Module 13 - 17

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

What are two methods used by cybercriminals to mask DNS attacks?

1. Domain generation algorithms 2. fast flux

Common ICMP messages of interest to threat actors include the following:

1. ICMP echo request and echo reply 2. ICMP unreachable 3. ICMP mask reply 4. ICMP redirects 5. ICMP route discovery

Three functionalities provided by SOAR

1. It automates complex incident response procedures and investigations 2. It uses AI to detect incidents and aid in incident analysis and response. 3. it provides case management tools that allow cybersecurity personnel to research and investigate incidents.

Which two functions are provided by NetFlow?

1. It provides a complete audit trail of basic information about every IP flow forwarded on a device. 2. It provides 24×7 statistics on packets that flow through a Cisco router or multilayer switch.

What are two evasion methods used by hackers?

1. Resource exhaustion 2. encryption

What are two examples of DoS attacks?

1. buffer overflow 2. ping of death

A user is curious about how someone might know a computer has been infected with malware. What are two common malware behaviors?

1. computer gets increasingly slower to respond 2. the computer freezes and requires reboot 3. appearance of weird files, application or desktop icons 4. security tools turned off or changed 5. emails spontaneously sent to others 6. modified or missing files 7. unfamiliar processes or services running 8. unknown TCP or UDP ports open 9. connections to unknown remote devices

Which two types of hackers are typically classified as grey hat hackers?

1. hacktivists 2. vulnerability brokers

Which two characteristics describe a worm?

1. is self-replicating 2. travels to new computers without any intervention or knowledge of the user.

3 major components of a worm attack

1. payload 2. propagation mechanism 3. an enabling vulnerability

two types of attacks are examples of reconnaissance attacks

1. port scan 2. ping sweep

What are two purposes of launching a reconnaissance attack on a network?

1. to scan for accessibility 2. to gather information about the network and devices

What is a significant characteristic of virus malware

A virus can execute independently of the host system

Once a cyber threat has been verified, the US Cybersecurity Infrastructure and Security Agency (CISA) automatically shares the cybersecurity information with public and private organizations. What is this automated system called?

AIS - Automated Indicator Sharing

How can a DNS tunneling attack be mitigated?

By using a filter that inspects DNS traffic

What is a vulnerability that allows criminals to inject scripts into web pages viewed by users?

Cross-site scripting

The IT department is reporting that a company web server is receiving an abnormally high number of web page requests from different locations simultaneously. Which type of security attack is occurring?

DDoS

An attacker is redirecting traffic to a false default gateway in an attempt to intercept the data traffic of a switched network. What type of attack could achieve this?

DHCP spoofing

What technique is a security attack that depletes the pool of IP addresses available for legitimate hosts?

DHCP starvation

In what type of attack is a cybercriminal attempting to prevent legitimate users from accessing network services?

DoS

Which protocol is exploited by cybercriminals who create malicious iFrames?

HTTP

This is a forensic tool that can be used by white hat hackers to find any trace of evidence existing in a particular computer system

Helix

What kind of ICMP message can be used by threat actors to create a man-in-the-middle attack?

ICMP redirects

This is a debugger tool that can be used by black hats to reverse engineer binary files when writing exploits. It can also be used by white hat when analyzing malware

IDA pro

Which statement describes the function of the SPAN tool used in a Cisco switch?

It copies the traffic from one switch port and sends it to another switch port that is connected to a monitoring device.

Which devices should be secured to mitigate against MAC address spoofing attacks?

Layer 2 devices

IPS

Monitors traffic and compares it against configured rules

Which statement describes an operational characteristic of NetFlow?

NetFlow collects basic information about the packet flow, not the flow data itself.

This is a wireless hacking tool that can be used to hack into a wireless network to detect security vulnerabilities

NetStumbler

Which type of network attack involves randomly opening many Telnet requests to a router and results in a valid network administrator not being able to access the device?

SYN flooding

This is a packet crafting tool that use specially crafted forged packets to probe and test the robustness of a firewall

Socat

Which tech is a proprietary SIEM system

Splunk

Which type of security threat would be responsible if a spreadsheet add-on disables the local software firewall?

Trojan Horse

protocol analyzer

Used to capture traffic and show what is happening on the network

Which is an example of social engineering?

a computer displaying unauthorised pop-ups and adware

A white hat hacker is using a security tool called Skipfish to discover the vulnerabilities of a computer system. What type of tool is this?

a fuzzer

What describes a vulnerability broker?

a threat actor attempting to discover exploits and report them to vendors, sometimes for prizes or rewards

What causes buffer overflow?

attempting to write more data to a memory location than that location can hold

What is the result of a passive ARP poisoning attack?

confidential information is stolen

SPAN

copies frames received on one or more ports to a port connected to an analysis device

What would be the target of an SQL injection attack?

database

a mechanism used to compromise an asset

exploit

Which attack involves threat actors positioning themselves between a source and destination with the intent of transparently monitoring, capturing, and controlling the communication?

man-in-the-middle attack

Which field in the IPv6 header points to optional network layer information that is carried in the IPv6 packet?

next header

Which access attack method involves a software program that attempts to discover a system password by the use of an electronic dictionary?

port redirection attack

What is the goal of a white hat hacker?

protecting data

Which type of Trojan horse security breach uses the computer of the victim as the source device to launch other attacks?

proxy

A network administrator is checking the system logs and notices unusual connectivity tests to multiple well-known ports on a server. What kind of potential network attack could this indicate?

reconnaissance

the likelihood of undesirable consequences

risk

An administrator discovers a vulnerability in the network. On analysis of the vulnerability the administrator decides the cost of managing the risk outweighs the cost of the risk itself. The risk is accepted, and no action is taken. What risk management strategy has been adopted?

risk acceptance

Why would an attacker want to spoof a MAC address?

so that a switch on the LAN will start forwarding frames to the attacker instead of to the legitimate host

A user receives a phone call from a person who claims to represent IT services and then asks that user for confirmation of username and password for auditing purposes. Which security threat does this phone call represent?

social engineering

a potential danger to an asset

threat

What is the function of a gratuitous ARP sent by a networked device when it boots up?

to advise connected devices of its MAC address

Why would a rootkit be used by a hacker?

to gain access to a device without being detected

Fuzzers

tools used by threat actors when attempting to discover the vulnerabilities of a computer system. Examples of fuzzers include Skipfish, Wapiti, and W3af.

ICMP Router Discovery

used to inject bogus route entries into the routing table of a target host

ICMP redirects

used to lure a target host into sending all traffic through a compromised device and create a man-in-the-middle attack

ICMP mask reply

used to map an internal IP network

ICMP echo requests and reply

used to perform host verification and DoS attacks

ICMP unreachable

used to perform network reconnaissance and scanning attacks

a weakness in a system

vulnerability


Ensembles d'études connexes

ATI fundamentals I quiz - part 2.

View Set

Milady - Chapter 9 Nail Structure & Growth

View Set

Tableau Desktop Specialist Certification

View Set

Module 6 RAID and Expansion Devices

View Set