IT0201 REVIEWER Flashcards by Cloud Nine

What type of attack occurs when data goes beyond the memory areas allocated to application?

RAM spoofing

Buffer overflow

RAM injection

SQL injection

Buffer overflow

How well did you know this?

Not at all

Perfectly

Which of the following statements describes a distributed denial of service (DDoS) attack?

A botnet of zombies, coordinated by an attacker, overwhelms a server with DoS attacks

An attacker sends an enormous quantity of data that a server cannot handle

An attacker monitors network traffic to learn authentication credentials

One computer accepts data packets based on the MAC address of another computer

A botnet of zombies, coordinated by an attackers, overwhelms a servers with DoS attacks

How well did you know this?

Not at all

Perfectly

Employees in an organization report that the network access is slow. Further investigation reveals that one employee downloaded a third-party scanning program for the printer.

What type of malware may have been introduced?

Worm

Trojan horse

Phishing

Spam

Worm

How well did you know this?

Not at all

Perfectly

Employees in an organization report that they cannot access the customer database on the main server. Further investigation reveals that the database file is now encrypted. Shortly afterward, the organization receives a threatening email demanding payment for the decryption of the database file.

What type of attack has the organization experienced?

Man-in-the-middle attack

Ransomware

Trojan horse

DoS attack

Ransomware

How well did you know this?

Not at all

Perfectly

A penetration test carried out by an organization identified a backdoor on the network. What action should the organization take to find out if their systems have been compromised?

Look for unauthorized accounts

Scan the systems for viruses

Look for policy changes in Event Viewer

Look for usernames that do not have passwords

Look for unauthorized accounts

How well did you know this?

Not at all

Perfectly

What non-technical method could a cybercriminal use to gather sensitive information from an organization?

Pharming

Social engineering

Ransomware

Man-in-the-middle

Social engineering

How well did you know this?

Not at all

Perfectly

A secretary receives a phone call from someone claiming that their manager is about to give an important presentation but the presentation files are corrupted.

The caller sternly asks that the secretary email the presentation right away to a personal email address. The caller also states that the secretary is being held personally responsible for the success of this presentation.

What type of social engineering tactic is the caller using?

Familiarity

Trusted partners

Intimidation

Urgency

Intimidation

How well did you know this?

Not at all

Perfectly

All employees in an organization receive an email stating that their account password will expire immediately and that they should reset their password within five minutes.

Which of the following statements best describes this email?

It is an impersonation attack

It is a piggyback attack

It is a hoax

It is a DDoS attack

It is a hoax

How well did you know this?

Not at all

Perfectly

Which best practices can help defend against social engineering attacks?

Select three correct answers

Do not provide password resets in a chat window

Deploy well-designed firewall appliances

Resist the urge to click on enticing web links

Add more security guards

Educate employees regarding security policies

Enable a policy that states that the IT department should supply information over the phone only to managers

Do not provide password resets in a chat window

Resist the urge to click on enticing web links

Educate employees regarding security policies

How well did you know this?

Not at all

Perfectly

What do you call an impersonation attack that takes advantage of a trusted relationship between two systems?

Spoofing

Man-in-the-middle

Spamming

Sniffing

Spoofing

How well did you know this?

Not at all

Perfectly

A cybercriminal sends a series of maliciously formatted packets to a database server, which causes the server to crash.

What do you call this type of attack?

Packet injection

Man-in-the-middle

DoS

SQL injection

DoS

How well did you know this?

Not at all

Perfectly

The awareness and identification of vulnerabilities is a critical function of a cybersecurity specialist. Which of the following resources can they use to identify specific details about vulnerabilities?

Infragard

NIST/NICE framework

ISO/IEC 27000 model

CVE national database

How well did you know this?

Not at all

Perfectly

When considering network security, what is the most valuable asset of an organization?

financial resources

data

personnel

customers

data

How well did you know this?

Not at all

Perfectly

Which resource is affected due to weak security setting for a device owned by the company, but housed in another location?

social networking

removable media

cloud storage device

hard copy

cloud storage device

How well did you know this?

Not at all

Perfectly

Which Cisco group is responsible for investigating and mitigating potential vulnerabilities in Cisco products?

Cisco Talos Intelligence Group

Cisco Product Security Incident Response Team

Cybersecurity Infrastructure and Security Agency

National Cyber Security Alliance

Cisco Product Security Incident Response Team

How well did you know this?

Not at all

Perfectly

What is an attack vector?

It refers to attacks carried out specifically by internal users.

It refers to a threat group that launches DDoS attacks.

It is a tool by which a threat actor uses to attack an organization.

It is a path by which a threat actor can gain access to a server, host, or network.

It is a path by which a threat actor can gain acccess to a server, host, or network.

How well did you know this?

Not at all

Perfectly

Match the common data loss vectors to the description.

Improper Access -Control

Email/Social -Networking

Unencrypted -Devices

Removable Media -

An employee could perform an unauthorized transfer of data to a USB drive. In addition, a USB drive containing valuable corporate data could be lost.

Intercepted email or IM messages could be captured and reveal confidential information.

If the data is not stored using an encryption algorithm, then the thief can retrieve valuable confidential data from stolen corporate laptop.

Stolen passwords or weak passwords which have been compromised can provide an attacker easy access to corporate data.

Improper Access Control - Stolen passwords or weak passwords which have been compromised can provide an attacker easy access to corporate data.

Email/Social Networking - Intercepted email or IM messages could be captured and reveal confidential information.

Unencrypted Devices - If the data is not stored using an encryption algorithm, then the thief can retrieve valuable confidential data from stolen corporate laptop.

Removable Media - An employee could perform an unauthorized transfer of data to a USB drive. In addition, a USB drive containing valuable corporate data could be lost.

How well did you know this?

Not at all

Perfectly

Which term in network security is used to describe a potential danger to an asset suc as data or the network itself?

Threat

Vulnerability

Risk

Exploit

Threat

How well did you know this?

Not at all

Perfectly

Which statement describes the network security term attack surface?

It is the total sum of the vulnerabilities in each system that are accessible to an attacker.

It is the mechanism that is used to leverage a vulnerability to compromise an asset.

It is a weakness in a system or its design that could be exploited by a threat.

It is the likelihood that a particular threat will exploit a particular vulnerability of an asset and result in an undesirable consequence.

It is the total sum of the vulnerabilities in each system that are accessible to an attacker.

How well did you know this?

Not at all

Perfectly

The IT department performs a thorough assessment of security posture for the company data center operation. The risk of potential loss or compromise of critical data is identified. In discussion with the magenement team, a decision is reached that the critical data should be replicated to a cloud service provider and further insured with an insurance company. Which risk management strategy is employed?

Risk avoidance

Risk tranfer

Risk reduction

Risk acceptance

Risk transfer

How well did you know this?

Not at all

Perfectly

Match the type of hackers to the description.

piece them together

Gray Hat Hackers -

Black Hat Hackers -

White Hat Hackers -

They are ethical hackers who use their programming skills for good, ethical, and legal purposes. They may perform network penetration tests to compromise networks and system by using their knowledge of computer security systems to discover network vulnerabilities

They are individuals who commit crimes and do arguable unethical things, but not for personal gain or to cause damage. An example would be someone who compromises a network without permission and then discloses the vulerability publicly.

They are unethical criminals who violate computer and network security for personal gain, or for malicious reaosns, such as attacking networks.

Gray Hat Hackers - They are individuals who commit crimes and do arguable unethical things, but not for personal gain or to cause damage. An example would be someone who compromises a network without permission and then discloses the vulerability publicly.

Black Hat Hackers - They are unethical criminals who violate computer and network security for personal gain, or for malicious reaosns, such as attacking networks.

White Hat Hackers - They are ethical hackers who use their programming skills for good, ethical, and legal purposes. They may perform network penetration tests to compromise networks and system by using their knowledge of computer security systems to discover network vulnerabilities

How well did you know this?

Not at all

Perfectly

Which term refers to the type of threat actors who are either self-employed working for large cybercrime organizations?

State-Sponsored

Hacktivists

Vulnerability brokers

Cybercriminals

How well did you know this?

Not at all

Perfectly

Which statement describes the characteristics of the indicators of attack (IOA)?

They help cybersecurity personnel identify what has happened in an attack and develop defenses against the attack.

They are shared through the system AIS (Automated Indicator Sharing) and help to limit the size of attack surface.

They focus on the motivation behind an attack and the potential means by which threat actors have, or will, compromise vulnerabilities to gain access to assets.

They focus on identifying malware files, IP addresses of servers that are used in attacks, filenames, and characteristic changes made to end system software, among others.

They focus on the motivation behind an attack and the potential means by which threat actors have, or will, compromise vulnerabilities to gain access to assets.

How well did you know this?

Not at all

Perfectly

What are two reasons that internal threats from within an organization may cause greater damage than external threats? (Choose two.)

Internet users can easily conceal their attacking trails.

State-Sponsored hacking is typically carried out by internal users.

Internal users have direct access to the building and its infrastructure devices.

Internal users may have knowledge of the corporate network, its resources, and its confidential data.

Internal users have better access to attacking tool

Internal users have direct access to the building and its infrastructure devices.

Internal users may have knowledge of the corporate network, its resources, and its confidential data.

How well did you know this?

Not at all

Perfectly

Which attack is being used when threat actors position themselves betwen a sourcce and destinatoin to transparently monitor, capture, and control the communication? Address Spoofing Attack ICMP Attack Amplification and Reflection Attacks Session Hijacking MiTM Attack

MiTM Attack

Which attack is being used when threat actors gain access to the physical network, and then use an MiTM attack to capture and manipulate a legitimate user's traffic? Session Hijacking Address Spoffing Attack Amplification and Reflection Attacks MiTM Attack ICMP Attack

Session Hijacking

Which attack is being used when threat actors initiate a simultaneous, coordinated attack from multiple source machines? Address Spoofing Attack ICMP Attack Amplification and Reflection Attacks MiTM Attack Session Hijacking

Amplification and Reflectoin Attacks

Which attack is being used when threat actors use pings to discover subnets and hosts on a protected network, to generate flood attacks, and to alter host routing tables? Address Spoofing Attack Amplification and Reflection Attacks ICMP Attack Session Hijacking MiTM Attack

ICMP Attack

Which attack being used is when a threat actor creates packets with false source IP address information to either hide the identity of the sender, or to pose as another legitimate user? Session Hijacking MiTM Attack Address Spoofing Attack Amplification and Reflection Attacks ICMP Attack

Address Spoofing Attack

Which attack exploits the three-way handshake? TCP reset attack UDP flood attack TCP SYN Flood attack TCP session hijacking DoS attack

TCP SYN Flood attack

Two hosts have established a TCP connection and are exchanging data. A threat actor sends a TCP segment with the RST bit set to both hosts informing them to immediately stop using the TCP connection. Which attack is this? DoS attack TCP SYN Flood attack UDP flood attack TCP reset attack TCP session hijacking

TCP reset attack

Which attack is being used when the threat actor spoofs the IP address of one host, predicts the next sequence number, and sends an ACK to the other host? DoS attack TCP reset attack UDP flood attack TCP session hijacking TCP SYN Flood attack

TCP session hijacking

A program sends a flood of UDP packets from a spoofed host to a server on the subnet sweeping through all the known UDP ports looking for closed ports. This will cause the server to reply with an ICMP port unreachable message. Which attack is this? TCP session hijacking TCP reset attack TCP SYN Flood attack UDP flood attack DoS attack

UDP flood attack

Which field in an IPv6 packet is used by the router to determine if a packet has expired and should be dropped? TTL Hop Limit Address Unreachable No Route to Destination

Hop Limit

An attacker is using a laptop as a rogue access point to capture all network traffic from a targeted user. Which type of attack is this? port redirection man in the middle trust exploitation buffer overflow

man in the middle

Which field in the IPv4 header is used to prevent a packet from traversing a network endlessly? Differentiated Services Time-to-Live Acknowledgment Number Sequence Number

Time-to-Live

What is involved in an IP address spoofing attack? Bogus DHCPDISCOVER messages are sent to consume all the available IP addresses on a DHCP server. A legitimate network IP address is hijacked by a rogue node. A rogue DHCP server provides false IP configuration parameters to legitimate DHCP clients. A rogue node replies to an ARP request with its own MAC address indicated for the target IP address.

A legitimate network IP address is hijacked by a rogue node

Which type of attack involves the unauthorized discovery and mapping of network systems and services? DoS reconnaissance trust expoitation access

reconnaissance

In which TCP attack is the cybercriminal attempting to overwhelm a target host with half-open TCP connections? reset attack SYN flood attack port scan attack session hijacking attack

SYN flood attack

How is optional network layer information carried by IPv6 packets? inside the Flow Label field inside an options field that is part of the IPv6 packet header inside an extension header attached to the main IPv6 packet header inside the payload carried by the IPv6 packet

inside an extension header attached to the main IPv6 packet header

A threat actor wants to interrupt a normal TCP communication between two hosts by sending a spoofed packet to both endpoints. Which TCP option bit would the threat actor set in the spoofed packet? ACK RST SYN FIN

RST

A threat actor uses a program to launch an attack by sending a flood of UDP packets to a server on the network. The program sweeps through all of the known ports trying to find closed ports. It causes the server to reply with an ICMP port unreachable message and is similar to a DoS attack. Which two programs could be used by the threat actor to launch the attack? (Choose two.) Smurf UDP Unicorn Low Orbit Ion Cannon WireShark ping

UDP Unicorn Low Orbit Ion Cannon

Which term describes a field in the IPv4 packet header used to detect corruption in the IPv4 header? TTL protocol source IPv4 address header checksum

header checksum

What kind of ICMP message can be used by threat actors to map an internal IP network? ICMP router discovery ICMP mask reply ICMP echo request ICMP redirects

ICMP mask reply

Users in a company have complained about network performance. After investigation, the IT staff has determined that an attacker has used a specific technique that affects the TCP three-way handshake. What is the name of this type of network attack? session hijacking DDoS SYN flood DNS poisoning

SYN flood

What enables a threat actor to impersonate the default gateway and receive all traffic that is sent to hosts that are not on the local LAN segment? DNS Tunneling iFrame attacks ARP cache positioning Cross-site scripting

ARP cache positioning

What should a cybersecurity analysts look for to detect DNS tunneling? gratutious ARP requests longer than average DNS queries Incorrect MAC to IP address mappings rogue DHCP servers

longer than average DNS queries

A threat actor accesses a list of user email addresses by sending database commands through an insecure login page. What type of attack is this? SQL injection iFrame attack cross-side scripting client-side scripting

SQL injection

In what type of attack are HTTP redirect messages used to send users to malicious websites? HTTP 302 cushioning domain shadowing cross-site scripting iFrame attack

HTTP 302 cushioning

Which action best describes a MAC address spoofing attack? altering the MAC address of an attacking host to match that of a legitimate host bombarding a switch with fake source MAC addresses flooding the LAN with excessive traffic forcing the election of a rogue root bridg

altering the MAC address of an attacking host to match that of a legitimate host

What is an objective of a DHCP spoofing attack? to attack a DHCP server and make it unable to provide valid IP addresses to DHCP clients to gain illegal access to a DHCP server and modify its configuration to provide false DNS server addresses to DHCP clients so that visits to a legitimate web server are directed to a fake server to intercept DHCP messages and alter the information before sending to DHCP clients

to provide false DNS server addresses to DHCP clients so that visits to a legitimate web server are directed to a fake server

What is the primary means for mitigating virus and Trojan horse attacks? encryption antisniffer software antivirus software blocking ICMP echo and echo-replies

antivirus software

What method can be used to mitigate ping sweeps? deploying antisniffer software on all network devices installing antivirus software on hosts blocking ICMP echo and echo-replies at the network edge using encrypted or hashed authentication protocols

blocking ICMP echo and echo-replies at the network edge

What worm mitigation phase involves actively disinfecting infected systems? inoculation containment treatment quarantine

treatment

What is the result of a DHCP starvation attack? Legitimate clients are unable to lease IP addresses. Clients receive IP address assignments from a rogue DHCP server. The IP addresses assigned to legitimate clients are hijacked. The attacker provides incorrect DNS and default gateway information to clients.

Legitimate clients are unable to lease IP addresses.

Which term is used for bulk advertising emails flooded to as many end users as possible? Adware Phishing Spam Brute force

Spam

Which type of DNS attack involves the cybercriminal compromising a parent domain and creating multiple subdomains to be used during the attacks? amplification and reflection cache poisoning tunneling shadowing

shadowing

Which protocol would be the target of a cushioning attack? DHCP DNS HTTP ARP

HTTP

Which language is used to query a relational database? C++ Python SQL Java

SQL

Which two attacks target web servers through exploiting possible vulnerabilities of input functions used by an application? (Choose two.) cross-site scripting trust exploitation port scanning SQL injection port redirection

cross-site scripting SQL injection

In which type of attack is falsified information used to redirect users to malicious Internet sites? DNS cache poisoning ARP cache poisoning domain generation DNS amplification and reflection

DNS cache poisoning

What is a characteristic of a DNS amplification and reflection attack? Threat actors hide their phishing and malware delivery sites behind a quickly-changing network of compromised DNS hosts. Threat actors use a DoS attack that consumes the resources of the DNS open resolvers. Threat actors use malware to randomly generate domain names to act as rendezvous points. Threat actors use DNS open resolvers to increase the volume of attacks and to hide the true source of an attack

Threat actors use DNS open resolvers to increase the volume of attacks and to hide the true source of an attack

Which device must connect to another device to gain accecss to the network? switch end devices wireless access point router

end devices

Which device connects wireless clients to the network? switch router wireless access point (WAP) end device

wireless access point (WAP)

Which device uses MAC addresses to determine the exit port? wireless LAN Controller end device switch router

switch

Which of the following is most likely NOT the source of a wireless DoS attack? Radio interference Malicious user Rogue AP improperly configured devices

Rogue AP

True or False. A rogue AP is a misconfigured AP connected to the network and a possible source of DoS attacks.

False

What type of attack is an "evil twin AP" attack? Wireless intruder MiTM DoS Radio interference

MiTM

City Center Hospital provides WLAN connectivity to its employees. The security policy requires that communication between employees mobile devices and the acecss points must be encrypted. What is the purpose of this requirement? to ensure that users who connect to an AP are employees of the hospital to prevent the contents of intercepted messages from being read to prevent a computer virus on a mobiel device from infecting other devices to block denial of service attacks originating on the Internet

to prevent the contents of intercepted messages from being read

What is a feature that can be used by an administrator to prevent unauthorized users from connecting to a wireless access point? proxy server MAC filtering software firewall WPA encryption

MAC filtering

What is an advantage of SSID cloaking? It provides free Internet access in public locations where knowing the SSID is of no concern. It is the best way to secure a wireless network. Clients will have to manually identify the SSID to connect to the network. SSIDs are very difficult to discover because APs do not

Clients will have to manuually identify the SSID to cconnect to the network.

For which discovery mode will an AP generate the most traffic on a WLAN? passive mode open mode active mode mixed mode

passive mode

At a local college, students are allowed to connect to the wireless network without using a password. Which mode is the access point using? open passive network shared-key

open

An employee connects wirelessly to the company network using a cell phone. The employee then configures the cell phone to act as a wireless access point that will allow new employees to connect to the company network. Which type of security threat best describes this situation? denial of service cracking rogue access point spoofing

rogue access point

The company handbook states that employees cannot have microwave ovens in their offices. Instead, all employees must use the microwave ovens located in the employee cafeteria. What wireless security risk is the company trying to avoid? accidental interference rogue access points improperly configured devices interception of data

accidental interference

Which two roles are typically performed by a wireless router that is used in a home or small business? (Choose two.) Ethernet switch repeater access point WLAN controller RADIUS authentication server

Ethernet switch Access point

What method of wireless authentication is dependent on a RADIUS authentication server? WEP WPA2 Enterprise WPA2 Personal WPA Personal

WPA2 Enterprise

Which wireless encryption method is the most secure? WEP WPA2 with TKIP WPA WPA2 with AES

WPA2 with AES

Which parameter is commonly used to identify a wireless network name when a home wireless AP is being configured? BESS ESS SSID ad hoc

SSID

Which wireless parameter refers to the frequency bands used to transmit data to a wireless access point? SSID security mode channel settings scanning mode

channel settings

Which device can control and manage a large number of corporate APs? router WLC LWAP switch

WLC

A wireless engineer is comparing the deployment of a network using WPA2 versus WPA3 authentication. How is WPA3 authentication more secure when deployed in an open WLAN network in a newly built company-owned cafe shop? WPA3 requires the use of a 192-bit cryptographic suite WPA3 uses OWE to encrypt wireless traffic WPA3 prevents brute force attacks by using SAE WPA3 uses DPP to securely onboard available IoT devices

WPA3 uses OWE to encrypt wireless traffic

What allows a switch to make duplicate copies of traffic passing through it, and then send it out a port with a network monitor attached? Port Mirroring ACL AAA Server VPN

Port Mirroring

What is a series of commands that control whether a device forwards or drops packets based on information found in the packet header? VPN ACL Port Mirroring AAA Server

ACL

What provides statistics on packet flows passing through a networking device? Syslog Servers NTP NetFlow SNM

NetFlow

What is a private network that is created over a public network? ACL AAA Server VPN Port Mirroring

VPN

What sets the date and time on network devices? SNMP NTP Syslog Servers NetFlow

NTP

What gathers a variety of statistics for devices that are configured to send and log status messages? Syslog NTP SNMP NetFlow

Syslog

Which option allows administrators to monitor and manage network devices? SNMP NetFlow Syslog NTP

NetFlow

What authenticates users to allow access to specific network resources and records what the user does while connected to the resource? AAA Server VPN Port Mirroring ACL

AAA Server

What is the purpose of a personal firewall on a computer? to protect the computer from viruses and malware to filter the traffic that is moving in and out of the PC to increase the speed of the Internet connection to protect the hardware against fire hazard

to filter the traffic that is moving in and out of the PC

What is the main difference between the implementation of IDS and IPS devices? An IDS needs to be deployed together with a firewall device, whereas an IPS can replace a firewall. An IDS uses signature-based technology to detect malicious packets, whereas an IPS uses profile-based technology. An IDS would allow malicious traffic to pass before it is addressed, whereas an IPS stops it immediately. An IDS can negatively impact the packet flow, whereas an IPS can not.

An IDS would allow malicious traffic to pass before it is addressed, whereas an IPS stops it immediately.

Which protocol provides authentication, integrity, and confidentiality services and is a type of VPN? ESP MD5 IPsec AES

IPsec

What is a feature of the TACACS+ protocol? It hides passwords during transmission using PAP and sends the rest of the packet in plaintext. It encrypts the entire body of the packet for more secure communications. It utilizes UDP to provide more efficient packet transfer. It combines authentication and authorization as one process.

It encrypts the entire body of the packet for more secure communications

Which firewall feature is used to ensure that packets coming into a network are legitimate responses to requests initiated from internal hosts? stateful packet inspection packet filtering application filtering URL filtering

stateful packet inspection

Which statement describes the Cisco Cloud Web Security? It is a security appliance that provides an all-in-one solution for securing and controlling web traffic. It is a cloud-based security service to scan traffic for malware and policy enforcement. It is a secure web server specifically designed for cloud computing. It is an advanced firewall solution to guard web servers against security threats.

It is a cloud-based security service to scan traffic for malware and policy enforcement.

Which two statements are true about NTP servers in an enterprise network? (Choose two.) There can only be one NTP server on an enterprise network. NTP servers control the mean time between failures (MTBF) for key network devices. NTP servers ensure an accurate time stamp on logging and debugging information. All NTP servers synchronize directly to a stratum 1 time source. NTP servers at stratum 1 are directly connected to an authoritative time source

NTP servers ensure an accurate time stamp on logging and debugging information NTP servers at stratum 1 are directly connected to an authoritative time source.

How is a source IP address used in a standard ACL? It is the address to be used by a router to determine the best path to forward packets. It is the criterion that is used to filter traffic. It is the address that is unknown, so the ACL must be placed on the interface closest to the source address. It is used to determine the default gateway of the router that has the ACL applied.

It is the criterion that is used to filter traffic.

Which network service allows administrators to monitor and manage network devices? NTP SNMP syslog NetFlow

SNMP

What is a function of a proxy firewall? filters IP traffic between bridged interfaces connects to remote servers on behalf of clients drops or forwards traffic based on packet header information uses signatures to detect patterns in network traffic

connects to remote servers on behalf of clients

What network monitoring technology enables a switch to copy and forward traffic sent and received on multiple interfaces out another interface toward a network analysis device? port mirroring NetFlow SNMP network tap

port mirroring