Cybersecurity Quiz: Attacks and Techniques

Questions and Answers

What is the main difference between a DoS attack and a DDoS attack?

A DoS attack is a more recent attack than a DDoS attack.

A DDoS attack is more effective than a DoS attack, as it can take down systems for longer periods of time.

A DDoS attack uses multiple compromised devices to flood a system with traffic, while a DoS attack uses a single device. (correct)

A DoS attack uses a botnet to flood a system with traffic, while a DDoS attack uses a single compromised device.

Which of these is NOT a common factor used in multi-factor authentication (MFA)?

Something you are

Something you know

Something you have

Something you see (correct)

In the context of penetration testing, what does "black-box" testing mean?

The penetration tester has no prior knowledge of the system's infrastructure or configuration. (correct)

The penetration tester uses only automated tools to test the system's security vulnerabilities.

The penetration tester has limited knowledge of the system's infrastructure and configuration.

The penetration tester has full access to the system's source code and configuration.

What is a legitimate use case for network sniffing?

Monitoring network traffic for potential security threats. (A)

Which of the following techniques can be used to mitigate DoS attacks?

Implementing traffic filtering to block suspicious traffic patterns. (D)

What is a common example of social engineering?

A user accidentally clicking on a malicious link in an email. (C)

What is a key difference between active and passive sniffing?

Active sniffing injects fake data packets onto the network, while passive sniffing only observes traffic. (A)

Which of these is a tool commonly used in ethical network sniffing?

Wireshark (B)

Which of the following BEST describes the way a Virtual Private Network (VPN) creates a secure connection?

It uses a secure tunnel over the internet, encrypting all data that is sent. (C)

What is the PRIMARY objective of a brute force attack?

To guess the correct login credentials by repeatedly trying different combinations. (D)

Which of the following BEST describes the role of an attacker in a Man-in-the-Middle (MITM) attack?

To intercept and relay communication between two parties without their knowledge, potentially stealing or manipulating data. (A)

In the context of a SQL injection attack, what is the primary goal of the malicious SQL statement inserted by the attacker?

To bypass security measures and gain access to, modify, or delete data stored in the website's database. (B)

Which of the following is a common consequence of a successful phishing attack?

A user's personal information, such as login credentials or financial data, being stolen. (A)

How does a VPN help to protect user privacy?

By encrypting data sent over the internet, making it difficult for others to intercept and understand the information. (A), By masking the user's real IP address with a temporary one, making it harder to track their online activity. (B)

How does rate limiting help mitigate brute force attacks?

It restricts the frequency of login attempts from a single IP address, making it harder for attackers to try numerous passwords in a short time. (D)

Which of the following techniques is MOST effective in preventing SQL injection attacks?

Using prepared statements and parameterized queries to sanitize user input before executing database queries. (B)

Which of the following is a key difference between a vulnerability assessment and penetration testing?

Vulnerability assessments focus on identifying vulnerabilities, while penetration testing aims to exploit them. (B)

During which phase of the Cyber Kill Chain would an attacker send a phishing email to a target?

Delivery (D)

What is the primary characteristic of a zero-day vulnerability?

It is a vulnerability that is unknown to the vendor and the security community before it is exploited. (C)

Which of the following best describes lateral movement in cybersecurity?

Moving within a network to reach more valuable assets after gaining initial access. (C)

How does the Cyber Kill Chain help organizations defend against cyberattacks?

By identifying the stages of a cyberattack and providing opportunities for disruption. (B)

Which of these scenarios is an example of lateral movement?

An attacker uses stolen credentials to access a server and then accesses other systems on the same network. (A)

What would be a common tool used for vulnerability assessment?

Nessus (B)

Which of the following accurately describes how vulnerability assessment and penetration testing complement each other?

Vulnerability assessment helps prioritize the most critical vulnerabilities for penetration testing. (C)

What is a primary way that Active Directory can potentially facilitate lateral movement within a network?

By providing a centralized authentication system, allowing attackers to gain access to multiple connected systems. (C)

How does an EDR solution differ from traditional antivirus software?

EDR solutions provide real-time monitoring of endpoint activity, while traditional antivirus software relies on signature-based detection. (B)

Which of these actions is NOT an example of lateral movement within a network?

An attacker using a phishing email to trick a user into revealing their login credentials. (D)

What is a primary benefit of using a honeypot in a security strategy?

Honeypots can be used to lure attackers into revealing their tactics and techniques. (C)

How can organizations use Active Directory to mitigate lateral movement within their networks?

By implementing Group Policy to enforce security settings and restrict access. (A)

What is the primary function of the MITRE ATT&CK framework?

To identify and mitigate cybersecurity threats (B)

Which of the following is NOT a characteristic of a white hat hacker?

Uses vulnerabilities for personal gain (A)

Which type of encryption uses two keys, a public key for encryption and a private key for decryption?

Asymmetric Encryption (C)

Which of the following is an example of a common symmetric encryption algorithm?

AES (D)

Which of the following best describes a gray hat hacker?

A hacker who exploits vulnerabilities without malicious intent but without proper authorization (A)

What is the primary goal of DNS spoofing?

To redirect users to malicious websites (D)

Which of the following is NOT a tactic commonly used by attackers in lateral movement?

DNS Spoofing (D)

What is a primary benefit of integrating the MITRE ATT&CK framework into a SIEM tool?

Simplified incident response procedures (A)

Which of the following best describes the concept of 'risk' in cybersecurity?

The likelihood of a threat exploiting a vulnerability, causing damage. (D)

How does encryption contribute to cybersecurity?

Encryption makes data unintelligible to unauthorized users, protecting confidentiality. (B)

Which of the following is NOT a component of the CIA triad?

Authenticity (B)

Which of these is an example of maintaining data integrity?

Using digital signatures to validate the authenticity of data. (A)

A company uses outdated software that has known vulnerabilities. This is an example of which of the following concepts?

Vulnerability (D)

What is the main purpose of the principle of least privilege?

To minimize the impact of a security breach by limiting user access to necessary resources. (C)

Which of these scenarios exemplifies the principle of least privilege being implemented effectively?

A customer support representative only has access to customer information relevant to their job. (C)

What is the primary objective of cybersecurity?

To protect data and systems from unauthorized access and threats. (D)

Flashcards

Cybersecurity

Protection of computers, networks, and data from cyber threats.

Types of Cyberattacks

Common threats include malware, phishing, and ransomware.

Threat vs. Vulnerability vs. Risk

Threat is harm source, vulnerability is a weakness, and risk is the likelihood of damage.

CIA Triad

Foundation of information security: Confidentiality, Integrity, Availability.

Confidentiality (CIA)

Ensures sensitive information is accessed only by authorized users.

Integrity (CIA)

Ensures data remains accurate and unaltered over time.

Availability (CIA)

Ensures systems and data are available when needed.

Principle of Least Privilege

Users should have only the access necessary for their tasks.

Network Sniffing

Monitoring and capturing data packets across a network to analyze traffic.

Active Sniffing

A technique where an attacker actively injects packets into the network to intercept communications.

Passive Sniffing

Capturing data packets in a network without altering or injecting any traffic.

Denial-of-Service (DoS) Attack

An attack that overwhelms a system with traffic, making it unavailable to users.

Distributed Denial-of-Service (DDoS) Attack

A coordinated DoS attack from multiple compromised systems to amplify the attack effect.

Multi-Factor Authentication (MFA)

Security that requires two or more verification factors for access, enhancing security.

Penetration Testing

A simulated cyberattack by ethical hackers to find system vulnerabilities.

Ethical Hacking

Legitimate hacking performed to improve security, identifying weaknesses legally.

Honeypot

A decoy system that attracts attackers and monitors their behavior.

Purpose of Honeypots

They isolate malicious activities for analysis and enhance threat intelligence.

High-Interaction vs Low-Interaction Honeypots

High-interaction honeypots engage attackers fully; low-interaction limits engagement.

Endpoint Detection and Response (EDR)

Security solution monitoring endpoint activities for threats in real-time.

EDR vs Traditional Antivirus

EDR provides real-time visibility and response, unlike traditional antivirus which is often reactive.

MITRE ATT&CK framework

A knowledge base of adversary tactics, techniques, and procedures used in cybersecurity.

Lateral movement techniques

Methods attackers use to move within a network after an initial breach.

Symmetric encryption

Encryption method using a single key for both encryption and decryption.

Asymmetric encryption

Encryption method using a pair of keys: a public key for encryption and a private key for decryption.

Black hat hackers

Malicious hackers exploiting vulnerabilities for personal gain.

White hat hackers

Ethical hackers hired to identify and fix vulnerabilities in systems.

Gray hat hackers

Hackers who exploit vulnerabilities without malicious intent but without authorization.

DNS spoofing

An attack that manipulates DNS records to redirect users to malicious websites.

Vulnerability Assessment

Identifying and prioritizing vulnerabilities in systems.

Cyber Kill Chain

A model outlining stages of a cyberattack by Lockheed Martin.

Stages of Cyber Kill Chain

Includes Reconnaissance, Weaponization, Delivery, Exploitation, Installation, Command and Control, and Actions on Objectives.

Zero-Day Vulnerability

A software flaw unknown to the vendor or security community, exploited before a patch is available.

Lateral Movement

Techniques attackers use to move within a network after initial access.

Reconnaissance (Cyber Kill Chain)

The initial phase where attackers gather information about a target.

Command and Control (C2)

The mechanism used by attackers to maintain communication with compromised systems.

VPN

A VPN (Virtual Private Network) creates a secure, encrypted connection over the internet, allowing remote access to a private network.

Brute Force Attack

A brute force attack uses trial and error to guess login credentials or passwords by systematically trying combinations.

Man-in-the-Middle (MITM) Attack

A MITM attack occurs when an attacker intercepts and relays communication between two parties, stealing or manipulating data.

SQL Injection

SQL injection is a code injection attack that exploits vulnerabilities in a database by inserting malicious SQL statements.

Phishing

Phishing is a fraudulent attempt to obtain sensitive information by disguising as a trustworthy source in electronic communication.

Spear Phishing

Spear phishing targets specific individuals or organizations, often using personalized information to deceive them.

Encryption Protocols in VPNs

Encryption protocols are rules for encoding data in a VPN, ensuring secure communication and data protection over the Internet.

Rate Limiting

Rate limiting restricts the number of requests a user can make to a system over a period, helping to prevent brute force attacks.

Study Notes

Cybersecurity Fundamentals

• Cybersecurity protects computers, networks, and data from threats like hackers, viruses, and unauthorized access. It's crucial for preventing data breaches, financial losses, and reputational damage.
• Common cyberattacks are diverse and constantly evolving. Encryption plays a vital role in securing data. Organizations face challenges securing their networks due to the complexity and evolving nature of threats.

Threat, Vulnerability, and Risk

• A threat is a potential source of harm, such as malware or a hacker.
• A vulnerability is a weakness or flaw in a system that can be exploited.
• Risk is the likelihood of a threat exploiting a vulnerability and causing damage.

CIA Triad

• Confidentiality: Ensuring sensitive information is only accessible to authorized users.
• Integrity: Ensuring data remains accurate and uncorrupted.
• Availability: Ensuring systems and data are available when needed.

Principle of Least Privilege

• The principle of least privilege limits user access to only the minimum necessary level for their tasks to mitigate damage from misuse.

Two-Factor Authentication (2FA)

• 2FA requires two verification methods (something you know and something you have) to access a system. This enhances security compared to single-factor authentication.

Firewalls

• Firewalls are network security devices that monitor and control incoming and outgoing traffic based on security rules. They act as a barrier between trusted and untrusted networks.

Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS)

• IDS monitors network traffic for malicious activity; it alerts but doesn't block.
• IPS actively blocks malicious traffic in real-time.

Phishing

• Phishing is a social engineering attack where attackers trick users into revealing sensitive information.

Virtual Private Networks (VPNs)

• VPNs create secure encrypted connections over the internet, allowing secure remote access and protecting data from interception.

Brute-Force Attacks

• Brute-force attacks try all possible combinations to guess login credentials or encryption keys.

Man-in-the-Middle (MITM) Attacks

• MITM attacks intercept and relay communication between two parties. Attackers can steal data or manipulate communications.

SQL Injection

• SQL injection exploits vulnerabilities in database queries by inserting malicious SQL statements. This allows attackers to gain unauthorized access.

Cross-Site Scripting (XSS)

• XSS vulnerabilities allow attackers to inject malicious scripts into websites to steal cookies or sensitive information.

Ransomware

• Ransomware encrypts data and demands payment for its release. It often spreads via phishing emails or malicious downloads.

Hashing vs. Encryption

• Hashing: Converts data into a fixed-length hash, which cannot be reversed. Used for data integrity verification.
• Encryption: Transforms data into ciphertext, which can be decrypted back into plaintext using a key. Used for secure data transmission or storage.

Social Engineering

• Social engineering manipulates individuals to divulge confidential information or perform certain actions.

Network Sniffing

• Network sniffing monitors and captures network traffic; it can be used for malicious or legitimate purposes.

Denial-of-Service (DoS) Attacks

• DoS attacks flood a system with traffic, making it unavailable to legitimate users.

Multi-Factor Authentication (MFA)

• MFA requires multiple verification factors to access a system enhancing security beyond basic passwords.

Penetration Testing

• Penetration testing simulates cyberattacks to identify vulnerabilities in a system.

MITRE ATT&CK Framework

• The MITRE ATT&CK framework provides a knowledge base of adversary tactics and procedures that threat actors use exploiting vulnerabilities.

Endpoint Detection and Response (EDR)

• EDR solutions monitor endpoint activities, detect, investigate, and respond to threats.

Zero-Day Vulnerabilities

• Zero-day vulnerabilities are software flaws unknown to the vendor or security community. Exploitable before a patch is released.

Lateral Movement

• Lateral movement is the process by which attackers move from a point of access in the network to other critical systems or data.

Honeypots

• Honeypots are decoys to attract attackers and monitor their activities.

Description

Test your knowledge on different types of cyber attacks, including DoS, DDoS, and social engineering. This quiz also covers authentication methods and best practices for network security. Prepare to assess your understanding of penetration testing and ethical hacking techniques.