ITCS318 Long Quiz Reviewer PDF
Document Details
Uploaded by EnthralledMars
De La Salle University – Dasmariñas
Tags
Summary
This document is a quiz on cybersecurity topics. It covers various types of attacks, such as SQL injection, DDoS, and social engineering, and details important concepts like malware and firewalls. Key concepts of networks, security, and vulnerabilities are tested.
Full Transcript
ITCS318 – Long Quiz Reviewer organization take to find out if their What type of attack occurs when data systems have been compromised? goes beyond the memory areas Scan the systems for viruses allocated to an application? Look for pol...
ITCS318 – Long Quiz Reviewer organization take to find out if their What type of attack occurs when data systems have been compromised? goes beyond the memory areas Scan the systems for viruses allocated to an application? Look for policy changes in Event SQL injection Viewer RAM injection Look for unauthorized accounts RAM spoofing Look for usernames that do not Buffer overflow have passwords 2. Which of the following statements 6. What non-technical method could a describes a distributed denial of cybercriminal use to gather sensitive service (DDoS) attack? information from an organization? An attacker sends an enormous Man-in-the-middle quantity of data that a server Ransomware cannot handle Social engineering An attacker monitors network traffic Pharming to learn authentication credentials 7. A secretary receives a phone call One computer accepts data from someone claiming that their packets based on the MAC address manager is about to give an important of another computer presentation but the presentation files A botnet of zombies, coordinated are corrupted. The caller sternly asks by an attacker, overwhelms a that the secretary email the server with DoS attacks presentation right away to a personal 3. Employees in an organization report email address. The caller also states that the network access is slow. Further that the secretary is being held investigation reveals that one employee personally responsible for the success downloaded a third-party scanning of this presentation. What type of program for the printer. What type of social engineering tactic is the caller malware may have been introduced? using? Worm Trusted partners Trojan horse Familiarity Spam Intimidation Phishing Urgency 4. Employees in an organization report 8. All employees in an organization that they cannot access the customer receive an email stating that their database on the main server. Further account password will expire investigation reveals that the database immediately and that they should reset file is now encrypted. Shortly their password within five minutes. afterward, the organization receives a Which of the following statements best threatening email demanding payment describes this email? for the decryption of the database file. It is an impersonation attack What type of attack has the It is a piggyback attack organization experienced? It is a hoax DoS attack It is a DDoS attack Man-in-the-middle attack 9. Which best practices can help Ransomware defend against social engineering Trojan horse attacks? (Choose three.) 5. A penetration test carried out by an Deploy well-designed firewall organization identified a backdoor on appliances the network. What action should the Add more security guards Educate employees regarding overclocking the mesh network security policies which connects the data center Enable a policy that states that the servers IT department should supply adding outdated security software information over the phone only to to a virtual machine to gain access managers to a data center server Do not provide password resets in using processors from multiple a chat window computers to increase data Resist the urge to click on processing power enticing web links 3. Which statement accurately 10. What do you call an impersonation characterizes the evolution of threats attack that takes advantage of a trusted to network security? relationship between two systems? Internal threats can cause even Sniffing greater damage than external Spamming threats. Spoofing Internet architects planned for Man-in-the-middle network security from the 11. A cybercriminal sends a series of beginning. maliciously formatted packets to a Early Internet users often engaged database server, which causes the in activities that would harm other server to crash. What do you call this users. type of attack? Threats have become less Packet injection sophisticated while the technical SQL injection knowledge needed by an attacker DoS has grown. Man-in-the-middle 4. When considering network security, 12. The awareness and identification of what is the most valuable asset of an vulnerabilities is a critical function of a organization? cybersecurity specialist. Which of the customers following resources can they use to data identify specific details about financial resources vulnerabilities? personnel NIST/NICE framework 5. Which resource is affected due to ISO/IEC 27000 model weak security settings for a device CVE national database owned by the company, but housed in Infragard another location? cloud storage device Which security measure is typically hard copy found both inside and outside a data removable media center facility? social networking a gate 6. In the video that describes the exit sensors anatomy of an attack, a threat actor security traps was able to gain access through a biometrics access network device, download data, and continuous video surveillance destroy it. Which flaw allowed the 2. What is hyperjacking? threat actor to do this? taking over a virtual machine open ports on the firewall hypervisor as part of a data center lack of a strong password policy attack a flat network with no subnets or VLANs improper physical security to gain ASA firewall4 access to the building 1. Which field in an IPv6 packet is used 7. Refer to the exhibit. An IT security by the router to determine if a packet manager is planning security updates has expired and should be dropped? on this particular network. Which type TTL of network is displayed in the exhibit Hop Limit and is being considered for updates? Address Unreachable No Route to Destination 2. An attacker is using a laptop as a rogue access point to capture all network traffic from a targeted user. Which type of attack is this? trust exploitation buffer overflow man in the middle port redirection 3. Which field in the IPv4 header is used to prevent a packet from traversing a network endlessly? CAN Time-to-Live WAN Sequence Number SOHO Acknowledgment Number data center Differentiated Services 8. What are two security features 4. What is involved in an IP address commonly found in a WAN design? spoofing attack? (Choose two.) A legitimate network IP address is port security on all user-facing ports hijacked by a rogue node. VPNs used by mobile workers A rogue node replies to an ARP between sites request with its own MAC address firewalls protecting the main and indicated for the target IP address. remote sites A rogue DHCP server provides false WPA2 for data encryption of all data IP configuration parameters to between sites legitimate DHCP clients. outside perimeter security Bogus DHCPDISCOVER messages including continuous video are sent to consume all the surveillance available IP addresses on a DHCP 9. Which security technology is server. commonly used by a teleworker when 5. Which type of attack involves the accessing resources on the main unauthorized discovery and mapping of corporate office network? network systems and services? IPS reconnaissance VPN DoS SecureX access biometric access trust exploitation 10. Which technology is used to secure, 6. In which TCP attack is the monitor, and manage mobile devices? cybercriminal attempting to overwhelm MDM a target host with half-open TCP VPN connections? rootkit reset attack port scan attack ICMP router discovery SYN flood attack ICMP mask reply session hijacking attack ICMP redirects 7. How is optional network layer 12. Users in a company have information carried by IPv6 packets? complained about network inside an options field that is part of performance. After investigation, the IT the IPv6 packet header staff has determined that an attacker inside the Flow Label field has used a specific technique that inside an extension header affects the TCP three-way handshake. attached to the main IPv6 packet Wha is the name of this type of network header attack? inside the payload carried by the SYN flood IPv6 packet DDoS 8. A threat actor wants to interrupt a DNS poisoning normal TCP communication between session hijacking two hosts by sending a spoofed packet 1. Which action best describes a MAC to both endpoints. Which TCP option bit address spoofing attack? would the threat actor set in the altering the MAC address of an spoofed packet? attacking host to match that of a ACK legitimate host FIN bombarding a switch with fake RST source MAC addresses SYN forcing the election of a rogue root 9. A threat actor uses a program to bridge launch an attack by sending a flood of flooding the LAN with excessive UDP packets to a server on the traffic network. The program sweeps through 2. What is an objective of a DHCP all of the known ports trying to find spoofing attack? closed ports. It causes the server to to gain illegal access to a DHCP reply with an ICMP port unreachable server and modify its configuration message and is similar to a DoS attack. to attack a DHCP server and make Which two programs could be used by it unable to provide valid IP the threat actor to launch the attack? addresses to DHCP clients (Choose two.) to intercept DHCP messages and ping alter the information before sending Smurf to DHCP clients WireShark to provide false DNS server UDP Unicorn addresses to DHCP clients so that Low Orbit Ion Cannon visits to a legitimate web server 10. Which term describes a field in the are directed to a fake server IPv4 packet header used to detect 3. What is the primary means for corruption in the IPv4 header? mitigating virus and Trojan horse header checksum attacks? source IPv4 address antivirus software protocol encryption TTL anti-sniffer software 11. What kind of ICMP message can be blocking ICMP echo and echo- used by threat actors to map an replies internal IP network? 4. What method can be used to mitigate ICMP echo request ping sweeps? blocking ICMP echo and echo- Python replies at the network edge C++ deploying antisniffer software on all Java network devices SQL using encrypted or hashed 11. Which two attacks target web authentication protocols servers through exploiting possible installing antivirus software on vulnerabilities of input functions used hosts by an application? (Choose two.) 5. What worm mitigation phase involves SQL injection actively disinfecting infected systems? port scanning quarantine port redirection inoculation trust exploitation treatment cross-site scripting containment 12. In which type of attack is falsified 6. What is the result of a DHCP information used to redirect users to starvation attack? malicious Internet sites? Legitimate clients are unable to DNS cache poisoning lease IP addresses. ARP cache poisoning Clients receive IP address DNS amplification and reflection assignments from a rogue DHCP domain generation server. 13. What is a characteristic of a DNS The attacker provides incorrect amplification and reflection attack? DNS and default gateway Threat actors use DNS open information to clients. resolvers to increase the volume The IP addresses assigned to of attacks and to hide the true legitimate clients are hijacked. source of an attack. 7. Which term is used for bulk Threat actors use a DoS attack that advertising emails flooded to as many consumes the resources of the end users as possible? DNS open resolvers. Phishing Threat actors hide their phishing Brute force and malware delivery sites behind a Spam quickly-changing network of Adware compromised DNS hosts. 8. Which type of DNS attack involves Threat actors use malware to the cybercriminal compromising a randomly generate domain names parent domain and creating multiple to act as rendezvous points. subdomains to be used during the 1. City Center Hospital provides WLAN attacks? connectivity to its employees. The cache poisoning security policy requires that amplification and reflection communication between employee tunneling mobile devices and the access points shadowing must be encrypted. What is the 9. Which protocol would be the target purpose of this requirement? of a cushioning attack? to ensure that users who connect to DNS an AP are employees of the hospital HTTP to prevent a computer virus on a ARP mobile device from infecting other DHCP devices 10. Which language is used to query a relational database? to prevent the contents of rogue access point intercepted messages from being cracking read 7. The company handbook states that to block denial of service attacks employees cannot have microwave originating on the Internet ovens in their offices. Instead, all 2. What is a feature that can be used by employees must use the microwave an administrator to prevent ovens located in the employee unauthorized users from connecting to cafeteria. What wireless security risk is a wireless access point? the company trying to avoid? software firewall interception of data MAC filtering accidental interference proxy server improperly configured devices WPA encryption rogue access points 3. What is an advantage of SSID 8. Which two roles are typically cloaking? performed by a wireless router that is Clients will have to manually used in a home or small business? identify the SSID to connect to (Choose two.) the network. access point SSIDs are very difficult to discover repeater because APs do not broadcast Ethernet switch them. RADIUS authentication server It is the best way to secure a WLAN controller wireless network. 9. What method of wireless It provides free Internet access in authentication is dependent on a public locations where knowing the RADIUS authentication server? SSID is of no concern. WEP 4. For which discovery mode will an AP WPA2 Enterprise generate the most traffic on a WLAN? WPA Personal active mode WPA2 Personal open mode 10. Which wireless encryption method mixed mode is the most secure? passive mode WPA2 with TKIP 5. At a local college, students are WPA2 with AES allowed to connect to the wireless WPA network without using a password. WEP Which mode is the access point using? 11. Which parameter is commonly used network to identify a wireless network name passive when a home wireless AP is being open configured? shared-key ad hoc 6. An employee connects wirelessly to ESS the company network using a cell BESS phone. The employee then configures SSID the cell phone to act as a wireless 12. Which wireless parameter refers to access point that will allow new the frequency bands used to transmit employees to connect to the company data to a wireless access point? network. Which type of security threat scanning mode best describes this situation? channel settings denial of service SSID spoofing security mode 13. Which device can control and 3. Which protocol provides manage a large number of corporate authentication, integrity, and APs? confidentiality services and is a type of router VPN? LWAP SP WLC IPsec switch MD5 14. A wireless engineer is comparing AES the deployment of a network using 4. What is a feature of the TACACS+ WPA2 versus WPA3 authentication. protocol? How is WPA3 authentication more It combines authentication and secure when deployed in an open authorization as one process. WLAN network in a newly built It encrypts the entire body of the company-owned cafe shop? packet for more secure WPA3 uses DPP to securely communications. onboard available IoT devices It hides passwords during WPA3 prevents brute force attacks transmission using PAP and sends by using SAE the rest of the packet in plaintext. WPA3 requires the use of a 192-bit It utilizes UDP to provide more cryptographic suite efficient packet transfer. WPA3 uses OWE to encrypt 5. Which firewall feature is used to wireless traffic ensure that packets coming into a 1. What is the purpose of a personal network are legitimate responses to firewall on a computer? requests initiated from internal hosts? to protect the computer from packet filtering viruses and malware application filtering to increase the speed of the stateful packet inspection Internet connection URL filtering to protect the hardware against fire 6. Refer to the exhibit. The network “A” hazard contains multiple corporate servers to filter the traffic that is moving that are accessed by hosts from the in and out of the PC Internet for information about the 2. What is the main difference between corporation. What term is used to the implementation of IDS and IPS describe the network marked as “A”? devices? An IDS can negatively impact the packet flow, whereas an IPS can not. An IDS uses signature-based technology to detect malicious packets, whereas an IPS uses profile-based technology. internal network An IDS would allow malicious perimeter security boundary traffic to pass before it is untrusted network addressed, whereas an IPS stops DMZ it immediately. 7. Which statement describes the An IDS needs to be deployed Cisco Cloud Web Security? together with a firewall device, It is a security appliance that whereas an IPS can replace a provides an all-in-one solution for firewall. securing and controlling web traffic. It is an advanced firewall solution to drops or forwards traffic based on guard web servers against security packet header information threats. filters IP traffic between bridged It is a secure web server specifically interfaces designed for cloud computing. uses signatures to detect patterns It is a cloud-based security in network traffic service to scan traffic for malware 12. What network monitoring and policy enforcement. technology enables a switch to copy 8. Which two statements are true about and forward traffic sent and received on NTP servers in an enterprise network? multiple interfaces out another (Choose two.) interface toward a network analysis There can only be one NTP server device? on an enterprise network. NetFlow NTP servers ensure an accurate network tap time stamp on logging and port mirroring debugging information. SNMP All NTP servers synchronize directly to a stratum 1 time source. NTP servers control the mean time between failures (MTBF) for key network devices. NTP servers at stratum 1 are directly connected to an authoritative time source. 9. How is a source IP address used in a standard ACL? It is the address to be used by a router to determine the best path to forward packets. It is used to determine the default gateway of the router that has the ACL applied. It is the criterion that is used to filter traffic. It is the address that is unknown, so the ACL must be placed on the interface closest to the source address. 10. Which network service allows administrators to monitor and manage network devices? SNMP NTP NetFlow syslog 11. What is a function of a proxy firewall? connects to remote servers on behalf of clients