Network Security Concepts Quiz

Questions and Answers

What characterizes an armored virus?

• It alters the host code to insert itself.
• It solely generates unsolicited advertisements.
• It confuses antivirus systems to avoid detection. (correct)
• It operates primarily over web applications.

What is the primary objective of an advanced persistent threat (APT)?

• To gain and maintain unauthorized access to a network. (correct)
• To inject harmful code into an application.
• To overload a server with traffic.
• To fetch large files for data analytics.

Which action best describes active reconnaissance?

• Scanning a system's open ports using a tool. (correct)
• Tampering with data in transit.
• Injecting malware into a working application.
• Spoofing an IP address to bypass security.

In the context of network security, what does ARP spoofing aim to achieve?

To poison the ARP cache of a target machine. (B)

What technique is primarily used in application-level DoS attacks?

Overloading the database with inefficient queries. (C)

What unintended consequence does adversarial artificial intelligence (AI) create?

Misleads machine learning models with deceptive inputs. (A)

What action is involved in AP MAC spoofing?

Changing the MAC address of WLAN client equipment. (A)

What is typically a defining feature of adware?

It generates unsolicited ads and pop-ups. (A)

What is a key characteristic of asymmetric database encryption?

It employs one public key for encryption and multiple private keys for decryption. (D)

Which type of log specifically records events from applications installed on a system?

Application Event Log (D)

What defines a backdoor Trojan?

A program that allows unauthorized access by bypassing standard authentication. (D)

What is the purpose of a botnet?

To create a network of compromised computers for distributed tasks. (C)

Which attack method continuously tries every possible password combination?

Brute-Force Attack (B)

Which of the following describes bluesmacking?

Overloading Bluetooth devices with random packets to crash them. (C)

What is a common vulnerability caused by coding errors that can allow attackers to exploit systems?

Buffer Overflows (D)

What is known as the act of sending unsolicited messages over Bluetooth to devices?

Bluejacking (C)

What term is given to individuals who resort to malicious activities using their computing skills?

Black Hats (A)

What is the purpose of authentication logs?

To record events during the authentication process. (D)

What does Crossover Error Rate (CER) represent?

The point where the false rejection rate and false acceptance rate are equal. (B)

How does Centralized Authorization benefit an organization?

It simplifies access control through a single authorization database. (B)

What is the primary purpose of the Computer Fraud and Abuse Act?

To define penalties for unauthorized computer access. (C)

Capability Maturity Model Integration (CMMI) is mainly used for what purpose?

To improve performance through structured processes. (C)

Which role is primarily responsible for the daily management and oversight of data in an organization?

Data Steward/Custodian (A)

What is the role of Compensating Controls?

To continue operations when intended controls fail or are not available. (B)

What is the purpose of data encryption?

To transform data into an unreadable format (D)

A Clean-Agent Suppression System is useful in what scenario?

To control fires in their initial growth stages using non-damaging agents. (D)

What is characteristic of Combination Locks?

They necessitate a specific sequence of numbers or letters to unlock. (B)

Which of the following best describes data retention?

The process of storing data to meet compliance requirements (B)

Who is responsible for collecting and controlling the processing of data in an organization?

Data Controller (B)

What types of materials do Concealed Weapon/Contraband Detection Devices typically search for?

Banned materials such as explosives and weapons. (A)

Circuit-Level Gateways operate at which layers of network architecture?

Session layer of OSI or TCP layer of TCP/IP. (A)

What is data masking used for?

Obscuring parts of data with random characters (C)

What is the main purpose of Client-to-Site VPNs?

To establish secure connections for individual clients remotely. (A)

Which term refers to the process of ensuring that data cannot be recovered or used once it's no longer needed?

Data Destruction (A)

What is the main responsibility of a Data Protection Officer (DPO)?

To safeguard the organization's data (C)

What is the main purpose of a DHCP starvation attack?

To empty a DHCP pool entirely and prevent legitimate users from obtaining IP addresses. (C)

Which of the following best describes a Distributed Reflection Denial-of-Service (DRDoS) attack?

An attack that amplifies traffic through intermediary systems to overwhelm a target. (A)

What technique is employed in a directory traversal attack?

Accessing directories outside the web server root through special character sequences. (C)

What is the primary objective of a DNS amplification attack?

To exploit DNS server configurations to increase the volume of traffic directed at a victim. (B)

Which type of attack involves flooding a user with forged de-authentication packets?

De-authentication Attack (A)

What is a common characteristic of default passwords in network devices?

They are often published in user manuals and easily guessed. (A)

In the context of networking security, what does a Data Modification Attack accomplish?

Changes data in transit, compromising communication integrity. (D)

What is the fundamental goal of a Denial-of-Service (DoS) attack?

To render a target's resources unavailable to legitimate users. (C)

What activity is involved in dumpster diving as a security risk?

Retrieving discarded documents that contain sensitive information. (A)

Which of the following methods do attackers use in a dictionary attack?

Using common password lists to test against encryption. (C)

Flashcards

Armored Virus

A virus designed to trick antivirus software.

Add-on Virus

Virus that adds itself to existing code without changing it.

Application Flaws

Vulnerabilities in applications that attackers exploit.

Active Attacks

Attacks that disrupt system communication.

Active Reconnaissance

Finding open ports and weaknesses in systems using tools.

Adversary

An attacker or opponent.

ARP Spoofing

Forging entries in a network's ARP cache.

Advanced Persistent Threats (APTs)

Long-lasting, undetectable network attacks.

Asymmetric Database Encryption

Uses a public key to encrypt and a private key per user to decrypt data.

Attack Signatures

Suspicious traffic patterns used to detect attacks.

Application Event Log

Records events like application warnings and errors.

Application Log Entries

Events logged by applications or programs.

Authentication Logs

Records authentication events, like access grants.

Backdoor Trojans

Programs bypassing security to access a system.

Botnet Trojans

Infects multiple computers to form a botnet.

Buffer Overflows

Software vulnerabilities that allow attackers access.

Brute-Force Attack

Trying every possible password combination.

Crossover Error Rate (CER)

The point where false rejection rate and false acceptance rate are equal, when sensitivity is set for those rates.

Centralized Authorization

A single database for authorizing network resources and applications.

Computer Fraud and Abuse Act

Punishes unauthorized computer access, especially if it involves interstate or foreign communication.

CMMI (Capability Maturity Model Integration)

A process model for improving organizational performance.

Change Management Policy

A policy that minimizes disruptions during organizational changes by following standard procedures.

Compensating Controls

Alternative controls used when primary controls fail or aren't available.

Clean-Agent Suppression System

A system using inert gas or chemicals to control fire in the early growth stages.

Circuit-Based Alarm

An alarm that signals when a door, window, or fence is tampered with.

Client-to-Site VPN

Remote access VPN that connects individual users to a company network over the internet.

Cyber Threat Intelligence (CTI)

Gathering and analyzing threat information to prepare for and respond to cyberattacks.

Data Security

The practice of safeguarding data from unauthorized access, modification, or destruction.

Data Owner

The individual or group responsible for all aspects of data within an organization.

Data Controller

The person who determines how personal data is processed.

Data Processor

The entity that handles data on behalf of the data controller.

Data Classification

The process of assigning sensitivity levels to data based on its importance.

Data Access Control

Mechanisms that restrict access to data based on user identity and permissions.

Data Encryption

Transforming data into an unreadable format to protect it from unauthorized access.

DHCP Starvation Attack

An attacker floods a DHCP server with fake requests, using up all available IP addresses and preventing legitimate devices from getting assigned one.

DNS Footprinting

Gathering information about a target's DNS configuration, like their domain names and host records, to understand their network structure.

De-authentication Attack

An attacker disconnects users from a wireless network by sending fake de-authentication messages, disrupting their connection to the access point.

DHCP Spoofing Attack

An attacker sets up a rogue DHCP server on a network to trick devices into accepting malicious IP addresses, potentially leading to data interception or network disruption.

Denial-of-Service (DoS) Attack

An attack aimed at preventing legitimate users from accessing a computer or network service by overwhelming the target with traffic or disrupting its functionality.

Distributed Denial-of-Service (DDoS) Attack

A coordinated attack using multiple infected computers (a botnet) to overwhelm a single target, making it unable to respond to legitimate traffic.

Directory Traversal Attack

An attacker uses special characters to bypass security measures and access restricted files or folders outside the intended web server directory.

DNS Amplification Attack

Attackers exploit the recursive nature of DNS to amplify attack traffic, sending a large request to a DNS server and redirecting the response to the target, exceeding its capacity.

Driver Manipulation

Attackers modify device drivers (software that controls hardware) to hide malicious code or gain unauthorized access to a system.

Disassociation Attack

An attacker disconnects a device from a wireless network by interrupting the communication between the device and the access point.

Study Notes

Armored Virus

• Designed to confuse or trick antivirus systems
• Prevents detection of the actual infection source

Add-on Virus

• Appends its code to the host code without modification
• Relocates host code to insert its code

Adware

• Software or program that supports advertisements
• Generates unsolicited ads and pop-ups

Application Flaws

• Vulnerabilities in applications
• Exploited by attackers
• Active Attacks: Tamper with data in transit or disrupt services to bypass or break into secured systems.

Active Reconnaissance

• Direct interactions with the target system
• Tools to detect open ports, accessible hosts, router locations, network mapping, and operating systems/applications
• Responsible for the attack event

Adversary

• Refers to an opponent or hacker
• Responsible for the attack event

ARP Spoofing/Poisoning

• Sending forged entries to the target machine's ARP cache
• Large number of forged entries

Address Resolution Protocol (ARP)

• Maps an IP address to a physical machine address recognized in the local network

Advanced Persistent Threats (APTs)

• Network attack type
• Attacker gains unauthorized access and remains undetected for a long period of time

Adversarial Artificial Intelligence (AI)

• Attack vector involving malicious intent
• Designed by attackers to mislead machine learning models

Application-level DoS Attack

• Attacker exhausts available server resources
• Sending hundreds of resource-intensive requests or retrieving image files
• Requiring expensive database server search operations.

API DDoS Attacks

• DDoS attack saturating an API with traffic from multiple infected computers
• Delays legitimate user API services

AP MAC Spoofing

• Hacker spoofs the MAC address of WLAN client equipment to mask as an authorized client

Android Rooting

• Allows Android users to attain privileged control ("root access") within Android's subsystem

Adaptive Chosen-plaintext Attack

• Attacker makes interactive queries
• Chooses subsequent plaintexts based on previous encryption information

Availability

• Assurance that systems are accessible for authorized users when required
• Responsible for delivering, storing, and processing information

Authentication

• Quality of a communication, document, or data being genuine

Auditing

• Tracking and examining network device activities

Active Assessment

• A type of vulnerability assessment
• Uses network scanners to identify hosts, services, and vulnerabilities

Application Assessment

• Focuses on transactional web applications, traditional client-server applications, and hybrid systems

Automated Assessment

• Security professional uses tools (Nessus, Qualys, GFI LanGuard) to assess vulnerabilities

Asset Management

• Process of monitoring and managing assets (systems, printers, software, hardware)
• Cost-effective manner, helping organizational growth

Application Sandboxing

• Executes untrusted applications in an isolated environment
• Protects the system

Application Patch Management

• Monitors and deploys new or missing patches to maintain application security

Application-level Firewall (WAF) Deployment

• Protects web servers from malicious traffic

Application Security Frame

• Web application security scheme
• Threat modeling, vulnerability discovery, and attack surface identification
• Providing appropriate countermeasures.

Application Whitelisting

• Access control allowing only specific programs to run

Application Blacklisting

• Security practice blocking undesirable programs from running

Application Containers

• Used to run a single service
• Layered file systems built on top of OS container technologies

Anything-as-a-Service (XaaS)

• Cloud-computing and remote-access service offered based on demand

AWS Identity and Access Management (IAM)

• Web service permitting customers secure control
• Over access to AWS services and resources

Access Point (AP)

• Connects wireless devices to a wireless/wired network

Association

• Process of connecting a wireless device to an AP

Antenna

• Device for transmitting and receiving electromagnetic waves at radio frequencies

Advanced Encryption Standard (AES)

• NIST encryption specification
• 128-bit block size, key sizes of 128, 192, and 256 bits for different types

ANT

• Wireless sensor protocol enabling communication between sensors and controllers

Assets

• Different components of OT systems like ICSs
• Including sensors, actuators, servers, workstations, network devices, PLCs

Asymmetric Encryption

• Uses two separate keys for encryption and decryption

Asymmetric-key Algorithms

• Uses two different keys for encryption and decryption

Authenticated Encryption with Associated Data (AEAD)

• Ensures the integrity and authenticity of a message

Asymmetric Database Encryption

• Method improving over symmetric database encryption
• Uses one private key for encryption/decryption, and one public key to encrypt data

Attack Signatures

• Suspicious traffic patterns treated as attack signatures

Application Event Log

• Records information from applications: events, warnings, and errors

Application Log Entries

• All events or actions from application runtime

Authentication Logs

• Records authentication process events: access verification for network resources.

Black Hats

• Individuals with extraordinary computer skills
• Resort to malicious activity, also known as crackers

Backdoor Trojans

• Programs bypassing system authentication (IDS/firewalls)

Botnet Trojans

• Infects multiple computers to create a network of bots for distributed tasks

Botnet

• Collection of compromised computers for a distributed task

Buffer Overflows

• Common software vulnerabilities caused by coding errors
• Allowing attackers access to the target system.

Bash

• Can be used to download and execute malicious files.

Brute-Force Attack

• Tries every possible character combination until the password is broken.

Bluesmacking

• DoS attack overloading Bluetooth devices

Bluejacking

• Sending unsolicited messages to Bluetooth devices like mobile phones and laptops.

Bluesnarfing

• Stealing information from a Bluetooth connection.

BlueSniff

• Bluetooth wardriving utility

Bluebugging

• Remotely accessing and controlling a Bluetooth-enabled device.

BluePrinting

• Collecting information about Bluetooth devices (manufacturer, model, firmware version).

Btlejacking

• Bypassing security mechanisms and listening to information shared by BLE devices

Birthday Attack

• Brute-force attacks against cryptographic hashes, making brute-forcing easier

Birthday Paradox

• Probability that two or more people in a group of 23 share the same birthday is greater than 0.5.

Biometrics

• Security technology using individual physical attributes (fingerprint, iris, face, voice, and behavior) for verification.

Business Partner Policy

• Defines agreements, guidelines, and responsibilities for business partners.

Bollards

• Used to control vehicular and pedestrian traffic

Bastion Host

• Computer system designed to protect network resources from attacks.

Behavior-Based IDS

• Detects intrusion by observing deviations from normal system or user behavior.

Blue Teaming

• Security assessment of information security or products.

Black-Box Testing

• Simulates real-world attacks, by mapping the network and enumerating services, shared files, and OS discreetly.

Bug Bounty Program

• Challenge for security professionals to find bugs and report security vulnerabilities in organizations.

Bandwidth

• Amount of information that can be transmitted on a connection

BSSID

• Media access control (MAC) address of an access point (AP) or base station.

BYOD

• Policy allowing employees to bring their personal devices to the workplace.

Bluetooth Low Energy (BLE)

• Wireless personal area network technology for various sectors (healthcare, security, entertainment, and fitness).

Basic Process Control System (BPCS)

• Responsible for process control and monitoring in industrial infrastructures.

BACnet

• Data communication protocol for building automation and control networks

Block Cipher

• Deterministic algorithms on blocks of fixed size with a symmetric key.

Blockchain

• Type of distributed ledger technology used to securely record and store transaction history in blocks.

Business Critical Data

• Data vital for business operations

Bucketing

• Generalizing a field based on values or ranges in data.

Best Evidence Rule

• Court allows original evidence of a document, photograph, or recording instead of copies.

Bandwidth Monitors

• Tools for evaluating available bandwidth on a local system.

Bit-Stream Imaging

• Cloned copy of an entire drive to allow forensic investigators to retrieve deleted files or folders from suspect computer drives.

Business Continuity

• Processes and activities ensuring operational continuity regardless of threats
• Associated with business functions irrespective of possible outages.

Business Continuity Management (BCM)

• Process ensuring business operations continuity during disruptions

Business Recovery

• Plan, arrangements, and procedures for restoring operations after a disaster

Business Impact Analysis (BIA)

• Assessing potential effects of disruptions to critical business operations from disasters.

Business Continuity Plan (BCP)

• Comprehensive document ensuring resilience against threats or disruptions
• Enables continued operations under abnormal conditions.

Cyber Terrorists

• Individuals motivated by beliefs to disrupt computer networks

Criminal Syndicates

• Involved in planned criminal activities, including sophisticated cyberattacks.

Crypter

• Protects malware from reverse engineering.

Compromised Legitimate Websites

• Host embedded malware that affects unsuspecting visitors

Command Shell Trojans

• Provide remote control of a victim's command shell.

Cluster Virus

• Infect files without file or data modification

Companion Virus/Camouflage Virus

• Store themselves with the same filename as the target program

Computer Worms

• Standalone malicious programs that independently replicate and spread

Cryptomining

• Uses victim's assets/financial data for digital mining of cryptocurrencies (e.g., Bitcoin)

Close-in Attacks

• Attackers perform acts (gather, modify, disrupt) in close proximity to the target system or network.

Clearing Tracks

• Activities of an attacker to conceal malicious acts within the network.

Cyber Kill Chain Methodology

• Component of intelligence-driven defense for malicious intrusion activity identification and prevention.

Card Cloning

• Creating a duplicate of a credit card or access card by copying information.

Cross-Site Scripting (XSS or CSS)

• Exploits website vulnerabilities to inject client-side scripts

Command Injection

• Attackers exploit vulnerabilities by injecting malicious commands into applications to execute arbitrary commands

Cross-Site Request Forgery (CSRF)

• Exploits vulnerabilities allowing an attacker to force a user's browser to perform malicious requests without their intention.

Consensus

• People usually like or do things others like or do.

Credential Harvesting

• Collecting credentials through phishing, password dumping tools, and MITM attacks.

Cryptanalysis Attack

• Applies the same procedure as a replay attack, along with reverse engineering of protocol, to capture original signals.

Cloud Hopper Attack

• Triggered at managed service providers (MSPs) and their users

Cloud Cryptojacking

• Unauthorized use of victim's computer for digital currency mining through the cloud.

Cloudborne

• Vulnerability residing in a bare-metal cloud server, implanting malicious backdoors into the firmware

Ciphertext-only Attack

• Attacker accesses the ciphertext to recover the encryption key.

Chosen-plaintext Attack

• Attacker defines plaintext, feeds it to the cipher, and analyzes resulting ciphertext to decrypt.

Chosen-key Attack

• Attacker breaks an n-bit key cipher into operations for decryption.

Confidentiality

• Access to information is restricted to authorized parties only.

Continual/Adaptive Security Strategy

• Continuous actions (prediction, prevention, detection, and response) to ensure comprehensive network defense.

Crossover Error Rate (CER)

• False rejection rate and false acceptance rate when sensitivity in systems is adjusted accordingly.

Centralized Authorization

• Maintains a single database for authorizing network resources or applications.

Computer Fraud and Abuse Act

• States that unauthorized access and excessive access to protected computer systems for information theft is illegal.

Capability Maturity Model Integration (CMMI)

• Process model guiding organizations to promote behaviors that improve performance.

Change Management Policy

• Helps minimize service disruptions while implementing changes
• By following standard change procedures, within an organization

Compensating Controls

• Used when intended controls fail or are not applicable.

Clean-Agent Suppression System

• Inert gas or chemicals to control fires in the initial growth stage.

Combination Locks

• Combination of numbers and/or letters needed to open.

Concealed Weapon/Contraband Detection Devices

• Materials prohibited from entering the controlled environment (e.g., explosives, bombs, weapons)

Description

Test your knowledge on key concepts in network security, including advanced persistent threats, reconnaissance techniques, and the characteristics of various online threats. This quiz covers essential topics that are crucial for understanding modern cybersecurity challenges.