CIS 288 Quizzes
Stephen, a network specialist, recently became aware of the man-in-the middle attack, which allows an attacker to intrude into the communic between two communication networks and inject false information. Which of the following techniques does an attacker use for this purpose?
- ARP Spoofing Answer D is correct. An attacker uses ARP spoofing, which is a technique in which an attacker sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker's MAC address with the IP address of a legitimate computer or server on the network. By using this technique, the man-in-the-middle attack allows the attacker to intrude into the communication between two communication networks, inject false information, and intercept the data transferred between the communication networks. Answer B is incorrect. Port forwarding is the process of intercepting traffic bound for a certain port combination and redirecting to a different port. Answer A is incorrect. Port scanning refers to the surveillance of computer ports, most often by hackers for malicious purposes. Answer C is incorrect. Greylisting is a powerful anti-spam technology that is used to detect if the sending server of a message is RFC compliant
Which attack employs deceptive frame techniques to trick a user into clicking on their content rather than the intended content?
- Clickjacking Answer D is correct. A clickjacking attack employs deceptive frame techniques to trick a user into clicking on their content rather than the intended content
Jenifer works as a security administrator at Infosoft Inc. Her network is being flooded by ICMP packets. She observes that the packets came multiple different IP addresses. Which type of attack can be the result of such situation?
- DDoS Answer C is correct. A distributed denial-of-service (DDoS) attack on a network or web-based system is designed to bring down the network or prevent access to a particular device by flooding it with useless traffic. A DDoS or distributed denial-of-service attack involves multiple different machines initiating a simultaneous denial-of-service attack on the target. Answer D is incorrect. A clickjacking attack employs deceptive frame techniques to trick the user into clicking on their content rather than the intended content. Answer A is incorrect. Embezzlement is the risk of fraudulent appropriation of money or services from an organization. Various types of controls should be implemented to prevent this type of exposure. Answer B is incorrect. A syn flood attack involves half opened connections that are never completed.
Which attack can be eliminated by limiting the number of login attempts that can be performed in a given period of time?
- Dictionary Answer D is correct. A dictionary attack is a systematic, brute-force attack using every word in a dictionary as a password. This type of attack can be eliminated by limiting the number of login attempts that can be performed in a given period of time
Stephen, a network specialist, is aware of the dictionary attack and fears that his organization's email accounts can be accessed by spammers. Which of the following preventive measures should he adopt? Each correct answer represents a complete solution. Choose two
- Enforce a strict password methodology - Limit the number of login attempts that can be performed in a given period of time A dictionary attack is simply a systematic, brute-force attack using every word in a dictionary as a password. This type of attack is commonly used by spammers who guess passwords of email accounts to gain access to an account and then use it for their spam distribution. Stephen should adopt the following preventive measures: Enforce a strict password methodology Limit the number of login attempts that can be performed in a given period of time Answer B is incorrect. A slightly delayed response from the server prevents a hacker or spammer from checking multiple passwords within a short period of time. Answer C is incorrect. Tarpitting is the practice of slowing the transmission of e-mail messages sent in bulk as a means of thwarting spammers. It is used to prevent the DoS attack. In email addresses, tarpitting is implemented for slowing down bulk email delivery to block spam.
Which of the following is a denial-of-service (DoS) attack that involves sending a large amount of spoofed UDP traffic to a router's broadcast within a network?
- Fraggle Answer A is correct. Fraggle Attack is a denial-of-service (DoS) attack that involves sending a large amount of spoofed UDP traffic to a router's broadcast address within a network. Answers B, C, and D are incorrect. Man-in-the-middle (MitM), SQL injection, and cross-site scripting are not DoS attacks
What is the best way to minimize the impact of exploits like CryptoLocker?
- Incremental backups Answer C is correct. Frequent and incremental backups are the best way to minimize the impact of exploits like CryptoLocker.
Stella, a security architect, discovered a zero-day vulnerability in the software application that her company uses. This vulnerability needs to be fixed immediately to prevent damage to her organization's network. Which of the following cybersecurity tools must she own in such a situation? (Choose all that apply)
- Intrusion prevention systems - Fast incident response - Behavior monitoring A zero-day vulnerability is a software, hardware, or firmware flaw unknown to the manufacturer. When hackers leverage that flaw to conduct a cyberattack, it's called a zero-day exploit. Stella must own the following cybersecurity tools to fix this vulnerability immediately: Behavior monitoring: This detects suspicious patterns, like cyberattacks, in the network's traffic. Intrusion Prevention Systems: These are triggered after a behavior monitoring system notifies them. They attempt to stop any incoming threats from entering your network. Fast incident response: The earlier a team of trained professionals responds to a threat, the less damage it will cause.
Ronaldo, the CEO of an organization, conducts a meeting with the security specialists of his organization to gain more knowledge on the pre methods for social engineering attacks. Which of the following tips can they provide him that he can then impart to the employees of his orga after this meeting? Each correct answer represents a complete solution. Choose all that apply.
- Keep their antivirus/antimalware software updated - Don't open emails and attachments from suspicious sources - Use multifactor authentication Answers B, C, and D are correct. Social engineering is the technique practiced by an attacker that is used to exploit human behavior to make the network vulnerable to attacks. It is the psychological manipulation of people into performing actions or divulging confidential information. Ronaldo can provide the following tips to the employees to prevent social engineering attack: Don't open emails and attachments from suspicious sources Use multifactor authentication Keep their antivirus/antimalware software updated Answer A is incorrect. Social engineers can and will either request employee's help with information or offer to help them. If the employees did not request any assistance from the sender, they should consider any requests or offers as scams and reject them.
An attacker, masquerading as a trusted entity, tricks a victim into opening an email. The user is then tricked into clicking a malicious link, whi to the installation of malware and revealing sensitive information. This is an example of which of the following attacks?
- Phishing Answer C is correct. Phishing is a criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Answer B is incorrect. Spyware is a software application that covertly gathers information about a user's Internet usage and activity and then exploits this information by sending adware and pop-up ads similar in nature to the user's Internet usage history. Answer A is incorrect. Logic bomb is a dangerous attack that waits for a predetermined event or time to execute its payload. Situational awareness is the best defense against this attack. Answer D is incorrect. Denial of Service (DoS) occurs when an attacker consumes the resources on the computer, thus preventing the normal use of the network resources for legitimate purposes.
Which practice do spammers adapt to guess email addresses at a domain and then connect to the email server of that domain?
-DHA Answer C is correct. Spammers perform directory harvest attacks (DHAs), where they simply guess email addresses at a domain and then connect to the email server of that
Alicia is unable to access an SQL database online due to an SQL injection vulnerability. Which of the following security controls should she t prevent this type of breach in the future? Each correct answer represents a complete solution. Choose two.
-Database activity monitoring -Input Validation Answers B and C are correct. To prevent this type of breach in the future, Alicia should do proper input validation and database activity monitoring. If the database and the underlying OS do not have the proper security controls in place, the attacker can create queries against the database that disclose unauthorized information. Database activity monitor (DAM) systems have emerged because companies face many more threats such as SQL injection than in the past. Answers D and A are incorrect. Secure coding standards and browser security updates cannot prevent SQL injection.
Which attack exploits the prime number sieve used in the key-generation process?
-Logjam Answer B is correct. The logjam attack exploits the prime number sieve used in the key-generation process, forcing it to use a 512-bit prime
Which cookie enables the user to identify and track his movements within the website?
-Session Answer B is correct. A session cookie enables the user to identify and track his movements within the website.
Which of the following is an electronic unsolicited message sent to a user's email address?
-Spam Answer B is correct. Spams are electronic unsolicited messages sent to a user's email address, which are commercial in nature and also carry malicious contents. Answer A is incorrect. A virus is a malicious piece of code that is designed to infiltrate a user's computer via an infected email attachment. Answer C is incorrect. Worms are malicious programs that make copies of themselves again and again on the local drive, network shares, and so on. Answer D is incorrect. Malware is designed to cause damage to a stand alone computer or a networked personal computer.
Edward is working as a network administrator in an organization. To prevent his organization's network from the dictionary attack, he has use security process in his organization's network server through which he can slow down the propagation of mass emails. Which security proce Edward used?
-Tarpitting Answer D is correct. To prevent his organization's server from the dictionary attack, Edward has used tarpitting in his organization's network server, which is a network security and optimization process through which he can slow down the propagation of mass emails by restricting spammers from sending bulk messages. Answer C is incorrect because clickjacking is a type of attack that tricks a user into clicking a webpage element which is invisible or disguised as another element. Answer A is incorrect because Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. Answer B is incorrect because clickstream tracking involves tracking a user's activity on the Internet, including every Web site and every page of every Web site that the user visits.
Which attack involves intercepting and modifying communication between users?
Man-in-the-middle attack (MitM)
Which protocol segments a network to minimize the risks of a broadcast storm?
Spanning-Tree Protocol (STP): STP segments a network to minimize the risks of a broadcast storm.
What is another name for tarpitting?
Sticky honeypot: Tarpitting is sometimes known as a sticky honeypot.
Which layer of the OSI model does a DDoS attack target?
Transport: A distributed DoS (DDoS) attack targets transport and network layers.