Cybersecurity: Cyber Attacks & Protection

Questions and Answers

What is the key difference between a cybersecurity threat and an attack?

• A threat is a vulnerability in a system, while an attack is a weakness in security protocols.
• A threat is a potential event that could harm a system, while an attack is an active attempt to exploit a vulnerability. (correct)
• A threat is a software vulnerability, while an attack is a hardware malfunction.
• A threat is an actual, realized event, while an attack is only a potential event.

What is the underlying principle of a Denial of Service (DoS) attack?

• Overwhelming a targeted system with traffic to disrupt or disable access for legitimate users. (correct)
• Exploiting vulnerabilities in the system's software to gain unauthorized access.
• Intercepting and altering data transmitted between a client and a server.
• Bypassing authentication mechanisms to gain administrative privileges.

In a buffer overflow attack, what is the primary mechanism that allows an attacker to compromise a system?

• Using social engineering tactics to trick users into divulging credentials.
• Injecting malicious SQL queries into a database to extract data.
• Writing data beyond the allocated buffer, overwriting adjacent memory regions. (correct)
• Exploiting cryptographic weaknesses to decrypt sensitive information.

What is the main objective of a rootkit?

To provide persistent, hidden access to a compromised system while concealing its presence. (C)

What is the primary technique used in a SQL injection attack to compromise a database?

Injecting malicious SQL code into input fields to manipulate database queries. (D)

Which of the following best describes the aim of a phishing attack?

To trick individuals into divulging sensitive information, such as usernames, passwords, and financial details, by disguising as a trustworthy entity. (D)

In the context of TCP/IP communication, what is the purpose of the three-way handshake?

To establish a reliable connection between a client and a server before data exchange. (C)

What is the primary goal of a Smurf attack?

To amplify network traffic and overwhelm a target by exploiting ICMP echo requests. (A)

What is the key difference between DNS poisoning and ARP poisoning?

DNS poisoning manipulates DNS records to redirect traffic to malicious servers, ARP poisoning associates attacker's MAC address with IP address of legitimate network device. (B)

If an organization's website is defaced due to a CMS vulnerability, what immediate step should be taken?

Restore the website to its original state using a backup and begin investigating the breach. (B)

Flashcards

Threat vs. Attack

A threat is a potential danger, while an attack is an action taken to exploit a vulnerability.

Denial of Service (DoS) Attack

DoS attacks disrupt system availability using techniques that overload resources.

Buffer Overflow Attack

A buffer overflow attack exploits vulnerabilities by writing data beyond buffer boundaries.

Objective of a Rootkit

Rootkits give unauthorized privileged access, hiding their presence to maintain control.

SQL Injection Technique

SQL injection penetrates systems by inserting malicious SQL code into database queries.

Phishing Attack

Phishing is a deceptive attempt to obtain sensitive information.

Malware

Malware is malicious software designed to harm computer systems.

Cross-Site Scripting (XSS)

XSS exploits vulnerabilities to execute malicious scripts in a user's web browser.

DDoS Attack

DDoS attacks overwhelm a target with traffic from multiple sources.

Social Engineering Attacks

Social engineering manipulates individuals to gain access or information.

Study Notes

• This is an examination for Diploma in Cyber Security/Diploma in Ethical Hacking, RES 028: Protection from Cyber Attacks.
• Date: 12TH APRIL, 2024, Time: 2 HOURS

Question 1

• Differentiate between a threat and an attack in cybersecurity, highlighting distinctions and explaining their relationship to risk.
• Describe how would you investigate a malware infection and action to contain and remove malware, given a network slowdown and suspicious files on computers.
• Explain the workings of a Denial of Service (DoS) attack, including its principles and techniques to disrupt availability.
• Describe the concept/mechanism of buffer overflow attacks, outlining how it occurs and its potential consequences on the security of a targeted system.
• Identify/explain the primary objective of a rootkit and discuss its implications for the security of a compromised system.
• Explain how an attacker uses SQL injection to compromise a database, if a particular database threat utilizes SQL injection technique.
• Provide an explanation of a phishing attack, using a specific example to illustrate its methodology and the potential risks it poses to individuals or organizations and how the risk can be mitigated.

Question 2

• Identify the type of attack that occurred when David unknowingly accessed an attacker's website through a redirected tab and how it can be prevented
• Illustrate, describe the mechanism/impact of a DDoS attack using a diagram, highlighting components, stages, flow, and recommend mitigation ways.
• Define malware, explain it comprehensively with examples, illustrate its nature/impact on computer systems, and outline/describe countermeasures and best practices for protection.
• Explain cross-site scripting (XSS), its implications for web app security, and outline effective preventive measures/best practices to mitigate XSS risks.

Question 3

• Provide guidance on how to handle a suspicious phone call from someone claiming to be from the IT department asking for login credentials.
• Give a detailed explanation of DDoS attacks, including characteristics, objectives, techniques and strategies/countermeasures to mitigate and counteract DDoS attacks.
• Illustrate and describe the three-way handshake in TCP/IP communication using a diagram, explaining the purpose and sequence of each step to establish a connection.

Question 4

• Outline/categorize types of threats/attacks in cybersecurity, giving explanations and examples, highlighting the potential impact and risks.
• Illustrate/explain the workings of a Smurf attack using a diagram, highlighting steps/components, describing the purpose, impact, and countermeasures.
• Differentiate between DNS poisoning and ARP poisoning, explain their distinct mechanisms, objectives, and potential impacts on network security.

Question 5

• Describe common types of social engineering attacks, provide examples/explanations, and discuss the techniques and potential consequences.
• Describe how you would restore a website defaced by a hacker exploiting a CMS vulnerability, investigate the breach, and implement security measures.
• Explain how you would investigate a competitor's claim of access to confidential documents, negotiate with the attacker, and prevent such incidents.