CH15 Network Attacks Flashcards

1
Q

Which of the following types of attacks are usually used as part of a man-in-the-middle attack?

a. Brute force
b. Spoofing
c. DDOS
d. Tailgating

A

b. Spoofing

A man-in-the-middle attack (MITM) is an attack where the attacker secretly relays and possibly alters the communications between two parties who believe they are directly communicating with each other.

One example of a MITM attack is active eavesdropping, in which the attacker makes independent connections with the victims and relays messages between them to make them believe they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all relevant messages passing between them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

TCP: 80

TCP: 110

TCP: 443

TCP: 1433

TCP: 3306

Based on these scan results, which of the following services are NOT currently operating?

a. Web
b. Database
c. SSH
d. RDH

A

c. SSH

Based on the port numbers shown as open in the nmap scan results, SSH is not currently operating.

SSH operates over port 22.
Web servers use port 80 for HTTP and 443 for HTTPS.
Database servers run on port 1433 (Microsoft SQL) or 3306 (MySQL).
Remote Desktop Protocol runs on port 3389.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Richard attempted to visit a website and received a DNS response from the DNS cache server pointing to the wrong IP address. Which of the following attacks has occurred?

a. DNS brute forcing
b. ARP spoofing
c. DNS poisoning
d. MAC spoofing

A

c. DNS poisoning.

DNS poisoning (also known as DNS cache poisoning or DNS spoofing) is a type of attack which uses security gaps in the Domain Name System (DNS) protocol to redirect internet traffic to malicious websites.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

(Sample Simulation – On the real exam for this type of question, you would have to rearrange the steps into the proper order by dragging and dropping them into place.)

53 TFTP
69 SMTP
25 HTTP
80 DNS

a. 53, 69, 25, 80
b. 80, 53, 69, 25
c. 69, 25, 80, 53
d. 25, 80, 53, 69

A

c. 69, 25, 80, 53

OBJ-3.1: For the exam, you need to know your ports and protocols. The Trivial File Transfer Protocol (TFTP) uses port 69. The Simple Mail Transfer Protocol (SMTP) uses port 25. The Hypertext Transfer Protocol (HTTP) uses port 80. The Domain Name Service (DNS) protocol uses port 53.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

You suspect that your server has been the victim of a web-based attack. Which of the following ports would most likely be seen in the logs to indicate the attack’s target?

a. 443
b. 3389
c. 21
d. 389

A

a. 443

OBJ-3.1: Web-based attacks would likely appear on port 80 (HTTP) or port 443 (HTTPS). An attack against Active Directory is likely to be observed on port 389 LDAP. An attack on an FTP server is likely to be observed on port 21 (FTP). An attack using the remote desktop protocol would be observed on port 3389 (RDP).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly