Quiz: Module 08 Networking Threats, Assessments, and Defenses
Which of the following is NOT a Microsoft defense against macros? a. Trusted location b. Protected View c. Trusted documents d. Trusted domain
Trusted domain This is fictitious and does not exist.
Gregory wants to look at the details about the patch a packet takes from his Linux computer to another device. Which Linux command-line utility will he use? a. tracepacket b. traceroute c. trace d. tracert
traceroute Traceroute is the Linux utility that would provide these details.
Which utility sends custom TCP/IP packets? a. curl b. hping c. shape d. pingpacket
hping Hping sends custom TCP/IP packets.
Which of the following is a third-party OS penetration testing tool? a. sn1per b. Nessus c. scanless d. theHarvester
sn1per This is the tool for penetration testing that is a third-party tool.
Which of the following does NOT describe an area that separates threat actors from defenders? a. Air gap b. Containment space c. Secure area d. DMZ
Containment space This is fictitious and does not exist.
Tomaso is explaining to a colleague the different types DNS attacks. Which DNS attack would only impact a single user? a. DNS poisoning attack b. DNS overflow attack c. DNS hijack attack d. DNS resource attack
DNS poisoning attack In a DNS poisoning attack, the local HOSTS file contains an entry to a malicious DNS server. This allows the threat actor to control all websites that a user attempts to visit.
What is the difference between a DoS and a DDoS attack? a. DoS attacks do not use DNS servers as DDoS attacks do. b. DoS attacks use more memory than DDoS attacks. c. DoS attacks use fewer computers than DDoS attacks. d. DoS attacks are faster than DDoS attacks.
DoS attacks use fewer computers than DDoS attacks. DoS attacks today are distributed denial of service (DDoS) attacks: instead of only one source making a bogus request, a DDoS involves hundreds, thousands, or even millions of sources producing a torrent of fake requests.
Calix was asked to protect a system from a potential attack on DNS. What are the locations he would need to protect? a. Reply referrer and domain buffer b. Host table and external DNS server c. Web server buffer and host DNS server d. Web browser and browser add-on
Host table and external DNS server DNS poisoning modifies a local lookup table on a device to point to a different domain. DNS hijacking is intended to infect an external DNS server with IP addresses that point to malicious sites.
Which of the following is NOT a reason that threat actors use PowerShell for attacks? a. It can be invoked prior to system boot. b. It leaves behind no evidence on a hard drive. c. Most applications flag it as a trusted application. d. It cannot be detected by antimalware running on the computer.
It can be invoked prior to system boot. PowerShell is not invoked prior to system boot.
Which of the following is NOT true about VBA? a. It is built into most Microsoft Office applications. b. It is included in select non-Microsoft products. c. It is being phased out and replaced by PowerShell. d. It is commonly used to create macros.
It is being phased out and replaced by PowerShell. VBA is not being phased out.
Deacon has observed that the switch is broadcasting all packets to all devices. He suspects it is the result of an attack that has overflowed the switch MAC address table. Which type of attack is this? a. MAC flooding attack b. MAC overflow attack c. MAC cloning attack d. MAC spoofing attack
MAC flooding attack A threat actor will overflow the switch with Ethernet packets that have been spoofed so that every packet contains a different source MAC address, each appearing to come from a different endpoint. This can quickly consume all the memory (called the content addressable memory or CAM) for the MAC address table. Once the MAC address table is full and is unable to store any additional MAC address, the switch enters a fail-open mode and functions like a network hub, broadcasting frames to all ports.
Which attack intercepts communications between a web browser and the underlying OS? a. ARP poisoning b. DIG c. Man-in-the-browser (MITB) d. Interception
Man-in-the-browser (MITB) Like an MITM attack, a man-in-the-browser (MITB) attack intercepts communication between parties to steal or manipulate the data. Whereas an MITM attack occurs between two endpoints—such as between two user laptops or a user's computer and a web server—an MITB attack occurs between a browser and the underlying computer. Specifically, an MITB attack seeks to intercept and then manipulate the communication between the web browser and the security mechanisms of the computer.
Theo uses the Python programming language and does not want his code to contain vulnerabilities. Which of the following best practices would Theo NOT use? a. Only use compiled and not interpreted Python code. b. Use the latest version of Python. c. Use caution when formatting strings. d. Download only vetted libraries.
Only use compiled and not interpreted Python code. Using compiled Python will not impact its vulnerabilities.
Proteus has been asked to secure endpoints that can be programmed and have an IP address so that they cannot be used in a DDoS attack. What is the name for this source of DDoS attack? a. IoT b. Application c. Network d. Operational Technology
Operational Technology An Operational Technology attack uses endpoints that can be programmed and have an IP address.
Which of the following sensors can detect an object that enters the sensor's field? a. Field detection b. Proximity c. Object recognition d. IR verification
Proximity A sensor that detects the presence of an object ("target") when the target enters the sensor's field. Depending on the type of proximity sensor, sound, light, infrared radiation (IR), or electromagnetic fields may be utilized by the sensor to detect a target.
Which of the following is a tool for editing packets and then putting the packets back onto the network to observe their behavior? a. Wireshark b. Tcpreplay c. Packetdump d. Tcpdump
Tcpreplay Tcpreplay is a tool for editing packets and then "replaying" the packets back onto the network to observe their behavior.
What is the result of an ARP poisoning attack? a. The ARP cache is compromised. b. An internal DNS must be used instead of an external DNS. c. MAC addresses are altered. d. Users cannot reach a DNS server.
The ARP cache is compromised. Threat actors take advantage of a MAC address stored in a software ARP cache to compromise the data so that an IP address points to a different device. This attack is known as ARP poisoning.
What is Bash? a. A substitute for SSH b. The underlying platform on which macOS is built c. The command-language interpreter for Linux/UNIX OSs d. The open source scripting language that contains many vulnerabilities
The command-language interpreter for Linux/UNIX OSs Bash is the command language interpreter for Linux/UNIX.
Estevan has recommended that the organization hire and deploy two security guards in the control room to limit the effect if one of the guards has been compromised. What is Estevan proposing? a. Compromise mitigation assessment (CMA) b. Multiplayer recognition c. Two-person integrity/control d. Dual observation protocol (DOP)
Two-person integrity/control Using two security guards is called two-person integrity/control.
Eros wants to change a configuration file on his Linux computer. He first wants to display the entire file contents. Which tool would he use? a. head b. show c. cat d. display
cat Cat will display an entire file in Linux.