CH19 - Course Quiz

Question 1

A basic ACL can be thought of as a stateful firewall?

True
False

Answer 1

False

Explanation:
ACL can be considered Stateless.

Question 2

Which type of malware looks or pretends to do one thing while, at the same time, doing something evil?

macro
rootkit
worm
Trojan

Answer 2

Trojan

Question 3

Which term refers to any form of potential attack against your Network?

threat
contingency
vulnerability
risk

Answer 3

threat

Question 4

Which type of firwall packet inspection examines each packet fresh, with no regard to the state of the packet’s relation to any other packet?

port
stateless
stateful
filtered

Answer 4

stateless

Question 5

Even with the best anti-malware tools, there are times when malware still manages to strike your computer?

True
False

Answer 5

True

Question 6

A group of computers under the control of one operator is called a zombie?

True
False

Answer 6

False

Question 7

Which term refers to the administrative account native to Linux?

supervisor
administrator
admin
root

Answer 7

root

Question 8

A Trojan can appear as a game, like poker?

True
False

Answer 8

True

Question 9

The first and last bastion of defense for an entire infrastructure’s security is at the individual ____________?

user accounts
hosts
ports
NICs

Answer 9

hosts

Question 10

Firewalls consider traffic as either ______________?

private or public
encrypted or unencrypted
inbound or outbound
persistent or non-persistent

Answer 10

inbound or outbound

Question 11

______________ can run on a single computer or within a virtual machine and can look like a simple network or a vast installation?

Demilitarized Zones
Honeynets
Posture Assessments
Access Control Lists

Answer 11

Honeynets

Question 12

A worm has to wait for someone to use a removable drive to replicate?

True
False

Answer 12

False

Question 13

What are the most common symptoms of malware on a compromised system?

general sluggishness and random crashes
dropping the Internet connection and intermittent blank screens
random messages and a blank screen
general sluggishness and random messages

Answer 13

general sluggishness and random crashes

Question 14

One of the first techniquest that malicious users try to probe hosts to identify any ___________ ports?

closed
blocked
locked
open

Answer 14

open

Question 15

Which type of firewall packet inspection is aware of the packet’s state, as it relates to other packets?

port
filtered
stateful
stateless

Answer 15

stateful

Question 16

Which term refers to a single computer under the control of an operator?

smurf attack
DDoS
zombie
phishing

Answer 16

zombie

Question 17

Honeynets can run on a single computer or within a virtual machine?

True
False

Answer 17

True

Question 18

Which type of attack is a form of social engineering?

denial of service
zombie
logic bomb
phishing

Answer 18

phishing

Question 19

Which type of malware replicates exclusively through Networks?

Trojan
rootkit
macro
worm

Answer 19

worm

Question 20

Which term refers to a program that monitors the types of Web Sites you frequent and uses that information to generate targeted advertisements, usually pop-up windows?

Trojan Horse
macro
Spyware
Adware

Answer 20

Adware

Explanation:
Key Word - “…to generate targeted advertisements”

Adware is a program that monitors the types of Web Sites you frequent and uses that information to generate targeted advertisements, usually pop-up windows.

Spyware is a function of any program that sends information about your system or your actions over the Internet. Browsing History, Keystrokes, Email Contacts, etc…

Question 21

A _____________ host is simply a machine that is fully exposed to the Internet?

external
stateless
bastion
open

Answer 21

bastion

Question 22

Trojan horses do NOT replicate?

True
False

Answer 22

True

Question 23

A deauthentication (deauth) attack is a form of ________________ attack?

RF emanation
DoS
DHCP Snooping
Social Engineering

Answer 23

DoS (Denial of Service)

Question 24

You can use a brute force attack to search for open ports?

True
False

Answer 24

True

Question 25

Which type of attack involves the attacker tapping into communications between two systems?

malware
phishing
leeching
on-path

Answer 25

on-path

Question 26

Cisco uses _________________ as one of its tools to implement network access control?

stateless inspection
botnets
persistent queries
posture assessment

Answer 26

posture assessment

Question 27

What series of standards developed by the US National Security Agency (NSA) defines how to shield symptoms and manifests in a number of different products, such as coverings for individual systems, wall coverings, and special window coating?

leeching
DMZ
HTTPS
TEMPEST

Answer 27

TEMPEST

Question 28

Social engineering attacks are considered an example of classic hacking?

True
False

Answer 28

False

Question 29

Some adware actually installs a virus when you click on the ad?

True
False

Answer 29

True

Question 30

Which term refers to a system with very high network output?

top talker
host
demilitarized zone
honeypot

Answer 30

top talker

Question 31

Viruses need human action to spread?

True
False

Answer 31

True

Question 32

ARP poisoning is a common method for ____________________ attacks?

phishing
DDoS
smurf
man-in-the-middle

Answer 32

man-in-the-middle

Question 33

Most legacy systems need to be regularly patched on a monthly basis?

True
False

Answer 33

False

Question 34

Anti-malware programs can operate as ___________________ that passively monitors a computer’s activity, checking for viruses only when certain events occur, such as a program executing or a file being downloaded?

Answer 34

virus shield

Question 35

In the context of a DDoS attack, a group of computers under the control of one operator is called a ______________?

Answer 35

botnet

Question 36

_________________ access calls for using a unique physical characteristic of a person to permit access to a controlled IT resource?

Answer 36

Biometric

Question 37

ACLs have a _________________ deny any, or will automatically deny any packets that don’t match a rule?

Answer 37

implicit

Question 38

ARP cache __________________ attacks target the ARP caches on hosts and MAC address tables on Switches?

Answer 38

poisoning

Question 39

A _____________ tries to intercept a valid computer session to get authentication information?

Answer 39

Session Hijacking

Explanation:
Keywords “….to get authentication information”
Session Hacking is a type of man-in-the-middle with the sole purpose of gaining Authentication Information.

Question 40

A ___________________ is an IT specific weakness, like a problem with hardware, software, or a configuration, that a threat takes advantage of to work?

Answer 40

vulnerability

Question 41

The aspect of a DoS Attack that focuses on sending small requests that trigger large responses reflected at your target is called _______________?

Answer 41

amplification

Question 42

____________________ inspection firewalls did not consider the state of a packet in relation to any other packets?

Answer 42

Stateless

Question 43

A _________________ functions at multiple layers of the OSI Model to tackle traffic no traditional firewall can filter alone?

Answer 43

next-generation firewall

Question 44

A ____________________ is the code pattern of a known virus?

Answer 44

signature

Question 45

When any form of malware makes you pay to get the malware to go away, we call that malware ______________?

Answer 45

ransomware

Question 46

The two jobs of a _________________ are to replicate and to activate?

Answer 46

virus

Question 47

A considerable percentage of attacks against your Network fall under the heading of ______________________ - the process of using or manipulating people inside the Networking environment to gain access to the network from the outside?

Answer 47

social engineering

Question 48

What should an administrator look for when researching unencrypted channels on a Network?

Answer 48

Using Telnet instead of SSH for Remote Terminal Connections.

Using HTTP instead of HTTPS on Web Sites

Using insecure remote desktops like VNC.

Using any insecure protocol in the clear. Run them through a VPN!

Question 49

Describe one drawback to physical door access controls?

Answer 49

The access is generally governed by something that is in the possession of someone who has authorization to enter a locked place, like a Key, Badge, Key Fob, or some other Physical Token. These items can be given or taken away, and if not reported in a timely fashion, a huge security gap exists.

Question 50

Compare Session Hijacking to a Man-in-the-Middle Attack?

Answer 50

Similar to Man-in-the-Middle Attacks, Session Hijacking tries to intercept valid computer sessions, but only for the purpose of trying to grab authentication information, NOT to listen in for any other additional information.

Question 51

Describe an on-path attack?

Answer 51

Know as Man-in-the-Middle Attack, where an attacker taps into communications between two systems, covertly intercepting traffic throught to only be between those systems, reading or in some cases even changing the data and then sending the data on.

Question 52

Describe Spyware?

Answer 52

The function of a program that sends information about your system or your actions on that system over the Internet, like browsing history, keystrokes, or even the contacts in your email among other things.

Question 53

Briefly define malware and identify several examples?

Answer 53

Describes any program or code that’s designed to do something on a system or network that you don’t want to happen.
Comes in many forms: Viruses, Worms, Macros, Trojan Horses, Rootkits, Adware, Spyware.

Question 54

Discuss how biometric access handles physical access control?

Answer 54

Calls for using a unique physical characteristic of a person to permit access to a controlled resource - Fingerprints, Facial Recognition, Voice Analyzers, Retinal Scanners, and others.

Question 55

Describe an Unintentional DoS Attack?

Answer 55

When a system is brought down unintentionally - simply a super busy Server, an organization’s infrastructure isn’t powerful enough to keep up with legitimate demand.

Question 56

Explain how a security guard can assist in physical security?

Answer 56

They get to know everyone’s faces.
They are there to protect assets and can lend a helping hand to the overloaded, but authorized, persons who needs in.
They are multipurpose in that they can secure building access, secure individual rooms/offices and perform facility patrols.

Question 57

Briefly describe a persistent agent used in posture assessment?

Answer 57

Persistent Agent is a small scanning program that, once installed on the computer, stays installed and runs everytime the computer boots up. They are composed of modules that perform a thorough inventory of each security-oriented element in the computer.

Question 58

Describe an Access Control List (ACL)?

Answer 58

It’s a clearly defined list of permissions that specifies what an authenticated user may perform on a shared resource.

Question 59

Define the term Services in the context of a Networked computer’s Operating System?

Answer 59

Services are programs running in the background of an Operating System.
They are the behind-the-scenes and do the grunt work that users don’t need to see or interact with, such as Wireless Network Clients and DHCP Clients, among many others.

Question 60

What type of Network Threats exist beyond Internet Attacks?

Answer 60

A threat can be a person sneaking into your offices and stealing passwords, or an ignorant employee deleting files they should not have access to in the first place. Natural disasters, like earthquakes, fires, floods, and crazed squirrels, are also threats.

Question 61

Briefly describe Protocol Abuse?

Answer 61

Anytime you do things with a Protocol that it wasn’t meant to do and that abuse ends up creating a Threat.