Chapters 9, 11, 12, and 15 Review Questions
Which of the following is most associated with enterprise security access in a wireless network?
802.1x
Jennifer is a junior system administrator for a small firm of 50 employees. For the last week a few users have been complaining of losing connectivity intermittently with no suspect behavior on their part such as large downloads or intensive processes. Jennifer runs Wireshark on Monday morning to investigate. She sees a large amount of ARP broadcasts being sent at a fairly constant rate. What is Jennifer most likely seeing?
ARP poisoning
Which intrusion prevention system can be used in conjunction with fences?
Bollards
A closed network is typically which of the following?
Private network
Monitor mode is used by wireless cards to do what?
Capture information about wireless networks
On a switch, each switchport represents a
Collision Domain
What is a type of combination lock?
cipher lock
Which of the following is considered an administrative control?
security policy
Which of the following is designed to locate wireless access points?
site survey
Which of the following prevents ARP poisoning?
IP DHCP snooping
Which of the following specifies security standards for wireless?
802.11b
What technique funnels all traffic back to a single client, allowing sniffing from all connected hosts?
ARP Flooding
What response is missing in a SYN flood attack?
ACK
Which of the following is a detective control when not used in real time?
Alarms (not CCTV?)
Which of the following is not a source of session IDs?
Anonymous login
AirPcap is used to do which of the following?
Assist in the sniffing of wireless traffic
A honeyspot is designed to do what?
Attract victims to connect to it
Session hijacking can be thwarted with which of the following?
Authentication mechanism
MAC spoofing applies a legitimate MAC address to an unauthenticated host, which allows the attacker to pose as a valid user. Based on your understanding of ARP, what would indicate a bogus client?
A reverse ARP request maps to two hosts
What is a client‐to‐client wireless connection called?
Ad Hoc
A session hijack can be initiated from all of the following except which one?
Devices
What device will neither limit the flow of traffic nor have an impact on the effectiveness of sniffing?
Hub
Wireless access points function as a
Hub
Session hijacking can be performed on all of the following protocols except which one?
IPSec
An SSID is used to do which of the following?
Identify a network
Jason is the local network administrator who has been tasked with securing the network from possible DoS attacks. Within the last few weeks, some traffic logs appear to have internal clients making requests from outside the internal LAN. Based on the traffic Jason has been seeing, what action should be taken?
Implement ingress filtering
While monitoring traffic on the network, Jason captures the following traffic. What is happening?
SYN flood
Which statement defines session hijacking most accurately?
Session hijacking is an attack that aims at stealing a legitimate session and posing as that user while communicating with the web resource or host machine.
Which feature makes WPA easy to defeat?
WPS support
An 8-foot-tall fence with razor wire stranded on top is considered what type of measure?
a preventative measure
What is a rogue access point?
an access point not managed by a company/client
What mechanism is intended to deter theft of hard drives?
encryption
Jennifer is using tcpdump to capture traffic on her network. She would like to review a capture log gathered previously. What command can Jennifer use?
tcpdump -r capture.log
Jennifer is using tcpdump to capture traffic on her network. She would like to save the capture log. What command can Jennifer use?
tcpdump -w capture.log
Which command launches a CLI version of Wireshark?
tshark
How many characters does a service set identifier contain?
32
Which of the following operates at 5 GHz?
802.11a
A public place workstation contains the browsing history of multiple users who logged in during the last seven days. While digging through the history, a user runs across the following web address: www.snaz22enu.com/&w25/session=22525. What kind of embedding are you seeing?
URL Embedding
Which of the following is a device used to perform a DoS on a wireless network?
Wi-Fi jammer
Which type of biometric system is frequently found on laptops but can be used on entryways as well?
fingerprint
Which Wireshark filter displays only traffic from 192.168.1.1?
ip.addr == 192.1681.1
Which of the following is a good defense against tailgating and piggybacking?
mantraps
Which type of network uses a group of zombie computers to carry out the commands of the bot master?
Botnet
When a wireless client is attached to an access point, it is known as which of the following?
Infrastructure
A man-in-the-middle attack is an attack where the attacking party does which of the following?
Insert themselves into an active session
In a DDoS attack, what communications channel is commonly used to orchestrate the attack?
Internet Relay Chat (IRC)
Adding to and removing from a program stack are known as what?
Push and Pop
Zombies Inc. is looking for ways to better protect their web servers from potential DoS attacks. Their web admin proposes the use of a network appliance that receives all incoming web requests and forwards them to the web server. He says it will prevent direct customer contact with the server and reduce the risk of DoS attacks. What appliance is he proposing?
Reverse Proxy
What is an 8-in-1 DoS tool that can launch such attacks as land and teardrop?
TFN2K
Physical security can prevent which of the following?
Tailgating
The command-line equivalent of WinDump is known as what?
Tcpdump
In the following screen shot, what is the plaintext password that was used to create the secured web connection by the client?
The key cannot be derived
In the field of IT security, the concept of defense in depth is the layering of more than one control on another. Why is this?
To provide better protection
What is the name given for the device component physically located on the motherboard that stores encryption keys for hard drives, preventing an adversary from removing the hard drive and using it on another computer?
Trusted Platform Module
What protocol is used to carry out a fraggle attack?
UDP
What is the key difference between a smurf and fraggle attack
UDP vs ICMP
Which of the following options shows the protocols in order from strongest to weakest?
WPA2, WPA, WEP, Open
Session fixation is a vulnerability in which of the following?
Web applications
Julie has sniffed an ample amount of traffic between the targeted victim and an authenticated resource. She has been able to correctly guess the packet sequence numbers and inject packets, but she is unable to receive any of the responses. What does this scenario define?
Blind hijacking
A man-in-the-browser attack is typically enabled by using which mechanism?
Trojans
When applications create variable memory segments in a dynamic fashion, what type of memory is being used?
Heap
What is the name for the dynamic memory space that, unlike the stack, doesn't rely on sequential ordering or organization?
Heap
A method that defends against a flooding attack and massive DoS attacks is referred to as what?
Flood guard
Which of the following attacks use UDP packets to target the broadcast address and cause a DoS?
Fraggle
Which pointer in a program stack gets shifted or overwritten during a successful overflow attack?
EIP (Extended instruction pointer)
Based on the diagram, what attack is occurring?
MITM
Which of the following is a characteristic of USB flash drives that makes security a problem?
Easily hidden
According to the following image, what browser is the user using?
Firefox
What is the generic syntax of a Wireshark filter?
protocol.field operator value
Tiffany is analyzing a capture from a client's network. She is particularly interested in NetBIOS traffic. What filter string matches that which Tiffany would like to use?
tcp.port eq 139
What common tool can be used for launching an ARP poisoning attack?
Cain and Abel
The stack operates on a _________ basis
LIFO (last in first out)
What is a single-button DoS tool suspected to be used by groups such as Anonymous?
LOIC
Which DoS attack sends traffic to the target with a spoofed IP of the target itself?
Land
Which of the following attacks forges a TCP packet as both the source and destination IP address of the victim and causes the victim's computer to freeze or crash?
Land
The wardriving process involved which of the following?
Locating wireless networks
You are a security administrator tasked with determining the expected losses a media firm may incur in the event of a fire. You estimate the firm could expect to lose half of its assets, equal to $10 million dollars. You also determine that the likelihood of a fire occurring is once every 10 years. What is the annual loss expectancy (ALE)?
Loss of $500,000
Bob is attempting to sniff a wired network in his first pen test contract. He sees only traffic from the segment he is connected to. What can Bob do to gather all switch traffic?
MAC Flooding
Warchalkingis used to do which of the following?
Make others aware of a wireless network
A session hijack can happen with which of the following?
Networks and applications
Julie has been working with sniffing and session-hijacking tools on her company network. Since she wants to stay white hat—that is, ethical—she has gotten permission to undertake these activities. What would Julie's activities be categorized as?
Passive
Cipher locks, mantraps, and bollards are considered what?
Physical controls
Session hijacking can do all of the following except which one?
Place a cookie on a server
What mode must be configured to allow an NIC (network interface card) to capture all traffic on the wire?
Promiscuous Mode
Jennifer is a system administrator who is researching a technology that will secure network traffic from potential sniffing by unauthorized machines. Jennifer is not concerned with the future impact on legitimate troubleshooting. What technology can Jennifer implement?
SSH
What is the main difference between DoS and DDoS?
Scale of attack
What is the most common sign of a DoS attack?
Slow performance
Based on the packet capture shown in the graphic, what is contained in the highlighted section of the packet?
Source and destination IP address
An ethical hacker sends a packet with a deliberate and specific path to its destination. What technique is the hacker using?
Source routing
Network-level hijacking focuses on the mechanics of a connection such as the manipulation of packet sequencing. What is the main focus of web app session hijacking?
Stealing session IDs
Which network device can block sniffing to a single network collision domain, create VLANs , and make use of SPAN ports and port mirroring?
Switch
WEP is designed to offer security comparable to which of the following?
Wired networks
As a security administrator, you have security concerns regarding the plans to utilize wire-less networks to bridge different corporate offices. Due to the location of these offices, traditional connections are cost prohibitive. Which of the following antennas will provide the best coverage while limiting the probability of unwanted signal interception?
Yagi
Which of the following could be considered required components of an alarm system?
a visual and audio alerting method
Which function(s) are considered dangerous because they don't check memory bounds?
gets() strcpy() scanf() strcat()
What command-line utility can you use to craft custom packets with specific flags set?
hping3