Attacks

Question 1

While waiting in the lobby of your building for a guest, you notice a man in a red shirt standing close to a locked door with a large box in his hands. He waits for someone else to come along and open the locked door, then proceeds to follow her inside. What type of social engineering attack have you just witnessed?

Phishing

Boxing

Tailgating

Answer 1

Tailgating

Tailgating (or piggybacking) is the simple tactic of following closely behind a person who has just used their own access card, key, or PIN to gain physical access to a room or building. The large box clearly impedes the person in the red shirt’s ability to open the door, so they let someone else do it for them and follow them in

Question 2

A user reports seeing “odd certificate warnings” on her web browser this morning whenever she visits Google. Looking at her browser, you see certificate warnings. Looking at the network traffic, you see all HTTP and HTTPS requests from that system are being routed to the same IP regardless of destination. Which of the following attack types are you seeing in this case?

Phishing

Man-in-the-middle

Cryptolocker

Answer 2

Man-in-the-middle

This is most likely some type of man-in-the-middle attack. This attack method is usually done by routing all of the victim’s traffic to the attacker’s host, where the attacker can view it, modify it, or block it. The attacker inserts himself into the middle of his victim’s network communications

Question 3

Users are reporting the wireless network on one side of the building is broken. They can connect, but can’t seem to get to the Internet. While investigating, you notice all of the affected users are connecting to an access point you don’t recognize. These users have fallen victim to what type of attack?

Rogue AP

WPS

Bluejacking

Answer 3

Rogue AP

This is a rogue AP attack. Attackers set up their own access points in an attempt to get wireless devices to connect to the rogue AP instead of the authorized access points

Question 4

When an attacker captures network traffic and retransmits it at a later time, what type of attack are they attempting?

Denial of service attack

Replay attack

Bluejacking attack

Answer 4

Replay attack

A replay attack occurs when the attacker captures a portion of the communication between two parties and retransmits it at a later time. For example, an attacker might replay a series of commands and codes used in a financial transaction to cause the transaction to be conducted multiple times. Generally, replay attacks are associated with attempts to circumvent authentication mechanisms, such as the capturing and reuse of a certificate or ticket

Question 5

What type of attack involves an attacker putting a layer of code between an original device driver and the operating system?

Refactoring

Trojan horse

Shimming

Answer 5

Shimming

Shimming is the process of putting a layer of code between the device driver and the operating system

Question 6

A colleague asks you for advice on why he can’t log in to his Gmail account. Looking at his browser, you see he has typed www.gmal.com in the address bar. The screen looks very similar to the Gmail login screen. Your colleague has just fallen victim to what type of attack?

Rainbow table

Whale phishing

Typo squatting

Answer 6

Typo squatting

Typo squatting capitalizes on common typing errors, such as gmal instead of gmail. The attacker registers a domain very similar to the real domain and attempts to collect credentials or other sensitive information from unsuspecting users

Question 7

You’ve been asked to try and crack the password of a disgruntled user who was recently fired. Which of the following could help you crack that password in the least amount of time?

Rainbow tables

Brute force

Dictionary

Answer 7

Rainbow tables

Rainbow tables are precomputed tables or hash values associated with passwords. When used correctly in the right circumstances, they can dramatically reduce the amount of work needed to crack a given password

Question 8

You’re sitting at the airport when your friend gets a message on her phone. In the text is a picture of a duck with the word “Pwnd” as the caption. Your friend doesn’t know who sent the message. Your friend is a victim of what type of attack?

Snarfing

Bluejacking

Quacking

Answer 8

Bluejacking

This is most likely a bluejacking attack. If a victim’s phone has Bluetooth enabled and is in discoverable mode, it may be possible for an attacker to send unwanted texts, images, or audio to the victim’s phone

Question 9

All of the wireless users on the third floor of your building are reporting issues with the network. Every 15 minutes, their devices disconnect from the network. Within a minute or so they are able to reconnect. What type of attack is most likely underway in this situation?

Downgrade attack

Brute force attack

Disassociation attack

Answer 9

Disassociation attack

Disassociation attacks against a wireless system are attacks designed to disassociate a host from the wireless access point and from the wireless network. If the attacker has a list of MAC addresses for the wireless devices, they can spoof deauthentication frames, causing the wireless devices to disconnect from the network

Question 10

Your organization’s web server was just compromised despite being protected by a firewall and IPS. The web server is fully patched and properly configured according to industry best practices. The IPS logs show no unusual activity, but your network traffic logs show an unusual connection from an IP address belonging to a university. What type of attack is most likely occurring?

Cross-site scripting attack

Authority attack

Zero day attack

Answer 10

Zero day attack

If a “properly secured” and patched system is suddenly compromised, it is most likely the result of a zero day attack. A zero day attack is one that uses a vulnerability for which there is no previous knowledge outside of the attacker

Question 11

Your e-commerce site is crashing under an extremely high traffic volume. Looking at the traffic logs, you see tens of thousands of requests for the same URL coming from hundreds of different IP addresses around the world. What type of attack are you facing?

DoS

DDoS

DNS poisoning

Answer 11

DDoS

This is a DDoS attack. DDoS (or distributed denial of service) attacks attempt to overwhelm their targets with traffic from many different sources. Botnets are quite commonly used to launch DDoS attacks

Question 12

A user wants to know if the network is down, because she is unable to connect to anything. While troubleshooting, you notice the MAC address for her default gateway doesn’t match the MAC address of your organization’s router. What type of attack has been used against this user?

Consensus attack

ARP poisoning

Refactoring

Answer 12

ARP poisoning

ARP poisoning is an attack that involves sending spoofed ARP or RARP replies to a victim in an attempt to alter the ARP table on the victim’s system. If successful, an ARP poisoning attack will replace one of more MAC addresses in victim’s ARP table with the MAC address the attacker supplies in their spoofed responses

Question 13

A user in your organization contacts you to see if there’s any update to the “account compromise” that happened last week. When you ask him to explain what he means, the user tells you he received a phone call earlier in the week from your department and was asked to verify his userid and password. The user says he gave the caller his userid and password. This user has fallen victim to what specific type of attack?

Spear phishing

Vishing

Phishing

Answer 13

Vishing

Vishing is a social engineering attack that uses voice communication technology to obtain the information the attacker is seeking. Most often the attacker will call a victim and pretend to be someone else in an attempt to extract information from the victim

Question 14

Coming into your office, you overhear a conversation between two security guards. One guard is telling the other she caught several people digging through the trash behind the building early this morning. The security guard says the people claimed to be looking for aluminum cans, but only had a bag of papers—no cans. What type of attack has this security guard witnessed?

Spear phishing

Pharming

Dumpster diving

Answer 14

Dumpster diving

Dumpster diving is the process of going through a target’s trash in the hopes of finding valuable information such as user lists, directories, organization charts, network maps, passwords, and so on

Question 15

A user calls to report a problem with an application you support. The user says when she accidentally pasted an entire paragraph into an input field, the application crashed. You are able to consistently reproduce the results using the same method. What vulnerability might that user have accidentally discovered in that application?

Poison apple

Shoulder surfing

Buffer overflow

Answer 15

Buffer overflow

This user may have discovered a buffer overflow vulnerability in the application. A buffer overflow can occur when more input is supplied than the program is designed to process (for example, 150 characters supplied to a 10-character input field). If the application doesn’t reject the additional input, the extra characters can continue to fill up memory and overwrite other portions of the program, causing instability or undesirable results