Network Security
Multiple computers infected with a rootkit allowing them to accept commands from a remote user is called a: Zombie Botnet Firewall Zombienet
Botnet
A signature based IDS employs artificial intelligence. True False
False
MAC address filtering is not vulnerable to spoofing attacks. Select one: True False
False
______ files contain host names and IP addresses for frequently visited sites. IP DNS Hosts Site
Hosts
On a computer network, what does an authentication system do? Select one: a. Prevent unauthorized use of network services b. Verify the identities of users c. Confirmation of data requests d. A and B
d
____________________ is often used in a Denial of Service attack. Email spoofing IP tampering IP spoofing Email altering
IP spoofing
What is the main requirement of a man-in-the-middle attack? The attacker completely injects themselves between the sender and receiver The attacker partially injects themselves between the sender and receiver The attacker hacks into the receiver's computer The attacker hacks into the sender's computer
The attacker completely injects themselves between the sender and receiver
A signature based IDS is efficient at identifying previously observed and documented attacks. True False
True
Spoofing is a form of attack in which the attacker has disguised his/her message to be able to masquerade or fool other people and systems. Select one: True False
True
Why would an attacker want to hijack DNS service? Select one: a. Ego, bragging rights b. Hijacking DNS allows attackers to control servers that users connect to c. Hijacking DNS allows an attacker to protect themselves against DoS attacks d. None of the above
b
How does a signature-based IDS work? Select one: a. It scans all incoming traffic to see if any of the TCP segments are the start of a new connection. If so, the segments are dropped b. It uses artificial intelligence to attempt to reason about the current state of the network and determine if an attack is occurring c. It uses predefined policies or characteristics that it watches for to determine if an attack is occurring d. None of the above
c
What is the name of the new encryption scheme that is now preferred for wireless networks? Select one: a. WEP b. WPE c. WPA d. WAP
c
attacks frequently use spoofed IP packets to cause a cascade of unwanted traffic. Select one: a. Brute force b. SQL Injection c. Distributed Denial of Service d. Buffer Overflow
c
An attack that occurs whenever an attacker is able to successfully place themselves between a victim and the resource they were attempting to use is known as what? Select one: a. Eavesdropping b. Distributed Denial of Service c. Denial of Service d. Man-in-the-Middle
d
____________ is when an attacker prevents domain names from resolving to the proper IP addresses. DNS altering DNS tampering DNS poisoning DNS attacking
DNS tampering
If you are unable to access virtual resources for an extended period of time, you may be a victim of a: Email spoofing A man in the middle attack Denial of service attack Eavesdropping attack
Denial of service attack
When an administrator creates a honeynet, he or she is interested in Research, Defense, and _____________. Authentication Diversion Identification Verification
Diversion
Eavesdropping attack
Every router between a source and destination is in a position to eavesdrop. Eavesdropping leads to many security concerns. Systems that transmit data over a network must assume the data exchanged is not private, and encrypt any sensitive data before transmitting. Eavesdroppers will still be able to see the source and destination IP addresses and TCP ports, but will not be able to examine the data being exchanged.
What does a firewall do? Keeps unwanted traffic from the Internet isolated from the inside network Keeps all traffic from the Internet isolated from the inside network Scans the interior of a network looking for signs that the network is under attack Provides secure communication between two networks
Keeps unwanted traffic from the Internet isolated from the inside network
The most effective defense against a SYN flood attack is to use: SYN segments SYN barriers SYN files SYN cookies
SYN cookies
A heuristic based IDS tends to suffer more false positives. True False
True
Which of the following is not an advantage of heuristic based IDS? Select one: a. Lower false positive attack rates b. Artificially intelligent system that can learn to spot abnormal behavior on a network c. Capable of detecting novel, never before seen types of attack d. All of the above are advantages of heuristic based IDS
a
What is DNS poisoning? An attack in which a user winds up at a different website other than the one they intended to visit An attack in which the DNS file on a local system is altered without the user's knowledge An attack in which the DNS records currently cached by one server are altered to contain false information None of the above
An attack in which the DNS records currently cached by one server are altered to contain false information
_______________ systems are designed to prevent unauthorized use of network services and verify the identities of users. Authentication Identification Verification Password
Authentication
Which of the following is not a method used to protect against cyber attacks? Firewalls Intrusion detection systems Honeynets Intrusion monitoring systems
Intrusion monitoring systems
Which of the following is the best description of a key (that is used in encryption/decryption)? Select one: a. A key is a secret shared between the sender and receiver that allows the data to be correctly encrypted and decrypted b. A key is the data to be protected from eavesdroppers during transmission from sender to receiver (like a social security number, credit card number, username and password, etc.) c. A key is a type of company that provides verification services to ensure that the sender and receiver are who they claim to be d. A key is the algorithm or procedure to be used during encryption and decryption of the data
a
Protecting Against Cyber Attacks Some common methods used to protect against cyber attacks are: (1) Firewalls (2) Authentication Systems (3) Intrusion Detection Systems (4) Encryption (5) Packet Capturing (6) Honeynets
(1) A network security control that prevents unsolicited and unwanted traffic from reaching protected systems; also prevents unwanted or unapproved traffic from being transmitted by protected systems. (2) A system that offers authentication services, thereby verifying a user's stated identity. (3) Intrusion Detection Systems attempt to monitor the current operation of the network and raise alarms if an attack appears to be occurring. (4) The encoding of data in such a way that only the sender and intended recipient can decode and read it. (5) This process involves capturing network packets including the header and datagram content, storing them in short term memory and analyzing them against known signature files for potential attacks. (6) Networks that some organizations setup and leave open to attack. Honeynets are created for: Research, Defense, Diversion.
Wireless Network Terminology (1) Access Point (2) MAC address (3) SSID Broadcast (4) WEP (5) WPA (6) WPA2
(1) A piece of hardware that offers network service to wireless clients. This hardware features antennae for receipt and transmission of wireless data (2) The Media Access Control (MAC) address is a unique value associated with a network adapter. Also known as hardware or physical addresses. (3) The name of a wireless network broadcast to allow people to discover and connect to the wireless network. (4) The original type of encryption used on wireless networks called Wired Equivalent Privacy (WEP). The goal of WEP was to provide wireless users with the same level of privacy as found on wired networks (5) Wi-Fi Protected Access (WPA) is a security protocol that provides stronger encryption features of WEP. It also includes built-in authentication support. (6) The most current encryption leveraging the Advanced Encryption Standard (AES) block cipher and part of the 802.11i standard. WPA2 is considered very secure and virtually unbreakable if a strong key is set up.
Packet Capture and Analysis Packet capture involves capturing network packets including the header and datagram content, storing them in short term memory and analyzing them against known signature files for potential attacks. Packet capturing enables the comparison of requests against known attack signatures to thwart an attack. (1) Honeynets/Honeypots
(1) Honeynets, also called Honeypots, are networks that organizations set up and leave open to attack. They are created in the hopes of luring attackers into a carefully observed network or host. There are three main reasons why honeynets are developed •Research - To learn new methods of attack, a potential shift in what attackers are currently targeting and the development of better defenses. •Defense - Potentially discover the attacker's true identity, allowing the targeted organization to notify law enforcement, reconfigure firewalls and block the attacker. •Diversion - The goal here is that the attacker will be satisfied with the honeynet, and will ignore the organization's real network and systems.
Virtual Private Networks (VPNs) (1) Single Employee Joining The Network Remotely (2) Linking Remote Locations
(1) How it works: •When a system connects wishing to initiate a VPN connection, the system and firewall exchange necessary encryption information. •After the exchange of cryptographic information occurs, the VPN queries the connecting system for credentials that document its right to be connected to the network. Typically these are a username and password. •After they are transmitted by the client, the firewall passes the information to the same server that performs typical network authentication. •If the server confirms the username and password then the connection is permitted and the connecting system now appears to be on the same network as all the other systems. •The connected system is even assigned an IP address for use on the private (remote) network. •If, on the other hand, the authentication server rejects the username and password supplied by the connecting system, then the VPN connection is dropped. (2)How it works: •First, a system on one side of a VPN sends a packet to a system on the other end of the VPN connection. •As the packet is leaving the first local area network to go out on the Internet it passes through a VPN gateway which encrypts the entire IP packet. •This encrypted packet is placed in the payload of a new IP packet. •This new IP packet is then addressed to the VPN gateway located at the border of the second, physically separated network. The packet is then transmitted normally over the unsecured Internet. •When the packet arrives at the second VPN gateway it is decrypted. The VPN gateway then transmits the original packet over the local area network to the intended recipient.
Denial of Service Attacks (1) Zombie/Bot (2) Botnet
(1) Interchangeable, these terms are used to describe a system that has been hijacked by an attacker that now secretly accepts commands from a remote user. (2) Multiple computers infected with a rootkit allowing it to accept commands from a remote user.
Wireless Access Challenges While most data link layer protocols are relatively insecure, they offered the advantage of requiring a system to be physically connected to the network for access. Meaning, if you maintain physical security then no attacker should be able to intercept your data at the data-link level. Wireless mediums do not offer the same protection. When considering the problems posed by wireless mediums, it's important to identify that there are, in fact, two issues: •Preventing attackers from eavesdropping on traffic. •Preventing attackers from illegally using the medium to access the network, Internet, etc. Methods of solving issues related to wireless security include: (1) MAC Address Filtering (2) Encryption
(1) MAC addresses allow communication at the data-link level and can be thought of as being roughly analogous to IP addresses. An attacker could potentially spoof a MAC address, but would face problems when attempting to use TCP, since the system with the real MAC address would most likely reset the connection when it received TCP acknowledgments to data it did not send. (2) Wired Equivalence Privacy (WEP) and Wi-FI Protected Access 2 (WPA2)
Authentication Services (1) One-time passwords (2) Challenge-Response System (3) Encryption
(1) One-time passwords attempt to minimize the danger of transmitting authentication information over a network. They do this by using unique passwords that are only valid for one login. After one login the password will be rejected as incorrect. The danger from MITM or eavesdropping attacks is minimized because each password is only good for one login. After the session the password is no longer valid and therefore worthless. Unfortunately one-time passwords have been shown to be quite difficult for both the system and user to use. (2) Challenge-response systems attempt to offer the advantages of one-time passwords while eliminating the administrative burden they create. Challenge-response systems use a small device that each user has. When a user attempts to login, they provide their username and password as always. The authentication server then responds with a challenge, often in the form of a number. The user then inputs this number into the electronic device they have been issued, which computes the response. The response is then transmitted back to the authentication server. Thus an attacker would have to have both the password as well as the response device in order to perform an attack. (3) Unfortunately both one-time passwords as well as challenge-response schemes are vulnerable to some form of attack. The only truly secure method to use when performing user authentication is encryption of the data.
Intrusion Detection Systems (IDS) (1) Signature Based (2) Heuristic Based
(1) The system is provided with many signatures, or examples, of attack methods that have been used elsewhere. If a recognized signature is discovered, the program indicates what actions the IDS should take in reporting the attack. Signature Based IDSs can be quite efficient at identifying previously observed and documented attacks, but are incapable of detecting new attacks. (2) Heuristic Based IDSs attempt to compensate for the shortcomings of Signature Based IDSs by employing a different approach. They employ artificial intelligence and attempt to identify previously unseen attacks. Unfortunately they tend to suffer much higher rates of false positive and false negative detection.
Why do many organizations filter the traffic leaving the network using a firewall? Administrators are concerned that employees may download viruses and other malicious software. Administrators are concerned that a system infected with a virus may attempt to connect back to the virus' author and upload stolen information. Few corporations filter traffic going out to the Internet. Corporations are concerned that employees may be buying and selling information to competitors or other organizations.
Administrators are concerned that a system infected with a virus may attempt to connect back to the virus' author and upload stolen information.
___________ is not a commonly used technique to attack computer and networks. Spoofing Man-in-the-Middle Attacks DNS Tampering DNS Altering
DNS Altering
DNS poisoning attack Is when attackers make use of their knowledge of how DNS servers operate to replace information in the caches of the DNS system to direct users to a different website than the user intended. Suppose an attacker creates a malicious website, www.attacker.com. The attacker chooses a victim DNS server, and asks for the IP address of www.attacker.com. The victim DNS server will perform the proper resolution and eventually query the attacker's DNS server. In addition to sending the correct DNS record for www.attacker.com, the attacker also attaches to the victim DNS server a fraudulent record that points paypal.com to the attacker's IP address.
DNS poisoning attack
Eavesdropping occurs because: Data is broadcast over a virtual medium which can be accessed by others on the same network segment Data is broadcast over a virtual medium which can be accessed by others on a different network segment Data is broadcast over a phone line which can be accessed by others on the same network segment Data is broadcast over a loud speaker
Data is broadcast over a virtual medium which can be accessed by others on the same network segment
Multiple computers are synchronized in an attempt to knock a victim offline or make services unavailable. Usually this is done by overwhelming the target with phony traffic. The large amount of traffic either uses all of the victim's Internet bandwidth or, in some cases, causes the target computer to crash. Often these attacks utilize botnets in order to generate the vast amounts of traffic needed to completely saturate the victim's bandwidth. The attacker broadcasts a command over the Internet causing all of the bots in their botnet to simultaneously begin the attack. Some of the most commonly seen attacks are: (1) SYN Flood (2) Reflection Flood
Distributed Denial of Service (DDoS) (1) A SYN Flood is a form of DDoS attack in which all the bots attempt to open new Transmission Control Protocol (TCP) connections with the victim's server. The typical goal of a SYN flood is to use all the victim's bandwidth or, more likely to consume so much of the computing resources (memory, CPU, storage space, etc.) that it can no longer function. The clever part of this attack is that TCP on the victim's system will respond to each individual connection request and send a reply. The reply takes bandwidth, meaning the normal TCP reply actually makes the attack worse. Further adding to the trouble is the fact that it is easier for the attacker's bots to send SYN segments than it is for the victim to ignore them or reply to them. The most effective defense against a SYN flood attack is to use SYN cookies which are typically implemented by your operating system. (2) Attackers have devised ways of carrying out DDoS attacks without botnets. The most common of these methods are reflection attacks, where innocent parties unknowingly bombard the victim with traffic, maxing out their bandwidth. During a reflection attack the following happens: •An attacker uses IP spoofing, changing the source IP addresses, making a particular TCP segment appear to come from the victim. •The TCP connection request will either be acknowledged by the servers it is sent to or the servers send a segment indicating that the connection could not be opened. •The innocent servers send all of these TCP segments to the system they believe sent the connection request in the first place, as indicated by the IP address in the "source" field. •If everything is timed properly then the servers unknowingly act in the same manner as a botnet.
When multiple computers are synchronized in an attempt to knock a victim offline or make services unavailable, it is called a: Distributed denial of service attack Man in the middle attack Email spoofing Denial of Internet attack
Distributed denial of service attack
Domain Name Service tampering Is when an attacker prevents domain names from resolving to their proper IP addresses. Security is threatened when any attacker can take control of the DNS resolution procedure, giving them the ability to force users to connect to unknown servers without their knowledge. The situation is further complicated by the fact that DNS queries are exchanged using User Datagram Protocol (UDP), which offers less protection against IP address spoofing than the minimal protection offered by TCP.
Domain Name Service tampering
Spoofing - Email - Internet Protocol Address (IP Address)
Email Spoofing - Simple Mail Transfer Protocol (SMTP) was developed with no means to authenticate any information. SMTP does not have a method of ensuring a message truly is from the person to whom it is attributed. Email Spoofing is when an email header or From header is forged so the message gives the appearance of originating from somewhere other than the actual source. Email spoofing is used to generate spam messages that may carry viruses. IP Address Spoofing - an attacker gains unauthorized access to a computer or a network by making it appear that a malicious message has come from a trusted machine by "spoofing" the IP address of that machine.
______________ is when an email header is forged so the message appears to originate from somewhere other than the actual source. Email tampering Email spoofing Email altering Email poisoning
Email spoofing
Application Denial of Service Attacks These attacks: •Can affect multiple applications, often targeted at a website or online service. •Will appear as normal HTTP, SMTP, or FTP requests. •Consume the web server service resources disabling the site. Click on the buttons below to learn about the three types of application DoS attacks:
Examples: (1) Slowloris sends partial time-delayed HTTP GET based requests that consume server resources while keeping the socket open by sending additional HTTP headers at timed intervals. The Slowloris attack can be conducted using a single machine while evading standard DoS protection systems, appearing as normal HTTP traffic. (2) SlowPost uses HTTP POST commands to consume web server resources. The message body is sent at a rate of one byte every two minutes, causing the server to wait while the delayed message is processed. The SlowPost attack may be conducted at the same time as an attack designed to consume bandwidth. (3) Session Initiation Protocol (SIP) Invite Flood Voice Over IP (VOIP) phone systems can be brought down through the SIP Invite Flood attack. This attack combines multiple SIP requests combined with the normal time lag during a call initiation to crash the VOIP server. The attacker may spoof the IP address in the UDP or SIP header to avoid detection.
Security was very important during the development of the Internet. True False
False
Attackers cannot hijack the DNS system by attacking individual systems. True False
False Attackers can hijack the DNS system by attacking individual systems.
Commonly Used Offensive Techniques •Spoofing - Email - Internet Protocol Address (IP Address) •Man-In-the-Middle Attacks •Eavesdropping •Denial of Service Attacks - Distributed Denial of Service Attacks - SYN Flood - Reflection Attacks •DNS Tampering •DNS Poisoning
Network security attacks Email Spoofing - Simple Mail Transfer Protocol (SMTP) was developed with no means to authenticate any information. SMTP does not have a method of ensuring a message truly is from the person to whom it is attributed. Email Spoofing is when an email header or From header is forged so the message gives the appearance of originating from somewhere other than the actual source. Email spoofing is used to generate spam messages that may carry viruses.
What does a virtual private network do? Scans the interior of a network looking for signs that the network is under attack Keeps unwanted traffic from the Internet isolated from the inside network Keeps all traffic from the Internet isolated from the inside network Provides secure communication between two networks located in physically separate locations
Provides secure communication between two networks located in physically separate locations
Which of the following is commonly used in DDoS attacks? Eavesdropping DNS tampering Syn flood Email spoofing
Syn flood
Man-in-the-middle attack
The main requirement of a man-in-the-middle attack is that the attacker has to completely inject themselves between the sender and receiver. If the sender and receiver are able to communicate with each other independently of the attacker then the attack may fail.
Wireless Networks The most significant difference when considering security between wired and wireless networks, is the physical medium used to transmit the data. (1) Wired networks use some type of metal or fiber-optic wire. (2) Wireless networks use radio frequencies (RF).
Wireless Networks
A system that employs artificial intelligence to attempt to identify previously unseen attacks is an example of what type of intrusion detection system (IDS)? Select one: a. Heuristic b. Signature-based c. Role-based d. Rule-based
a
Botnets are commonly used to carry out what form of attack? Select one: a. Distributed Denial of Service (DDoS) b. Buffer overflow c. Social Engineering d. SQL Injection
a
Concerning network security, an attack that occurs when the attacker is able to learn or observe information that they were not supposed to is known as what? Select one: a. Eavesdropping b. Denial of Service c. Man-in-the-Middle d. Distributed Denial of Service
a
How does a signature based IDS work? Select one: a. It uses predefined policies or characteristics that it watches for to determine if an attack is occurring b. It uses artificial intelligence to attempt to reason about the current state of the network and determine if an attack is occurring c. It scans all incoming traffic to see if any of the TCP segments are the start of a new connection. If so, the segments are dropped d. None of the above
a
Regarding Network Security, which of the following is an example of a zombie? Select one: a. A computer that is infected with some form of malware that allows remote control from a malicious user b. A computer that is not known to a network c. A computer without a user d. A computer that is so out of date that it is described as shambling along
a
Regarding Network Security, which of the following is an example of a zombie? Select one: a. A computer that is infected with some form of malware that allows remote control from a malicious user b. A computer that is so out of date that it is described as shambling along c. A computer without a user d. A computer that is not known to a network
a
Regarding Network Security, which of the following is not an example of a bot? Select one: a. A computer that has no user associated with it b. A computer that is used in some form of attack on another client c. A computer that is infected with a Trojan that allows remote control from a malicious user d. A computer that is NOT under the direct control of the intended user
a
What does a firewall do? Select one: a. Keeps unwanted traffic from the Internet isolated from the inside network b. Provides secure communication between two networks c. Keeps all traffic from the Internet isolated from the inside network d. Scans the interior of a network looking for signs that the network is under attack
a
What is WEP? Select one: a. An encryption scheme used to secure wireless networks b. An addressing scheme designed to prevent unauthorized users from accessing wireless networks c. A technology that allows wireless networks to communicate with wired networks d. None of the above
a
What is a "bot"? Select one: a. A computer system that has been infected by a virus or trojan and now accepts commands from remote users b. A computer system that gives orders to other computer systems c. A computer system that has artificial intelligence and can operate on its own d. A program that is designed to infect computer systems so that they can be controlled remotely
a
What is a "botnet"? Select one: a. A collection of bots accepting remote commands, frequently from a hacker b. A group of viruses or trojans that an attacker might send to their victim to cause infection c. A type of distributed Denial of Service attack d. None of the above
a
What is a SYN Flood? Select one: a. A form of DDoS attack in which the victim is flooded with new TCP connection requests b. A form of DDoS attack in which the victim is flooded with UDP traffic c. A form of DDoS attack in which the victim is flooded with IP traffic d. None of the above
a
What is the common name of the file stored on each computer that is tampered with when perpetrating a DNS Tampering attack? Select one: a. Hosts b. Routes c. Systems d. Query-response
a
What is the key requirement for a man in the middle attack to be successful? Select one: a. The sender and receiver must not be able to communicate independently of the attacker b. The sender and receiver must be able to communicate independently of the attacker c. The sender and receiver must use UDP d. The sender and receiver must use TCP
a
What is the key requirement for a man-in-the-middle attack to be successful? Select one: a. The sender and receiver must not be able to communicate independently of the attacker b. The sender and receiver must use TCP c. The sender and receiver must be able to communicate independently of the attacker d. The sender and receiver must use UDP
a
Which of the following is not an objective of a honeynet? Select one: a. Offense b. Defense c. Research d. Diversion
a
Which of the following statements describes the relationship between botnets and DDoS attacks? Select one: a. Botnets are important in perpetrating a DDoS attack due to the nature of DDoS attacks needing a large base of zombies b. Botnets are important in perpetrating a DDoS attack due to the greater chance of success, which can lead to a larger sum of money extorted c. Botnets are important in perpetrating a DDoS attack because of the need for organization of large groups, with a botnet being controlled by someone known as a bot herder d. All of the above describe the importance of botnets with respect to DDoS attacks
a
Why is MAC address filtering not universally recommended? Select one: a. It is easy to determine an allowable MAC address through packet sniffing b. It is easy to determine an allowable IP address through packet sniffing c. MAC address filtering is not applicable to wireless networks d. MAC address filtering is still recommended
a
How does a heuristic IDS work? Select one: a. It uses predefined policies or characteristics that it watches for to determine if an attack is occurring b. It uses artificial intelligence to attempt to reason about the current state of the network and determine if an attack is occurring c. It scans all incoming traffic to see if any of the TCP segments are the start of a new connection. If so, the segments are dropped d. None of the above
b
On a computer network, which of the following is an example of an authentication system? Select one: a. A server that allows those on the local network access b. A server that takes credentials provided by some host and verifies those credentials c. A server that is passed information from a previous server and accepts the credentials d. None of the above
b
Suppose a Caesar cipher with a right shift of two produces the cipher text of eadgt ugewtkva. What was the original clear text? Select one: a. Cyber sessions b. Cyber security c. Money security d. Money services
b
Suppose a Caesar cipher with a right shift of two produces the cipher text of eadgt ugewtkva. What was the original clear text? Select one: a. Money services b. Cyber security c. Cyber sessions d. Money security
b
What is a challenge-response system's major function? Select one: a. To identify users and/or systems b. To authenticate users and/or systems c. To audit users and/or systems d. None of the above
b
What is one term that is commonly given to attacks that seek to modify the DNS system, possibly resulting in fraudulent responses to DNS queries? Select one: a. MX corruption b. DNS poisoning c. DDoS d. Domain exchange
b
What is the term for the attack that occurs if, on a computer network, an attacker inserts himself between a client and a server and the attacker is able to observe and/or alter their communication? Select one: a. Distributed Denial of Service b. Man in The Middle c. SYN Flood d. Denial of Service
b
Which of the following best describes a network authentication system? Select one: a. A system that monitors the current network, watching for signs of hacker activity b. A system that accepts a set of credentials (username and password, fingerprint, etc.) and verifies those credentials, allowing access to authorized users c. A system that scans a network and ensures that the network's integrity has not been compromised by a hacker or virus/worm d. A system that sits at the border of a network and allows or rejects traffic coming into or out of the network based on a set of pre-written rules.
b
Which of the following is an example of a honeynet? Select one: a. A network that has been set up by an organization to research foreign cyber activities b. A network that has been set up by an organization to defend against potential attacks by isolating the attackers before they reach the rest of the network c. A network set up where all clients are connected to all the other clients, in a literal net d. None of the above
b
Why do many organizations filter the traffic leaving the network using a firewall? Select one: a. Administrators are concerned that employees may download viruses and other malicious software. b. Administrators are concerned that a system infected with a virus may attempt to connect back to the virus' author and upload stolen information. c. Few corporations filter traffic going out to the Internet. d. Corporations are concerned that employees may be buying and selling information to competitors or other organizations.
b
802.11b and 802.11g are examples of what? Select one: a. Wireless protocols used in the defense of ad-hoc networks b. Wireless protocols operating at the transport layer of the TCP/IP stack c. Wireless protocols operating at the data-link layer of the TCP/IP stack d. Wireless protocols operating at the network layer of the TCP/IP stack
c
What is a Denial of Service attack? Select one: a. An attack which causes the victim to lose control of their system b. An attack in which a user unknowingly reveals sensitive information to an attacker, like credit card number or social security number c. An attack in which a user becomes unable to use a specific asset like a computer or network d. All of the above
c
What is a virtual private network? Select one: a. A network of links and nodes arranged so that messages may be passed from one part of the network to another over multiple links and through various nodes b. A network of interconnected computer networks that transmit data by packet switching using the standard IP c. A private communications network used to communicate confidentially, implemented on top of a public network d. All of the above
c
What is the common name of the file stored on each computer that is tampered with when perpetrating a DNS Tampering attack? Select one: a. Systems b. Routes c. Hosts d. Query-response
c
Which of the following is an example of a firewall? Select one: a. A hardware or software device that is configured to permit all data through a computer network b. A device that transfers traffic between computer networks of different trust levels c. A device that sits on the border of a network to prevent malicious and unwanted traffic from entering d. All of the above
c
Which of the following is generally required in a Distributed Denial of Service attack? Select one: a. Physical access to the victim's network b. Knowledge of the software running on the victim's computer c. A large number of computers under a single source of control d. A high speed connection to the internet
c
Why are wireless networks harder to secure than wired networks? Select one: a. Wireless networks are not more difficult to secure than wired networks b. The equipment costs more c. There is no way to restrict access to the communications medium in a wireless network d. The technologies are newer
c
Select all of the statements below that accurately describe MAC address filtering. Select one or more: a. A system for determining the nature of a wireless network b. A system where users are allowed based on their message authentication code (MAC) c. A system where users are disallowed based on their MAC address d. A system where users are allowed based on their MAC address
d
The "hosts" file found on many common operating systems contains what information? Select one: a. Information on what type of TCP/IP stack the operating system (the host) is using and how it should interact with DNS servers b. Information that instructs the system on how to contact the local DNS servers to resolve domain names c. Information on what type of TCP/IP stack the DNS server (the host) is using and how it should interact with operating systems d. Information to map hostnames (domain names) to IP addresses
d
The benefits of using VPNs include: Select one: a. Sharing intranet resources over the internet b. Communicating confidentially over an otherwise insecure network c. Enabling physically separate locations to share servers and internet connection(s) in a secure manner d. All of the above
d
What does a virtual private network do? Select one: a. Scans the interior of a network looking for signs that the network is under attack b. Keeps unwanted traffic from the Internet isolated from the inside network c. Keeps all traffic from the Internet isolated from the inside network d. Provides secure communication between two networks located in physically separate locations
d
What does an Intrusion Detection System do? Select one: a. Keeps unwanted traffic from the Internet isolated from the inside network b. Keeps all traffic from the Internet isolated from the inside network c. Provides secure communication between two networks located in physically separate locations d. Scans the interior of a network looking for signs that the network is under attack
d
Which of the following are issues with WEP? Select one: a. Causes too much slowdown of wireless traffic b. Difficult to implement in hardware c. There is a roughly 1% chance that data cannot be decrypted d. Faulty Encryption Mechanism
d
Which of the following is NOT a valid reason for having a firewall? Select one: a. New exploits are created every day, meaning that systems with direct connections to the internet will be vulnerable until new software patches can be created and applied b. To prevent the spread of malware that uses network exploits c. Using a firewall is a way to prevent the spread of malware d. None of the above
d
Why are wireless networks harder to secure than wired networks? Select one: a. Wireless networks are not more difficult to secure than wired networks b. The technologies are newer c. The equipment costs more d. There is no way to restrict access to the communications medium in a wireless network
d