1.4 Analyze potential indicators associated with network attacks

Question 1

Used to detect the presence of a wireless network.

Answer 1

Wireless scanner/cracker

Question 2

An attack in which a hacker operates a false access point that will automatically clone, or twin, the identity of an access point based on a client device’s request to connect.

Answer 2

Evil twin attack

Question 3

May be planted by an employee for convenience, or it may be operated externally by an attacker.

Answer 3

Rogue access point

Question 4

The unauthorized accessing of data via a Bluetooth connection.

Answer 4

Bluesnarfing

Question 5

Grants an attacker remote control over the hardware and software of your devices over a Bluetooth connection.

Answer 5

Bluebugging

Question 6

The sending of unsolicited messages to Bluetooth capable devices without the permission of the owner/user.

Answer 6

Bluejacking

Question 7

Eavesdropping or packet capturing Bluetooth communications.

Answer 7

Bluesniffing

Question 8

A DoS attack against a Bluetooth device.

Answer 8

Bluesmacking

Question 9

A type of wireless management frame that can be used in wireless attacks, including discovering hidden SSIDs, causing a DoS, hijacking sessions, and on-path.

Answer 9

Disassociation

Question 10

The transmission of radio signals to prevent reliable communications by decreasing the effective signal-to-noise ratio.

Answer 10

Jamming

Question 11

A tracking technology based on the ability to power a radio transmitter using current generated in an antenna when placed in a magnetic field.

Answer 11

Radio frequency identification

Question 12

A standard to establish radio communications between devices in close proximity. It is commonly employed for contactless payments.

Answer 12

Near field communication (NFC)

Question 13

A mathematical and cryptographic term for a random number.

Answer 13

Initialization vector (IV)

Question 14

A communications eavesdropping attack. Attackers position themselves in the communication stream between a client and server.

Answer 14

On-path attack

Question 15

When the malware is operating on the victim’s system.

Answer 15

Browser on-path attack

Question 16

A form of attack in which malicious content is submitted to a vulnerable application, typically a web browser or web server, under the guise of a valid HTML/HTTP header value.
(

Answer 16

HTTP Header manipulation

Question 17

The act of falsifying the IP-to-MAC address resolution system employed by TCP/IP.

Answer 17

ARP poisoning

Question 18

Uses a flooding attack to compromise a switch so that the switch gets stuck into flooding all network communications.

Answer 18

MAC flooding

Question 19

Used to impersonate another system, often a valid or authorized network device to bypass port security or MAC filtering limitation.

Answer 19

MAC cloning/spoofing

Question 20

The falsification of the source address of network packets. As a result, victims are unable to locate the true attackers or initiators of a communication. Also, the attacker may use this against the source address to redirect packet responses, replies, and echoes to some other system.

Answer 20

IP spoofing

Question 21

the hierarchical naming scheme used in both public and private networks. This links human-friendly fully qualified domain names (FQDNs) and IP addresses together.

Answer 21

Domain name system (DNS)

Question 22

The malicious action of changing the registration of a domain name without the authorization of the valid owner.

Answer 22

Domain hijacking

Question 23

The act of falsifying the DNS information used by a client to reach a desired system.

Answer 23

DNS poisoning

Question 24

Is a means to make a web page available through multiple URL addresses or domain names a.k.a. URL forwarding.

Answer 24

URL redirection

Question 25

A scoring system that can be used to determine whether your communications or your site is more likely legitimate or more likely malicious or fraudulent. Sometimes this is called a sender score, especially when it is focusing on email.

Answer 25

Domain reputation

Question 26

A form of attack that has the primary goal of preventing the victimized system from performing legitimate activity or responding to legitimate traffic.

Answer 26

Denial of service (DoS)

Question 27

Attacks are waged by first compromising or infiltrating one or more intermediary systems (i.e., bots) that serve as a launch points or attack platforms.

Answer 27

Distributed denial of service (DDoS)

Question 28

Employs an amplification or bounce network that is an unwilling or unknowing participant that is unfortunately able to receive broadcast messages and create message responses, echoes , or bounces.

Answer 28

Distributed reflective denial-of-service (DRDoS)

Question 29

This DRDoS attack uses ICMP echo reply packets (ping packets).

Answer 29

Smurf attack

Question 30

This DRDoS uses UDP packets.

Answer 30

Fraggle attack

Question 31

This DoS attack exploits the TCP three way handshake and results in resource exhaustion.

Answer 31

SYN flood

Question 32

The attacker sends fragments to a victim that when re-assembled result in an oversized ping packet causing a buffer overflow.

Answer 32

Ping of death

Question 33

Uses the Xmas scan to perform a DoS.

Answer 33

Xmas attack

Question 34

A partial transmission of fragmented packets causing the target to consume system resources holding onto incomplete reassembles.

Answer 34

Teardrop attack

Question 35

A SYN flood attack where the source and destination address are both said to be victims address, which causes a logical error.

Answer 35

Land attack

Question 36

An attack where the amount of work or traffic generated by an attacker is multiplied to DoS the victim.

Answer 36

Amplification attacks

Question 37

Administrators need to analyze and the site for the potential indicators that are associated with Netwerk attacks that may have been caused by malicious code or malicious script execution.

Answer 37

Malicious code or script execution

Question 38

Both a scripting language as well as a commandline shell for Microsoft Windows. PowerShell can be used to write malicious scripts.

Answer 38

Powershell

Question 39

A scripting programming language that is popular. Python can be used to write malicious scripts.

Answer 39

Python

Question 40

A command shell and a scripting language. Bash can be used to write malicious scripts.

Answer 40

Bash

Question 41

A program or script written in a language that is embedded into specific files. These can be a powerful tool for automating tasks, but they can also be employed for malicious purposes.

Answer 41

Macros

Question 42

A powerful programming language that is built into productivity documents. It is the primary language that Office macros are written in.

Answer 42

Visual Basic for Applications