Network+ Chapter 9
Why might organizations be willing to take on the risk of BYOD?
BYOD practices can be cheaper for organizations to implement and tend to improve efficiency and morale for employees and students.
What kind of attack simulation detects vulnerabilities and attempts to exploit them?
Penetration testing
Which form of SHA was developed by private designers?
SHA-3
What are the four phases in the social engineering attack cycle?
1) Research. 2) Building trust. 3) Exploit. 4) Exit.
What is the difference between a vulnerability and an exploit?
A weakness of a system, process, or architecture that could lead to compromised information or unauthorized access is known as a vulnerability. The act of taking advantage of a vulnerability is known as an exploit.
What characteristic of ARP makes it particularly vulnerable to being used in a DoS attack?
ARP performs no authentication
A spoofed DNS record spreads to other DNS servers. What is this attack called?
DNS poisoning
Which type of DoS attack orchestrates an attack using uninfected computers?
DRDoS (Distributed Reflection DoS) attack
Which of these attacks is a form of Wi-Fi DoS attack? Rogue DHCP server FTP bounce Deauthentication attack Amplified DRDoS attack
Deauthentication attack
List five subtypes of DoS attacks.
Distributed DoS, distributed reflection DoS, amplified DRDoS, permanent DoS, and friendly DoS
A former employee discovers six months after he starts work at a new company that his account credentials still give him access to his old company's servers. He demonstrates his access to several friends to brag about his cleverness and talk badly about the company. What kind of attack is this?
Insider threat
Leading up to the year 2000, many people expected computer systems the world over to fail when clocks turned the date to January 1, 2000. What type of threat was this?
Logic bomb
A company wants to have its employees sign a document that details some project-related information that should not be discussed outside the project's team members. What type of document should they use?
NDA
A company accidentally sends a newsletter with a mistyped website address. The address points to a website that has been spoofed by hackers in order to collect information from people who make the same typo. What kind of attack is this?
Phishing
What type of scanning might identify that Telnet is running on a server?
Port scanning
Your organization has just approved a special budget for a network security upgrade. What procedure should you conduct in order to make recommendations for the upgrade priorities?
Posture assessment
Which of the following is considered a secure protocol? FTP SSH Telnet HTTP
SSH
A neighbor hacks into your secured wireless network on a regular basis, but you didn't give him the password. What loophole was most likely left open?
The default password was not changed.
What unique characteristic of zero-day exploits make them so dangerous?
The vulnerability is exploited before the software developer has the opportunity to provide a solution for it or before the user applies the published solution.
Give an example of biometric detection.
iris color patterns, hand geometry, facial recognition, or fingerprints