Module14-23 Test Quiz
MODULE 20
------->
What is an example of privilege escalation attack?
A threat actor performs an access attack and gains the administrator password.
What three items are components of the CIA triad? (Choose three.)
Confidentiality, availability, integrity
Which technology is an open source SIEM system?
ELK
What kind of ICMP message can be used by threat actors to map an internal IP network?
ICMP Mask Reply
Which two protocols are used to provide server-based AAA authentication? (Choose two.)
TACACS+, RADIUS
Which objective of secure communications is achieved by encrypting data?
confidentiality
Which capability is provided by the aggregation function in SIEM?
reducing the volume of event data by consolidating duplicate event records
What is the main goal of using different evasion techniques by threat actors?
to prevent detection by network and host defenses
What do security compliance regulations define?
what organizations are responsible for providing and the liability for failure to comply
MODULE 17
----->
MODULE 13
---->
What is an example of "hacktivism"?
A group of environmentalists launch a denial of service attack against an oil company that is responsible for a large oil spill.
What is involved in an IP address spoofing attack?
A legitimate network IP address is hijacked by a rogue node.
What is a significant characteristic of virus malware?
A virus is triggered by an event on the host system.
When describing malware, what is a difference between a virus and a worm?
A virus replicates itself by attaching to another file, whereas a worm can replicate itself independently.
Which field in an IPv6 packet is used by the router to determine if a packet has expired and should be dropped?
Hop Limit
Which statement describes cybersecurity?
It is an ongoing effort to protect Internet-connected systems and the data associated with those systems from unauthorized use or harm.
What is the result of a DHCP starvation attack?
Legitimate clients are unable to lease IP addresses.
What is the biggest issue with local implementation of AAA?
Local implementation does not scale well.
Which tool is used to provide a list of open ports on network devices?
Nmap
What is the principle of least privilege access control model?
Users are granted rights on an as-needed approach.
Which network monitoring tool allows an administrator to capture real-time network traffic and analyze the entire contents of packets?
Wireshark
MODULE 14
---->
MODULE 15
---->
MODULE 16
---->
MODULE 18
---->
MODULE 19
---->
How does BYOD change the way in which businesses implement networks?
BYOD provides flexibility in where and how users can access network resources.
What does the MITRE Corporation create and maintain?
CVE
Which threat intelligence sharing open standard specifies, captures, characterizes, and communicates events and properties of network operations?
CybOX
Which protocol is attacked when a cybercriminal provides an invalid gateway in order to create a man-in-the-middle attack?
DHCP
In which type of attack is falsified information used to redirect users to malicious Internet sites?
DNS cache poisoning
Which type of network threat is intended to prevent authorized users from accessing resources?
DoS attacks
Which protocol would be the target of a cushioning attack?
HTTP
What is the best description of Trojan horse malware?
It appears as useful software but hides malicious code.
What focus describes a characteristic of an indicator of attack (IOA)?
It focuses more on the motivation behind an attack and the means used to compromise vulnerabilities to gain access to assets.
Which statement describes the term attack surface?
It is the total sum of vulnerabilities in a system that is accessible to an attacker.
What security tool allows a threat actor to hack into a wireless network and detect security vulnerabilities?
KisMac
What is a monitoring tool used for capturing traffic statistics?
NetFlow
Which network monitoring tool can provide a complete audit trail of basic information of all IP flows on a Cisco router and forward the data to a device?
NetFlow
A threat actor wants to interrupt a normal TCP communication between two hosts by sending a spoofed packet to both endpoints. Which TCP option bit would the threat actor set in the spoofed packet?
RST
Which network tool uses artificial intelligence to detect incidents and aid in incident analysis and response?
SOAR
What network monitoring tool can be used to copy packets moving through one port, and send those copies to another port for analysis?
SPAN
Which language is used to query a relational database?
SQL
Users in a company have complained about network performance. After investigation, the IT staff has determined that an attacker has used a specific technique that affects the TCP three-way handshake. What is the name of this type of network attack?
SYN Flood The TCP SYN flood attack exploits the TCP three-way handshake. The threat actor continually sends TCP SYN session request packets with a randomly spoofed source IP address to an intended target.
In which TCP attack is the cybercriminal attempting to overwhelm a target host with half-open TCP connections?
SYN flood attack In a TCP SYN flood attack, the attacker sends to the target host a continuous flood of TCP SYN session requests with a spoofed source IP address. The target host responds with a TCP-SYN-ACK to each of the SYN session requests and waits for a TCP ACK that will never arrive. Eventually the target is overwhelmed with half-open TCP connections.
Which term is used for bulk advertising emails flooded to as many end users as possible?
Spam
What is a characteristic of a layered defense-in-depth security approach?
The failure of one safeguard does not affect the effectiveness of the other safeguards.
How do cybercriminals make use of a malicious iFrame?
The iFrame allows the browser to load a web page from another source.
In what way are zombies used in security attacks?
They are infected machines that carry out a DDoS attack.
What is a characteristic of a DNS amplification and reflection attack?
Threat actors use DNS open resolvers to increase the volume of attacks and to hide the true source of an attack.
Which network monitoring capability is provided by using SPAN?
Traffic exiting and entering a switch is copied to a network monitoring device.
A threat actor uses a program to launch an attack by sending a flood of UDP packets to a server on the network. The program sweeps through all of the known ports trying to find closed ports. It causes the server to reply with an ICMP port unreachable message and is similar to a DoS attack. Which two programs could be used by the threat actor to launch the attack? (Choose two.)
UDP Unicorn and Low Orbit Ion Cannon
What component of a security policy explicitly defines the type of traffic allowed on a network and what users are allowed and not allowed to do?
acceptable use policies
An administrator is concerned with restricting which network applications and uses are acceptable to the organization. What security policy component does the administrator use to address these concerns?
acceptable use policy
To which category of security attacks does man-in-the-middle belong?
access
A server log includes this entry: User student accessed host server ABC using Telnet yesterday for 10 minutes. What type of log entry is this?
accounting
Which action best describes a MAC address spoofing attack?
altering the MAC address of an attacking host to match that of a legitimate host
Which is an example of social engineering?
an unidentified person claiming to be a technician collecting user information from employees
With the evolution of borderless networks, which vegetable is now used to describe a defense-in-depth approach?
artichoke
What are three access control security services? (Choose three.)
authentication, authorization, accounting
Which component of AAA is used to determine which resources a user can access and which operations the user is allowed to perform?
authorization
A company is experiencing overwhelming visits to a main web server. The IT department is developing a plan to add a couple more web servers for load balancing and redundancy. Which requirement of information security is addressed by implementing the plan?
availability
Which access attack method involves a software program that attempts to discover a system password by the use of an electronic dictionary?
brute-force attack
Which service is provided by the Cisco Talos Group?
collecting information about active, existing, and emerging threats
Which type of business policy establishes the rules of conduct and the responsibilities of employees and employers?
company
Which SIEM function is associated with examining the logs and events of multiple systems to reduce the amount of time of detecting and reacting to security events?
correlation
Which two attacks target web servers through exploiting possible vulnerabilities of input functions used by an application? (Choose two.)
cross-site scripting - SQL injection
What is the motivation of a white hat attacker?
discovering weaknesses of networks and systems to improve the security level of these systems
Which access control model allows users to control access to data as an owner of that data?
discretionary access control
Which device is usually the first line of defense in a layered defense-in-depth approach?
edge router
What device would be used as a second line of defense in a defense-in-depth approach?
firewall
Which term describes a field in the IPv4 packet header used to detect corruption in the IPv4 header?
header checksum
Which two areas must an IT security person understand in order to identify vulnerabilities on a network? (Choose two.)
important applications used and hardware used by applications
What characteristic describes a gray hat hacker?
individuals who commit cyber crimes but not for personal gain or to cause damage
What characteristic describes script kiddies?
inexperienced threat actors running existing scripts, tools, and exploits, to cause harm, but typically not for profit
How is optional network layer information carried by IPv6 packets?
inside an extension header attached to the main IPv6 packet header
What device would be used as the third line of defense in a defense-in-depth approach?
internal router
An attacker is using a laptop as a rogue access point to capture all network traffic from a targeted user. Which type of attack is this?
man in the middle
Which type of access control applies the strictest access control and is commonly used in military or mission critical applications?
mandatory access control (MAC)
Which network technology uses a passive splitting device that forwards all traffic, including Layer 1 errors, to an analysis device?
network trap
What is the term used when a malicious party sends a fraudulent email disguised as being from a legitimate, trusted source?
phishing
What is an essential function of SIEM?
providing reporting and analysis of security events
A disgruntled employee is using some free wireless networking tools to determine information about the enterprise wireless networks. This person is planning on using this information to hack the wireless network. What type of attack is this?
reconnaissance
Which type of attack involves the unauthorized discovery and mapping of network systems and services?
reconnaissance Network reconnaissance attacks involve the unauthorized discovery and mapping of the network and network systems. Access attacks and trust exploitation involve unauthorized manipulation of data, access to systems or user privileges. DoS, or Denial of Service attacks, are intended to prevent legitimate users and devices from accessing network resources.
Refer to the exhibit. The security policy of an organization allows employees to connect to the office intranet from their homes. Which type of security policy is this?
remote access
Which risk management plan involves discontinuing an activity that creates a risk?term-14
risk avoidance
Which risk management strategy requires careful evaluation of the costs of loss, the mitigation strategy, and the benefits gained from the operation or activity that is at risk?
risk reduction
Which type of DNS attack involves the cybercriminal compromising a parent domain and creating multiple subdomains to be used during the attacks?
shadowing
Which is a BYOD security best practice?
subscribe to a device locator service with remote wipe feature
Which field in the IPv4 header is used to prevent a packet from traversing a network endlessly?
time-to-live
What is the purpose of the Cisco NetFlow IOS technology?
to collect operational data from IP networks
A company has contracted with a network security firm to help identify the vulnerabilities of the corporate network. The firm sends a team to perform penetration tests to the company network. Why would the team use forensic tools?
to detect any evidence of a hack or malware in a computer or network
What is the purpose of a rootkit?
to gain privileged access to a device while concealing itself
What is the purpose of a reconnaissance attack on a computer network?
to gather information about the target network and system
What is the primary goal of a DoS attack?
to prevent the target server from being able to handle additional requests
A company has contracted with a network security firm to help identify the vulnerabilities of the corporate network. The firm sends a team to perform penetration tests to the company network. Why would the team use applications such as Nmap, SuperScan, and Angry IP Scanner?
to probe network devices, servers, and hosts for open TCP or UDP ports
What is an objective of a DHCP spoofing attack?
to provide false DNS server addresses to DHCP clients so that visits to a legitimate web server are directed to a fake server
What is the primary function of (ISC2)?
to provide vendor neutral education products and career services
