Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

BYU-i CIT270 2021 > Module 8 > Flashcards

Module 8 Flashcards

1
Q

What is the result of an ARP poisoning attack?

  • MAC addresses are altered.
  • Users cannot reach a DNS server.
  • An internal DNS must be used instead of an external DNS.
  • The ARP cache is compromised.
A

-The ARP cache is compromised.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the difference between a DoS and a DDoS attack?

  • DoS attacks use more memory than DDoS attacks.
  • DoS attacks do not use DNS servers as DDoS attacks do.
  • DoS attacks are faster than DDoS attacks.
  • DoS attacks use fewer computers than DDoS attacks.
A

-DoS attacks use fewer computers than DDoS attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Tomaso is explaining to a colleague the different types DNS attacks. Which DNS attack would only impact a single user?

  • DNS resource attack
  • DNS poisoning attack
  • DNS overflow attack
  • DNS hijack attack
A

In a DNS poisoning attack, the local HOSTS file contains an entry to a malicious DNS server. This allows the threat actor to control all websites that a user attempts to visit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following is NOT true about VBA?

  • It is included in select non-Microsoft products.
  • It is being phased out and replaced by PowerShell.
  • It is built into most Microsoft Office applications.
  • It is commonly used to create macros.
A

It is being phased out and replaced by PowerShell.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which attack intercepts communications between a web browser and the underlying OS?

  • DIG
  • ARP poisoning
  • Interception
  • Man-in-the-browser (MITB)
A

Like an MITM attack, a man-in-the-browser (MITB) attack intercepts communication between parties to steal or manipulate the data. Whereas an MITM attack occurs between two endpoints—such as between two user laptops or a user’s computer and a web server—an MITB attack occurs between a browser and the underlying computer. Specifically, an MITB attack seeks to intercept and then manipulate the communication between the web browser and the security mechanisms of the computer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following best describes VBA?

  • VBA is a command language interpreter.
  • VBA is a network assessment tool.
  • VBA is a hardware network security device.
  • VBA is an event-driven programming language.
A

Visual basic for applications (VBA) is an event-driven programming language. VBA allows developers and users to automate processes that normally would take multiple steps or levels of steps.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following correctly differentiates between Tcpreplay and Tcpdump?

  • Tcpdump is a packet capture tool without GUI, whereas Tcpreplay is a packet capture tool with GUI.
  • Tcpdump can analyze, edit, and load the edited packet back to the network, whereas Tcpreplay can only be used to analyze the packets.
  • Tcpdump is a packet capture tool with GUI, whereas Tcpreplay is a packet capture tool without GUI.
  • Tcpdump can only be used to analyze the packets, whereas Tcpreplay can analyze, edit, and load the edited packet back to the network.
A

Tcpdump is a command line packet analyzer. It displays TCP/IP packets and other packets being transmitted or received over a network. Tcpreplay is a tool for editing packets and then “replaying” the packets back onto the network to observe their behavior.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Maze must establish a communication channel between two data centers. After conducting a study, she came up with the idea of establishing a wired connection between them since they have to communicate in unencrypted form. Considering the security requirements, Maze proposed using an alarmed carrier PDS over a hardened carrier PDS. Why would Maze make this suggestion in her proposal?

  • Data transmission between buildings wouldn’t be possible if they used a hardened carrier PDS.
  • Network speeds would be slowed too much if they used a hardened carrier PDS.
  • Using a hardened carrier PDS would restrict their ability to transfer large amounts of data.
  • Using a hardened carrier PDS would require someone to conduct periodic visual inspections.
A

A hardened carrier PDS requires regular visual inspections. An alarmed carrier PDS provides continuous monitoring and does not require visual inspection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A source computer’s ability to reach a specified destination computer can be tested using which of the following?

  • ipconfig
  • ifconfig
  • curl
  • ping
A

Ping sends ICMP packets to test the source computer’s ability to reach a specified destination computer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

You oversee your company’s physical security, and you are asked to protect their CCTV cameras. The cameras are installed along the pathway, mounted on poles. They need protection from being physically handled by potential intruders. Which of the following fencing deterrents should you use?

  • Rotating spikes
  • Roller barrier
  • Anti-climb collar
  • Bollards
A

An anti-climb collar is a spiked collar that extends horizontally in the pole, preventing anyone from climbing it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following best describes a mantrap?

  • A mantrap is a small space with two separate sets of interlocking doors.
  • A mantrap separates threat actors from defenders.
  • A mantrap cools a server room by trapping body heat.
  • A mantrap is a challenge given to cybersecurity experts.
A

A mantrap is a small space having two separate sets of interlocking doors in which only one door is opened at a time, and if the man is a fraud, he will be locked in a mantrap.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Tyler is a cybersecurity expert assigned to look after the security of a public DNS server. One day, during his usual inspection of the DNS server, he found that the DNS table has been altered, resulting in URL redirection for some users.

  • XSS
  • DNS poisoning
  • DDoS
  • DNS hijacking
A

DNS hijacking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following is a third-party network analysis tool?

  • netstat
  • hping
  • nmap
  • curl
A

Correct. nmap is a third-party tool used for network discovery and security auditing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following can prevent macros attacks?

  • VBA
  • Private DNS server
  • Protected view
  • PowerShell
A

“Protected view” allows users to open suspicious files in a protected view so that macros embedded in the file do not automatically run.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

You are a cyber forensic expert wanting to protect devices retrieved from a crime scene from being remotely wiped of evidence. Which of the following physical security equipment should you use so that inbound and outbound signals cannot be sent or received?

  • Cable locks
  • Protected cable distribution
  • Mantraps
  • Faraday bags
A

Faraday bags are often used in crime scene investigations. Phones, tablets, or laptops found on scene are placed in faraday bags, thus eliminating inbound and outbound signals and preventing the devices from being remotely wiped of evidence.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which utility sends custom TCP/IP packets?

  • shape
  • hping
  • pingpacket
  • curl
A

Hping sends custom TCP/IP packets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Deacon has observed that the switch is broadcasting all packets to all devices. He suspects it is the result of an attack that has overflowed the switch MAC address table. Which type of attack is this?

  • MAC flooding attack
  • MAC spoofing attack
  • MAC cloning attack
  • MAC overflow attack
A

MAC flooding attack

A threat actor will overflow the switch with Ethernet packets that have been spoofed so that every packet contains a different source MAC address, each appearing to come from a different endpoint. This can quickly consume all the memory (called the content addressable memory or CAM) for the MAC address table. Once the MAC address table is full and is unable to store any additional MAC address, the switch enters a fail-open mode and functions like a network hub, broadcasting frames to all ports.

18
Q

Tomaso is explaining to a colleague the different types DNS attacks. Which DNS attack would only impact a single user?

  • DNS poisoning attack
  • DNS resource attack
  • DNS overflow attack
  • DNS hijack attack
A

In a DNS poisoning attack, the local HOSTS file contains an entry to a malicious DNS server. This allows the threat actor to control all websites that a user attempts to visit.

19
Q

Your enterprise is hosting a web app that has limited security. As a security administrator, you are asked to take appropriate measures to restrict threat actors from hijacking users’ sessions. Which of the following is the most appropriate action for you to take?

  • You should mention “log off after visit” on the web app.
  • You should encrypt the session ID displayed on the URL.
  • You should implement cryptography using OpenSSL.
  • You should provide each user a unique static session ID.
A

You should implement cryptography using OpenSSL

20
Q

You are a security administrator asked to create a certificate signing request (CSR) to secure your enterprise’s website. Which of the following tools should you use to accomplish this?

  • Cuckoo
  • OpenSSL
  • Nessus
  • sn1per
A

OpenSSL is a cryptography library that offers open-source applications of the TLS protocol. OpenSSL can be used to perform various SSL-related tasks, including creating a CSR.

21
Q

Which of the following is physical security equipment for computer hardware?

  • Bollards
  • Faraday cage
  • Robot sentry
  • Alarmed carrier PDS
A

A Faraday cage is a metallic cage used to protect devices from electromagnetic fields.

22
Q

During an interview, you are provided the following scenario:
The enterprise that you recently joined is using the ISP DNS server to resolve domain names. You are asked which specific attack will need to be mitigated first to secure the enterprise network.

  • MAC cloning
  • Session replay attack
  • DDoS attack
  • DNS hijacking
A

DNS hijacking

23
Q

Which of the following best describes trusted location in MS Office?

  • Trusted location is used to lock important files.
  • Trusted location allows you to run macros-enabled files with no security restrictions.
  • Trusted location is the place where operating system files are stored.
  • Trusted location allows you to prevent infected files from damaging the system.
A

Trusted location allows you to run macros-enabled files with no security restrictions

24
Q

Which of the following sensors can detect an object that enters the sensor’s field?
Group of answer choices

Object recognition

Proximity

IR verification

Field detection

A

Proximity

25
Q

Which of the following is NOT a Microsoft defense against macros?
Group of answer choices

  • Trusted domain
  • Trusted location
  • Protected View
  • Trusted documents
A

Trusted domain

26
Q

What type of attack results in the victim’s system not being able to perform its job function?

A. Man-in-the-middle

B. Spoofing

C. Denial of service

D. Port scanning

A

C. A denial of service attack involves the hacker causing a system to not perform its job role by overburdening the system with traffic. The DoS attack could cause the system to crash or slow the system down.

27
Q

A hacker has managed to poison everyone’s ARP cache so that all traffic to the Internet is being sent to the hacker’s system before being routed out to the Internet. What type of attack is this?

A. DDoS

B. DoS

C. Phishing

D. MITM

A

D. When the hacker positions himself between two systems and is receiving a copy of all traffic before passing it on to the real destination, this is a man-in-the-middle (MITM) attack.

28
Q

What file can the hacker modify after compromising your system that could lead you to the wrong web site?

A. sam

B. hosts

C. lmhosts

D. services

A

B. The hosts file on a system is used to resolve domain names to IP addresses and can be used by the hacker to lead you to the wrong web site if the hacker gains access to this file.

29
Q

What type of attack is a smurf attack?

A. DDoS

B. DoS

C. DNS poison

D. MITM

A

A. A smurf attack is an example of a DDoS attack. It involves the hacker spoofing the IP address so that ping messages appear to come from the victim. When all of the systems that were pinged reply to the ping message, they overburden the victim’s system.

30
Q

John has been studying techniques used by hackers and decides to send a packet to your system, but ensures that he alters the source IP address of the packet so it looks like it came from someone else. What type of attack is this?

A. Phishing

B. Pharming

C. Spim

D. Spoofing

A

D. Spoofing is when a hacker alters the source address of a message. IP spoofing is when the hacker alters the source IP address, MAC spoofing is when the hacker alters the source MAC address, and e-mail spoofing is when the hacker alters the source e-mail address of a message.

31
Q

Which of the following does not describe an area that separates threat actors from defenders?

A. DMZ

B. Air gap

C. Secure area

D. Containment space

A

D. This is fictitious and does not exist.

A, B, and C are accurate.

32
Q

Of the listed sensors, which is the best option to detect fire?

A. Proximity sensor
B. Temperature detection sensor
C. Motion detection sensor
D. Noise detection sensor

A

B. A temperature detection sensor can detect fire as a result of a rise in temperature.

33
Q

A mantrap is a physical security method that ______________?
A. Separates threat actors from defenders.
B. Captures body heat to cool a server room.
C. Is a controlled space with two sets of interlocking doors.
D. Uses a challenge and response.

A

C. A mantrap is a space with two doors where only one door at a time can be opened, trapping a fraudulent person attempting access.

34
Q

What can be used to secure electronic devices from electromagnetic spying and shield them from EMI?

A. DMZ
B. PDS
C. Faraday cage
D. Mantrap

A

C. A Faraday cage is a metallic enclosure that prevents the entry of escape of EMI.

35
Q

Which of the following is a GUI tool used to capture and analyze packets?

A. Tcpdump

B. PowerShell

C. Tcpreplay

D. Wireshark

A

D. Wireshark uses a GUI to display captured packets and for analysis.

36
Q

Max found someone is impersonating him after discovering that data sent to him was always being received by someone else in his enterprise network. He informed the network administrator about the issue. While inspecting the switch, the administrator discovered that the threat actor was another employee at the same enterprise.

As a senior security consultant, which of the following attacks should you mention in the charge sheet?

Group of answer choices

  • DNS poisoning
  • MAC cloning attack
  • DDoS attack
  • MITB attack
A

MAC cloning attack

37
Q

Which of the following best describes a faraday cage?

Group of answer choices

  • A Faraday cage is used to dispose of electronic waste.
  • A Faraday cage is an enclosure used to block electromagnetic fields.
  • A Faraday cage blocks suspicious packets from entering an electronic device.
  • A Faraday cage is used to charge the electronic devices.
A

A Faraday cage is an enclosure used to block electromagnetic fields.

38
Q

Which of the following best describes bash?

  • Bash is a physical security measure.
  • Bash is a network assessment tool.
  • Bash is computer hardware.
  • Bash is a command language interpreter.
A

Bash is a command language interpreter that is also used to write scripts

39
Q

Which of the following is a major objective of packet analysis?

  • Calculate employee work hours
  • Ensure physical security
  • Assess and secure networks
  • Estimate network cost
A

Assess and secure networks

By properly analyzing the packets, administrators can secure the network from attack and troubleshoot various issues within it.

40
Q

Calix was asked to protect a system from a potential attack on DNS. What are the locations he would need to protect?

  • Host table and external DNS server
  • Web browser and browser add-on
  • Reply referrer and domain buffer
  • Web server buffer and host DNS server
A

Host table and external DNS server

DNS poisoning modifies a local lookup table on a device to point to a different domain. DNS hijacking is intended to infect an external DNS server with IP addresses that point to malicious sites.

BYU-i CIT270 2021 (17 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions