening linux? (Select all that apply.) Encrypt your drive Enable Root Mode Disable USB Port Disabling uncessary services

all of the above

In our environment we are using Ubuntu. What command is used for updating the linux system installed software? app-update autoupdater apt-get up2date

apt-get

a two-step process of being accepted into a wireless network

association

which of the following is NOT among the items of information that a CVE reference reports? Description of vulnerability reference in other databases attack signature name of the vulnerability

attack signature

Which of the following is true about wardriving? attackers use RF monitor mode the hardware is very expensive their goal is simply to hijack a connection the software is very expensive

attackers use RF monitor mode

The process of recording which computers are accessing a network and what resources are being accessed, and then recording the information in a log file is _______

auditing

What function does a RADIUS server provide to a wireless network? authentication decryption association encryption

authentication

which security layer verifies the identity of a user, service, or computer? physical security authorization repudiation authentication

authentication

A method of authenticating a user using physical information, such as retinal scans, fingerprints, or voice-prints is _____-

bio-metrics

Malware that creates networks of infected computers that can be controlled from a central station is referred to as which of the following? packet monkey trojan botnet logic bomb

botnet

in which form of authentication does the authenticating device generate a random code and sen it to the user who wants to be authenticated? challenge/response bio-metrics signature basic

challenge/response

a type of control frame that gives a station clearance to begin transmitting packets

clear to send

Under which suspicious traffic signature category would a port scan fall? informational reconnaissance denial of service unauthorized access

denial of service

Privilege identities get compromised when organizations: (select the best answer) have complex password management security awareness training do not use single-sign-on do not have identity management guidelines

do not have identity management guidelines

Most credential threats start out by researching the organization and then conducted through social engineering. For example, an attacker may perform _____________________ to compromise legitimate account that have access to an organization's network. dumpster diving pass-the-token attack email phishing priviledge escal

email phishing

An atomic attack is a barrage of hundreds of packets directed at a host. True False

false

Newer Trojans listen at a predetermined port on the target computer so that detection is more difficult. True False

false

Reviewing log files is a time-consuming task and therefore should only be done when and attack on the network has occurred. true false

false

Wireless networks are essentially the same as wired networks when it comes to the security threats each faces. True False

false

ipv4 and ipv6 headers are interopearable true false

false

what is the term used when and IDPS doesn't recognize that an attack is underway? false negative true positive negative activity positive signature

false negative

Which of the following is an element of the TCP header that can indicate that a connection has been established? Flags stream index seq/ack analysis sequence number

flags

A _____________ device is a wireless device that employees connect and use without authorization or verified configurations.

rogue

Which of the following is true about IEEE 802.11i? temporal key integrity protocol is used for encryption it uses a symmetric block cipher for encryption it uses PMK to generate data encryption keys it uses WEP2 for authentication and encryption

it uses a symmetric block cipher for encryption

Which type of attack works by an attacker operating between two computers in a network and impersonating one computer to intercept communication? malicious port scanning remote procedure call denial of service man-in-the-middle

man-in-the middle

In which type of attack do attackers intercept the transmissions of two communicating nodes without the user's knowledge? wardriver man-in-the-middle rogue device brute force

man-in-the-middle

List the three types of MAC frames defined by the 802.11 standard.

management frames control frames data frames

With which access control method do system administrators establish what information users can share? mandatory access control discretionary access control role-based access control administrative access control

mandatory access control

Because virtual machine state and memory is stored in a file it is unacceptable to attacks via: (select all that apply). the network while it is backed up the paging system the storage system

not paging system

any keys used between a pair of devices in TKIP

pairwise keys

the process of using a variety of tools and techniques to attempt to break into a network

penetration testing

An area in random access memory (RAM) reserved for the use of a program tat "listens" for requests for the service it provides is ______

port

A ____________ response is sent by a station in response to a request frame and indicates capabilities, supported data rates, and other information.

probe

What command to list types of services running? pwd ls -l ps -ef netstat -a

ps -ef

a type of control frame that a station sends when it wants to transmit

request to send

In which type of wireless attack does the attacker cause valid users to lose their connections by sending a forged deauthentication frame to their stations? MAC address spoofing association flood jamming session hijacking

session hijacking

___________ key encryption in WEP uses the RC4 encryption algorithm.

shared

Signs of possible attacks that include an IP address, a port number, and the frequency of access attempts; an IDPS uses signatures to detect possible attacks is ____

signatures

an in-depth examination of a proposed wireless network site

site survey

capturing network traffic during transmission

sniffing

why might you want your security system to provide non-repudiation? To prevent a user from capturing packets and viewing sensitive information To prevent an unauthorized user from logging into the system to trace the origin of a worm spread through email so a user can't deny sending or receiving a communication

so a user can't deny sending or receiving a communication

Which of the following is the description of a land attack? the local host soure address accurs in the packet source and destination IP address/port are the same an illegal TCP flag is found in the segment header the attacker uses an undefined protocol number

source and destination ip address/port the same

Which of the following is true about the SSID? they are found in control frames they are not found in beacon frames they are registered they can be Null

they can be null

How does the CVE standard make network security devices and tools more effective? the layered approach makes attacks nearly impossible they can share information about attack signatures it requires you to use compatible devices from one vendor it warns an attacker that your site is being monitored

they can share information about attack signatures

A RTS frame is the first step of the two-way handshake before sending a data frame. True False

true

Physical security protects a system from theft, fire, or environment disaster true false

true

SNMP requires the installation of an SNMP agent on the device you want to monitor. True False

true

The linux file system is designed for multi-users. What are the possible ownership combinations for files and directories? User , Group, Root User, Group User, Group, Other User, Group, Adm

user, group, other

Windows Defender has been included in Windows operating systems since: Windows 2000 Windows 8 Windows 10 Windows 8.1

windows 8


Ensembles d'études connexes

Macroeconomics 4.2b Frictional, Structural, and Cyclical Unemployment

View Set

American Government - Unit 1 Test

View Set

Prep U Chapter 34: Assessment and Management of Patients with Inflammatory Rheumatic Disorders

View Set

Mod 08: Nation Building in the Americas

View Set

Managing Anxiety and Delivering your Speech

View Set

IB Economics SL - T2: Macroeconomics

View Set