Network Threats and Mitigation

Question 1

Which of the following is a type of denial of service attack?

Ping of Death

Stacheldraht

SYN flood

All of the above

Answer 1

All of the above

A denial of service (DoS) attack prevents users from accessing the system. All of the options are possible denial-of-service attacks

Question 2

In which attack does the attacker set the session ID ahead of time by sending a link to the victim with the ID preset?

Session fixation

Cross-site scripting

Session sidejacking

Answer 2

Session fixation

Session fixation is an attack in which the attacker sets the session ID ahead of time by sending a link to the victim with the ID preset. Then when the user connects, the attacker waits for the authentication to complete and takes over the session by disconnecting the user and using the ID to reconnect

Question 3

Which type of virus impacts files with the filename extensions .com, .exe, and .dll?

File viruses

SYN flood

Smurf

Tribe Flood Network

Answer 3

File viruses

Options B, C, and D are all DoS attacks, so the only real answer is a file virus. A file virus attacks executable application and system program files scanning for networks

Question 4

In which type of attack does the attacker scan for networks using a high-powered antenna connected to a wireless laptop?

War driving

Evil twin

WEP cracking

Answer 4

War driving

In war driving, the attacker simply drives around with a high-powered antenna connected to a wireless laptop

Question 5

Monkey B, Michelangelo, Stoned, and Stealth Boot are examples of which type of virus?

Multipartite

Macro

Boot sector

Answer 5

Boot sector

These are all examples of boot-sector viruses that get into the master boot record. A boot-sector virus will overwrite the boot sector, thereby making it look as if there is no pointer to your operating system. When you power up the computer, you will see a Missing Operating System or Hard Disk Not Found error message

Question 6

Which type of virus affects both the boot sector and files on a computer?

Mulipartite

Macro

Tribe Flood Network 2000 (TFN2K)

Answer 6

Mulipartite

A multipartite virus is one that affects both the boot sector and files on your computer

Question 7

What is the main difference between a worm and a virus?

Worms require user action for replication; viruses do not.

Worms can be spread by email and viruses cannot.

Worms can replicate without user intervention; viruses cannot.

Answer 7

Worms can replicate without user intervention; viruses cannot.

A worm can actively replicate itself without user intervention, whereas a virus can be activated and spread only if a user opens an application

Question 8

What kind of attack involves the hacker attempting all combinations of characters for a password to gain access?

Packet sniffers

Brute force attack

Worm

Answer 8

Brute force attack

A brute force attack is a software-related attack that employs a program that is running on a targeted network to log in to some type of shared network resource like a server

Question 9

What type of security threat allows an attacker to learn your password through the use of an email or phone call?

Phishing

Man-in-the-middle attack

Rogue access point

Answer 9

Phishing

Social engineering, or phishing, refers to the act of attempting to illegally obtain sensitive information by pretending to be a credible source. Phishing usually takes one of two forms: an email or a phone call

Question 10

Which type of policy should be implemented to secure important company documents and materials when employees leave their workstations?

Clean housekeeping

Clean desk

Security audit

Answer 10

Clean desk

A clean-desk policy means that all important documents, such as books, schematics, confidential letters, and the like, are removed from the desk (and locked away) when employees leave their workstations

Question 11

If you implement a set of policies and procedures that define corporate information as confidential and then train employees on these procedures, what type of attack can you prevent?

Man-in-the-middle attacks

Smurf

Social engineering

Answer 11

Social engineering

It is important to train all employees by informing them that people may try to call and email them to gather information to attack the company. This is called phishing or social engineering

Question 12

What type of wireless frame populates the display when someone is scanning for wireless networks?

Probe response

Beacon

SSID

Answer 12

Beacon

When you set the AP to not broadcast the SSID, it will remove the SSID from packets called beacons (these are the packets that populate the display when you scan for networks) but the SSID will still be present in many other packet types

Question 13

What defines the appropriate response to a security event on a network?

Implementing security procedures

Installing a new router

Turning off the network

Answer 13

Implementing security procedures

A security procedure defines the appropriate response to a security event on your network

Question 14

Which of the following security mechanisms has been compromised?

WEP

802.11i

WPA2 Enterprise

Answer 14

WEP

Soon after WEP’s adoption as a security measure, it was discovered that due to a weakness in the way the algorithm was employed, programs that became widely available on the Internet could be used to crack the WEP key

Question 15

What process allows you to update your Windows-based operating system?

Technet

Windows Update

Text message

Answer 15

Windows Update

Windows Update is a utility that is typically automatically installed when you install Windows. The update engine will periodically scan your system for the version of Windows components you have installed and compare them to the most current versions available from Microsoft. If your software is out-of-date, a Windows Update dialog box will appear, asking if you want to install the software updates

Question 16

Why is it important to keep your system patched and up-to-date?

To completely stop your need for security

To increase the functionality of your applications

To fix system vulnerabilities

Answer 16

To fix system vulnerabilities

With so much code written for applications and operating systems, developers go back after the initial release to fix any problems that are uncovered. These fixes are released as hotfixes or patches

Question 17

Who is responsible for securing a crime scene and protecting the evidence from corruption?

First responder

CIO

Police

Answer 17

First responder

The first responder is responsible for securing the crime scene and protecting the evidence from corruption

Question 18

Which type of scanning allows an antivirus program to search for a virus even if there is no definition for it?

Signature-file scan

Database scan

Heuristic scan

Answer 18

Heuristic scan

Heuristic scanning allows for this type of scanning. The engine looks for suspicious activity that might indicate a virus

Question 19

What type of files need to be updated in order for your antivirus program to have the latest information about attacks and viruses?

Definition files

Email files

DOC (.doc) files

Answer 19

Definition files

Every week, you need to update your list of known viruses—called the virus definition files. You can do this manually or automatically through the manufacturer’s website. You can use a staging server within your company to download and then distribute the updates, or you can set up each computer to download updates.

Question 20

What type of scan can be done by an antivirus program?

Emergency

On-demand

On-access

All of the above

Answer 20

All of the above

An antivirus program examines the computer suspected of being infected and eradicates any viruses it finds using any of these methods