Fundamentals of Information Security: Cybersecurity CH8

Question 1

Choose which statement is wrong by applying your knowledge from the reading.
a. In a MAC cloning attack, a threat actor will discover a valid MAC address of a device connected to a switch, spoof that MAC address on his device, and send a packet onto the network.
b. The goal of an MITM attack is to either eavesdrop on the conversation or impersonate one or both of the parties.
c. A session ID is a unique number that a web browser assigns for the duration of that user’s visit.

Answer 1

c. A session ID is a unique number that a web browser assigns for the duration of that user’s visit.

Question 2

Choose which statement is wrong by applying your knowledge from the reading.
a. The Linux text file manipulation tool logger adds content to the syslog file.
b. The tools tracert (Windows) and traceroute (Linux) show the details about the path a packet takes from a computer or device to a destination.
c. Nessus is from Kali Linux

Answer 2

c. Nessus is from Kali Linux

Question 3

Choose which statement is wrong by applying your knowledge from the reading.
a. An electronic lock is a combination lock that uses buttons that must be pushed in the proper sequence to open the door.
b. A DMZ is also called a physical air gap.
c. A barricade is a short but sturdy vertical post that is used to as a vehicular traffic barricade to prevent a car from “ramming” into a secured area.

Answer 3

c. A barricade is a short but sturdy vertical post that is used to as a vehicular traffic barricade to prevent a car from “ramming” into a secured area.

Question 4

Which attack intercepts communications between a web browser and the underlying OS?
- Interception
- Man-in-the-browser (MITB)
- DIG
- ARP poisoning

Answer 4

Man-in-the-browser (MITB)

Question 5

Calix was asked to protect a system from a potential attack on DNS. What are the locations he would need to protect?
Web server buffer and host DNS server
Reply referrer and domain buffer
Web browser and browser add-on
Host table and external DNS server

Answer 5

Host table and external DNS server

Question 6

What is the result of an ARP poisoning attack?
The ARP cache is compromised.
Users cannot reach a DNS server.
MAC addresses are altered.
An internal DNS must be used instead of an external DNS.

Answer 6

The ARP cache is compromised.

Question 7

Deacon has observed that the switch is broadcasting all packets to all devices. He suspectsit is the result of an attack that has overflowed the switch MAC address table. Which type of attack is this?
MAC spoofing attack
MAC cloning attack
MAC flooding attack
MAC overflow attack

Answer 7

MAC flooding attack

Question 8

Tomaso is explaining to a colleague the different types of DNS attacks. Which DNS attack would only impact a single user?
DNS hijack attack
DNS poisoning attack
DNS overflow attack
DNS resource attack

Answer 8

DNS poisoning attack

Question 9

Proteus has been asked to secure endpoints that can be programmed and have an IP address so that they cannot be used in a DDoS attack. What is the name for this source of DDoS attack?
Network
Application
IoT
Operational Technology

Answer 9

Operational Technology

Question 10

Which of the following is NOT a reason that threat actors use PowerShell for attacks?
It cannot be detected by antimalware running on the computer.
It leaves behind no evidence on a hard drive.
It can be invoked prior to system boot.
Most applications flag it as a trusted application.

Answer 10

It can be invoked prior to system boot.

Question 11

What is the difference between a DoS and a DDoS attack?
DoS attacks are faster than DDoS attacks.
DoS attacks use fewer computers than DDoS attacks.
DoS attacks do not use DNS servers as DDoS attacks do.
DoS attacks use more memory than DDoS attacks.

Answer 11

DoS attacks use fewer computers than DDoS attacks.

Question 12

Which of the following is NOT true about VBA?
It is commonly used to create macros.
It is built into most Microsoft Office applications.
It is included in select non-Microsoft products.
It is being phased out and replaced by PowerShell.

Answer 12

It is being phased out and replaced by PowerShell.

Question 13

Which of the following is NOT a Microsoft defense against macros?
Protected View
Trusted documents
Trusted domain
Trusted location

Answer 13

Trusted domain

Question 14

Theo uses the Python programming language and does not want his code to contain vulnerabilities. Which of the following best practices would Theo NOT use?
Only use compiled and not interpreted Python code.
Use the latest version of Python.
Use caution when formatting strings.
Download only vetted libraries.

Answer 14

Only use compiled and not interpreted Python code.

Question 15

What is Bash?
The command-language interpreter for Linux/UNIX OSs
The open source scripting language that contains many vulnerabilities
A substitute for SSH
The underlying platform on which macOS is built

Answer 15

The command-language interpreter for Linux/UNIX OSs

Question 16

Gregory wants to look at the details about the path a packet takes from his Linux computer to another device. Which Linux command-line utility will he use?
tracepacket
trace
tracert
traceroute

Answer 16

traceroute

Question 17

Which utility sends custom TCP/IP packets?
curl
hping
shape
pingpacket

Answer 17

hping

Question 18

Which of the following is a third-party OS penetration testing tool?
theHarvester
scanless
Nessus
sn1per

Answer 18

sn1per

Question 19

Eros wants to change a configuration file on his Linux computer. He first wants to display the entire file contents. Which tool would he use?
head
show
display
cat

Answer 19

cat

Question 20

Which of the following is a tool for editing packets and then putting the packets back onto the network to observe their behavior?
Tcpreplay
Tcpdump
Wireshark
Packetdump

Answer 20

Tcpreplay

Question 21

Estevan has recommended that the organization hire and deploy two security guards in the control room to limit the effect if one of the guards has been compromised. What is Estevan proposing?
Dual observation protocol (DOP)
Compromise mitigation assessment (CMA)
Two-person integrity/control
Multiplayer recognition

Answer 21

Two-person integrity/control

Question 22

Which of the following sensors can detect an object that enters the sensor’s field?
Proximity
Field detection
IR verification
Object recognition

Answer 22

Proximity

Question 23

Which of the following does NOT describe an area that separates threat actors from defenders?
DMZ
Air gap
Secure area
Containment space

Answer 23

Containment space

Question 24

You are working as a cybersecurity administrator for your country’s government. You are asked to block certain websites in your country deemed critical of those in power. Which of the following methods should you use?
DDoS
MITM
Session replay
DNS poisoning

Answer 24

DNS poisoning

Question 25

You are a security expert asked to install physical security equipment in your enterprise. This device should ensure that employee devices are protected from unauthorized access when they are away. Which equipment should you install?
Faraday cage
Bollards
Vaults
Protected cable distribution

Answer 25

Vaults

Question 26

Which of the following best describes two-person integrity control?
Assigning two individuals as the head of the organization
Assigning two security guards to protect the building
Assigning two administrators to a single server
Allowing only two people to access specific resources at one time

Answer 26

Assigning two security guards to protect the building

Question 27

You are asked to create a certificate signing request for a website that your organization recently developed. Which of the following tools should you use?
OpenSSL
dnsenum
nslookup
theHarvester

Answer 27

OpenSSL

Question 28

You are assigned to hunt for traces of a dangerous DNS attack in a network. You need to capture DNS attacks that can compromise DNS replies to all devices in the network. What type of DNS attack should you look for?
DNS amplification attack
DNS poisoning
DNS botnet attack
DNS hijacking

Answer 28

DNS hijacking

Question 29

You submitted a network security review report for your organization. After an inspection, the report was returned for corrections with comments from the organizational head. The review report you sent was a pdf file, whereas the returned report was a Microsoft Word file. Word warns you that the file might not be safe to open. Which of the following actions should you take to prevent a possible macros attack?
Designate the file as a trusted document
Open the file in protected view
Delete the file permanently
Move the file to a trusted location

Answer 29

Open the file in protected view

Question 30

What is a session ID?
A session ID is a unique number that a web server assigns to a specific user for the duration of the user’s visit.
A session ID is a unique number that a web browser assigns to a specific user for the duration of the user’s visit.
A session ID is a unique number that an ISP assigns to a specific user for the duration of the user’s visit.
A session ID is a unique number that an administrator assigns to a specific user for the duration of the user’s visit.

Answer 30

A session ID is a unique number that a web server assigns to a specific user for the duration of the user’s visit.

Question 31

Which of the following tools has a graphical user interface (GUI)?
Wireshark
Traceroute
Tcpdump
Ping

Answer 31

Wireshark

Question 32

Which of the following best describes robot sentries?
Robot sentries are robots that have access to an enterprise’s secret data.
Robot sentries are robots that act as fire suppressors.
Robot sentries are robots that have an internal CCTV system installed.
Robot sentries are robots that have access to all the confidential data of an enterprise.

Answer 32

Robot sentries are robots that have an internal CCTV system installed.