Chapter 4: Network Connectivity

Question 1

In which attack does the attacker send a TCP packet with all flags set, which is never used in routing communication?

Answer 1

XMAS attack

Question 2

In which attack does the attacker send a routine packet to a network service, such as a connection request, and see what information is returned. The goal is to see the software and protocol versions supported, along with other information?

Answer 2

Banner grabbing

Question 3

Which spoofing technique alters the source IP address which is often used to impersonate another device on the network?

Answer 3

IP Spoofing

Question 4

Which spoofing technique alters the MAC address, sometimes to impersonate a specific device, and is only useful on the local network?

Answer 4

MAC Spoofing

Question 5

Which MAC spoofing attack alters the MAC address to specifically impersonate another device and is only useful on the local network?

Answer 5

MAC cloning

Question 6

Which MAC spoofing attack is used to compromise a switch by overwriting it’s MAC table cache. It involves spoofing many source MAC addresses?

Answer 6

MAC flooding

Question 7

Which spoofing attack is often used in phishing attacks?

Answer 7

E-mail spoofing

Question 8

Which spoofing attack is common in vishing attacks?

Answer 8

Caller ID spoofing

Question 9

Which redirection attack uses spoofed ARP messages to alter the ARP cache of a target host or switch, associating a given IP address with a physical device of the attackers choice? It only works on local network segments.

Answer 9

ARP poisoning

Question 10

Which redirection attack compromises or impersonates a DNS server to modify the DNS cache of a target host or DNS server? Typically used to associate a legitimate host or domain name with an IP address of the attacker’s choice.

Answer 10

DNS poisoning

Question 11

Which redirection attack uses compromised or insecure pages manipulated by an attacker which can redirect users to malicious sites? These attacks are usually accomplished with malicious server-side scripts.

Answer 11

URL redirection

Question 12

In which DNS poisoning attack does the attacker redirect traffic for a legitimate website to a malicious imitator. Like phishing, the attacker uses the site to distribute malware or harvest sensitive information.

Answer 12

Pharming

Question 13

In which redirection attack does the attacker quickly re-register an expired domain

Answer 13

Domain hijacking

Question 14

In which redirection attack does the attack compromise the VLAN protocol to allow the attacker to divert traffic across VLANs?

Answer 14

VLAN hopping

Question 15

Which 2 packet types causes a DoS by confusing a host and causing undesired behavior?

Answer 15

oversized packets and malformed packets

Question 16

Which DoS variant abuses the TCP connection by sending a constant stream of SYN packets used to open connections, but never responds?

Answer 16

SYN flood

Question 17

Which password cracking technique tries every possible password in order until the right one is found?

Answer 17

Brute force

Question 18

Which password cracking technique uses lists such as dictionaries or common passwords?

Answer 18

Dictionary attacks

Question 19

Which password cracking technique targets many different usernames on the same system at one time using common passwords?

Answer 19

Password spraying

Question 20

Which dictionary attack is based on stolen usernames and password pairs from another compromised system?

Answer 20

Credential stuffing

Question 21

Which hash cracking technique exploits hash collisions in weaker hashing and digital signature algorithms?

Answer 21

Birthday attacks

Question 22

Which hash cracking tool uses a pre-computed table?

Answer 22

Rainbow table

Question 23

Which hash cracking technique steals the hash and then presents the stolen hash to access resources?

Answer 23

Pass the hash

Question 24

Which On-path/MiTM attack intercepts data transmissions, especially those with authentication credentials or encryption key exchanges, then delays or resends them?

Answer 24

Replay attack

Question 25

Which On-path/MiTM attack is a replay attack targeting secure websites using a stolen session ID?

Answer 25

Session replay

Question 26

In which On-path/MiTM attack does the attacker take over the session immediately after the client logs in?

Answer 26

Session hijacking

Question 27

In which On-path/MiTM attack does the attacker communicate with client either on HTTP or HTTPS via a fraudulent certificate and then the attacker establishes an HTTPS connection to the server?

Answer 27

SSL stripping

Question 28

Which On-path/MiTM attack use an infected browser?

Answer 28

Browser based

Question 29

Which technique uses a wireless sniffer and searches an area for wireless hotspots?

Answer 29

Wireless reconnaissance

Question 30

In wireless attacks, when is PSK vulnerable?

Answer 30

when the password is weak

Question 31

Is WEP and WPS considered secure?

Answer 31

No

Question 32

WPA and WPA2 supports two encryption modes, TKIP and AES. Which of the two are considered secure?

Answer 32

AES

Question 33

Which attack has a rogue access point with the same SSID and security settings as the legitimate AP?

Answer 33

Evil Twin

Question 34

Which attack sends a packet with a spoofed address that de-authenticates a client from a Wi-Fi network? This can be used as a DoS, or as part of an Evil Twin attack.

Answer 34

Disassociation

Question 35

Which Bluetooth vulnerability involves sending unsolicited messages to a Bluetooth device?

Answer 35

Bluejacking

Question 36

Which Bluetooth vulnerability involves stealing or compromising data on a device, typically by pairing without the owner’s knowledge?

Answer 36

Bluesnarfing

Question 37

Which mobile technology is intended for payment and authentication systems at close range, an is therefore a target of attackers?

Answer 37

Near-Field Communication (NFC)

Question 38

Which technology has more range than NFC, and typically has fewer security features?

Answer 38

Radio Frequency Identification (RFID)

Question 39

Which switch security feature tracks MAC addresses against switch ports?

Answer 39

Port security

Question 40

Which switch security feature prevents rogue DHCP servers?

Answer 40

DHCP snooping

Question 41

Which switch security feature prevents loops by detecting and disabling redundant connections. Uses Spanning Tree Protocol (STP)?

Answer 41

Loop protection

Question 42

Which switch security feature prevents loops by disabling a port when it receives a bridge protocol data unit from another switch?

Answer 42

BPDU guard

Question 43

Which switch security feature disables STP on a specific port by preventing it from sending or receiving BPDUs?

Answer 43

BPDU filter

Question 44

Which switch security feature prevents a specific port from being selected as a root port?

Answer 44

Root guard

Question 45

Which switch security feature adds additional checks to loop prevention by preventing switching loops caused by unidirectional links.

Answer 45

Loop guard

Question 46

Which attack is prevented with a switch security feature that adds rate limiting features for broadcast or multicast traffic

Answer 46

Broadcast storm

Question 47

Which switch security feature protects against SYN floods and similar attacks by enforcing a rate limit on communications that shouldn’t be a significant part of network traffic.

Answer 47

Flood guard

Question 48

Which switch security feature is defined in IEEE 802.1AE and adds authentication and encryption to Layer 2 protocols over Ethernet such as ARP and DHCP? This can prevent many snooping, impersonation and DoS techniques.

Answer 48

MACsec

Question 49

Which filtering technique looks at each packet in isolation?

Answer 49

stateless filtering

Question 50

Which filtering technique inspects source and destination headers, and possibly some other TCP or UDP data, to determine whether the traffic is a new communication session or a continuation of an existing one? It keeps track of ongoing conversations in a state table.

Answer 50

Stateful filtering.

Also known as stateful packet inspection.

Question 51

Which filtering technique involve application firewalls that are context-aware or application-aware because they don’t only monitor traffic and sessions, but the context information is transmitted in and the applications being used?

Answer 51

Deep Packet Inspection (DPI)

Question 52

In which hardware attack an read ID cards and produce a working facsimile

Answer 52

Card cloning

Question 53

What devices attaches to ATMs, looking to an unwary user like a normal part of the machine. In truth, they
simply capture the user’s card information and PIN

Answer 53

Skimmer