chapter 7 exam cybers ops

Ace your homework & exams now with Quizwiz!

Which technology is an open source SIEM system?

ELK

Which term is used to describe legitimate traffic that is mistaken for unauthorized traffic by firewalls and IPSs?

False positive *

Which term is used for bulk advertising emails flooded to as many end users as possible?

spam

Which protocol is exploited by cybercriminals who create malicious iFrames?

HTTP

Which protocol would be the target of a cushioning attack?

HTTP

In which type of attack is falsified information used to redirect users to malicious Internet sites?

DNS cache poisoning

In what type of attack is a cybercriminal attempting to prevent legitimate users from accessing network services?

DoS *

Refer to the exhibit. A junior network administrator is inspecting the traffic flow of a particular server in order to make security recommendations to the departmental supervisor. Which recommendation should be made?

A more secure protocol should be used.

What is the result of a passive ARP poisoning attack?

Confidential information is stolen.

. Which SIEM function is associated with examining the logs and events of multiple systems to reduce the amount of time of detecting and reacting to security events?

Correlation

Which cyber attack involves a coordinated attack from a botnet of zombie computers?

DDoS

Which protocol is attacked when a cybercriminal provides an invalid gateway in order to create a man-in-the-middle attack

DHCP

What network attack seeks to create a DoS for clients by preventing them from being able to obtain a DHCP lease?

DHCP starvation

What technique is a security attack that depletes the pool of IP addresses available for legitimate hosts?

DHCP starvation

Which network monitoring tool can provide a complete audit trail of basic information of all IP flows on a Cisco router and forward the data to a device?

NetFlow

Which network monitoring technology collects IP operational data on packets flowing through Cisco routers and multilayer switches?

NetFlow *

Which network technology uses a passive splitting device that forwards all traffic, including Layer 1 errors, to an analysis device?

Network TAP *

Refer to the exhibit. What protocol would be used by the syslog server service to create this type of output for security purposes?

SNMP

What are two monitoring tools that capture network traffic and forward it to network monitoring devices? (Choose two.)

SPAN network tap

Which monitoring technology mirrors traffic flowing through a switch to an analysis device connected to another switch port?

SPAN *

Which language is used to query a relational database?

SQL *

What type of attack targets an SQL database using the input field of a user

SQL injection

In which TCP attack is the cybercriminal attempting to overwhelm a target host with half-open TCP connections?

SYN flood attack

Which technology is a proprietary SIEM system?

Splunk *

Which network monitoring capability is provided by using SPAN?

Traffic exiting and entering a switch is copied to a network monitoring device.

Which network monitoring tool is in the category of network protocol analyzers?

Wireshark

Which network monitoring tool saves captured packets in a PCAP file?

Wireshark

Which network monitoring tool saves captured network frames in PCAP files?

Wireshark *

Which SIEM function is associated with speeding up detection of security threats by examining logs and events from different systems?

correlation

What are two methods used by cybercriminals to mask DNS attacks?

domain generation algorithms fast flux

How is optional network layer information carried by IPv6 packets?

inside an extension header attached to the main IPv6 packet header

What network monitoring technology enables a switch to copy and forward traffic sent and received on multiple interfaces out another interface toward a network analysis device?

port mirroring

. Which capability is provided by the aggregation function in SIEM?

reducing the volume of event data by consolidating duplicate event records

Which type of DNS attack involves the cybercriminal compromising a parent domain and creating multiple subdomains to be used during the attacks?

shadowing


Related study sets

Medical Assistant Pharmacology : Module Test

View Set

Chapter 5 Stress and Inflammation Response

View Set

Nursing foundation: Managing patient care chapter 21

View Set

Extra Credit Quiz 20 MHC In Depth

View Set

microbiology EXAM #1 CHAPTERS 1,3,4,5,7

View Set

Integrated Business Policy & Strategy: Chapter 1, 2, 3, & 4

View Set

ATI - Fluid and Electrolytes Practice Questions

View Set

Chapter 47--Intestinal and Rectal Disorders

View Set