4.0 Network Attacks
You are troubleshooting a wireless connectivity issue in a small office. You determine that the 2.4GHz cordless phones used in the office are interfering with the wireless network. If the cordless phones are causing the interference, which two of the following wireless standards could the network be using?
802.11b, Bluetooth
Which of the following describes a man-in-the -middle?
A false server intercepts communications from a client by impersonating the intended server.
Which of the following attacks tries to associate an incorrect MAC address with a known IP address?
ARP poisoning
Which of the following best describes an evil twin?
An access point that is configured to mimic a valid access point to obtain logon credentials and other sensitive information
When a malicious user captures authentication traffic and replays it against the network later, what is the security problem you are most concerned about?
An unauthorized user gaining access to sensitive resources
Developers in your company have created a Web application that interfaces with a database server. During development, programmers created a special user account that bypasses the normal security. What is this an example of?
Backdoor
Which of the following sends unsolicited business cards and messages to a Bluetooth device?
Bluejacking
You have just purchased a new network device and are getting ready to connect it to your network. What should you do to increase its security?
Change all default passwords and apply all patches and updates
What is spoofing?
Changing or falsifying information in order to mislead or re-direct traffic
As the victim of a Smurf attack, what protection measure is the most effective during the attack?
Communicating with your upstream provider
Which of the following is an example of privilege escalation?
Creeping privileges
An attacker sets up 100 drone computers that flood a DNS server with invalid requests. This is an example of which kind of attack?
DDoS
Which of the following is NOT a protection against session hijacking?
DHCP reservations
Which type of Denial of Service (DoS) attack occurs when a name server receives malicious or misleading data that incorrectly maps host names and IP addresses?
DNS poisoning
While using the Internet, you type the URL of one of you favorite sites in the browser. Instead of going to the correct site, however, the browser displays a completely different website. When you use the IP address of the server, the correct site is displayed. Which type of attack has likely occurred?
DNS poisoning
An attacker sets up 100 drone computers that flood a DNS server with invalid requests. This is an example of which kind of attack?
Denial of Service
Which is a form of attack that either exploits a software flaw or floods a system with traffic in order to prevent legitimate activities or transactions from occurring?
Denial of Service attack
Which of the following is the best protection to prevent attacks on a mobile phone through the Bluetooth protocol?
Disable Bluetooth on the phone
What is the goal of a TCP/IP hijacking attack?
Executing commands or accessing resources on a system the attacker doesn't otherwise have authorization to access
Which of the following identifies an operating system or network service based upon its ICMP message quoting (response) characteristics?
Fingerprinting
Which of the following are denial of service attacks?
Fraggle and Smurf
Which of the following is the best countermeasure against man-in-the middle attacks?
IPSec
A user calls to report that she is experiencing intermittent problems while accessing the wireless network from her laptop computer. While she normally works from her office, today she is trying to access the wireless network from a conference room which is across the hall and next to the elevator. What is the most likely cause of her connectivity problem?
Interference is affecting the wireless signal
Which of the following attacks of successful causes a switch to function like a hub?
MAC flooding
Capturing packets as they travel from one host to another with the intent of altering the contents of the packets is a form of which security concern?
Man-in-the-middle attack
Which of the following locations will contribute the greatest amount of interference for a wireless access point
Near backup generators Near Cordless pones
A relatively new employee in the data entry cubical farm was assigned a user account similar to that of all of the other data entry employees. However, audit logs have shown that this user account has been used to change ACLs on several confidential files and has accessed data in restricted areas. This situation indicates which of the following has occurred?
Privilege escalation
An attacker has obtained the logon credentials for a regular user on your network. Which type of security threat exists if the user account is used to perform admin functions?
Privilege escalation
Your company security policy states that wireless networks are not to be used because of the potential security risk they present to your network. One day you find that an employee has connected a wireless access point to the network office. What type of security risk is this?
Rouge access point
What is modified in the most common form of spoofing on a typical IP packet?
Source address
A router on the border of your network detects a packet with a source address that is from an internal client but the packet was received on the Internet-facing interface. This is an example of what form of attack?
Spoofing
Which type of activity changes or falsifies information in order to mislead or re-direct traffic?
Spoofing
What is the main difference between a DoS attack and a DDoS attack?
The DDoS uses zombie computers
Which statement best describes IPSec when used in tunnel mode?
The entire data packet, including headers, is encapsulated
You suspect that an Xmas tree attack is occurring on a system. Which two of the following could result if you do not stop the attack?
The threat agent will obtain info on open ports and the system will be unavailable for legit requests
Your organization uses an 802.11b wireless network. Recently, other tenants installed the following equipment in your building: A wireless television distribution system running @2.4GHz A wireless phone system running @5.8GHz A wireless phone system running @900MHz An 802.11a wireless network running in the 5.725-5.850GHz range *An 802.11j wireless network running in the 4.9-5.0GHz range Since this equipment was installed, you wireless network has been experiencing significant interference. Which system is to blame?
The wireless TV system
What purposes does a wireless site survey serve? 2 answers
To identify the coverage areas and preferred placement of access points, and identify existing sources or potential sources of interference.
Which of the following best describes Bluesnarfing?
Unauthorized viewing calendar, e-mails, and messages on a mobile device.
Which of the following describes how a router can be used to implement security on your network?
Use an access control list to deny traffic from a specific IP address.
Which of the following describes marks that attackers place outside a building to identify an open wireless network?
War Chalking
The process of walking around an office building with an 802.11 signal detector is known as what?
War driving
What are the most common network traffic packets captured and used in a replay attack?
authentication
You need to enumerate the devices on your network and display the configuration details of the network. Which of the following utilities should you use.
nmap