Cyber security 1
What type of attack targets an SQL database using the input field of a user?
SQL injection
A network administrator of a small advertising company is configuring WLAN security by using the WPA2 PSK method. Which credential do office users need in order to connect their laptops to the WLAN?
A key that matches the key on the AP
A social media site is describing a security breach in a sensitive branch of a national bank. In the post, it refers to a vulnerability. What statement describes that term?
A weakness in a system or its design that could be exploited by a threat
What does the term vulnerability mean?
A weakness that makes a target susceptible to an attack
Resource utilization attack
Attacker sends multiple packets that consume server resources
Cache Poisoning
Attackers sends falsified information to redirect users to malicious sites
Which statement describes one of the rules that govern interface behavior in the context of implementing a zone-based policy firewall configuration?
By default, traffic is allowed to flow among interfaces that are members of the same zone
What is a vulnerability that allows criminals to inject scripts into web pages viewed by users?
Cross-site scripting
A cyber criminal sends a series of maliciously formatted packets to the database server. The server cannot parse the packets and the event causes the server to crash. What is the type of attack the cyber criminal launches?
Dos
Which three IPv4 header fields have no equivalent in an IPv6 header? (Choose three.)
Fragment Offset Identification Flag
Which term describes a field in the IPv4 packet header used to detect corruption in the IPv4 header?
Header checksum
What kind of ICMP message can be used by threat actors to create a man-in-the-middle attack?
ICMP redirects
Which security measure is best used to limit the success of a reconnaissance attack from within a campus area network?
Implement encryption for sensitive traffic
A security company is conducting an audit in several risk areas within a major corporate client. What attack of data loss vector term would be used to describe providing access to corporate data by gaining access to stolen or weak passwords?
Improper access control
The employees in a company receive an email stating that the account password will expire immediately and requires a password reset within 5 minutes. Which statement classifies this email.
It is a hoax
What is an IPS signature?
It is a set of rules used to detect typical intrusive activity
What is a function of SNMP?
Provides a message format for communication between network device managers and agents
What are the two methods that a wireless NIC can use to discover an AP? (Choose two.)
Receiving a broadcast beacon frame Transmitting a probe request
A disgruntled employee is using Wireshark to discover administrative Telnet usernames and passwords. What type of network attack does this describe?
Reconnaissance
What three best practices can help defend against social engineering attacks? (Choose three.)
Resist the urge to click on enticing web links, Educate employees regarding policies, and Do not provide password resets in a chat window.
Which risk management plan involves discontinuing an activity that creates a risk?
Risk avoidance
A user calls the help desk complaining that the password to access the wireless network has changed without warning. The user is allowed to change the password, but an hour later, the same thing occurs. What might be happening in this situation?
Rogue access point
Which type of network attack involves randomly opening many Telnet requests to a router and results in a valid network administrator not being able to access the device?
SYN Flooding
What is a characteristic of the WLAN passive discovery mode?
The AP periodically sends beacon frames containing the SSID
How do cybercriminals make use of a malicious iFrame?
The iFrame allows the browser to load a web page from another source
Which statement describes a VPN?
VPNs use virtual connections to create a private network through a public network
Match the type of cyberattackers to the description.
Vulnerability brokers → Discover exploits and report them to vendors State-sponsored attackers → Gather intelligence or commit sabotage on specific goals on behalf of their government Hacktivists → Make political statements in order to create an awareness of issues that are important to them
Which combination of WLAN authentication and encryption is recommended as a best practice for home users?
WPA2 and AES
What are two drawbacks to using HIPS? (Choose two.)
With HIPS, the network administrator must verify support for all the different operating systems used in the network HIPS has difficulty constructing an accurate network picture or coordinating events that occur across the entire network.
Amplification and Reflection
attackers uses open resolvers to increase the volume of attacks and mask the true source of the attack
What is the first line of defense to protect a device from improper access control?
passwords