M7Q30: Attacks & Vulnerabilities Flashcards

1
Q

The term Malware includes viruses, worms, trojan horses, spyware, adware, ransomware and other types of malicious software written specifically to harm and infect a host system.

A. True
B. False

A

A. True

Explanation: The term Malware encompasses all malicious software designed to harm and infect a host system. If a network node becomes infected with any form of Malware it is called a “compromised system”. Compromised systems can give away the fact that they are compromised by generating traffic on the network that is abnormal and otherwise unexplainable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

When a server or system is attacked in such a way that it is flooded with traffic and unable to respond to legitimate requests is referred to as a _______________ attack.

A. Session Hijacking
B. Brute Force
C. Main-in-the-middle
D. Denial of Service

A

D. Denial of Service

Explanation: A Denial of Service (DoS) attack is an attack that overburdens the target with a flood of traffic/requests until all of it’s resources are completely tapped out and it becomes unable to respond to legitimate traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following is a type of man-in-the-middle attack in which the communicating devices on a company LAN have their layer 2 frames redirected to the attacker who also resides on the same LAN.

A. VLAN Hopping
B. ARP Poisoning
C. Session Hijacking
D. Smurf Attack

A

B. ARP Poisoning

Explanation: In an ARP Poisoning attack the attacker must be on the same network as the targets. This is because the attacker uses forged ARP messages to poison the target computer’s ARP cache with the MAC address of the attacker. After the ARP cache has bee poisoned all future communications (layer 2 frames) will be sent to the attackers computer instead of to the intended destination.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following types of attacks is a type of Denial of Service attack in which spoofed ICMP messages are sent as an IP directed broadcast to flood a target host with ICMP traffic?

A. VLAN Hopping
B. ARP Poisoning
C. Session Hijacking
D. Smurf Attack

A

D. Smurf Attack

Explanation: Smurf attacks were a very common type of attack until router manufacturers started disabling the IP directed broadcast feature on routers by default. With IP directed broadcast turned on a simple ping message can be sent through a router and it will enter the network as a broadcast message in which all the hosts who receive the broadcasted ping would reply to it. In this case the smurfed victim’s IP address is known and is spoofed (forged) into the ping packets making it seem like the pings came from the victim. This causes all the hosts that received the IP directed broadcast ping to reply to the ping sending large amounts of ICMP traffic to the victim all at the same time effectively taking it offline.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

End User Awareness training is the worst way for a company to defend against social engineering attacks.

A. True
B. False

A

B. False

Explanation: Because people/employees/end users are the targets of social engineering attacks the best way to defend against them is to make sure users are properly trained in User/Security Awareness. If users understand the different ways they can be manipulated by social engineering then they will be more aware of the events when they manifest and much more likely not to fall for them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

One major vulnerability in networks is the usage of unsecure protocols such as Telnet and SNMPv2.

A. True
B. False

A

A. True

Explanation: Unsecure protocols like Telnet and SNMPv2 send information in clear text and don’t require password challenges or message digests. In these cases organizations should be sure to use the secure versions of these protocols such as SSH and SNMPv3.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

It’s okay to have well known ports such as TCP 80 opened up from the outside of a firewall to the inside of the network.

A. True
B. False

A

B. False

Explanation: Unnecessary open TCP ports are a huge vulnerability and the network perimeter devices such as firewalls must be managed meticulously to make sure the network edge is secure and there are no ports opened in a such a way that it exposes the internal network to the Internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly