Cyber security 1

Ace your homework & exams now with Quizwiz!

What type of attack targets an SQL database using the input field of a user?

SQL injection

A network administrator of a small advertising company is configuring WLAN security by using the WPA2 PSK method. Which credential do office users need in order to connect their laptops to the WLAN?

A key that matches the key on the AP

A social media site is describing a security breach in a sensitive branch of a national bank. In the post, it refers to a vulnerability. What statement describes that term?

A weakness in a system or its design that could be exploited by a threat

What does the term vulnerability mean?

A weakness that makes a target susceptible to an attack

Resource utilization attack

Attacker sends multiple packets that consume server resources

Cache Poisoning

Attackers sends falsified information to redirect users to malicious sites

Which statement describes one of the rules that govern interface behavior in the context of implementing a zone-based policy firewall configuration?

By default, traffic is allowed to flow among interfaces that are members of the same zone

What is a vulnerability that allows criminals to inject scripts into web pages viewed by users?

Cross-site scripting

A cyber criminal sends a series of maliciously formatted packets to the database server. The server cannot parse the packets and the event causes the server to crash. What is the type of attack the cyber criminal launches?

Dos

Which three IPv4 header fields have no equivalent in an IPv6 header? (Choose three.)

Fragment Offset Identification Flag

Which term describes a field in the IPv4 packet header used to detect corruption in the IPv4 header?

Header checksum

What kind of ICMP message can be used by threat actors to create a man-in-the-middle attack?

ICMP redirects

Which security measure is best used to limit the success of a reconnaissance attack from within a campus area network?

Implement encryption for sensitive traffic

A security company is conducting an audit in several risk areas within a major corporate client. What attack of data loss vector term would be used to describe providing access to corporate data by gaining access to stolen or weak passwords?

Improper access control

The employees in a company receive an email stating that the account password will expire immediately and requires a password reset within 5 minutes. Which statement classifies this email.

It is a hoax

What is an IPS signature?

It is a set of rules used to detect typical intrusive activity

What is a function of SNMP?

Provides a message format for communication between network device managers and agents

What are the two methods that a wireless NIC can use to discover an AP? (Choose two.)

Receiving a broadcast beacon frame Transmitting a probe request

A disgruntled employee is using Wireshark to discover administrative Telnet usernames and passwords. What type of network attack does this describe?

Reconnaissance

What three best practices can help defend against social engineering attacks? (Choose three.)

Resist the urge to click on enticing web links, Educate employees regarding policies, and Do not provide password resets in a chat window.

Which risk management plan involves discontinuing an activity that creates a risk?

Risk avoidance

A user calls the help desk complaining that the password to access the wireless network has changed without warning. The user is allowed to change the password, but an hour later, the same thing occurs. What might be happening in this situation?

Rogue access point

Which type of network attack involves randomly opening many Telnet requests to a router and results in a valid network administrator not being able to access the device?

SYN Flooding

What is a characteristic of the WLAN passive discovery mode?

The AP periodically sends beacon frames containing the SSID

How do cybercriminals make use of a malicious iFrame?

The iFrame allows the browser to load a web page from another source

Which statement describes a VPN?

VPNs use virtual connections to create a private network through a public network

Match the type of cyberattackers to the description.

Vulnerability brokers → Discover exploits and report them to vendors State-sponsored attackers → Gather intelligence or commit sabotage on specific goals on behalf of their government Hacktivists → Make political statements in order to create an awareness of issues that are important to them

Which combination of WLAN authentication and encryption is recommended as a best practice for home users?

WPA2 and AES

What are two drawbacks to using HIPS? (Choose two.)

With HIPS, the network administrator must verify support for all the different operating systems used in the network HIPS has difficulty constructing an accurate network picture or coordinating events that occur across the entire network.

Amplification and Reflection

attackers uses open resolvers to increase the volume of attacks and mask the true source of the attack

What is the first line of defense to protect a device from improper access control?

passwords


Related study sets

Intro to political philosophy Review

View Set

Life and Heath with Ethics CA Test

View Set

CFP Class 1, Module 7 - Health, Disability, and Long-Term Care Insurance

View Set

Anatomy 25 Ch 8 appendicular skeleton

View Set

Early Middle Italian Renaissance (15th Century 1400-1485)

View Set