CH15 Network Attacks Flashcards
Which of the following types of attacks are usually used as part of a man-in-the-middle attack?
a. Brute force
b. Spoofing
c. DDOS
d. Tailgating
b. Spoofing
A man-in-the-middle attack (MITM) is an attack where the attacker secretly relays and possibly alters the communications between two parties who believe they are directly communicating with each other.
One example of a MITM attack is active eavesdropping, in which the attacker makes independent connections with the victims and relays messages between them to make them believe they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all relevant messages passing between them.
TCP: 80
TCP: 110
TCP: 443
TCP: 1433
TCP: 3306
Based on these scan results, which of the following services are NOT currently operating?
a. Web
b. Database
c. SSH
d. RDH
c. SSH
Based on the port numbers shown as open in the nmap scan results, SSH is not currently operating.
SSH operates over port 22.
Web servers use port 80 for HTTP and 443 for HTTPS.
Database servers run on port 1433 (Microsoft SQL) or 3306 (MySQL).
Remote Desktop Protocol runs on port 3389.
Richard attempted to visit a website and received a DNS response from the DNS cache server pointing to the wrong IP address. Which of the following attacks has occurred?
a. DNS brute forcing
b. ARP spoofing
c. DNS poisoning
d. MAC spoofing
c. DNS poisoning.
DNS poisoning (also known as DNS cache poisoning or DNS spoofing) is a type of attack which uses security gaps in the Domain Name System (DNS) protocol to redirect internet traffic to malicious websites.
(Sample Simulation – On the real exam for this type of question, you would have to rearrange the steps into the proper order by dragging and dropping them into place.)
53 TFTP
69 SMTP
25 HTTP
80 DNS
a. 53, 69, 25, 80
b. 80, 53, 69, 25
c. 69, 25, 80, 53
d. 25, 80, 53, 69
c. 69, 25, 80, 53
OBJ-3.1: For the exam, you need to know your ports and protocols. The Trivial File Transfer Protocol (TFTP) uses port 69. The Simple Mail Transfer Protocol (SMTP) uses port 25. The Hypertext Transfer Protocol (HTTP) uses port 80. The Domain Name Service (DNS) protocol uses port 53.
You suspect that your server has been the victim of a web-based attack. Which of the following ports would most likely be seen in the logs to indicate the attack’s target?
a. 443
b. 3389
c. 21
d. 389
a. 443
OBJ-3.1: Web-based attacks would likely appear on port 80 (HTTP) or port 443 (HTTPS). An attack against Active Directory is likely to be observed on port 389 LDAP. An attack on an FTP server is likely to be observed on port 21 (FTP). An attack using the remote desktop protocol would be observed on port 3389 (RDP).