Test Out Chapter 6
Which of the following accurately describes what a protocol analyzer is used for? (Select two.) A device that allows you to capture, modify, and retransmit frames (to perform an attack). A device that does NOT allow you to capture, modify, and retransmit frames (to perform an attack). A device that measures the amount of data that can be transferred through a network or processed by a device. A passive device that is used to copy frames and allow you to view frame contents. A device that can simulate a large number of client connections to a website, test file downloads for an FTP site, or simulate large volumes of emails.
A device that does NOT allow you to capture, modify, and retransmit frames (to perform an attack). A passive device that is used to copy frames and allow you to view frame contents.
Which of the following is the term used to describe what happens when an attacker sends falsified messages to link their MAC address with the IP address of a legitimate computer or server on a network? ARP poisoning Port mirroring MAC spoofing MAC flooding
ARP poisoning
You are concerned about protecting your network from network-based attacks on the internet. Specifically, you are concerned about attacks that have not yet been identified or that do not have prescribed protections. Which type of device should you use? Signature-based IDS Network-based firewall Anomaly-based IDS Antivirus scanner Host-based firewall
Anomaly-based IDS
What is the MOST common form of host-based IDS that employs signature or pattern-matching detection methods? Motion detectors Antivirus software Firewalls Honeypots
Antivirus software
Which of the following statements about Bash is true? Bash cannot be used to design malware that attacks systems running on Linux's Apache platform. Bash works in the background to execute commands using environment variables. Bash is a command shell and scripting language used only in Windows operating systems. Bash was released in 2000 and is rarely used today.
Bash works in the background to execute commands using environment variables.
As a cybersecurity analyst, you are tasked with performing active reconnaissance on a potential client's network to identify vulnerabilities. You have already completed the passive reconnaissance phase. Which of the following steps would you take next, and why? Start by launching a denial-of-service (DoS) attack to test the network's resilience. Begin with port scanning to identify open ports and the services running on them. Use social engineering techniques to trick employees into revealing sensitive information. Immediately report to the client that their network is secure based on the passive reconnaissance results.
Begin with port scanning to identify open ports and the services running on them.
Listen to exam instructions You are using a password attack that tests every possible keystroke for every single key in a password until the correct one is found. Which of the following technical password attacks are you using? Pass-the-hash attack Brute force attack Keylogger Password sniffing
Brute force attack
Listen to exam instructions You are using a protocol analyzer to capture network traffic. You want to only capture the frames coming from a specific IP address. Which of the following can you use to simplify this process? Capture filters NIC Switch Display filters
Capture filters
A threat actor has successfully manipulated a client's DNS cache, causing the client to resolve domain names to incorrect IP addresses controlled by the threat actor. This allows the threat actor to redirect the client's network traffic to malicious websites. Which type of attack does this scenario represent? Distributed denial-of-service (DDoS) Man-in-the-middle attack On-path attack Client cache poisoning
Client cache poisoning
A threat actor has successfully breached a company's network and has installed malicious code on a compromised host. The threat actor is now operating the compromised host remotely and maintaining access to it over a period of time. The threat actor's activity is disguised as part of the network's regular traffic. Detection of this type of activity usually depends on identifying anomalous connection endpoints. Which stage of the cyberattack lifecycle does this scenario represent? Reconnaissance Command and Control Data exfiltration Weaponization, delivery, and breach
Command and Control
You are running a packet sniffer on your workstation so you can identify the types of traffic on your network. You expect to see all the traffic on the network, but the packet sniffer only seems to be capturing frames that are addressed to the network interface on your workstation. Which of the following must you configure in order to see all of the network traffic? Configure the network interface to use promiscuous mode. Configure the network interface to use protocol analysis mode. Configure the network interface to enable logging. Configure the network interface to use port mirroring mode.
Configure the network interface to use promiscuous mode.
A company CEO is upset after receiving a call from a reporter at a local news station that the company is apparently at a launching point for a massive attack. The reporter provided detailed IP logs, and the network team reviewed them but could not find similar entries. What could be a possible explanation for the different records? DNS client cache poisoning DNS poisoning DNS-based on-path attack DNS attack indicators
DNS poisoning
A major online retail company has recently been experiencing intermittent downtime of its website. Network analysts observe a massive influx of traffic from multiple sources to the server. However, the traffic seems redirected from other systems. What type of attack is the company likely experiencing? Distributed denial-of-service (DDoS) Buffer overflow Collision Injection
Distributed denial-of-service (DDoS)
You are cleaning your desk at work. You toss several stacks of paper in the trash, including a sticky note with your password written on it. Which of the following types of non-technical password attacks have you enabled? Dumpster diving Social engineering Password guessing Shoulder surfing
Dumpster diving
As a system administrator, you notice unusual network activity on a company server. Upon investigation, you discover that a PowerShell script is running in the background. What type of malware is MOST likely responsible for this activity? Macro virus Trojan horse Worm Fileless malware
Fileless malware
Which of the following processes identifies an operating system based on its response to different types of network traffic? Fingerprinting Firewalking Port scanning Social engineering
Fingerprinting
As a security precaution, you have implemented IPsec that is used between any two devices on your network. IPsec provides encryption for traffic between devices. You would like to implement a solution that can scan the contents of the encrypted traffic to prevent any malicious attacks. Which solution should you implement? Protocol analyzer Network-based IDS VPN concentrator Host-based IDS Port scanner
Host-based IDS
You are concerned about attacks directed at your network firewall. You want to be able to identify and be notified of any attacks. In addition, you want the system to take immediate action to stop or prevent the attack, if possible. Which tool should you use? IDS Packet sniffer IPS Port scanner
IPS
Your organization uses a web server to host an e-commerce site. Because this web server handles financial transactions, you are concerned that it could become a prime target for exploits. You want to implement a network security control that analyzes the contents of each packet going to or from the web server. The security control must be able to identify malicious payloads and block them. What should you do? Implement a packet-filtering firewall in front of the web server. Implement an application-aware IPS in front of the web server. Implement a stateful firewall in front of the web server. Install an anti-malware scanner on the web server. Implement an application-aware IDS in front of the web server.
Implement an application-aware IPS in front of the web server.
A multinational corporation has recently implemented an intrusion detection system (IDS) and intrusion prevention system (IPS) to protect its network infrastructure. The security team receives many alerts and struggles to manage false positives. The team must optimize the IDS and IPS to identify and prioritize actual threats while minimizing irrelevant alerts. Which primary strategy should the team adopt to achieve this objective? Integrate SELinux policies for a layered security approach, ensuring system-level restrictions to applications and processes. Implement trend analysis to identify patterns and anomalies, tune the IDS/IPS over time, and prioritize genuine threats. Apply signature-based detection rules only to filter out false positives. Ignore all alerts from the IDS/IPS to focus on manual monitoring of network traffic.
Implement trend analysis to identify patterns and anomalies, tune the IDS/IPS over time, and prioritize genuine threats.
You want to check a server for user accounts that have weak passwords. Which tool should you use? OVAL John the Ripper Retina Nessus
John the Ripper
Listen to exam instructions Which of the following describes a false positive when using an IPS device? The source address matching the destination address. The source address identifying a non-existent host. Malicious traffic masquerading as legitimate traffic. Legitimate traffic being flagged as malicious. Malicious traffic not being identified.
Legitimate traffic being flagged as malicious.
You want to use a tool to scan a system for vulnerabilities, including open ports, running services, and missing patches. Which tool should you use? LC4 Nessus OVAL Wireshark
Nessus
Listen to exam instructions You want to identify all devices on a network along with a list of open ports on those devices. You want the results displayed in a graphical diagram. Which tool should you use? Ping scanner OVAL Port scanner Network mapper
Network mapper
Gathering as much personally identifiable information (PII) on a target as possible is a goal of which reconnaissance method? Passive Packet sniffing Active OSINT
OSINT
A hacker successfully exfiltrates a database of user passwords and attempts to gain access to it as the hacker can now go around the authentication system. What type of attack has the hacker achieved? Password spraying Brute force Dictionary Offline
Offline
A network administrator suspects an attacker is intercepting and potentially modifying communications between their organization's server and the client systems. The attacker is not detected by either party during this process. Which type of attack is the network administrator likely observing in this instance? Replay attack Domain Name System (DNS) attack On-path attack Distributed denial-of-service (DDoS) attack
On-path attack
You are concerned about attacks directed against the firewall on your network. You would like to examine the content of individual frames sent to the firewall. Which tool should you use? Load tester System log Event log Throughput tester Packet sniffer
Packet sniffer
You want to know which protocols are being used on your network. You'd like to monitor network traffic and sort traffic by protocol. Which tool should you use? Packet sniffer IPS IDS Port scanner Throughput tester
Packet sniffer
Which type of reconnaissance is associated with dumpster diving? Active Passive Packet sniffing OSINT
Passive
Which of the following techniques involves adding random bits of data to a password before it is stored as a hash? Password sniffing Pass-the-hash attack Password salting Keylogging
Password salting
An active IDS system often performs which of the following actions? (Select two.) Updates filters to block suspect traffic. Traps and delays the intruder until the authorities arrive. Requests a second logon test for users performing abnormal activities. Performs reverse lookups to identify an intruder. Cannot be detected on the network because it takes no detectable actions.
Performs reverse lookups to identify an intruder. Updates filters to block suspect traffic.
You decide to use a packet sniffer to identify the type of traffic sent to a router. You run the packet sniffing software on a device that is connected to a hub with three other computers. The hub is connected to a switch that is connected to the router. When you run the software, you see frames addressed to the four workstations, but not to the router. Which feature should you configure on the switch? Port mirroring Spanning Tree Protocol Bonding Promiscuous mode
Port mirroring
You want to identify traffic that is generated and sent through a network by a specific application running on a device. Which tool should you use? Protocol analyzer Certifier TDR Multimeter Toner probe
Protocol analyzer
Which of the following password attacks uses preconfigured matrices of hashed dictionary words? Brute-force attack Hybrid attack Rainbow table attack Dictionary attack
Rainbow table attack
A threat actor has launched an attack against a company's network. The threat actor spoofs the victim's IP address and attempts to open connections with multiple third-party servers. Those servers direct their responses to the victim host, rapidly consuming the victim's available bandwidth. Which type of attack does this scenario represent? Reflected attack Distributed denial-of-service (DDoS) attack Direct attack Amplified attack
Reflected attack
Which of the following roles would be MOST likely to use a protocol analyzer to identify frames that might cause errors? Standard user Security operations team Network administrator Malicious hacker
Security operations team
Which of the following tools can be used to see if a target has any online IoT devices without proper security? Packet sniffing scanless theHarvester Shodan
Shodan
Which IDS method searches for intrusion or attack attempts by recognizing patterns or identifying entities listed in a database? Anomaly-analysis-based IDS Stateful-inspection-based IDS Heuristics-based IDS Signature-based IDS
Signature-based IDS
Carl receives a phone call from a woman who states she is calling from his bank. She tells him that someone has tried to access his checking account, and she needs him to confirm his account number and password to discuss further details. He gives her his account number and password. Which of the following types of non-technical password attack has occurred? Dumpster diving Shoulder surfing Password guessing Social engineering
Social engineering
Which of the following BEST describes shoulder surfing? Giving someone you trust your username and account password. Someone nearby watching you enter your password on your computer and recording it. Guessing someone's password because it is so common or simple. Finding someone's password in the trash can and using it to access their account.
Someone nearby watching you enter your password on your computer and recording it.
An organization notices an external actor trying to gain access to the company network. The attacker is not targeting a specific account but rather using the same password across a vast range of usernames in hopes that one might be correct. What type of attack BEST describes this scenario? Spraying Rainbow table Dictionary Brute force
Spraying
Which social engineering technique involves the attacker interacting with the user to trick them into revealing their username and password? User manipulation Password guessing Physical access Dumpster diving
User manipulation
How can Visual Basic for Applications (VBA) be used to perform malicious attacks? VBA can be used to disable all security features on a computer system. VBA can be used to physically damage the hardware components of a computer. VBA can be used to create a macro virus that opens a shell on the Windows operating system. VBA can be used to delete all files on a computer system automatically.
VBA can be used to create a macro virus that opens a shell on the Windows operating system.
Which of the following is known as the process of walking around an office building with an 802.11 signal detector. War driving Daemon dialing War dialing Driver signing
War driving
You want to use a tool to see packets on a network, including the source and destination of each packet. Which tool should you use? OVAL Nessus Wireshark nmap
Wireshark
You need to check network connectivity from your computer to a remote computer. Which of the following tools would be the BEST option to use? tracert ping route nmap
ping
Which passive reconnaissance tool is used to gather information from a variety of public sources? scanless Packet sniffing theHarvester Shodan
theHarvester
You are a cybersecurity analyst tasked with performing passive reconnaissance on a potential client's network. You need to gather information from a variety of public sources including emails, names, subdomains, IPs, and URLs. Which of the following tools would be most appropriate for this task? Dnsenum OSINT framework theHarvester Shodan
theHarvester
