ITCS318 Long Quiz Reviewer

Questions and Answers

What type of attack occurs when data goes beyond the memory areas allocated to an application?

• Buffer overflow (correct)
• SQL injection
• RAM spoofing
• RAM injection

Which of the following statements describes a distributed denial of service (DDoS) attack?

• A botnet of zombies, coordinated by an attacker, overwhelms a server with DoS attacks (correct)
• An attacker monitors network traffic to learn authentication credentials
• One computer accepts data packets based on the MAC address of another computer
• An attacker sends an enormous quantity of data that a server cannot handle

Employees in an organization report that the network access is slow. Further investigation reveals that one employee downloaded a third-party scanning program for the printer. What type of malware may have been introduced?

• Trojan horse
• Worm (correct)
• Spam
• Phishing

Employees in an organization report that they cannot access the customer database on the main server. Further investigation reveals that the database file is now encrypted. Shortly afterward, the organization receives a threatening email demanding payment for the decryption of the database file. What type of attack has the organization experienced?

Ransomware (B)

A penetration test carried out by an organization identified a backdoor on the network. What action should the organization take to find out if their systems have been compromised?

Look for unauthorized accounts (A), Scan the systems for viruses (B), Look for policy changes in Event Viewer (D)

What non-technical method could a cybercriminal use to gather sensitive information from an organization?

Social engineering (C)

A secretary receives a phone call from someone claiming that their manager is about to give an important presentation but the presentation files are corrupted. The caller sternly asks that the secretary email the presentation right away to a personal email address. The caller also states that the secretary is being held personally responsible for the success of this presentation. What type of social engineering tactic is the caller using?

Intimidation (A), Urgency (B)

All employees in an organization receive an email stating that their account password will expire immediately and that they should reset their password within five minutes. Which of the following statements best describes this email?

It is a hoax (C)

Which best practices can help defend against social engineering attacks? (Choose three.)

Educate employees regarding security policies (B), Deploy well-designed firewall appliances (D), Resist the urge to click on enticing web links (E)

What do you call an impersonation attack that takes advantage of a trusted relationship between two systems?

Man-in-the-middle (A)

A cybercriminal sends a series of maliciously formatted packets to a database server, which causes the server to crash. What do you call this type of attack?

DoS (C)

The awareness and identification of vulnerabilities is a critical function of a cybersecurity specialist. Which of the following resources can they use to identify specific details about vulnerabilities?

ISO/IEC 27000 model (A), NIST/NICE framework (B), CVE national database (C), Infragard (D)

Which security measure is typically found both inside and outside a data center facility?

exit sensors (A), continuous video surveillance (B), a gate (E)

What is hyperjacking?

Taking over a virtual machine hypervisor as part of a data center attack

Which statement accurately characterizes the evolution of threats to network security?

Internal threats can cause even greater damage than external threats. (D)

When considering network security, what is the most valuable asset of an organization?

data (A)

Which resource is affected due to weak security settings for a device owned by the company, but housed in another location?

cloud storage device (C)

Refer to the exhibit. An IT security manager is planning security updates on this particular network. Which type of network is displayed in the exhibit and is being considered for updates?

WAN (A)

What are two security features commonly found in a WAN design? (Choose two.)

firewalls protecting the main and remote sites (B), VPNs used by mobile workers between sites (E)

Which security technology is commonly used by a teleworker when accessing resources on the main corporate office network?

VPN (D)

Which technology is used to secure, monitor, and manage mobile devices?

MDM (A)

Which field in an IPv6 packet is used by the router to determine if a packet has expired and should be dropped?

Hop Limit (B)

An attacker is using a laptop as a rogue access point to capture all network traffic from a targeted user. Which type of attack is this?

man in the middle (A)

Which field in the IPv4 header is used to prevent a packet from traversing a network endlessly?

Time-to-Live (A)

What is involved in an IP address spoofing attack?

A legitimate network IP address is hijacked by a rogue node. (A), A rogue DHCP server provides false IP configuration parameters to legitimate DHCP clients. (B), A rogue node replies to an ARP request with its own MAC address indicated for the target IP address. (C)

Which type of attack involves the unauthorized discovery and mapping of network systems and services?

reconnaissance (D)

In which TCP attack is the cybercriminal attempting to overwhelm a target host with half-open TCP connections?

SYN flood attack (D)

How is optional network layer information carried by IPv6 packets?

inside an extension header (C)

A threat actor wants to interrupt a normal TCP communication between two hosts by sending a spoofed packet to both endpoints. Which TCP option bit would the threat actor set in the spoofed packet?

RST (D)

A threat actor uses a program to launch an attack by sending a flood of UDP packets to a server on the network. The program sweeps through all of the known ports trying to find closed ports. It causes the server to reply with an ICMP port unreachable message and is similar to a DoS attack. Which two programs could be used by the threat actor to launch the attack? (Choose two.)

Low Orbit Ion Cannon (B), Smurf (E)

Which term describes a field in the IPv4 packet header used to detect corruption in the IPv4 header?

header checksum (D)

What kind of ICMP message can be used by threat actors to map an internal IP network?

ICMP echo request (A)

Users in a company have complained about network performance. After investigation, the IT staff has determined that an attacker has used a specific technique that affects the TCP three-way handshake. What is the name of this type of network attack?

SYN flood (B)

Which action best describes a MAC address spoofing attack?

altering the MAC address of an attacking host to match that of a legitimate host (A)

What is an objective of a DHCP spoofing attack?

to gain illegal access to a DHCP server and modify its configuration (A), to intercept DHCP messages and alter the information before sending to DHCP clients (C), to attack a DHCP server and make it unable to provide valid IP addresses to DHCP clients (D)

What is the primary means for mitigating virus and Trojan horse attacks?

antivirus software (C)

What method can be used to mitigate ping sweeps?

blocking ICMP echo and echo-replies at the network edge (B)

What worm mitigation phase involves actively disinfecting infected systems?

treatment (B)

What is the result of a DHCP starvation attack?

Legitimate clients are unable to lease IP addresses. (C)

Which term is used for bulk advertising emails flooded to as many end users as possible?

Spam (C)

Which type of DNS attack involves the cybercriminal compromising a parent domain and creating multiple subdomains to be used during the attacks?

cache poisoning (C)

Which protocol would be the target of a cushioning attack?

DNS (B)

Which language is used to query relational database?

SQL (A)

Which two attacks target web servers through exploiting possible vulnerabilities of input functions used by an application? (Choose two.)

cross-site scripting (A), SQL injection (C)

In which type of attack is falsified information used to redirect users to malicious Internet sites?

DNS cache poisoning (C)

What is a characteristic of a DNS amplification and reflection attack?

Threat actors use DNS open resolvers to increase the volume of attacks and to hide the true source of an attack. (B)

City Center Hospital provides WLAN connectivity to its employees. The security policy requires that communication between employee mobile devices and the access points must be encrypted. What is the purpose of this requirement?

to prevent a computer virus on a mobile device from infecting other devices (A)

What is a feature that can be used by an administrator to prevent unauthorized users from connecting to a wireless access point?

MAC filtering (C)

Flashcards

Buffer Overflow

Attack where data exceeds allocated memory for an application, potentially causing system compromise.

SQL Injection

A type of attack where malicious code is inserted into an SQL database query.

RAM Injection

Attack that injects malicious code into random access memory (RAM).

RAM Spoofing

Attack where an attacker tries to modify the operating system's view of memory to gain unauthorized access.

Distributed Denial of Service (DDoS)

Attack that floods a server with traffic from multiple sources, making it unavailable.

Social Engineering

Manipulating people to obtain sensitive information or access.

Ransomware

Malware that encrypts data and demands payment for decryption.

Trojan Horse

Malicious software disguised as a legitimate program.

Worm

Self-replicating malware that spreads through networks.

Phishing

Attempting to acquire sensitive information by masquerading as a trustworthy entity.

Security Policy

Set of rules and guidelines to maintain security.

Penetration Test

Simulated attack to identify security vulnerabilities.

Backdoor

Hidden entry point into a system used to bypass security measures.

Man-in-the-Middle Attack

Attacker intercepts communication between two parties.

DoS Attack

Attack designed to render a system unavailable.

Intimidation

Using fear to influence a person's behavior.

Urgency

Creating a sense of immediate need.

Trusted Partners

Exploiting a trusting relationship.

Familiarity

Manipulating people by falsely conveying knowledge or expertise.

Impersonation Attack

Masquerading as another person or entity to gain access or information.

Study Notes

ITCS318 - Long Quiz Reviewer

• SQL injection: Data goes beyond allocated memory areas.
• RAM injection: Data exceeds RAM allocation.
• RAM spoofing: Mimicking RAM behavior.
• Buffer overflow: Data exceeding buffer capacity.
• Distributed Denial of Service (DDoS): Attacker floods server with enormous data.
• Denial of Service (DoS): Attacker overwhelms server with data.
• Network Traffic Monitoring: Observing network traffic.
• Authentication Credentials: Learning login details.
• MAC Address: Unique hardware identifier.
• Botnet Zombies: Computers under control.
• Data Encryption: Coding data.
• Malware Analysis: Identifying malicious software.
• Third-Party Scanning Program: Software downloaded by user.
• Worm: Self-replicating malware.
• Trojan Horse: Malicious software disguised as legitimate.
• Spam/Phishing: Unsolicited emails/fraudulent emails.
• Ransomware: Attacker encrypts data and demands payment.
• Data Loss Prevention (DLP): Preventing data leaks.
• Social Engineering: Manipulating individuals for info.

Attack Characteristics and Methods

• Unauthorized Account Access: Gaining access without permission.
• Unauthorized Accounts/Passwords: Finding accounts without passwords.
• Cybercriminal Techniques: Gathering info from an organization.
• Man-in-the-Middle Attack: Intercepts communications.
• Ransomware: Encrypts data and demands payment.
• Social Engineering: Manipulation to gain info.
• Spoofing: Masquerading as trusted source.
• Impersonation: Assuming someone else's identity.
• Hoax/Piggyback: False info/hiding attacks.
• DDoS Attacks: Overwhelming servers with requests.

Security Best Practices

• Firewall Appliances: Protecting against network attacks.
• Security Guards: Physical security measures.
• Well-Designed Firewalls: Defense against network threats.
• Security Protocols: Defense mechanisms.
• Security Policies: Formal rules.
• Educate Employees: Awareness and training.

Network Security and Threats

• Internal Threats: Within the organization.
• External Threats: From outside the organization.
• Network Security Assets: Protection of vital resources.
• Company Data: Most valuable asset.
• Device Security: Protecting company-owned devices.
• Malware Malicious software.
• Data Security: Protecting information.
• Social Engineering Tactics: Manipulation to gain info.

Attacks and Vulnerabilities

• Backdoor: Unauthorized access point.
• Penetration Testing: Assessing security.
• Rogue Access Points: Unauthorized wireless networks.
• MAC Address Spoofing: Masquerading as another host.
• IP Address Spoofing: Malicious IP address used.
• DHCP Spoofing: Provides false DHCP info.
• Recon: Unauthorized discovery of network systems.

Networking Technologies

• IPv4/IPv6 Packets: Network communication protocols.
• MAC Addresses: Hardware addresses.
• Routing Protocols: Traffic management within a network.
• Time-to-Live: Field in packets, preventing endless loops.
• ARP (Address Resolution Protocol): Converting IP to MAC addresses.
• DHCP (Dynamic Host Configuration Protocol): Automatic IP address assignments.
• TCP/IP (Transmission Control Protocol/Internet Protocol): Common protocol suite.

Security Measures

• VPN (Virtual Private Network): Secure network connections.
• Firewall: Blocking unauthorized network access.
• WPA/WPA2/WEP: Wireless network security protocols.
• IDS/IPS: Intrusion Detection/Prevention Systems.
• Ports: Specific communication points.
• IP addresses: Unique network addresses
• Security Protocols: Policies protecting network.
• Network Analysis: Assessing the performance of the network.

Additional Information

• Wireless Network Management: Managing wireless networks.
• Threat mitigation: Reducing impact of attacks.
• Network Security Design: Strategies for strong security.
• Device Management: Control and monitoring of devices.
• Security Threats: Identifying and mitigating attacks.
• Malware Detection/Response: Tools and techniques for malware.
• Internet Security Standards: Regulations protecting the internet.
• Networking and Security: Combining security with network management.
• Communication Security: Protecting data during transmission.
• Network Protection Techniques: Strategies for safeguarding networks.