Network+ Chapter 9: Network Risk Management

A company accidentally sends a newsletter with a mistyped website address. The address points to a website that has been spoofed by hackers in order to collect information from people who make the same typo. What kind of attack is this? A. Phishing B. Baiting C. Quid Pro Quo D. Tailgating

- A. Phishing - Phishing, an electronic communication that appears to come from a legitimate person or organization and requests access or authentication information. A hacker might send an email asking you to submit your username and password to a website whose link is provided in a message, claiming that its necessary to verify your account with a particular online retailer.

A former employee discovers six months after he starts work at a new company that his account credentials still give him access to his old company's servers. He demonstrates his access to several friends to brad about his cleverness and talk badly about the company. What kind of attack is this? A. Principle of least privilege B. Insider Threat C. Vulnerability D. Denial of Service

- B. Insider Threat - Insider Threat, an insider is someone who is or was trusted by an organization, such as an employee, former employee, contractor, or other associate. Sometimes trusted people have or develop malicious intent, which is called an insider threat. These attackers pose a particularly high risk to an organization due to their knowledge of the company's systems, procedures, and layers of security.

Leading up to the year 2000, many people expected computer systems the world over to fail when clocks turned the date to January 1, 2000. What type of threat was this? A. Ransomware B. Logic Bomb C. Virus D. Worm

- B. Logic Bomb - Time dependence, some malware is programmed to activate on a particular date. This type of malware can remain dormant and harmless until its activation date arrives. Time-dependent malware can include logic bombs, or programs designed to start when certain conditions are met.

A company wants to have its employees sign a document that details some project-related information that should not be discussed outside the project's team members. What type of document should they use? A. AUP B. NDA C. MDM D. BYOD

- B. NDA - NDA (non disclosure agreement), a security policy that defines what is confidential and private to the organization. This information is confidential if it could be used by other parties to impair an organization's functioning, decrease customers' confidence, cause a financial loss, damage an organizations status, or give a significant advantage to a competitor.

Which of the following is considered a secure protocol? A. FTP B. SSH C. Telnet D. HTTP

- B. SSH - SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network.

Why might organizations be willing to take on the risk of BYOD?

- BYOD practices can be cheaper for organizations to implement and tend to improve efficiency and morale for employees and students.

Give an example of biometric detection.

- Biometrics, physical security solution that involves biorecognition access, in which a device scans an individual's unique physical characteristics, such as the color patterns of an iris or the geometry of a hand, to verify someone's identity.

Which type of DoS attack orchestrates an attack using uninfected computers? A. DDoS (Distributed DoS) attack B. Spoofing attack C. DRDoS (Distributed Reflection DoS) attack D. PDoS (Permanent DoS) attack

- C. DRDoS (Distributed Reflection DoS) attack - DRDoS (distributed reflection DoS) attack, is a DDoS attack bounced off of uninfected computers, called reflectors, before being directed at the target.

Which of these attacks is a form of Wi-Fi DoS attack? A. Rogue DHCP server B. FTP bounce C. Deauthentication Attack D. Amplified DRDoS attack

- C. Deauthentication attack - In a deauth (deauthentication) attack, the attacker sends these faked deauthentication frames to the AP, the client, or both (or as a broadcast to the whole wireless network) to trigger the deauthentication process and knock one or more clients off the wireless network. This is essentially a wi-fi DoS attack in that valid users are prevented from having normal access to the network.

A spoofed DNS record spreads to other DNS servers. What is this attacked called? A. ARP poisoning B. DHCP snooping C. MitM attack D. DNS poisoning

- D. DNS poisoning - DNS poisoning, DNS spoofing, by altering DNS records on a DNS server, an attacker can redirect Internet traffic from a legitimate web server to a phishing website, which is called DNS poisoning or DNS spoofing. Because of the way DNS servers share their cached entries, poisoned DNS records can spread rapidly to other DNS servers, ISPs, home and business networks, and individual computers.

What kind of attack simulation detects vulnerabilities and attempts to exploit them? A. Red team-Blue team exercise B. Vulnerability scanning C. Security audit D. Penetration testing

- D. Penetrating testing - Penetrating testing, this attack simulation uses various tools to find network vulnerabilities, as in vulnerability scanning, and then attempts to exploit those vulnerabilities.

List five subtypes of DoS attacks.

- DDoS (distributed DoS) attack, A DoS attack comes from one or a few sources owned by the attacker, DDoS attacks are orchestrated through many sources. Most of these machines are zombies, which means the owners are unaware that their computers are being used in the coordinated attack (infected with Malware called a bot) - DRDoS (distributed reflection DoS) attack, is a DDoS attack bounced off of uninfected computers, called reflectors, before being directed at the target. This is achieved by spoofing the source IP address in the attack to make it look like all the requests for response are being sent by the target, then all the reflectors send their responses to the target, thereby flooding the target with traffic. - Amplified DRDoS attack, a DRDoS attack can be amplified when conducted using small, simple request that trigger very large responses from the target. Several protocols lend themselves to being used in these kinds of attacks, such as DNS, NTP, ICMP, SNMP, and LDAP - PDoS (permanent DoS) attack, A PDoS attack damages a device's firmware beyond repair. This is called "bricking" the device because it effectively turns the device into a brick. PDoS attacks usually target routers or switches. - Friendly DoS Attack, unintentional DoS attack, or friendly attack, is not done with malicious intent. An example might be when a website is flooded with an unexpectedly high amount of shopping traffic during a flash sale, or when a significant even is reported on the news and people flood to certain, related websites, especially if a specific website was mentioned in news reports.

A neighbor hacks into your secured wireless network on a regular basis, but you didn't give him the password. What loophole was most likely left open?

- Password Policy > Always change system default passwords after installing new software or equipment. The default password for the administrator might be set by the manufacturer to "password".

What are the four phases in the social engineering attack cycle?

- Phase 1, research, is the most important, and often requires the most time investment. Attackers build familiarity by asking for benign information. - Phase 2, building trust, as they gain trust they will attempt to gain access to more private information. - Phase 3, exploit, is the point of action on the part of the victim that gives the attacker the access they desire. - Phase 4, exit, the attacker executes an exit strategy in such a way that does not leave evidence or raise suspicion.

What type of scanning might identify that Telnet is running on a server?

- Port Scanner, Nmap began as a simple port scanner, which is an application that searches a device for open ports indicating which insecure service might be used to craft an attack. For example, if a server's port 23 is open, Telnet can be used to remote into the target device and take control of it.

Which form of SHA was developed by private designers?

- SHA-3, The most recent iteration of SHA, SHA-3 was developed by private designers for public competition in 2012. SHA-3 is very different in design from SHA-2, even though it uses the same 256- and 512- bit hash lengths.

What is the difference between a vulnerability and an exploit?

- Vulnerability, a weakness of a system, process, or architecture that could lead to compromised information or unauthorized access. - Exploit, the act of taking advantage of a vulnerability.

What unique characteristic of zero-day exploits make them so dangerous?

- Zero-day exploit, or zero-day attack, is one that takes advantage of a software vulnerability that hasn't yet or has only very recently become public. Zero-day exploits are particularly dangerous because the vulnerability is exploited before the software developer has the opportunity to provide a solution for it or before the user applies the published solution.

What characteristic of ARP makes it particularly vulnerable to being used in a DoS attack?

ARP works in conjunction with IPv4 to discover the MAC address of a node on the local network. This information is stored in a database called the ARP table or ARP cache, which maps IP addresses to MAC addresses on the LAN. However, ARP performs no authentication, and so is highly vulnerable to attack.

Your organization has just approved a special budget for a network security upgrade. What procedure should you conduct in order to make recommendations for the upgrade priorities? A. Data breach B. Security Audit C. Exploitation D. Posture Assessment

D. Posture Assessment - Posture Assessment, a thorough examination of each aspect of the network to determine how it might be compromised. Every organization should assess its security risks and posture assessments should be performed at least annually and preferably quarterly.