Quiz: Module 8 Infrastructure Threats and Security Monitoring
Which of the following is NOT correct about forwarding emails?
Corporations routinely allow employees to forward emails.
Which of the following email defenses uses a digital signature?
DKIM
Sakura is explaining to a colleague the different types of DNS attacks. Which DNS attack would only impact a single user?
DNS poisoning attack
Which attack uses the fewest number of computers to launch the attack?
DoS
Which of the following is NOT correct about an email header?
Email headers are encrypted to prevent someone from altering the contents.
Which of the following is NOT a reason that threat actors use PowerShell for attacks?
It can be invoked prior to system boot.
Yua has discovered that the network switch is broadcasting all packets to all devices. She suspects it is the result of an attack that has overflowed the switch MAC address table. Which type of attack would she report?
MAC flooding attack
Which attack intercepts communications between a web browser and the underlying OS?
MITB
Aoi uses the Python programming language and does not want her code to contain vulnerabilities. Which of the following best practices would she NOT use?
Only use compiled and not interpreted Python code.
Amari has been asked to compare an organization's security against a set of open security standards. Which of the following would he choose?
SCAP
What does an SNMP trap do that is different from the normal SNMP function?
SNMP traps can send unsolicited messages.
Akari has been asked to install a packet analysis tool on a Linux web server. Because this server does not do anything unnecessary so it reduces the footprint that a threat actor could exploit, all applications on the server are command-line applications and there is no graphical user interface (GUI). Which tool would Akari install?
Tcpdump
Which of the following is a tool for editing packets and then putting the packets back onto the network to observe their behavior?
Tcpreplay
What is the result of an ARP poisoning attack?
The ARP cache is compromised.
Which of the following is used to write macros?
VBA
Which type of monitoring methodology looks for statistical deviations from a baseline?
anomaly monitoring
Himari needs to protect against potential attacks on DNS. What are the locations she would need to protect?
local host file and external DNS server
Ichika suspects that there may be infected devices on the network that are sending regular beacons to a threat actor's C&C server. Which type of analysis would she use to determine if this is true?
packet analysis
Which of the following is NOT a limitation of an SEG?
slow processing speed
What is Bash?
the command-language interpreter for Linux/UNIX OSs
