Network Vulnerabilities and Attacks

Questions and Answers

What is a back door in software typically created for?

• To increase security measures
• To allow unauthorized access (correct)
• To improve user interface
• To enhance device performance

What does privilege escalation allow an attacker to do?

• Improve system security protocols
• Increase network bandwidth
• Access public data only
• Gain unauthorized access to restricted resources (correct)

Which of the following is NOT a type of denial of service (DoS) attack?

• SYN flood
• Ping flood attack
• Smurf attack
• DNS poisoning (correct)

What category does a man-in-the-middle attack belong to?

Interception (B)

Which of the following describes a SYN flood attack?

It sends a large volume of TCP SYN packets to overwhelm a server. (D)

What is the primary characteristic of a Distributed Denial of Service (DDoS) attack?

It floods a device with requests from multiple compromised computers. (C)

What type of attack uses the ping utility to send numerous echo request messages?

Ping flood attack (C)

In a SYN flood attack, what is exploited during the connection establishment process?

TCP/IP 3-way handshake (D)

What is a key feature of the Smurf attack?

It involves spoofing the target's IP address. (A)

Which type of attack records transmitted data without altering it?

Passive man-in-the-middle attack (C)

What is the result of a replay attack?

The attacker captures and reuses previously valid transmission. (C)

How does a SYN flood attack affect a target device?

It prevents legitimate users from establishing connections due to resource exhaustion. (C)

What is a result of using zombie computers in DDoS attacks?

Widespread and uncontrollable traffic to the target. (B)

What is the main difference between active and passive attacks in the context of interception?

Active attacks change the contents of communications while passive attacks do not. (A)

What makes identifying and blocking the source of a DDoS attack extremely challenging?

The multitude of compromised devices utilized in the attack. (A)

What does ARP poisoning primarily alter in a network?

The MAC address stored in the ARP cache. (B)

Which of the following is NOT a method to prevent DNS poisoning?

Implementing stronger password policies. (D)

What is the main purpose of the Address Resolution Protocol (ARP)?

To map IP addresses to MAC addresses. (A)

What is a likely consequence of successfully executing an ARP poisoning attack?

Interception of data meant for another device. (A)

Which location is NOT typically involved in DNS poisoning?

Firewall settings. (B)

What type of attack can result from ARP poisoning?

Man-in-the-middle attack. (C)

Which of these commonly exploited vulnerabilities can lead to privilege escalation in a network?

Outdated software packages. (B)

What is a primary indication of DNS poisoning?

Redirection to unintended web pages. (C)

In the context of network security, what does a Denial of Service (DoS) attack aim to achieve?

Make network resources unavailable to users. (C)

What is one effective strategy to mitigate DNS poisoning?

Regularly update DNS software with security patches. (A)

What is a default account in a network device context?

An account created automatically by the device for setup (A)

Which of the following accurately describes a backdoor in a network device?

An unauthorized method of remote access to a device (A)

What is a common target for attackers in a network device?

Default accounts left active after setup (D)

Privilege escalation in networking refers to what?

Gaining unauthorized control of user permissions (A)

Which method can NOT be used to create a backdoor on a network device?

Manual creation by the manufacturer (C)

What is a significant risk of keeping default accounts active on network devices?

Vulnerability to unauthorized access (C)

Which of the following best describes the purpose of a default account?

To facilitate initial setup of the device (D)

What could be a major consequence of privilege escalation in a network?

Unauthorized access to sensitive information (B)

Flashcards are hidden until you start studying

Study Notes

Network Vulnerabilities

• Default accounts are created automatically by the device
• They are often used for initial setup and installation, but should be deleted after
• Back doors are accounts created secretly without administrator knowledge, allowing for remote access
• They can be created by infection or by a software programmer
• Privilege escalation exploits a vulnerability in a software to gain access to restricted resources

Network Attacks

• Denial of service (DoS) attacks consume network resources to prevent legitimate requests from being processed
• Interception includes man-in-the-middle that intercepts communication and forges a response, and replay attacks that capture and reuse a transmission
• Poisoning attacks alter lookup tables to redirect traffic, including ARP poisoning, which changes MAC address entries
• DNS poisoning alters DNS addresses to redirect computers to a different device

Denial of Service Attacks

• Ping flood, Smurf, and SYN flood are all DoS attack methods
• Ping flood attacks use ping utilty to send a large number of echo requests
• Smurf attacks send pings with a spoofed originating address to overwhelm targets
• SYN flood attacks exploit the TCP/IP 3-way handshake to prevent a connection

Distributed Denial of Service Attacks

• DDoS attacks utilize botnets to flood a device with requests
• They are difficult to block because of the vast number of sources

Interception Attacks

• Man-in-the-middle attacks can be active or passive, with passive recording data and active altering content
• Replay attacks capture transmissions and reuse them later

Poisoning Attacks

• ARP attacks alter the ARP table, allowing the attacker to intercept communication
• DNS poisoning can be used to redirect hosts to a rogue server
• DNS poisoning can be prevented by using the latest versions of BIND software