Network Security Quiz

Questions and Answers

What is a primary characteristic of a Trojan horse in network security?

It exploits known vulnerabilities in a system.

It is contained in a seemingly legitimate executable program. (correct)

It replicates itself without user interaction.

It requires administrative privileges to be installed.

Which technique is frequently utilized in social engineering attacks?

Exploiting zero-day vulnerabilities in popular applications.

Designing malicious websites that mimic legitimate ones.

Sending fraudulent emails that appear to be from trusted sources. (correct)

Creating fake software updates to lure users.

What is one primary purpose of implementing VLANs on a network?

To enable unrestricted access to all users on the network.

To improve network speed by eliminating all broadcasts.

To allow separation of user traffic based on specific criteria. (correct)

To physically separate users based on their office locations.

In network security assessments, what type of test evaluates the risk posed by vulnerabilities?

Risk analysis

Which strategy in risk management aims to shift some risk to other parties?

Risk sharing

What is the function of a network tap?

To capture traffic for monitoring purposes.

For a SOC aiming for 99.999% uptime, how many minutes of downtime would be acceptable in a year?

5 minutes

Which risk management strategy involves reducing vulnerability?

Risk reduction

What is the maximum downtime allowed for a system with a goal of 99.999% uptime?

5.256 minutes per year

What is a primary advantage of using IMAP over POP for small organizations?

Emails remain stored on the server until manually deleted.

What is the main function of the Tor network?

To allow anonymous browsing.

Which statement accurately distinguishes between NetFlow and Wireshark?

NetFlow collects metadata about network flows; Wireshark captures entire packets.

Which of the following tools captures full data packets through a command-line interface?

tcpdump

What is one of the basic best practices for device hardening?

Disable USB auto-detection.

What does privilege escalation allow a threat actor to do?

Access sensitive information or control the system.

Which method can be employed for effective security monitoring against SSL encrypted traffic?

Deploy an SSL decryption device.

Study Notes

Trojan Horse in Network Security

• Malware is embedded in a legitimate-looking executable program, misleading users into executing it.

Social Engineering Technique

• Threat actors send fraudulent emails disguised as legitimate communications to trick recipients into installing malware or divulging personal information.

Purpose of VLANs

• Virtual Local Area Networks (VLANs) separate user traffic based on role, project team, or application, independent of physical device locations.

Risk Analysis in Security Assessments

• Focuses on evaluating organizational vulnerabilities, the likelihood of attacks, potential threat actors, and the impact of successful exploits.

Risk Response Strategies

• Risk Avoidance: Cease activities creating risk.
• Risk Reduction: Implement measures to decrease vulnerability.
• Risk Sharing: Transfer part of the risk to other entities.
• Risk Retention: Accept the risk and its associated consequences.

Network Tap Functionality

• Captures and monitors network traffic by passively splitting and forwarding all data, including errors, to analysis tools.

Uptime Goal for SOC

• For a goal of 99.999% uptime, annual downtime can be no more than approximately 5.256 minutes.

IMAP Advantages for Small Organizations

• IMAP allows email messages to remain on the server, offering access to copies of messages and avoiding local storage limits, unlike POP which downloads and removes messages from the server.

Purpose of Tor

• Tor functions as a peer-to-peer network that enables anonymous browsing through a specialized browser.

NetFlow vs. Wireshark

• Wireshark captures complete packet data, while NetFlow collects metadata regarding network flow without capturing full packet contents.

Command-Line Packet Analyzer

• tcpdump is a CLI tool for packet analysis; Wireshark offers a GUI alternative.

Device Hardening Best Practices

• Implement physical security measures.
• Reduce installed software to essentials.
• Disable unnecessary services.
• Use SSH while disabling root logins.
• Keep systems updated.
• Disable USB auto-detection features.
• Enforce strong password policies, including periodic changes.
• Prevent users from reusing old passwords.
• Regularly review logs.

Privilege Escalation

• Exploitation of vulnerabilities grants elevated permissions, enabling unauthorized access to sensitive information or system controls.

Effective Monitoring of SSL Traffic

• Deploy security solutions capable of inspecting encrypted traffic, such as Cisco SSL decryption tools.

Description

Test your knowledge on key concepts in network security, including characteristics of Trojan horses and techniques used in social engineering attacks. This quiz also covers the purpose of implementing VLANs in a network. Enhance your understanding of cybersecurity fundamentals.