M3 -(Network Security Concepts) Flashcards
Reviewer
What security term is used to describe anything of value to the organization? It includes people, equipment, resources, and data.
Asset
What security term is used to describe a weakness in a system, or its design, that couuld be exploited by a threat?
Vulnerability
What security term is used to describe a potential danger to a company’s assets, data, or network functionality?
Threat
What security term is used to describe a mechanism that takes advantage of a vulnerability?
Exploit
What security term is used to describe the counter-measure for a potential threat or risk?
Mitigation
What security term is used to describe the likelihood of a threat to exploit the vulnerability of an asset, with the aim of negatively affecting an organization?
Risk
Which type of hacker is described in the scenario: After hacking into ATM machines remotely using a laptop, I worked with ATM manufacturers to resolve the security vulnerabilities that I discovered.
Gray Hat
Which type of hacker is described in the scenario: From my laptop, I transferred $10 million to my bank account using victim account numbers and PINs after viewing recordings of victims entering the numbers.
Black Hat
Which type of hacker is described in the scenario: My job is to identify weaknesses in my company’s network.
White Hat
Which type of hacker is described in the scenario: I used malware to compromise several corporate systems to steal credit card information. I then sold that information to the highest bidder.
Black Hat
Which type of hacker is described in the scenario: During my research for security exploits, I stumbled across a security vulnerability on a corporate network that I am authorized to access.
White Hat
Which type of hacker is described in the scenario It is my job to work with technology companies to fix a flaw with DNS.
White Hat
What penetration testing tool uses algorithm schemes to encode the data, which then prevents acccess to the data?
Encrpytion Tools
What penetration testing tool is used by black hats to reverse engineer binary files when writing exploits? They are also used by white hats when analyzing malware.
Debuggers
What penetration testing tool is used to probe and test a firewall’s robustness?
Packet Crafting Tools
What penetration testing tool is used by white hat hackers to sniff out any trace of evidence existing in a computer?
Forensic Tools
What penetration testing tool identifies whether a remote host is susceptible to a security attack?
Vulnerability Exploitation Tools
What malware executes arbitary code and installs copies of itself in the memory of the infected computer? The main purpose of this malware is to automatically replicate from system to system across the network.
Worm
What malware is non-self-replicating type of malware? It often contains malicious code that is designed to look like something else, such as a legitimate application or file. It attacks the device from within.
Trojan Horse
What malware is used to gather information about a user and then, without the user’s consent, sends the information to another entity?
Spyware
What malware typically displays annoying pop-ups to generate revenue for its author?
Adware
What malware is installed on a compromised system and provides privileged access to the threat actor?
Rootkit
What malware denies access to the infected computer system and demands payment before the restrictino is removed?
Ransomware
What type of attack is tailgating?
Social Engineering
What type of attack is a password attack?
Access
What type of attack is port scanning?
Reconnaissance
What type of attack is man-in-the-middle?
Access
What type of attack is address spoofing?
Access
What attack is being used when threat actors position themselves between a source and destination to transparently monitor, capture and control the communication?
MiTM Attack (Man-in-The-Middle)
What attack is being used when threat actors gain access to the physical network, and then use an MiTM attack to capture and manipulate legitimate user’s traffic?
Session Hijacking
What attack is being used when treat actors initiate a simultaneous, coordinated attack from multiple source machines?
Amplification and Reflection Attacks
What attack is being used when treat actors use pings to discover subnets and hosts on a protected network, to generate flood attacks, and to alter host routing tables?
ICMP Attack
What attack being used is when a threat actor creates packets with false source IP address information to either hide the identity of the sender, or to pose as another legitimate user?
Address Spoofing Attack
What attack exploits the three-way handshake?
TCP SYN Flood Attack
Two hosts have established a TCP connection and are exchanging data. A threat actor sends a TCP segment with the RST bit set to both hosts informing them to immediately stop using the TCP connection. Which attack is this?
TCP Reset Attack
Which attack is being used when the threat actor spoofs the IP address of one host, predicts the next sequence number, and sends an ACK to the other host?
TCP Session Hijacking
A program sends a flood of UDP packets from a spoofed host to a server on the subnet sweeping through all the known UDP ports looking for closed ports. This will cause the server to reply with an ICMP port unreachable message. Which attack is this?
UDP Flood Attack
What network security device ensures that internal traffica n go out and come back, but external traffic cannot initiate connections to inside hosts?
ASA Firewall
What network security device contains a secure database of who is authorized to access and manage network devices?
AAA Server
What network security device filters konwn and suspicious internet malware sites?
ESA/WSA
What network security device is used to provide secure services with corporate sites and remote access support for remote users using secure encrypted tunnels?
VPN
What networking security device monitors incoming and outgoing traffic looking for malware, network attack signatures, and if it recognizes a threat, it can immediately stop it?
IPS
What encryption method repeats an algorithm process three times and is considered very trustworthy when implemented using very short key lifetimes?
Triple DES
What encryption method encrypts plaintext one byte or one bit at a time?
Stream Cipher
What encryption method uses the same key to encrypt and decrypt data?
Symmetric
What encryption method is a stream cipher an dis used to secure web traffic in SSL and TLS?
Rivest Cipher
A cleaner attempts to enter a computer lab but is denied entry by the receptionist because there is no scheduled cleaning for that day. What type of attack was just prevented?
Social Engineering
What is a significant characteristic of virus malware?
A virus is triggered by an event on the host system.
Once installed on a host system, a virus will automatically propagate itself to other systems.
A virus can execute independently of the host system.
Virus malware is only distributed over the Internet.
A virus is triggered by an event on the host system.
What two types of hackets are typically classified as grey hat hackers? (Choose two answers.)
State-sponsored hackers
Hacktivists
Script Kiddies
Cyber Criminals
Vulnerability Brokers
Hacktivists and Vulnerability Brokers
What type of DNS attack involves the cybercriminal compromising a parent domain and creating multiple subdomains to be used during the attacks?
Shadowing
What is the role of an IPS?
To detect patterns of malicious traffic by the use of signature files
To enforce access control policies based on packet content
To filter traffic based on defined rules and connection context
To filter traffic based on Layer 7 information
To detect patterns of malicious traffic by the use of signature files.
What category of security attacks does man-in-the-middle belong?
Access
What specialized network device is responsible for enforcing access control policies between networks?
Firewall
What cyber attack involves a coordinated attack from a botnet of zombie computers?
DDoS
What three items are components of the CIA triad? (Choose three answers.)
Access
Integrity
Scalability
Availability
Confidentiality
Intervention
Integrity, Availability and Confidentiality
What type of malware has the primary objective of spreading across the network?
Worm
What objective of secure communication is achieved by encrypting data?
Confidentiality
What cause a buffer overflow?
Launching a security countermeasure to mitigate a Trojan horse
Downloading and installing too many software updates at one time
Attempting to write more data to a memory location than that location can hold
Sending too much information to two or more interfaces of the same device, thereby causing dropped packets
Sending repeated connections such as Telnet to a particular device, thus denying other data sources
Attempting to write more data to a memory location than that location can hold
The IT department is reporting that a company web server is receiving an abnormally high number of web page requests from different locations simultaneously. Which type of security attack is occurring?
DDoS (Distributed Denial of Service)