Network exam

What is a vulnerability that allows criminals to inject scripts into web pages viewed by users?

Cross site scripting

an attacker is redirecting traffic to a false default gateway in an attempt to intercept the data traffic of a switched network.

DHCP spoofing

A cyber criminal sends a series of maliciously formatted packets to the database server. The server cannot parse the packets and the event causes the server to crash. What is the type of attack the cyber criminal launches?

DoS

What kind of ICMP message can be used by threat actors to create a man-in-the-middle attack?

ICMP redirects

A security service company is conducting an audit in several risk areas within a major corporate client. What attack or data loss vector term would be used to describe providing access to corporate data by gaining access to stolen or weak passwords?

Improper access control

A disgruntled employee is using Wireshark to discover administrative Telnet usernames and passwords. What type of network attack does this describe?

Reconnaissance

What type of attack targets an SQL database using the input field of a user?

SQL injection

Which type of network attack involves randomly opening many Telnet requests to a router and results in a valid network administrator not being able to access the device?

SYN Flooding

What is a characteristic of the WLAN passive discover mode?

The AP periodically sends beacon frames containing the SSID.

How do cybercriminals make use of a malicious iFrame?

The iframe allows the browser to load a web page from another source

Which statement describes a VPN?

VPNS use virtual connections to create a private network through a public network

Which combination of WLAN authentication and encryption is recommended as a best practice for home users?

WPA 2 and AES

A network administrator of a small advertising company is configuring WLAN security by using the WPA2 PSK method. Which credential do office users need in order to connect their laptops to the WLAN?

a key that matches the key on the ap

A social media site is describing a security breach in a sensitive branch of a national bank. In the post, it refers to a vulnerability. What statement describes that term?

a weakness in a system or its design that could be exploited by a threat.

Which statement describes one of the rules that govern interface behavior in the context of implementing a zone-based policy firewall configuration?

by default, allowed to flow among interfaces.

Which term describes a field in the IPv4 packet header used to detect corruption in the IPv4 header?

header checksum

The employees in a company receive an email stating that the account password will expire immediately and requires a password reset within 5 minutes. Which statement would classify this email?

it is a hoax.

What is the first line of defense to protect a device from improper access control?

passwords

What is a function of SNMP?

provides a message format for communication between network device managers and agents

Which risk management plan involves discontinuing an activity that creates a risk?

risk avoidance

A user calls the help desk complaining that the password to access the wireless network has changed without warning. The user is allowed to change the password, but an hour later, the same thing occurs. What might be happening in this situation?

rogue access point