Score Common TCP/IP Attacks Flashcards

Question 1

Q

TCP/IP include for main protocols ?

Answer

A

Ip
TCP
UPD
ICMP

Question 2

Q

What is a MITM attack ?

Answer

A

An MITM attack intercepts communication between two systems. Essentially, the attacker inserts a device into a network that grabs packets that are streaming past. Those packets are then modified and placed back on the network for forwarding to their original destination.

Question 3

Q

What is Session Hijacking ?

Answer

A

Session hijacking is a twist on the MITM attack. The attacker gains physical access to the network, initiates a MITM attack, and then hijacks that session. In this manner, an attacker can illicitly gain full access to a destination computer by assuming the identity of a legitimate user. The legitimate user sees the login as successful but then is cut off. Subsequent attempts to log back in might be met with an error message that indicates that the user ID is already in use.

Question 4

Q

what is Ip address spoofing ?

Answer

A

Attackers spoof the source IP address in an IP packet. IP spoofing can be used for several purposes. In some scenarios, an attacker might want to inspect the response from the target victim (non-blind spoofing); in other cases, the attacker might not care (blind spoofing). Blind IP address spoofing is most frequently used in DoS attacks. Some reasons for non-blind spoofing include sequence-number prediction, hijacking an authorized session, and determining the state of a firewall.

Question 5

Q

Describe a DoS attack

Answer

A

an attacker attempts to prevent legitimate users from accessing information or services. By targeting your computer and its network connection, or the computers and network of the sites that you are trying to use, an attacker may be able to prevent you from accessing email, websites, online accounts, or other services that rely on the affected computers.

Question 6

Q

What is a DDos

Answer

A

A DDoS attack is a DoS attack that features a simultaneous, coordinated attack from multiple source machines. The best-known example of a DDoS attack is the “smurf” attack.

Question 7

Q

What is a Resource exhaustion attack ?

Answer

A

Resource exhaustion attacks are forms of DoS attacks. These attacks cause the server’s or network’s resources to be consumed to the point where the service is no longer responding, or the response is significantly reduced. By targeting IP routers, an attacker may adversely affect the integrity and availability of the network infrastructure, including end-to-end IP connectivity. Router resources that are commonly affected by packet flood attacks include the following: CPU, packet memory, route memory, network bandwidth, and vty lines.

Question 8

Q

a connectionless protocol that is mainly used to route information across the internet

Question 9

Q

a connectionless protocol that does not use any port number and works on the network layer

Question 10

Q

What does ICMP unreachables mean ?

Answer

A

ICMP unreachables are commonly used by attackers to perform network reconnaissance. In cyber security, network reconnaissance refers to the act of scanning the target network to gather information about the target.

Question 11

Q

What is ICMP mask reply ?

Answer

A

A feature that malicious insiders or outsiders can use to map your IP network. This feature allows the router to tell a requesting endpoint what the correct subnet mask is for a given network.

Question 12

Q

describe an ICMP redirect attacks ?

Answer

A

A router uses IP redirects to inform the sender of a better route to a destination, intended for hosts on its directly connected networks. However, attackers can exploit this to send an ICMP redirect to a victim’s host, redirecting all traffic through a router they control. This ICMP redirect attack is a type of MITM attack, where the attacker intercepts all communication between the source and destination.

Question 13

Q

What is ICMP router discovery ?

Answer

A

ICMP Router Discovery Protocol (IRDP) allows hosts to locate routers that can be used as a gateway to reach IP-based devices on other networks. Because IRDP does not have any form of authentication, it is impossible for end hosts to tell whether the information they receive is valid or not. Therefore, an attacker can perform a MITM attack using IRDP.

Question 14

Q

What is Firewalk ?

Answer

A

Firewalking is an active reconnaissance technique that employs traceroute like techniques to analyze IP packet responses to determine the gateway access list filters and map out the networks.

Question 15

Q

What is ICMP tunneling ??

Answer

A

An ICMP tunnel creates a hidden connection between two remote computers using ICMP echo requests and replies. This method can bypass firewall rules by disguising traffic within ICMP packets. Without deep packet inspection or log review, detecting this type of tunneling traffic is difficult.

Question 16

Q

what is ICMP-based operating system fingerprinting

Answer

A

Operating system fingerprinting identifies the OS running on a device. ICMP can be used for active scanning; for example, a TTL value of 128 typically indicates a Windows machine, while a TTL of 64 suggests a Linux-based system.

Question 17

Q

what are the DoS service attacks that use ICMP

Answer

A

ICMP flood attack
Smurf attack

Question 18

Q

What is a ICMP flood attack

Answer

A

The attack overwhelms the targeted resource with ICMP echo request packets, large ICMP packets, and other ICMP types to significantly saturate and slow down the victims network infrastructure.

Question 19

Q

Which information can an attacker use within the ICMP to determine which type of operating system the device is running?

total length

TTL value

version

checksum

Answer

A

TTL value

Question 20

Q

Which option is used to establish a covert connection between two remote computers, using ICMP echo requests and reply packets, and which can be used to bypass firewall rules?

Smurf attack

Firewalking

ICMP tunneling

ICMP-based operating system fingerprinting

Answer

A

ICMP tunneling

Question 21

Q

Which application-layer protocol that uses UDP to manage and monitor devices on the network could be exploited if it is not secured on devices?

TFTP

SNMP

HTTPS

FTP

SMTP

Question 22

Q

what is the UDP Vulnerabilities with checksum ?

Answer

A

Optional and easily recomputed, making it vulnerable to alteration by attackers.

Question 23

Q

What are the different UDP Vulnerabilities ?

Answer

A

Checksum:
Source Verification
Eavesdropping
No Encryption

Question 24

Q

What are common UDP attacks ?

Answer

A

Dos Attacks
Source IP spoofing

Question 25

Q

The total sum of all the vulnerabilities in a given computing device or network that are accessible to the attackers.

Answer

A

Attack surface

Attack surface may be categorized into different areas, such as software attack surfaces (open ports on a server), physical attack surfaces (USB ports on a laptop), network attack surfaces (console ports on a router)

Question 26

Q

The paths or means by which the attackers gain access to a resource (such as end-user hosts or servers) to deliver malicious software or malicious outcome

Answer

A

Attck vector

Question 27

Q

What are the four categories that attack surfaces are divided into ?

Answer

A

The network attack surface
The software attack surface
The physical attack surface
The social engineering attack surface

Question 28

Q

What is the network attack surface ?

Answer

A

The network attack surface comprises all vulnerabilities that are related to ports, protocols, channels, devices (smartphones, laptops, routers, and firewalls), services, network applications, and even firmware interfaces.

Question 29

Q

What does CVE stand for ?

Answer

A

Common Vulnerabilites and Exposures

Question 30

Q

What is the software attack surface ?

Answer

A

It is the complete profile of all functions in any code that is running in a given system that is available to an unauthenticated user.

An attacker or malware can exploit various vulnerabilities to gain access and execute code on a target machine. The software attack surface includes applications, email services, configurations, databases, executables, DLLs, web pages, mobile apps, device OS, and more.

Question 31

Q

What is the physical attack surface ?

Answer

A

The physical attack surface is composed of the security vulnerabilities in a given system that are available to an attacker in the same location as the target.

The physical attack surface is exploitable through inside threats such as rogue employees, social engineering ploys, and intruders who are posing as service workers.

Question 32

Q

What is social engineering attack surface ?

Answer

A

It is usually takes advantage of human psychology: the desire for something free, the susceptibilty to destractionm or the desire to be loked or to be helpful .

Question 33

Q

What is Reconnaissance ?

Answer

A

The attacker attempts to gather information about targeted computers or networks that can be used as a preliminary step toward a further attack seeking to exploit the target system

Question 34

Q

what are known vulnerabilities ?

Answer

A

The attacker finds a weakness in hardware and software and then exploits those vulnerabilities. There are several online resources that publish information about vulnerabilities that have been discovered in different systems. Often, a proof-of-concept attack code will be provided with the vulnerability disclosure.

Question 35

Q

What is a SQL injection ?

Answer

A

This attack works by manipulating the SQL database queries that the web application sends. An application can be vulnerable if it does not sanitize user input properly or uses untrusted parameter values in database queries without validation.

Question 36

Q

What is Phishing ?

Answer

A

The attacker sends out spam emails to thousands of recipients. The email contains a link to a malicious site that has been set up to look like, for instance, a regular bank’s site.

Question 37

Q

What is malware ?

Answer

A

Short for “malicious software,” malware may be computer viruses, worms, Trojan horses, dishonest spyware, and malicious rootkits.

Question 38

Q

What is a Weak authentication attack ?

Answer

A

These attacks exploit weak authentication, such as guessable passwords, lack of account lockout after failed attempts, or insecure password reset methods.

Question 39

Q

cWhich two options might be considered attack surfaces in the network environment? (Choose two.)

open ports

privacy settings

use of SSH

use of Telnet

Answer

A

Use of Telnet
Open ports

Question 40

Q

Which type of a common security threat can be solved by patching the operating system or hardware device?

phishing

SQL injection

malware

known vulnerabilities

weak authentication

Answer

A

known vulnerabilities

Question 41

Q

An attempt to learn more about the intended victim before attempting a more intrusive attack, such as actual access or DoS.

Answer

A

A reconnaissance attack

Question 42

Q

What are four main subcategories or methods for gathering network data

Answer

A

Packet sniffers / packet analysis,
Ping sweeps
port scans
information queries

Question 43

Q

What is packet sniffing ?

Answer

A

its the process of capturing any data this is passed over the local network and looking for any information that may be useful to an attacker.

Question 44

Q

What are ping sweeps ?

Answer

A

ping sweep is another kind of network probe. In a ping sweep, the attacker sends a set of ICMP echo packets to a network of machines, usually specified as a range of IP addresses, and sees which ones respond.

Question 45

Q

What are port scans ?

Answer

A

A port scanner is a software program that surveys a host network for open ports. As ports are associated with applications, the attacker can use the port and application information to determine a way to attack the network.

Question 46

Q

Describe information queries

Answer

A

Information queries can resolve hostnames to IP addresses or vice versa, often using the nslookup command. To use it, open a command prompt and enter nslookup followed by the IP address or hostname.

Question 47

Q

Which three options are methods that are used by an attacker while gathering network data? (Choose three.)

unplug network devices

packet sniffer

port sniffer

ping sniffer

ping sweeps

port scans

Answer

A

Packet sniffer
port scans
ping sweeps

Question 48

Q

These are examples of what ?

User groups
website
shodan

Answer

A

Passive Reconnaissance

Question 49

Q

These are examples of what ?

Port Scans
DNS Lookups
Ping Sweeps
Traceroute
OS Fingerprinting

Answer

A

Active reconnaissance

Question 50

Q

What is the purpose of the Shodan Search Engine ?

Answer

A

can help an attacker identify a specific device, such as a computer, router, and server.

Question 51

Q

What is the Robot.txt file ?

Answer

A

The Robots.txt file is publicly available and found on websites that give instructions to web robots (also known as search engine spiders) about what is and is not visible using the robots exclusion protocol. An attacker can find the Robots.txt file in the root directory of a target website.

Question 52

Q

What is the purpose of NMAP port scans ?

Answer

A

Port scanning tools like Nmap can cycle through all well-known ports to provide a complete list of all services that are running on the hosts. Nmap is an open-source tool that is specialized in network exploration and security auditing.

Question 53

Q

An attempt to access another user’s account or network device through improper, unauthorized means.

Answer

A

Access attack

Question 54

Q

What are password attacks ?

Answer

A

Password attack is typically used to obtain system access. When access is obtained, the attacker is able to read, modify, or delete data and also add, modify, or remove network resources.

Question 55

Q

what is Spoofing/masquerading ?

Answer

A

Spoofing/masquerading attack is a situation in which one person or program successfully masquerades as another by falsifying data and gaining illegitimate access.

Question 56

Q

What is session hijacking ?

Answer

A

Session hijacking is an attack in which the session established by the client to the server is taken over by a malicious person or process

Question 57

Q

What is malware ?

Answer

A

Malware is used to infect the victim’s system with malicious software.

Question 58

Q

Which option is an attack in which the session established by the client to the server is taken over by a malicious person or process?

password attack

spoofing/masquerading attack

session hijacking

malware

Answer

A

Session hijacking

Question 59

Q

What are the different OSI layer MITM attacks ?

Answer

A

Physical layer
Data link layer
Network Layer
Session Layer
Application Layer

Question 60

Q

Describe a Physical Layer MITM attack

Answer

A

Tap someone’s physical connection, and send all packets to the MITM

Question 61

Q

Describe a Data Link Layer MITM attack

Answer

A

Use ARP poisoning to cause victims to send all their packets to the MITM

Question 62

Q

What is ARP poisoning ?

Answer

A

ARP-based MITM attack is achieved when an attacker poisons the ARP cache of two devices with the MAC address of the attacker’s network interface controller (NIC).

Question 63

Q

Describe a Session Layer MITM attack

Answer

A

The SSL/TLS MITM de-crypts, examines, then re-encrypts the HTTP over SSL/TLS traffic.

For this attack to work, the victim’s web browser must trust the certificate that is presented by the SSL/TLS MITM, which can be caused by first injecting some malware into the victim’s web browser.

Question 64

Q

Describe an Application Layer MITM attack

Answer

A

Man-in-the-browser attack. Like most attacks, man-in-the-browser begins with a malware infection. The malware injects itself into the victim’s web browser and waits in stealth mode until the user visits a specific website

Answer 62

A

An ICMP MITM attack is accomplished by spoofing an ICMP redirect message to any router that is in the path between the victim client and server

Answer 63

A

DNS spoofing is a man-in-the-middle attack that provides false DNS information, redirecting a user from the legitimate website (e.g., https://www.xyzbank.com) to a fake one controlled by the attacker. This technique is used to steal sensitive information, like banking credentials, by directing users to a fraudulent site.

Answer 64

A

Similar to the DNS attack, DHCP server queries and responses are intercepted. This interception helps the attacker gain complete knowledge of the network, such as hostnames, MAC addresses, IP addresses, and DNS servers. This information is further used to plant advanced attacks to steal the information.

Answer 65

A

a system that has the ability to view the communication between two systems and imposes itself in the communication path between those other systems

Answer 66

A

A reflection attack

Answer 67

A

MAC address spoofing

Answer 68

A

Ip address spoofing
MAC address spoofing
Application or service spoofing

Answer 69

A

IP address spoofing is the most common type of spoofing. To perform IP address spoofing, attackers use source IP addresses that are different than their real IP addresses.

Answer 70

A

To perform MAC address spoofing, attackers use MAC addresses that are not their own. MAC address spoofing is generally used to exploit weakness at Layer 2 of the network.

Answer 71

A

Application or service spoofing exploits the trust users or systems place in recognized or reputable sources to gain access to confidential information, propagate malware, or perform other malicious activities. an example is DHCP spoofing

Answer 72

A

the attacker runs DHCP server software and replies to DHCP requests from legitimate clients. As a rogue DHCP server, the attacker can cause a DoS by providing invalid IP information. The attacker can also perform confidentiality or integrity breaches via a man-in-the-middle attack

Answer 73

A

A DHCP starvation attack works by the broadcasting of DHCP requests with spoofed MAC addresses. If enough requests are sent, the network attacker can exhaust the address space available to the DHCP servers in a time period.

Answer 74

A

a rogue DHCP server

Answer 75

A

a attacker can either manually enter passwords or use a software tool to automate the process. Truly weak passwords can be susceptible to a lone attacker who is making informed guesses.

Answer 76

A

Brute-force password attacks are performed by computer programs that are called “password crackers.” A password cracker performs a brute force crack by systematically trying every possible password until it succeeds.

Answer 77

A

A dictionary attacks use word lists to structure log-in attempts. Word lists can contain millions of words, including words from natural language dictionaries and sports team names, profanity, and slang. Dictionary attacks are not always successful and are often attempted before a brute-force attack.

Answer 78

A

are a type of cyberattack where attackers use deceptive tactics to trick individuals into revealing sensitive information, such as login credentials, financial information, or personal details.

Answer 79

A

Cain and Abel, John the Ripper, OphCrack, and L0phtCrack.

Answer 80

A

brute force

Answer 81

A

DNS tunneling is where another protocol or data is hidden in the DNS packets.

Answer 82

A

stealthy data exfiltration

issue CnC traffic to bots on the network

Answer 83

A

Monitor the DNS log for suspicious activities such as DNS queries with unusually long and suspicious domain names.

Deploy a solution such as Cisco Umbrella to block the DNS tunneling traffic from going out to the malicious domains.

Answer 84

A

deploy a solution such as Cisco Umbrella to block the DNS tunneling traffic

monitor the DNS log for suspicious activities

Answer 85

A

Use Cisco Umbrella to block access to malicious websites.

Deploy Cisco Web Security Appliance (WSA) to enhance web security and block malicious sites.

Educate users on how HTTP 302 redirections can lead to malicious web pages that exploit their devices.

Answer 86

A

The browser is redirected to the malicious web page that delivers the exploit to the victim’s machine through a series of HTTP 302 redirections

Answer 87

A

identify a temporary URL redirection for a website and redirect the user to it

Answer 88

A

command injection

Answer 89

A

cross-site scripting
SQL injection

Answer 90

A

application developers should follow the best practices to perform proper user unput validation

Deploy an intrusion prevention system (IPS) solution to detect and prevent malicious command injections.

Answer 91

A

The goal of a command injection attack is to execute arbitrary commands on the web server’s OS via a vulnerable web application.

Answer 92

A

SQL injection

Answer 93

A

Application developers should follow the best practices to perform proper user input validation, constrain, and sanitize the user input data.

Deploy an IPS solution to detect and prevent malicious SQL injections.

Answer 94

A

The application was poorly programmed

User input was not sufficiently validated.

Answer 95

A

Stored (persistent)

Reflected (non-persistent)

Answer 96

A

Stored XSS is the most damaging type because it is permanently stored in the XSS-infected server. The victim receives the malicious script from the server whenever they visit the infected web page.

Answer 97

A

Reflected XSS attacks are typically delivered to the victims via an email message or through some other website. When the victim is tricked into clicking the infected link, the malicious script is reflected back to the victim’s browser, where it is executed.

Answer 98

A

XSS involves the injection of malicious scripts into web pages that are executed on the client-side in the user’s web browser. Malicious scripts can be used to gain access to users’ systems or sensitive information, such as session cookies.

Answer 99

A

Deploy a service such as Cisco Umbrella to block the users from accessing malicious websites.

Deploy a web proxy security solution, such as Cisco WSA, to block users from accessing malicious websites.

Deploy an IPS solution to detect and prevent malicious XSS or CSRF.

Educate end users—for example, how to recognize phishing attacks.

Answer 100

A

Cross-site request forgery is a web-based attack that can include unauthorized changes of user information or the extraction of user-sensitive data from a web application

Answer 101

A

Malicious scripts are injected into web pages and executed on the client side

Scripting languages used by XSS have security weaknesses.

Clicking an infected link causes a malicious script to run in a background process..

Answer 102

A

Attachment-based
Email spoofing
Spam
An open mail relay
Homoglyphs

Answer 103

A

Spam
attachment-based attacks
email address spoofing

Answer 104

A

Email spoofing is the creation of email messages with a forged sender address that is meant to fool the recipient into providing money or sensitive information

Answer 105

A

Spam is unsolicited email or “junk” mail that you receive in your inbox. Spam generally contains advertisements, but it can also contain malicious files

Answer 106

A

Embedding malicious content in business-appropriate files is most common for attachment-based attacks.

Answer 107

A

An open mail relay is a Simple Mail Transfer Protocol (SMTP) server that is configured to allow anyone—not just known corporate users—on the internet to send an email.

Brainscape's Knowledge GenomeTM

Score Common TCP/IP Attacks Flashcards

Brainscape's Knowledge Genome^TM