CCNA 200-301 Domain 5: Security Fundamentals
Which of the following best describes the key difference between DoS and DDoS?
Attackers use numerous computers and connections.
Creating an area of the network where offending traffic is forwarded and dropped is known as _________?
Black hole filtering
Which of the following laws regulates emails?
CAN-SPAM Act
Which of the following are all network sniffing tools?
Cain and Abel, Ettercap, and TCPDump
You've just finished installing a wireless access point for a client. Which action best protects the access point from unauthorized tampering with its configuration settings?
Changing the default administrative password
Which of the following measures will make your wireless network less visible to the casual attacker?
Disable SSID broadcast.
You want to prevent users from accessing a router through a Telnet session. What should you do?
For the VTY lines, add the login parameter and remove any passwords.
A hacker has discovered UDP protocol weaknesses on a target system. The hacker attempts to send large numbers of UDP packets from a system with a spoofed IP address, which broadcasts out to the network in an attempt to flood the target system with an overwhelming amount of UDP responses. Which of the following DoS attacks is the hacker attempting to use?
Fraggle attack
Which of the following is the most important thing to do to prevent console access to the router?
Keep the router in a locked room.
You have a secret key. Bob wants the secret key. He has threatened to harm your reputation at the office if you don't give him the secret key. What type of attack is Bob attempting to use?
Rubber hose attack
A certain attack task includes five steps as follows: Sniff the traffic between the target computer and the server. Monitor traffic with the goal of predicting the packet sequence numbers. Desynchronize the current session. Predict the session ID and take over the session. Inject commands to target the server. Which of the following tasks does the above list describe?
Session hijacking
You have just captured the following packet using Wireshark and the filter shown. Which of the following is the captured password?
St@y0ut!@
A VPN (Virtual Private Network) is primarily used for which purpose?
Support secured communications over an untrusted network.
Bob encrypts a message using a key and sends it to Alice. Alice decrypts the message using the same key. Which of the following types of encryption keys is being used?
Symmetric
Which of the following best explains why brute force attacks are always successful?
They test every possible valid combination.
The process of analyzing an organization's security and determining its security holes is called:
Threat modeling
Which of the following best describes a feature of symmetric encryption?
Uses only one key to encrypt and decrypt data.
Frank, an IT tech, works for the ABC company. His friend Joe, who works for the XYZ company, informs Frank that XYZ company has been hit by a new malware attack. What is the first thing Frank should do for the ABC company?
Verify that ABC company's anti-malware software is updated and running.
In which of the following attacks does the attacker blocks all traffic by taking up all available bandwidth between the target computer and the internet?
Volumetric attack
Which of the following is the most secure protocol for wireless networks?
WPA2
A security analyst is using tcpdump to capture suspicious traffic detected on port 443 of a server. The analyst wants to capture the entire packet with hexadecimal and ASCII output only. Which of the following tcpdump options will achieve this output?
-X port 443
The ping command is designed to test connectivity between two computers. There are several command options available to customize ping, making it a useful tool for network administrators. On Windows, the default number of ping requests is set is four. Which of the following command options will change the default number of ping requests?
-n
Which of the following best describes an antivirus sensor system?
A collection of software that detects and analyzes malware.
The program shown is a crypter. Which of the following options best defines what this program does?
A crypter can encrypt, obfuscate, and manipulate malware to make it difficult to detect.
Which of the following best describes a DoS attack?
A hacker overwhelms or damages a system and prevents users from accessing a service.
The Stuxnet worm was discovered in 2010 and was used to gain sensitive information about Iran's industrial infrastructure. This worm was probably active for about five years before being discovered. During this time, the attacker had access to the target. Which type of attack was Stuxnet?
APT
Jason, an attacker, has manipulated a client's connection to disconnect the real client and allow the server to think that he is the authenticated user. Which of the following describes what he has done?
Active hijacking
Which of the following cryptography attacks is characterized by the attacker making a series of interactive queries and choosing subsequent plain texts based on the information from the previous encryption?
Adaptive chosen plain text
Daphne has determined that she has malware on her Linux machine. She prefers to only use open-source software. Which anti-malware software should she use?
ClamAV
Which of the following best describes the process of using prediction to gain session tokens in an Application-level hijacking attack?
Collect several session IDs that have been used before and then analyze them to determine a pattern.
Kathy doesn't want to purchase a digital certificate from a public certificate authority, but needs to establish a PKI in her local network. Which of the follow actions should she take?
Create a local CA and generate a self-signed certificate.
Which of the following parts of the Trojan horse packet installs the malicious code onto the target machine?
Dropper
Which of the following is characterized by an attacker using a sniffer to monitor traffic between a victim and a host?
Passive hijacking
What is the main security weakness associated with the service password-encryption command?
Passwords are easily broken.
Anti-malware software uses several methods to detect malware. One of these methods is scanning. Which of the following best describes scanning?
Scanning uses live system monitoring to detect malware immediately. This technique utilizes a database that needs to be updated regularly. Scanning is the quickest way to catch malware programs.
Which of the following malware types shows the user signs of potential harm that could occur if the user doesn't take a certain action?
Scareware
It is important to be prepared for a DoS attack. These attacks are becoming more common. Which of the following best describes the response you should take for a service degradation?
Services can be set to throttle or even shut down.
Your network administrator has set up training for all users regarding clicking on links in emails or instant messages. Which of the following is your network administrator attempting to prevent?
Session fixation
Analyzing emails, suspect files, and systems for malware is known as which of the following?
Sheep dipping
Match each cryptography attacks to its description.
The attack repeatedly measuring the exact execution times of modular exponentiation operations. Timing A hacker extracts cryptographic secrets, such as the password to an encrypted file, by coercion or torture. Rubber hose The hacker makes a series of interactive queries, choosing subsequent plain texts based on the information from the previous encryptions. Adaptive chosen plain text An attack where a hacker not only breaks a ciphertext, but also breaks into a bigger system that is dependent on that ciphertext. Chosen key The hacker obtains ciphertexts encrypted under two different keys. Related key The hacker analyzes the plain texts corresponding to an arbitrary set of ciphertexts the hacker chooses. Chosen ciphertext
In a ciphertext-only attack, what is the attacker's goal?
To recover the encryption key.
You have just installed a wireless access point (WAP) for your organization's network. You know that the radio signals used by the WAP extend beyond your organization's building and are concerned that unauthorized users outside may be able to access your internal network. Which of the following steps will BEST protect the wireless network? (Select TWO. Each option is a complete solution.)
Use the WAP's configuration utility to reduce the radio signal strength. Configure the WAP to filter unauthorized MAC addresses.
Which of the following is a characteristic of the Advanced Encryption Standard (AES) symmetric block cipher?
Uses the Rijndael block cipher.
Which type of threat actor only uses skills and knowledge for defensive purposes?
White Hat
You suspect that an ICMP flood attack is taking place on your system from time to time, so you have used Wireshark to capture packets using the tcp.flags.syn==1 filter. Initially, you saw an occasional SYN or ACK packet. After a short while, you started seeing packets as shown in the image. Using the information shown, which of the following explains the difference between normal ICMP (ping) requests and an ICMP flood?
With the flood, all packets come from the same source IP address in quick succession.
Heather is performing a penetration test of her client's malware protection. She has developed a malware program that doesn't require any user interaction and wants to see how far it will spread through the network. Which of the following types of malware is she using?
Worm
Which of the following terms is the encrypted form of a message that is unreadable except to its intended recipient?
ciphertext
After configuring a router to ignore the startup configuration when the device boots, what command would you use to tell the device to load the startup configuration upon boot?
confreg 0x2102
As part of the password recovery process on a router, you want the device to ignore the startup config file when the device is rebooted. Which of the following commands would you use to do this?
confreg 0x2142
Which of the following commands configures a password to switch to privileged EXEC mode and saves the password using MD5 hashing?
enable secret
While configuring a new router, you use the following commands: Router(config)#enable password cisco Router(config)#enable secret highway Router(config)#username admin password television Router(config)#line con 0 Router(config-line)#password airplane Router(config-line)#login Router(config-line)#line vty 0 4 Router(config-line)#password garage Router(config-line)#login Which password would you use to open a Telnet session to the router?
garage
Which of the following describes a session ID?
A unique token that a server assigns for the duration of a client's communications with the server.
Which of the following is the term used to describe what happens when an attacker sends falsified messages to link their MAC address with the IP address of a legitimate computer or server on the network?
ARP poisoning
As the cybersecurity specialist for your company, you believe a hacker is using ARP poisoning to infiltrate your network. To test your hypothesis, you have used Wireshark to capture packets and then filtered the results. After examining the results, which of the following is your best assessment regarding ARP poisoning?
ARP poisoning is occurring, as indicated by the duplicate response IP address.
An attacker may use compromised websites and emails to distribute specially designed malware to poorly secured devices. This malware provides an access point to the attacker, which he can use to control the device. Which of the following devices can the attacker use?
Any device that can communicate over the intranet can be hacked.
You work for a company that is implementing symmetric cryptography to process payment applications, such as card transactions, where personally identifiable information (PII) needs to be protected to prevent identity theft or fraudulent charges. Which of the following algorithm types would be best for transmitting large amounts of data?
Block
A small business called Widgets, Inc. has hired you to evaluate their wireless network security practices. As you analyze their facility, you note the following using a wireless network locator device: Widgets, Inc. uses an 802.11n wireless network. The wireless network is broadcasting the SID Linksys. The wireless network uses WPA2 with AES security. Directional access points are positioned around the periphery of the building. Which of the following would you MOST likely recommend your client do to increase their wireless network security? (Select two.)
Change the SSID to something other than the default. Disable SSID broadcast.
Your company produces an encryption device that lets you enter text and receive encrypted text in response. An attacker obtains one of these devices and starts inputting random plain text to see the resulting ciphertext. Which of the following cryptographic attacks is being used?
Chosen plain text
Which type of cryptanalysis method is based on substitution-permutation networks?
Integral
A virus has replicated itself throughout systems it has infected and is executing its payload. Which of the following phases of the virus life cycle is this virus in?
Launch
Which term describes the process of sniffing traffic between a user and server, then re-directing the traffic to the attacker's machine, where malicious traffic can be forwarded to either the user or server?
Man-in-the-middle
Mary wants to send a message to Sam. She wants to digitally sign the message to prove that she sent it. Which of the following cryptographic keys would Mary use to create the digital signature?
Mary's private key
Match the malware detection methods on the left with the description on the right.
Establishes a baseline of the system and will alert the user if any suspicious system changes occur. : Integrity checking Is mainly used against logic bombs and Trojans. : Interception Works well against polymorphic and metamorphic viruses. : Code emulation Aids in detecting new or unknown malware. : Heuristic analysis Could have live system monitoring to immediately detect malware. : Scanning
Match the types of cryptanalysis with the descriptions.
Finds the affine approximations to the action of a cipher. Linear cryptanalysis A form of cryptanalysis applicable to symmetric key algorithms. Differential cryptanalysis Is useful against block ciphers based on substitution-permutation networks. Integral cryptanalysis It is an extension of differential cryptanalysis. Integral cryptanalysis It is commonly used on block ciphers and works on statistical differences between plain text and ciphertext. Linear cryptanalysis Works on statistical differences between ciphertexts of chosen data. Differential cryptanalysis
Your organization is frequently visited by sales reps. While on-site, they frequently plug their notebook systems into any available wall jack, hoping to get internet connectivity. You are concerned that allowing them to do this could result in the spread of malware throughout your network. Which of the following would BEST protect you from guest malware infection? (Select two.)
Implement static IP addressing. Implement MAC address filtering.
You want users to enter a password before being able to access the router through a Telnet session. You use the following commands: router#config t router(config)#line vty 0 4 router(config-line)#password cisco router(config-line)#exit router(config)#exit You open a Telnet session with the router and discover that the session starts without being prompted for a password. What should you do?
In line configuration mode, add the login parameter.
Which of the following malware detection methods establishes a baseline of the system and will alert the user if any suspicious system changes occur?
Integrity checking
Which of the follow is a characteristic of Elliptic Curve Cryptography (ECC)?
Is suitable for small amounts of data and small devices, such as smartphones.
Which of the following is the first step you should take if malware is found on a system?
Isolate the system from the network immediately.
Which of the following cryptography attacks is characterized by the attacker having access to both the plain text and the resulting ciphertext, but does not allow the attacker to choose the plain text?
Known plain text
What is the least secure place to locate an omnidirectional access point when creating a wireless network?
Near a window
Your network devices are categorized into the following zone types: No-trust zone Low-trust zone Medium-trust zone High-trust zone Your network architecture employs multiple VLANs for each of these network zones. Each zone is separated by a firewall that ensures only specific traffic is allowed. Which of the following is the secure architecture concept used on this network?
Network segmentation
Using Wireshark, you have used a filter to help capture only the desired types of packets. Using the information shown in the image, which of the following best describes the effects of using the net 192.168.0.0 filter?
Only packets with either a source or destination address on the 192.168.0.0 network are captured.
While performing a penetration test, you captured a few HTTP POST packets using Wireshark. After examining the selected packet, which of the following concerns or recommendations will you include in your report?
Passwords are being sent in clear text.
Drag the network attack technique on the left to the appropriate description or example on the right. (Each technique may be used once, more than once, or not at all.)
Perpetrators attempt to compromise or affect the operations of a system. Active attack Unauthorized individuals try to breach a network from off-site. External attack Attempting to find the root password on a web server by brute force. Active attack Attempting to gather information without affecting the flow of information on the network. Passive attack Sniffing network packets or performing a port scan. Passive attack
Which of the following best describes a reverse proxy method for protecting a system from a DoS attack?
Redirects all traffic before it is forwarded to a server, so the redirected system takes the impact.
Part of a penetration test is checking for malware vulnerabilities. During this process, the penetration tester needs to manually check many different areas of the system. After these checks are completed, which of the following is the next step?
Run anti-malware scans
You need to implement a solution for the sales reps who complain that they are unable to establish VPN connections when they travel because the hotel or airport firewalls block the necessary VPN ports. Which VPN security protocol can you use to resolve this issue?
SSTP
Your network administrator is configuring settings so the switch shuts down a port when the max number of MAC addresses is reached. What is the network administrator taking countermeasures against?
Sniffing
Put the steps for developing an anti-malware program on the left in proper order on the right.
Step 1: Identify unique characteristics of malicious software. Step 2: Write the scanning process. Step 3: Update the anti-malware program. Step 4: Scan the system.
Part of a penetration test is checking for malware vulnerabilities. There are twelve steps that are followed when testing for malware vulnerabilities. Put the steps in order.
Step 1: Scan for open ports. Step 2: Scan for running processes. Step 3: Check for suspicious or unknown registry entries. Step 4: Verify all running Windows services. Step 5: Check startup programs. Step 6: Look through event logs for suspicious events. Step 7: Verify all installed programs. Step 8: Scan files and folders for manipulation. Step 9: Verify that device drivers are legitimate. Step 10: Check all network and DNS settings and activity. Step 11: Scan for suspicious API calls. Step 12: Run anti-malware scans.
Which statement best describes a suicide hacker?
This hacker is only concerned with taking down their target for a cause. They have no concerns about being caught.
A small business named BigBikes, Inc. has hired you to evaluate their wireless network security practices. As you analyze their facility, you note the following: BigBikes, Inc. uses an 802.11a wireless network. The wireless network SSID is set to BWLAN. The wireless network is not broadcasting the network SSID. The wireless network uses WPA2 with AES security. Omnidirectional access points are positioned around the periphery of the building. Which of the following would you MOST likely recommend your client do to increase their wireless network security?
Implement directional access points.
One of the steps in the password recovery process for a router is to access the ROM monitor. Which of the following methods will accomplish this? (Select two.)
Use a break sequence during the boot process. Remove the external flash memory while the device is powered off and then boot.
Using sniffers has become one way for an attacker to view and gather network traffic. If an attacker overcomes your defenses and obtains network traffic, which of the following is the best countermeasure for securing the captured network traffic?
Use encryption for all sensitive traffic.
What are the countermeasures used to keep hackers from using various cryptanalysis methods and techniques? (Select two.)
Use passphrases and passwords to encrypt a key stored on disk. Use a key size of 168 bits or 256 bits for symmetric key algorithms.
Using Wireshark filtering, you want to see all traffic except IP address 192.168.142.3. Which of the following is the best command to filter a specific source IP address?
ip.src ne 192.168.142.3
Above all else, which of the following must be protected to maintain the security and benefit of an asymmetric cryptographic solution, especially if it is widely used for digital certificates?
Private keys
You are at a customer site and need to access their router. The previous administrator left the company and did not document the password to the device. Which of the following would you access to start the password recovery process?
ROMmon
Which of the following provides a VPN gateway that encapsulates and encrypts outbound traffic from a site and sends the traffic through the VPN tunnel to the VPN gateway at the target site?
Site-to-site IPsec VPN
Heather wants to gain remote access to Randy's machine. She has developed a program and hidden it inside a legitimate program that she is sure Randy will install on his machine. Which of the following types of malware is she using?
Trojan horse
Daphne suspects that a Trojan horse is installed on her system. She wants to check all active network connections to see which programs are making connections and the FQDNs of locations those programs are connecting to. Which command will allow her to do this?
netstat -f -b
You have been asked to perform a penetration test for a company to see if any sensitive information can be captured by a potential hacker. You have used Wireshark to capture a series of packets. Using the tcp contains invoice filter, you have found one packet. Using the captured information shown, which of the following is the account manager's email address?
You are a security consultant. You've been hired to evaluate an organization's physical security practices. All employees must pass through a locked door to enter the main work area. Access is restricted using a smart card reader. Network jacks are located in the reception area so employees and vendors can access the company network for work-related purposes. Users within the secured work area are trained to lock their workstations if they will leave them for any period of time. Which of the following recommendations would you MOST likely make to this organization to increase their security?
Disable the switch ports connected to the network jacks in the reception area.
Which of the following protocols is one of the most common methods used to protect packet information and defend against network attacks in VPNs?
IPsec
Miguel has been practicing his hacking skills. He has discovered a vulnerability on a system that he did not have permission to attack. Once Miguel discovered the vulnerability, he anonymously alerted the owner and told him how to secure the system. Which type of hacker is Miguel in this scenario?
Gray hat
Robert, an IT administrator, is working for a newly formed company. He needs a digital certificate to send and receive data securely in a Public Key Infrastructure (PKI). Which of the following requests should he submit?
He must send identifying data with his certificate request to a registration authority (RA).
Rudy is analyzing a piece of malware discovered in a penetration test. He has taken a snapshot of the test system and will run the malware. He will take a snapshot afterward and monitor different components, such as ports, processes, and event logs, and note changes. Which of the following processes is he using?
Host integrity monitoring
Which of the following are protocols included in the IPsec architecture?
IKE, AH, and ESP
You are providing a VPN solution for employees who work remotely. When these employees change locations, they lose their VPN connection, so you want them to automatically reconnect if the VPN connection is lost or disconnected. Which VPN security protocol supports VPN reconnect functionality?
IKEv2
