Formative 9 Flashcards

1
Q

How do cybercriminals make use of a malicious iFrame?

The iFrame allows the browser to load a web page from another source.

The attacker embeds malicious content in business appropriate files.

The attacker redirects traffic to an incorrect DNS server.

The iFrame allows multiple DNS subdomains to be used.

A

The iFrame allows the browser to load a web page from another source.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

In which way does the use of HTTPS increase the security monitoring challenges within enterprise networks?

HTTPS traffic is much faster than HTTP traffic.

HTTPS traffic enables end-to-end encryption.

HTTPS traffic does not require authentication.

HTTPS traffic can carry a much larger data payload than HTTP can carry.

A

HTTPS traffic enables end-to-end encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which network service synchronizes the time across all devices on the network?

NTP

SNMP

NetFlow

syslog

A

NTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which type of server daemon accepts messages sent by network devices to create a collection of log entries?

SSH

NTP

syslog

AAA

A

syslog

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What port number would be used if a threat actor was using NTP to direct DDoS attacks?

25

69

123

443

A

123

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which protocol is used to send e-mail messages between two servers that are in different e-mail domains?

HTTP

POP3

SMTP

IMAP4

A

SMTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What type of server can threat actors use DNS to communicate with?

CnC

database

NTP

web

A

CnC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which type of server would support the SMTP, POP, and IMAP protocols?

DHCP

email

proxy

syslog

A

email

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What method allows VPN traffic to remain confidential?

authentication

encryption

verification

encapsulation

A

encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

To facilitate the troubleshooting process, which inbound ICMP message should be permitted on an outside interface?

echo request

echo reply

time-stamp request

time-stamp reply

router advertisement

A

echo reply

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which statement describes the function provided by the Tor network?

It distributes user packets through load balancing.

It allows users to browse the Internet anonymously.

It conceals packet contents by establishing end-to-end tunnels.

It manipulates packets by mapping IP addresses between two networks.

A

It allows users to browse the Internet anonymously.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How can NAT/PAT complicate network security monitoring if NetFlow is being used?

It changes the source of destination MAC addresses.

It conceals the contents of a packet by encrypting the data payload.

It disguises the application initiated by a user by manipulating port numbers.

It hides internal IP addresses by allowing them to share one or a few outside IP addresses.

A

It hides internal IP addresses by allowing them to share one or a few outside IP addresses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A cyberanalyst is reviewing an entry-point ACL. What three types of ICMP traffic should be allowed to access an internal network from the internet? (Choose three.)

request

reply

time exceeded

squelch

ping

destination
unreachable

A

reply

squelch

destination unreachable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A company decides to purchase a device capable of managing load balancing so that traffic will be distributed between their servers. What could be a potential problem using the new device on the network?

It will require the purchase of more servers so that existing servers are not overwhelmed.

The LBM probe messages may appear as suspicious traffic.

The traffic will require more bandwidth to send to multiple servers.
All links to redundant servers will require encrypted tunneling protocols.

It will cause extra traffic going to a server resource that is not available.

A

The LBM probe messages may appear as suspicious traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly