W06: Network Security

Ace your homework & exams now with Quizwiz!

Faraday cage

A metallic enclosure that prevents the entry or escape of an electromagnetic field.

protected cable distribution

A system of cable conduits used to protect classified information transmitted between two secure areas.

DNS

Domain Name System

A switch operates at what OSI layer

Layer 2

OSI

Open Systems Interconnection

SDU

Service Data Unit

Which attack intercepts communications between a web browser and the underlying OS? a. Interception b. Man-in-the-browser (MITB) c. DIG d. ARP poisoning

b. Man-in-the-browser (MITB)

network attacks used by threat actors

hijacks and altered communication between two users

PDU

Protocol Data Unit

Tcpdump

A command-line protocol packet analyzer. Administrators use it to capture packets.

tcpreplay

A command-line utility tool for editing packets and then "replaying" the packets back onto the network to observe their behavior.

mantrap

A device that monitors and controls two interlocking doors to a small room (a vestibule), designed to separate secure and nonsecure areas.

ISO

International Organization for Standardization

personnel are considered:

active security elements

Which utility sends custom TCP/IP packets? a. curl b. hping c. shape d. pingpacket

b. hping

Python programming language

can run on several different OS platforms

Spoofing

deceiving by impersonating another's identity

Three of the most common interception attacks are:

man-in-the-middle, session replay, man-in-the-browser attacks

MAC flooding attack

threat actors will overflow the switch with Ethernet packets that have been spoofed so that every packet contains a different source MAC address, each appearing to come from a different endpoint. This can quickly consume all the memory for the MAC address table and will enter a fail-open mode and function like a network hub, broadcasting frames to all ports. Threat actors could then install software or a hardware device that captures and decodes packets on one client connected to the switch to view all traffic.

Using two security guards is called

two-person integrity/control.

UAV

unmanned aerial vehicles (i.e. drones)

DNS poisoning

would only impact a single user. It modifies a local lookup table on a device to point to a different domain, which is usually a malicious DNS server controlled by a threat actor that will redirect traffic to a website designed to steal user information or infect the device with malware.

CAM

Content Addressable Memory

Text files are a funda-mental element when using ___

Linux OS

MITM

Man-in-the-middle

NIC

Network Interface Card

OLE

Object Linking and Embedding automation Note: For example, VBA can automatically create a Microsoft Word report from data in a Microsoft Excel spreadsheet. VBA (Visual Basics for Applications)can control one application from another application using OLE.

cmdlets

PowerShell "command-lets" which are specialized .NET classes that implement a specific operation

A successful DNS attack has two consequences

URL redirection & Domain reputation

VBA

Visual Basic for Applications

script is essentially the same as

a program, but it is interpreted and executed without the need for it to be first compiled into machine language

OpenSSL

a tool that supports scripting and is a cryptography library that offers open-source applications of the TLS protocol.

Theo uses the Python programming language and does not want his code to contain vulnerabilities. Which of the following best practices would Theo NOT use? a. Only use compiled and not interpreted Python code. b. Use the latest version of Python. c. Use caution when formatting strings. d. Download only vetted libraries.

a. Only use compiled and not interpreted Python code.

Which of the following sensors can detect an object that enters the sensor's field? a. Proximity b. Field detection c. IR verification d. Object recognition

a. Proximity

Which of the following is a tool for editing packets and then putting the packets back onto the network to observe their behavior? a. Tcpreplay b. Tcpdump c. Wireshark d. Packetdump

a. Tcpreplay

12. What is Bash? a. The command-language interpreter for Linux/ UNIX OSs b. The open source scripting language that contains many vulnerabilities c. A substitute for SSH d. The underlying platform on which macOS is built

a. The command-language interpreter for Linux/ UNIX OSs

Two common Layer 2 attacks are:

address resolution protocol (ARP) poisoning and media access control attacks

ExecutionPolicyByPass (PowerShell code)

allow the PowerShell script to run despite any system restrictions

Being able to manipulate text is __

an important skill in managing Linux security, as well as other applications and even the OS itself.

Tomaso is explaining to a colleague the different types of DNS attacks. Which DNS attack would only impact a single user? a. DNS hijack attack b. DNS poisoning attack c. DNS overflow attack d. DNS resource attack

b. DNS poisoning attack

What is the difference between a DoS and a DDoS attack? a. DoS attacks are faster than DDoS attacks. b. DoS attacks use fewer computers than DDoS attacks. c. DoS attacks do not use DNS servers as DDoS attacks do. d. DoS attacks use more memory than DDoS attacks.

b. DoS attacks use fewer computers than DDoS attacks.

Which of the following is NOT a reason that threat actors use PowerShell for attacks? a. It cannot be detected by antimalware running on the computer. b. It leaves behind no evidence on a hard drive. c. It can be invoked prior to system boot. d. Most applications flag it as a trusted application.

c. It can be invoked prior to system boot.

Deacon has observed that the switch is broadcasting all packets to all devices. He suspects is the result of an attack that has overflowed the switch MAC address table. Which type of attack is this? a. MAC spoofing attack b. MAC cloning attack c. MAC flooding attack d. MAC overflow attack

c. MAC flooding attack

Which of the following is NOT a Microsoft defense against macros? a. Protected View b. Trusted documents c. Trusted domain d. Trusted location

c. Trusted domain

Estevan has recommended that the organization hire and deploy two security guards in the control room to limit the effect if one of the guards has been compromised. What is Estevan proposing? a. Dual observation protocol (DOP) b. Compromise mitigation assessment (CMA) c. Two-person integrity/control d. Multiplayer recognition

c. Two-person integrity/control

ARP poisoning

changes the ARP cache so the corresponding IP address is pointing to a different computer

CCTV

closed circuit television

Several successful network attacks ____?

come from malicious software code and scripts

Visual Basic for Applications is most often used to ____

create macros

endpoint attacks used by threat actors

cross-site scripting, Trojans, and malicious JavaScript coding.

Which of the following does NOT describe an area that separates threat actors from defenders? a. DMZ b. Air gap c. Secure area d. Containment space

d. Containment space

Which of the following is NOT true about VBA? a. It is commonly used to create macros. b. It is built into most Microsoft Office applications. c. It is included in select non-Microsoft products. d. It is being phased out and replaced by PowerShell.

d. It is being phased out and replaced by PowerShell.

Proteus has been asked to secure endpoints that can be programmed and have an IP address so that they cannot be used in a DDoS attack. What is the name for this source of DDoS attack? a. Network b. Application c. IoT d. Operational Technology

d. Operational Technology

Eros wants to change a configuration file on his Linux computer. He first wants to display the entire file contents. Which tool would he use? a. head b. show c. display d. cat

d. cat

Which of the following is a third-party OS penetration testing tool? a. theHarvester b. scanless c. Nessus d. sn1per

d. sn1per

Gregory wants to look at the details about the patch a packet takes from his Linux computer to another device. Which Linux command-line utility will he use? a. tracepacket b. trace c. tracert d. traceroute

d. traceroute

DMZ

demilitarized zone

In cyberattacks, macros are used to ___

distribute malware

DDoS

distributed denial of service

NoProfile (PowerShell code)

do not load the system's custom PowerShell environment

PowerShell becomes a prime target for threat actors to ___

inject malware (code)

DNS hijacking

intended to infect an external DNS server with IP addresses that point to malicious sites. Note: DNS hijacking has the advantage of redirecting all users accessing the server.

MITM attack has 2 phases

intercepting traffic & decrypt the transmissions

session replay attack

intercepts and uses session ID to impersonate a user.

Man-in-the-middle

intercepts legitimate communication and forges a fictitious response to the sender or eavesdrops on the conversation. MITB attack seeks to intercept and then manipulate the communication between the web browser and the security mechanisms of the computer.

distributed denial of service attack

involves a device being overwhelmed by a torrent of fake requests so that it cannot respond to legitimate requests for service.

Wireshark

is a popular GUI packet capture and analysis tool.

macro

is a series of instructions that can be grouped together as a single command.

PowerShell

is a task automation and configuration management framework from Microsoft.

Tcpreplay

is a tool for editing packets and then "replaying" the packets back onto the network to observe their behavior.

Visual Basic for Applications

is an "event-driven" Microsoft programming language that is used to automate processes that normally would take multiple steps or levels of steps. Note: built into most Microsoft Office applications (Word, Excel, and PowerPoint, for example)

demilitarized zone

is an area that separates threat actors from defenders (also called a physical air gap)

Bash

is the command language interpreter (called the "shell") for the Linux/UNIX OS.

Layer 2 of the OSI model

particularly weak and is frequently a target of threat actors.

An often-overlooked consideration when defending a network is physical security:

preventing a threat actor from physically accessing the network is as important as preventing the attacker from accessing it remotely.

Collecting and analyzing data packets that cross a network can ___

provide a wealth of valuable information.

barriers act as passive devices to

restrict access

External perimeter defenses are designed to:

restrict access to the areas in which equipment is located.

WindowStyleHidden (PowerShell code)

run the script quietly without any notification to the user

A bollard is a:

short but sturdy vertical post that is used to as a vehicular traffic barricade to prevent a car from ramming into a secured area.

MAC cloning attack

threat actors will discover a valid MAC address of a device connected to a switch and then spoof that MAC address on their device and send a packet onto the network. The switch will change its MAC address table to reflect this new association of that MAC address with the port to which the attackers' device is connected


Related study sets

Ch. 5: Cultural Diversity (NUR 111-nursing fundamentals book)

View Set

BUS10: Ch. 5: Small Business and the Entrepreneur

View Set

Grade 10 Food & Nutrition - Basic Cooking Terms

View Set