Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Network Admin II > 19) Applying Network Hardening Techniques > Flashcards

19) Applying Network Hardening Techniques Flashcards

1
Q

A department head contacts a cyber consultant declaring that the team is locked out and cannot conduct any activity. While working on the system, the consultant notices a demand for money, or the department will never get their data back. What is this type of attack called?

A. DRDoS
B. DDoS
C. Trojan
D. Ransomware

A

D. Ransomware

Ransomware is malware that extorts money from victims. One class displays threatening messages, requiring Windows be reactivated or suggesting police locked the computer for illegal activity.

A more powerful TCP SYN flood attack is distributed reflection DoS (DRDoS) or amplification attack. The adversary spoofs an IP address and opens connections with multiple servers directing their SYN/ACK responses to the victim server.

A distributed denial of service (DDoS) attack is launched simultaneously by multiple hosts. Some attacks aim to consume network bandwidth. Others cause resource exhaustion on the hosts’ processing requests.

A trojan is a malware concealed within an installer package for software that appears to be legitimate. A trojan does not seek consent for installation and operates secretly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A cyber security technician speaks with a department that has voiced concern regarding tech issues. The technician discovered that the employee had received an email containing an attachment from an outside party. Curious about what the document contained, the employee clicked on the link. The next day, the employee noticed that some of the software was not working correctly, and some important documents were no longer accessible. What was likely the cause of this issue?

A. On-path attack
B. DNS Poisoning
C. Malware
D. DDoS

A

C. Malware

Many of the intrusion attempts perpetrated against computer networks depend on malicious software or malware. Malware can be defined simply as software that does something bad from the perspective of the system owner.

An on-path attack is a specific spoofing attack where a threat actor compromises the connection between two hosts and transparently intercepts and relays all communications between them.

DNS poisoning is an attack that compromises the name resolution process.

A distributed DoS (DoS) attack is launched simultaneously by multiple hosts. Some types of DDoS attacks aim to consume network bandwidth, denying it to legitimate hosts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

An organization contacts the cyber security team and requests a feature to provide secure wireless network access. Select the appropriate answers that support this request. (Select all that apply.)

A. Preshared keys (PSKs)
B. Captive Portal
C. Geofencing
D. VLAN

A

A. Preshared keys (PSKs)
B. Captive Portal
C. Geofencing

Group authentication allows stations to connect to the network using a shared passphrase, which generates a preshared key (PSK).

A guest network might redirect stations to a secure web page to perform authentication. The user must authenticate to the page and meet other administrator-set requirements, such as accepting a use policy, before the station can use the network.

Geofencing can be used to ensure that the station is within a valid geographic area to access the network, such as ensuring the device is within a building rather than trying to access the WLAN from a car park or other external location.

The virtual LAN (VLAN) feature of managed Ethernet switches typically deploys to enforce segmentation policies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A cyber consultant is brought into a department to create security procedures and technologies designed to restrict network access at an end user device level. What is the consultant focusing on?

A. Firewall access control lists (ACLs)
B. Control plane policing
C. Endpoint security
D. Hardening

A

C. Endpoint security

Endpoint security is a set of security procedures and technologies designed to restrict network access at a device level.

A network technician configures firewall access control lists (ACLs) based on the principle of least access. This is the same as the principle of least privilege; only allow the minimum amount of traffic required to operate valid network services and no more.

A control plane policing policy mitigates the risk from route processor vulnerabilities. Such a policy can use ACLs to allow or deny control traffic from certain sources and apply rate-limiting if a source threatens to overwhelm the route processor.

Deploying systems in a secure configuration are known as device hardening.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A cyber security technician responds to a department experiencing degraded network bandwidth, and customers call the department saying they cannot visit the company website. What is likely causing the issue?

A. On-path attack
B. DNS Poisoning
C. Malware
D. Distributed DoS (DDoS)

A

D. Distributed DoS (DDoS)

A distributed DoS (DoS) attack is launched simultaneously by multiple hosts. Some types of DoS attacks aim to consume network bandwidth, denying it to legitimate hosts.

An on-path attack is a specific spoofing attack where a threat actor compromises the connection between two hosts and transparently intercepts and relays all communications between them.

DNS poisoning is an attack that compromises the name resolution process.

Many of the intrusion attempts perpetrated against computer networks depend on malicious software or malware. Malware can be defined simply as software that does something bad from the perspective of the system owner.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A cyber consultant needs to modify the company’s access control lists to minimize network traffic. During configuration, the consultant can use a command-line utility provided by many Linux distributions that allow administrators to edit the rules enforced by the Linux kernel firewall. What is the command-line utility used?

A. iptables
B. ipconfig
C. nmap
D. tcpdump

A

A. ip tables

iptables is a command-line utility provided by many Linux distributions that allow administrators to edit the rules enforced by the Linux kernel firewall. Iptables works with the firewall chains, which apply to the different types of traffic passing through the system.

ipconfig is a tool used to gather information about the IP configuration of a Windows host.

Nmap is an ideal tool for scanning remote hosts to discover which ports they have open and the applications or services running them. It does not capture data packets.

The tcpdump command-line utility is a common packet analyzer used to display the contents of the .pcap file.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A cyber technician needs to draft a policy for the organization to mitigate the risk from route processor vulnerabilities. What is the name of this type of policy?

A. Firewall access control lists (ACLs)
B. Control plane policing
C. Endpoint security
D. Hardening

A

B. Control plane policing

A control plane policing policy mitigates the risk from route processor vulnerabilities. Such a policy can use ACLs to allow or deny control traffic from certain sources and apply rate-limiting if a source threatens to overwhelm the route processor.

A network technician configures firewall access control lists (ACLs) based on the principle of least access. This is the same as the principle of least privilege; only allow the minimum amount of traffic required to operate valid network services and no more.

Endpoint security is a set of security procedures and technologies designed to restrict network access at a device level.

Deploying systems in a secure configuration are known as device hardening.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A cyber security technician is requested to investigate a matter in which several customers have lodged complaints about computer issues after visiting the company site. Upon closer observation, the technician discovers that an unknown IP address replaced the valid IP address. What type of attack occurred in this incident?

A. On-path attack
B. DNS Poisoning
C. Malware
D. Distributed DoS (DDoS)

A

B. DNS Poisoning

DNS poisoning is an attack that compromises the name resolution process.

An on-path attack is a specific spoofing attack where a threat actor compromises the connection between two hosts and transparently intercepts and relays all communications between them.

Many of the intrusion attempts perpetrated against computer networks depend on the use of malicious software or malware. Malware can be defined simply as software that does something bad from the perspective of the system owner.

A distributed DoS (DDoS) attack is launched simultaneously by multiple hosts. Some types of DDoS attacks aim to consume network bandwidth, denying it to legitimate hosts. Others cause resource exhaustion on the hosts processing requests, consuming CPU cycles and memory.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

During a routine investigation of the network, the cyber specialist identifies that an on-path attack has compromised the network. What is another name for this type of attack?

A. MitM
B. DDoS
C. VLAN Hopping
D. DNS Poisoning

A

A. MitM - “Man-in-the-Middle”

On-path attacks are also called “Man-in-the-Middle (MitM)” attacks.

A distributed denial of service (DDoS) attack is launched simultaneously by multiple hosts. Some types of DDoS attacks aim to consume network bandwidth, denying it legitimate hosts. Others cause resource exhaustion on the hosts processing requests, consuming CPU cycles and memory.

VLAN hopping is an attack designed to send traffic to a VLAN other than the one the host system is in.

DNS poisoning is an attack that compromises the name resolution process. The attacker replaces a valid IP address for a trusted website, such as mybank.example, with the attacker’s IP address. The attacker then intercepts the packets directed to mybank.example, and bounces them to the real site, leaving the victim unaware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A network technician needs to strengthen the security of the company network by minimizing the amount of traffic required for the operation of the valid network services, and no additional access to be permitted. What is the technician placing into the network?

A. Firewall access control lists (ACLs)
B. Control plane policing
C. Endpoint security
D. Hardening

A

A. Firewall access control lists (ACLs)

A network technician configures firewall access control lists (ACLs) based on the principle of least access. This is the same as the principle of least privilege; only allow the minimum amount of traffic required to operate valid network services and no more.

A control plane policing policy mitigates the risk from route processor vulnerabilities. Such a policy can use ACLs to allow or deny control traffic from certain sources and apply rate-limiting if a source threatens to overwhelm the route processor.

Endpoint security is a set of security procedures and technologies designed to restrict network access at a device level.

Deploying systems in a secure configuration are known as device hardening.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Network Admin II (16 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions