What is the result of an ARP poisoning attack?
- MAC addresses are altered.
- Users cannot reach a DNS server.
- An internal DNS must be used instead of an external DNS.
- The ARP cache is compromised.
-The ARP cache is compromised.
What is the difference between a DoS and a DDoS attack?
- DoS attacks use more memory than DDoS attacks.
- DoS attacks do not use DNS servers as DDoS attacks do.
- DoS attacks are faster than DDoS attacks.
- DoS attacks use fewer computers than DDoS attacks.
-DoS attacks use fewer computers than DDoS attacks.
Tomaso is explaining to a colleague the different types DNS attacks. Which DNS attack would only impact a single user?
- DNS resource attack
- DNS poisoning attack
- DNS overflow attack
- DNS hijack attack
In a DNS poisoning attack, the local HOSTS file contains an entry to a malicious DNS server. This allows the threat actor to control all websites that a user attempts to visit.
Which of the following is NOT true about VBA?
- It is included in select non-Microsoft products.
- It is being phased out and replaced by PowerShell.
- It is built into most Microsoft Office applications.
- It is commonly used to create macros.
It is being phased out and replaced by PowerShell.
Which attack intercepts communications between a web browser and the underlying OS?
- DIG
- ARP poisoning
- Interception
- Man-in-the-browser (MITB)
Like an MITM attack, a man-in-the-browser (MITB) attack intercepts communication between parties to steal or manipulate the data. Whereas an MITM attack occurs between two endpoints—such as between two user laptops or a user’s computer and a web server—an MITB attack occurs between a browser and the underlying computer. Specifically, an MITB attack seeks to intercept and then manipulate the communication between the web browser and the security mechanisms of the computer.
Which of the following best describes VBA?
- VBA is a command language interpreter.
- VBA is a network assessment tool.
- VBA is a hardware network security device.
- VBA is an event-driven programming language.
Visual basic for applications (VBA) is an event-driven programming language. VBA allows developers and users to automate processes that normally would take multiple steps or levels of steps.
Which of the following correctly differentiates between Tcpreplay and Tcpdump?
- Tcpdump is a packet capture tool without GUI, whereas Tcpreplay is a packet capture tool with GUI.
- Tcpdump can analyze, edit, and load the edited packet back to the network, whereas Tcpreplay can only be used to analyze the packets.
- Tcpdump is a packet capture tool with GUI, whereas Tcpreplay is a packet capture tool without GUI.
- Tcpdump can only be used to analyze the packets, whereas Tcpreplay can analyze, edit, and load the edited packet back to the network.
Tcpdump is a command line packet analyzer. It displays TCP/IP packets and other packets being transmitted or received over a network. Tcpreplay is a tool for editing packets and then “replaying” the packets back onto the network to observe their behavior.
Maze must establish a communication channel between two data centers. After conducting a study, she came up with the idea of establishing a wired connection between them since they have to communicate in unencrypted form. Considering the security requirements, Maze proposed using an alarmed carrier PDS over a hardened carrier PDS. Why would Maze make this suggestion in her proposal?
- Data transmission between buildings wouldn’t be possible if they used a hardened carrier PDS.
- Network speeds would be slowed too much if they used a hardened carrier PDS.
- Using a hardened carrier PDS would restrict their ability to transfer large amounts of data.
- Using a hardened carrier PDS would require someone to conduct periodic visual inspections.
A hardened carrier PDS requires regular visual inspections. An alarmed carrier PDS provides continuous monitoring and does not require visual inspection.
A source computer’s ability to reach a specified destination computer can be tested using which of the following?
- ipconfig
- ifconfig
- curl
- ping
Ping sends ICMP packets to test the source computer’s ability to reach a specified destination computer.
You oversee your company’s physical security, and you are asked to protect their CCTV cameras. The cameras are installed along the pathway, mounted on poles. They need protection from being physically handled by potential intruders. Which of the following fencing deterrents should you use?
- Rotating spikes
- Roller barrier
- Anti-climb collar
- Bollards
An anti-climb collar is a spiked collar that extends horizontally in the pole, preventing anyone from climbing it.
Which of the following best describes a mantrap?
- A mantrap is a small space with two separate sets of interlocking doors.
- A mantrap separates threat actors from defenders.
- A mantrap cools a server room by trapping body heat.
- A mantrap is a challenge given to cybersecurity experts.
A mantrap is a small space having two separate sets of interlocking doors in which only one door is opened at a time, and if the man is a fraud, he will be locked in a mantrap.
Tyler is a cybersecurity expert assigned to look after the security of a public DNS server. One day, during his usual inspection of the DNS server, he found that the DNS table has been altered, resulting in URL redirection for some users.
- XSS
- DNS poisoning
- DDoS
- DNS hijacking
DNS hijacking
Which of the following is a third-party network analysis tool?
- netstat
- hping
- nmap
- curl
Correct. nmap is a third-party tool used for network discovery and security auditing.
Which of the following can prevent macros attacks?
- VBA
- Private DNS server
- Protected view
- PowerShell
“Protected view” allows users to open suspicious files in a protected view so that macros embedded in the file do not automatically run.
You are a cyber forensic expert wanting to protect devices retrieved from a crime scene from being remotely wiped of evidence. Which of the following physical security equipment should you use so that inbound and outbound signals cannot be sent or received?
- Cable locks
- Protected cable distribution
- Mantraps
- Faraday bags
Faraday bags are often used in crime scene investigations. Phones, tablets, or laptops found on scene are placed in faraday bags, thus eliminating inbound and outbound signals and preventing the devices from being remotely wiped of evidence.
Which utility sends custom TCP/IP packets?
- shape
- hping
- pingpacket
- curl
Hping sends custom TCP/IP packets.
Deacon has observed that the switch is broadcasting all packets to all devices. He suspects it is the result of an attack that has overflowed the switch MAC address table. Which type of attack is this?
- MAC flooding attack
- MAC spoofing attack
- MAC cloning attack
- MAC overflow attack
MAC flooding attack
A threat actor will overflow the switch with Ethernet packets that have been spoofed so that every packet contains a different source MAC address, each appearing to come from a different endpoint. This can quickly consume all the memory (called the content addressable memory or CAM) for the MAC address table. Once the MAC address table is full and is unable to store any additional MAC address, the switch enters a fail-open mode and functions like a network hub, broadcasting frames to all ports.
Tomaso is explaining to a colleague the different types DNS attacks. Which DNS attack would only impact a single user?
- DNS poisoning attack
- DNS resource attack
- DNS overflow attack
- DNS hijack attack
In a DNS poisoning attack, the local HOSTS file contains an entry to a malicious DNS server. This allows the threat actor to control all websites that a user attempts to visit.
Your enterprise is hosting a web app that has limited security. As a security administrator, you are asked to take appropriate measures to restrict threat actors from hijacking users’ sessions. Which of the following is the most appropriate action for you to take?
- You should mention “log off after visit” on the web app.
- You should encrypt the session ID displayed on the URL.
- You should implement cryptography using OpenSSL.
- You should provide each user a unique static session ID.
You should implement cryptography using OpenSSL
You are a security administrator asked to create a certificate signing request (CSR) to secure your enterprise’s website. Which of the following tools should you use to accomplish this?
- Cuckoo
- OpenSSL
- Nessus
- sn1per
OpenSSL is a cryptography library that offers open-source applications of the TLS protocol. OpenSSL can be used to perform various SSL-related tasks, including creating a CSR.
Which of the following is physical security equipment for computer hardware?
- Bollards
- Faraday cage
- Robot sentry
- Alarmed carrier PDS
A Faraday cage is a metallic cage used to protect devices from electromagnetic fields.
During an interview, you are provided the following scenario:
The enterprise that you recently joined is using the ISP DNS server to resolve domain names. You are asked which specific attack will need to be mitigated first to secure the enterprise network.
- MAC cloning
- Session replay attack
- DDoS attack
- DNS hijacking
DNS hijacking
Which of the following best describes trusted location in MS Office?
- Trusted location is used to lock important files.
- Trusted location allows you to run macros-enabled files with no security restrictions.
- Trusted location is the place where operating system files are stored.
- Trusted location allows you to prevent infected files from damaging the system.
Trusted location allows you to run macros-enabled files with no security restrictions
Which of the following sensors can detect an object that enters the sensor’s field?
Group of answer choices
Object recognition
Proximity
IR verification
Field detection
Proximity
