IT0201 REVIEWER Flashcards
What type of attack occurs when data goes beyond the memory areas allocated to application?
RAM spoofing
Buffer overflow
RAM injection
SQL injection
Buffer overflow
Which of the following statements describes a distributed denial of service (DDoS) attack?
A botnet of zombies, coordinated by an attacker, overwhelms a server with DoS attacks
An attacker sends an enormous quantity of data that a server cannot handle
An attacker monitors network traffic to learn authentication credentials
One computer accepts data packets based on the MAC address of another computer
A botnet of zombies, coordinated by an attackers, overwhelms a servers with DoS attacks
Employees in an organization report that the network access is slow. Further investigation reveals that one employee downloaded a third-party scanning program for the printer.
What type of malware may have been introduced?
Worm
Trojan horse
Phishing
Spam
Worm
Employees in an organization report that they cannot access the customer database on the main server. Further investigation reveals that the database file is now encrypted. Shortly afterward, the organization receives a threatening email demanding payment for the decryption of the database file.
What type of attack has the organization experienced?
Man-in-the-middle attack
Ransomware
Trojan horse
DoS attack
Ransomware
A penetration test carried out by an organization identified a backdoor on the network. What action should the organization take to find out if their systems have been compromised?
Look for unauthorized accounts
Scan the systems for viruses
Look for policy changes in Event Viewer
Look for usernames that do not have passwords
Look for unauthorized accounts
What non-technical method could a cybercriminal use to gather sensitive information from an organization?
Pharming
Social engineering
Ransomware
Man-in-the-middle
Social engineering
A secretary receives a phone call from someone claiming that their manager is about to give an important presentation but the presentation files are corrupted.
The caller sternly asks that the secretary email the presentation right away to a personal email address. The caller also states that the secretary is being held personally responsible for the success of this presentation.
What type of social engineering tactic is the caller using?
Familiarity
Trusted partners
Intimidation
Urgency
Intimidation
All employees in an organization receive an email stating that their account password will expire immediately and that they should reset their password within five minutes.
Which of the following statements best describes this email?
It is an impersonation attack
It is a piggyback attack
It is a hoax
It is a DDoS attack
It is a hoax
Which best practices can help defend against social engineering attacks?
Select three correct answers
Do not provide password resets in a chat window
Deploy well-designed firewall appliances
Resist the urge to click on enticing web links
Add more security guards
Educate employees regarding security policies
Enable a policy that states that the IT department should supply information over the phone only to managers
Do not provide password resets in a chat window
Resist the urge to click on enticing web links
Educate employees regarding security policies
What do you call an impersonation attack that takes advantage of a trusted relationship between two systems?
Spoofing
Man-in-the-middle
Spamming
Sniffing
Spoofing
A cybercriminal sends a series of maliciously formatted packets to a database server, which causes the server to crash.
What do you call this type of attack?
Packet injection
Man-in-the-middle
DoS
SQL injection
DoS
The awareness and identification of vulnerabilities is a critical function of a cybersecurity specialist. Which of the following resources can they use to identify specific details about vulnerabilities?
Infragard
NIST/NICE framework
ISO/IEC 27000 model
CVE national database
CVE national database
When considering network security, what is the most valuable asset of an organization?
financial resources
data
personnel
customers
data
Which resource is affected due to weak security setting for a device owned by the company, but housed in another location?
social networking
removable media
cloud storage device
hard copy
cloud storage device
Which Cisco group is responsible for investigating and mitigating potential vulnerabilities in Cisco products?
Cisco Talos Intelligence Group
Cisco Product Security Incident Response Team
Cybersecurity Infrastructure and Security Agency
National Cyber Security Alliance
Cisco Product Security Incident Response Team
What is an attack vector?
It refers to attacks carried out specifically by internal users.
It refers to a threat group that launches DDoS attacks.
It is a tool by which a threat actor uses to attack an organization.
It is a path by which a threat actor can gain access to a server, host, or network.
It is a path by which a threat actor can gain acccess to a server, host, or network.
Match the common data loss vectors to the description.
Improper Access -Control
Email/Social -Networking
Unencrypted -Devices
Removable Media -
An employee could perform an unauthorized transfer of data to a USB drive. In addition, a USB drive containing valuable corporate data could be lost.
Intercepted email or IM messages could be captured and reveal confidential information.
If the data is not stored using an encryption algorithm, then the thief can retrieve valuable confidential data from stolen corporate laptop.
Stolen passwords or weak passwords which have been compromised can provide an attacker easy access to corporate data.
Improper Access Control - Stolen passwords or weak passwords which have been compromised can provide an attacker easy access to corporate data.
Email/Social Networking - Intercepted email or IM messages could be captured and reveal confidential information.
Unencrypted Devices - If the data is not stored using an encryption algorithm, then the thief can retrieve valuable confidential data from stolen corporate laptop.
Removable Media - An employee could perform an unauthorized transfer of data to a USB drive. In addition, a USB drive containing valuable corporate data could be lost.
Which term in network security is used to describe a potential danger to an asset suc as data or the network itself?
Threat
Vulnerability
Risk
Exploit
Threat
Which statement describes the network security term attack surface?
It is the total sum of the vulnerabilities in each system that are accessible to an attacker.
It is the mechanism that is used to leverage a vulnerability to compromise an asset.
It is a weakness in a system or its design that could be exploited by a threat.
It is the likelihood that a particular threat will exploit a particular vulnerability of an asset and result in an undesirable consequence.
It is the total sum of the vulnerabilities in each system that are accessible to an attacker.
The IT department performs a thorough assessment of security posture for the company data center operation. The risk of potential loss or compromise of critical data is identified. In discussion with the magenement team, a decision is reached that the critical data should be replicated to a cloud service provider and further insured with an insurance company. Which risk management strategy is employed?
Risk avoidance
Risk tranfer
Risk reduction
Risk acceptance
Risk transfer
Match the type of hackers to the description.
piece them together
Gray Hat Hackers -
Black Hat Hackers -
White Hat Hackers -
They are ethical hackers who use their programming skills for good, ethical, and legal purposes. They may perform network penetration tests to compromise networks and system by using their knowledge of computer security systems to discover network vulnerabilities
They are individuals who commit crimes and do arguable unethical things, but not for personal gain or to cause damage. An example would be someone who compromises a network without permission and then discloses the vulerability publicly.
They are unethical criminals who violate computer and network security for personal gain, or for malicious reaosns, such as attacking networks.
Gray Hat Hackers - They are individuals who commit crimes and do arguable unethical things, but not for personal gain or to cause damage. An example would be someone who compromises a network without permission and then discloses the vulerability publicly.
Black Hat Hackers - They are unethical criminals who violate computer and network security for personal gain, or for malicious reaosns, such as attacking networks.
White Hat Hackers - They are ethical hackers who use their programming skills for good, ethical, and legal purposes. They may perform network penetration tests to compromise networks and system by using their knowledge of computer security systems to discover network vulnerabilities
Which term refers to the type of threat actors who are either self-employed working for large cybercrime organizations?
State-Sponsored
Hacktivists
Vulnerability brokers
Cybercriminals
Cybercriminals
Which statement describes the characteristics of the indicators of attack (IOA)?
They help cybersecurity personnel identify what has happened in an attack and develop defenses against the attack.
They are shared through the system AIS (Automated Indicator Sharing) and help to limit the size of attack surface.
They focus on the motivation behind an attack and the potential means by which threat actors have, or will, compromise vulnerabilities to gain access to assets.
They focus on identifying malware files, IP addresses of servers that are used in attacks, filenames, and characteristic changes made to end system software, among others.
They focus on the motivation behind an attack and the potential means by which threat actors have, or will, compromise vulnerabilities to gain access to assets.
What are two reasons that internal threats from within an organization may cause greater damage than external threats? (Choose two.)
Internet users can easily conceal their attacking trails.
State-Sponsored hacking is typically carried out by internal users.
Internal users have direct access to the building and its infrastructure devices.
Internal users may have knowledge of the corporate network, its resources, and its confidential data.
Internal users have better access to attacking tool
Internal users have direct access to the building and its infrastructure devices.
Internal users may have knowledge of the corporate network, its resources, and its confidential data.
Which attack is being used when threat actors position themselves betwen a sourcce and destinatoin to transparently monitor, capture, and control the communication?
Address Spoofing Attack
ICMP Attack
Amplification and Reflection Attacks
Session Hijacking
MiTM Attack
MiTM Attack
Which attack is being used when threat actors gain access to the physical network, and then use an MiTM attack to capture and manipulate a legitimate user’s traffic?
Session Hijacking
Address Spoffing Attack
Amplification and Reflection Attacks
MiTM Attack
ICMP Attack
Session Hijacking
Which attack is being used when threat actors initiate a simultaneous, coordinated attack from multiple source machines?
Address Spoofing Attack
ICMP Attack
Amplification and Reflection Attacks
MiTM Attack
Session Hijacking
Amplification and Reflectoin Attacks
Which attack is being used when threat actors use pings to discover subnets and hosts on a protected network, to generate flood attacks, and to alter host routing tables?
Address Spoofing Attack
Amplification and Reflection Attacks
ICMP Attack
Session Hijacking
MiTM Attack
ICMP Attack
Which attack being used is when a threat actor creates packets with false source IP address information to either hide the identity of the sender, or to pose as another legitimate user?
Session Hijacking
MiTM Attack
Address Spoofing Attack
Amplification and Reflection Attacks
ICMP Attack
Address Spoofing Attack
Which attack exploits the three-way handshake?
TCP reset attack
UDP flood attack
TCP SYN Flood attack
TCP session hijacking
DoS attack
TCP SYN Flood attack
Two hosts have established a TCP connection and are exchanging data. A threat actor sends a TCP segment with the RST bit set to both hosts informing them to immediately stop using the TCP connection. Which attack is this?
DoS attack
TCP SYN Flood attack
UDP flood attack
TCP reset attack
TCP session hijacking
TCP reset attack
Which attack is being used when the threat actor spoofs the IP address of one host, predicts the next sequence number, and sends an ACK to the other host?
DoS attack
TCP reset attack
UDP flood attack
TCP session hijacking
TCP SYN Flood attack
TCP session hijacking
A program sends a flood of UDP packets from a spoofed host to a server on the subnet sweeping through all the known UDP ports looking for closed ports. This will cause the server to reply with an ICMP port unreachable message. Which attack is this?
TCP session hijacking
TCP reset attack
TCP SYN Flood attack
UDP flood attack
DoS attack
UDP flood attack
Which field in an IPv6 packet is used by the router to determine if a packet has expired and should be dropped?
TTL
Hop Limit
Address Unreachable
No Route to Destination
Hop Limit
An attacker is using a laptop as a rogue access point to capture all network traffic from a targeted user. Which type of attack is this?
port redirection
man in the middle
trust exploitation
buffer overflow
man in the middle
Which field in the IPv4 header is used to prevent a packet from traversing a network endlessly?
Differentiated Services
Time-to-Live
Acknowledgment Number
Sequence Number
Time-to-Live
What is involved in an IP address spoofing attack?
Bogus DHCPDISCOVER messages are sent to consume all the available IP addresses on a DHCP server.
A legitimate network IP address is hijacked by a rogue node.
A rogue DHCP server provides false IP configuration parameters to legitimate DHCP clients.
A rogue node replies to an ARP request with its own MAC address indicated for the target IP address.
A legitimate network IP address is hijacked by a rogue node
Which type of attack involves the unauthorized discovery and mapping of network systems and services?
DoS
reconnaissance
trust expoitation
access
reconnaissance
In which TCP attack is the cybercriminal attempting to overwhelm a target host with half-open TCP connections?
reset attack
SYN flood attack
port scan attack
session hijacking attack
SYN flood attack
How is optional network layer information carried by IPv6 packets?
inside the Flow Label field
inside an options field that is part of the IPv6 packet header
inside an extension header attached to the main IPv6 packet header
inside the payload carried by the IPv6 packet
inside an extension header attached to the main IPv6 packet header
A threat actor wants to interrupt a normal TCP communication between two hosts by sending a spoofed packet to both endpoints. Which TCP option bit would the threat actor set in the spoofed packet?
ACK
RST
SYN
FIN
RST
A threat actor uses a program to launch an attack by sending a flood of UDP packets to a server on the network. The program sweeps through all of the known ports trying to find closed ports. It causes the server to reply with an ICMP port unreachable message and is similar to a DoS attack. Which two programs could be used by the threat actor to launch the attack? (Choose two.)
Smurf
UDP Unicorn
Low Orbit Ion Cannon
WireShark
ping
UDP Unicorn
Low Orbit Ion Cannon
Which term describes a field in the IPv4 packet header used to detect corruption in the IPv4 header?
TTL
protocol
source IPv4 address
header checksum
header checksum
What kind of ICMP message can be used by threat actors to map an internal IP network?
ICMP router discovery
ICMP mask reply
ICMP echo request
ICMP redirects
ICMP mask reply
Users in a company have complained about network performance. After investigation, the IT staff has determined that an attacker has used a specific technique that affects the TCP three-way handshake. What is the name of this type of network attack?
session hijacking
DDoS
SYN flood
DNS poisoning
SYN flood
What enables a threat actor to impersonate the default gateway and receive all traffic that is sent to hosts that are not on the local LAN segment?
DNS Tunneling
iFrame attacks
ARP cache positioning
Cross-site scripting
ARP cache positioning
What should a cybersecurity analysts look for to detect DNS tunneling?
gratutious ARP requests
longer than average DNS queries
Incorrect MAC to IP address mappings
rogue DHCP servers
longer than average DNS queries
A threat actor accesses a list of user email addresses by sending database commands through an insecure login page. What type of attack is this?
SQL injection
iFrame attack
cross-side scripting
client-side scripting
SQL injection
In what type of attack are HTTP redirect messages used to send users to malicious websites?
HTTP 302 cushioning
domain shadowing
cross-site scripting
iFrame attack
HTTP 302 cushioning
Which action best describes a MAC address spoofing attack?
altering the MAC address of an attacking host to match that of a legitimate host
bombarding a switch with fake source MAC addresses
flooding the LAN with excessive traffic
forcing the election of a rogue root bridg
altering the MAC address of an attacking host to match that of a legitimate host
What is an objective of a DHCP spoofing attack?
to attack a DHCP server and make it unable to provide valid IP addresses to DHCP clients
to gain illegal access to a DHCP server and modify its configuration
to provide false DNS server addresses to DHCP clients so that visits to a legitimate web server are directed to a fake server
to intercept DHCP messages and alter the information before sending to DHCP clients
to provide false DNS server addresses to DHCP clients so that visits to a legitimate web server are directed to a fake server
What is the primary means for mitigating virus and Trojan horse attacks?
encryption
antisniffer software
antivirus software
blocking ICMP echo and echo-replies
antivirus software
What method can be used to mitigate ping sweeps?
deploying antisniffer software on all network devices
installing antivirus software on hosts
blocking ICMP echo and echo-replies at the network edge
using encrypted or hashed authentication protocols
blocking ICMP echo and echo-replies at the network edge
What worm mitigation phase involves actively disinfecting infected systems?
inoculation
containment
treatment
quarantine
treatment
What is the result of a DHCP starvation attack?
Legitimate clients are unable to lease IP addresses.
Clients receive IP address assignments from a rogue DHCP server.
The IP addresses assigned to legitimate clients are hijacked.
The attacker provides incorrect DNS and default gateway information to clients.
Legitimate clients are unable to lease IP addresses.
Which term is used for bulk advertising emails flooded to as many end users as possible?
Adware
Phishing
Spam
Brute force
Spam
Which type of DNS attack involves the cybercriminal compromising a parent domain and creating multiple subdomains to be used during the attacks?
amplification and reflection
cache poisoning
tunneling
shadowing
shadowing
Which protocol would be the target of a cushioning attack?
DHCP
DNS
HTTP
ARP
HTTP
Which language is used to query a relational database?
C++
Python
SQL
Java
SQL
Which two attacks target web servers through exploiting possible vulnerabilities of input functions used by an application? (Choose two.)
cross-site scripting
trust exploitation
port scanning
SQL injection
port redirection
cross-site scripting
SQL injection
In which type of attack is falsified information used to redirect users to malicious Internet sites?
DNS cache poisoning
ARP cache poisoning
domain generation
DNS amplification and reflection
DNS cache poisoning
What is a characteristic of a DNS amplification and reflection attack?
Threat actors hide their phishing and malware delivery sites behind a quickly-changing network of compromised DNS hosts.
Threat actors use a DoS attack that consumes the resources of the DNS open resolvers.
Threat actors use malware to randomly generate domain names to act as rendezvous points.
Threat actors use DNS open resolvers to increase the volume of attacks and to hide the true source of an attack
Threat actors use DNS open resolvers to increase the volume of attacks and to hide the true source of an attack
Which device must connect to another device to gain accecss to the network?
switch
end devices
wireless access point
router
end devices
Which device connects wireless clients to the network?
switch
router
wireless access point (WAP)
end device
wireless access point (WAP)
Which device uses MAC addresses to determine the exit port?
wireless LAN Controller
end device
switch
router
switch
Which of the following is most likely NOT the source of a wireless DoS attack?
Radio interference
Malicious user
Rogue AP
improperly configured devices
Rogue AP
True or False. A rogue AP is a misconfigured AP connected to the network and a possible source of DoS attacks.
False
What type of attack is an “evil twin AP” attack?
Wireless intruder
MiTM
DoS
Radio interference
MiTM
City Center Hospital provides WLAN connectivity to its employees. The security policy requires that communication between employees mobile devices and the acecss points must be encrypted. What is the purpose of this requirement?
to ensure that users who connect to an AP are employees of the hospital
to prevent the contents of intercepted messages from being read
to prevent a computer virus on a mobiel device from infecting other devices
to block denial of service attacks originating on the Internet
to prevent the contents of intercepted messages from being read
What is a feature that can be used by an administrator to prevent unauthorized users from connecting to a wireless access point?
proxy server
MAC filtering
software firewall
WPA encryption
MAC filtering
What is an advantage of SSID cloaking?
It provides free Internet access in public locations where knowing the SSID is of no concern.
It is the best way to secure a wireless network.
Clients will have to manually identify the SSID to connect to the network.
SSIDs are very difficult to discover because APs do not
Clients will have to manuually identify the SSID to cconnect to the network.
For which discovery mode will an AP generate the most traffic on a WLAN?
passive mode
open mode
active mode
mixed mode
passive mode
At a local college, students are allowed to connect to the wireless network without using a password. Which mode is the access point using?
open
passive
network
shared-key
open
An employee connects wirelessly to the company network using a cell phone. The employee then configures the cell phone to act as a wireless access point that will allow new employees to connect to the company network. Which type of security threat best describes this situation?
denial of service
cracking
rogue access point
spoofing
rogue access point
The company handbook states that employees cannot have microwave ovens in their offices. Instead, all employees must use the microwave ovens located in the employee cafeteria. What wireless security risk is the company trying to avoid?
accidental interference
rogue access points
improperly configured devices
interception of data
accidental interference
Which two roles are typically performed by a wireless router that is used in a home or small business? (Choose two.)
Ethernet switch
repeater
access point
WLAN controller
RADIUS authentication server
Ethernet switch
Access point
What method of wireless authentication is dependent on a RADIUS authentication server?
WEP
WPA2 Enterprise
WPA2 Personal
WPA Personal
WPA2 Enterprise
Which wireless encryption method is the most secure?
WEP
WPA2 with TKIP
WPA
WPA2 with AES
WPA2 with AES
Which parameter is commonly used to identify a wireless network name when a home wireless AP is being configured?
BESS
ESS
SSID
ad hoc
SSID
Which wireless parameter refers to the frequency bands used to transmit data to a wireless access point?
SSID
security mode
channel settings
scanning mode
channel settings
Which device can control and manage a large number of corporate APs?
router
WLC
LWAP
switch
WLC
A wireless engineer is comparing the deployment of a network using WPA2 versus WPA3 authentication. How is WPA3 authentication more secure when deployed in an open WLAN network in a newly built company-owned cafe shop?
WPA3 requires the use of a 192-bit cryptographic suite
WPA3 uses OWE to encrypt wireless traffic
WPA3 prevents brute force attacks by using SAE
WPA3 uses DPP to securely onboard available IoT devices
WPA3 uses OWE to encrypt wireless traffic
What allows a switch to make duplicate copies of traffic passing through it, and then send it out a port with a network monitor attached?
Port Mirroring
ACL
AAA Server
VPN
Port Mirroring
What is a series of commands that control whether a device forwards or drops packets based on information found in the packet header?
VPN
ACL
Port Mirroring
AAA Server
ACL
What provides statistics on packet flows passing through a networking device?
Syslog Servers
NTP
NetFlow
SNM
NetFlow
What is a private network that is created over a public network?
ACL
AAA Server
VPN
Port Mirroring
VPN
What sets the date and time on network devices?
SNMP
NTP
Syslog Servers
NetFlow
NTP
What gathers a variety of statistics for devices that are configured to send and log status messages?
Syslog
NTP
SNMP
NetFlow
Syslog
Which option allows administrators to monitor and manage network devices?
SNMP
NetFlow
Syslog
NTP
NetFlow
What authenticates users to allow access to specific network resources and records what the user does while connected to the resource?
AAA Server
VPN
Port Mirroring
ACL
AAA Server
What is the purpose of a personal firewall on a computer?
to protect the computer from viruses and malware
to filter the traffic that is moving in and out of the PC
to increase the speed of the Internet connection
to protect the hardware against fire hazard
to filter the traffic that is moving in and out of the PC
What is the main difference between the implementation of IDS and IPS devices?
An IDS needs to be deployed together with a firewall device, whereas an IPS can replace a firewall.
An IDS uses signature-based technology to detect malicious packets, whereas an IPS uses profile-based technology.
An IDS would allow malicious traffic to pass before it is addressed, whereas an IPS stops it immediately.
An IDS can negatively impact the packet flow, whereas an IPS can not.
An IDS would allow malicious traffic to pass before it is addressed, whereas an IPS stops it immediately.
Which protocol provides authentication, integrity, and confidentiality services and is a type of VPN?
ESP
MD5
IPsec
AES
IPsec
What is a feature of the TACACS+ protocol?
It hides passwords during transmission using PAP and sends the rest of the packet in plaintext.
It encrypts the entire body of the packet for more secure communications.
It utilizes UDP to provide more efficient packet transfer.
It combines authentication and authorization as one process.
It encrypts the entire body of the packet for more secure communications
Which firewall feature is used to ensure that packets coming into a network are legitimate responses to requests initiated from internal hosts?
stateful packet inspection
packet filtering
application filtering
URL filtering
stateful packet inspection
Which statement describes the Cisco Cloud Web Security?
It is a security appliance that provides an all-in-one solution for securing and controlling web traffic.
It is a cloud-based security service to scan traffic for malware and policy enforcement.
It is a secure web server specifically designed for cloud computing.
It is an advanced firewall solution to guard web servers against security threats.
It is a cloud-based security service to scan traffic for malware and policy enforcement.
Which two statements are true about NTP servers in an enterprise network? (Choose two.)
There can only be one NTP server on an enterprise network.
NTP servers control the mean time between failures (MTBF) for key network devices.
NTP servers ensure an accurate time stamp on logging and debugging information.
All NTP servers synchronize directly to a stratum 1 time source.
NTP servers at stratum 1 are directly connected to an authoritative time source
NTP servers ensure an accurate time stamp on logging and debugging information
NTP servers at stratum 1 are directly connected to an authoritative time source.
How is a source IP address used in a standard ACL?
It is the address to be used by a router to determine the best path to forward packets.
It is the criterion that is used to filter traffic.
It is the address that is unknown, so the ACL must be placed on the interface closest to the source address.
It is used to determine the default gateway of the router that has the ACL applied.
It is the criterion that is used to filter traffic.
Which network service allows administrators to monitor and manage network devices?
NTP
SNMP
syslog
NetFlow
SNMP
What is a function of a proxy firewall?
filters IP traffic between bridged interfaces
connects to remote servers on behalf of clients
drops or forwards traffic based on packet header information
uses signatures to detect patterns in network traffic
connects to remote servers on behalf of clients
What network monitoring technology enables a switch to copy and forward traffic sent and received on multiple interfaces out another interface toward a network analysis device?
port mirroring
NetFlow
SNMP
network tap
port mirroring
