Sniffing

Question 1

A unique identifier of a network node, typically ID of NIC

Answer 1

MAC address

Question 2

Table used by switches.
Stores all available MAC addresses and their virtual LAN parameters for each port.

Answer 2

Content Addressable Memory (CAM) table

Question 3

Flooding the switch with thousands of MAC address mappings such that it cannot keep up.
When the table can’t keep up it starts sending every message out to every port. Allowed by the fixed size of the CAM table.

Answer 3

MAC flooding attack

Question 4

A security feature that prevents unauthorized DHCP servers from accessing a network. It’s a Layer 2 network switch feature that acts as a firewall between trusted DHCP servers and untrusted hosts

Answer 4

DHCP snooping

Question 5

Exhaust all available addresses from the server. Exploits that DHCP has a limited number of IP addresses to lease. A type of Denial of Service attack

Answer 5

DHCP starvation

Question 6

What are Yersinia & DHCPstarv?

Answer 6

DHCP starvation tools

Question 7

What feature is a defense against too many incoming ARP broadcasts.
Each port on VLAN is untrusted by default
Each IP to MAC conversion is validated using DHCP snooping binding database.

Answer 7

Dynamic ARP Inspection (DAI)

Question 8

Authentication & Configure DHCP snooping & Trusted sources are what?

Answer 8

DHCP starvation countermeasures

Question 9

Protocol that resolves domain names into IP addresses using default port 53.

Answer 9

DNS

Question 10

Manipulating the DNS table by replacing a legitimate IP address with a malicious one

Answer 10

DNS poisoning attack /DNS cache poisoning or DNS spoofing

Question 11

Active monitoring

Keep DNS servers up-to-date

Randomize source and destination IP, query IDs, during name requests

Use HTTPS and/or TLS for securing the traffic

Answer 11

DNS poisoning countermeasures

Question 12

Provides secure DNS data authentication by using digital signatures and encryption.
Adds cryptographic signatures to existing DNS records, stored in DNS name servers. Help verifying the true originator of DNS messaging

Answer 12

DNSSEC (Domain Name System Security Extension)

Question 13

Allows multiple separate LANs/networks on same switch through logical grouping

Answer 13

VLAN

Question 14

What is Frogger?

Answer 14

A tool used to execute the VLAN hopping attack

Question 15

Attacking the network resources of the VLAN by sending packets to a port not usually accessible from an end system. The main goal of this form of attack is to gain access to other VLANs on the same network

Answer 15

VLAN hopping attack

Question 16

A VLAN hopping attack can occur in what two ways?

Answer 16

Double tagging & switch spoofing

Question 17

One of the most popular network security hacking tools for Unix-like operating systems.

Answer 17

Yersinia

Question 18

Attacking host imitates a trunking switch

Answer 18

Switch spoofing

Question 19

An attack when threat actors add and modify tags on the Ethernet frame. This approach enables the sending of packets through any VLAN as the native untagged VLAN on the trunk

Answer 19

Double tagging

Question 20

Most popular routing protocol for IP networks. Dynamically discovers neighbors like RIPv2 and BPG (Border Gateway Protocol)

Answer 20

OSPF: Open Shortest Path First

Question 21

Placing a rogue router in target network e.g. remote branch/headquarters
Allows attacker to inject routes to redirect traffic for MITM attacks or DoS attacks.

Answer 21

Compromised router attacks

Question 22

Name 2 OSPF attack countermeasures

Answer 22

Configure OSPF to authenticate every OSPF message

Monitor OSPF neighbors for eavesdropping through e.g. a SIEM

Question 23

In charge of resolving IP addresses to MAC addresses

Answer 23

ARP - Address Resolution Protocol

Question 24

What are the 2 different types of ARP packets?

Answer 24

ARP_REQUEST and ARP_REPLY

Question 25

Used to map MAC addresses to IP addresses. Every network interface has its own…

Answer 25

ARP table

Question 26

Man in the middle attack between the victim and switch.

Floods the target machines ARP cache with forged requests and responses.

Exploits ARP not verifying the device authenticity

Answer 26

ARP poisoning attack
Also known as * ARP spoofing * ARP spoofing * ARP cache poisoning * ARP poison routing * ARP cache flooding * ARP flooding

Question 27

The tools arpspoof, ettercap, and Cain and Abel on Windows are used for what?

Answer 27

ARP spoofing

Question 28

Stores MAC + assigned IP + VLAN and switch ports

Uses to validate subsequent requests from untrusted hosts.

Answer 28

DHCP snooping binding table

Question 29

A framework for performing layer 2 attacks over protocols like:
Spanning Tree Protocol (STP)
VLAN Trunking Protocol (VTP)
Hot Standby Router Protocol (HSRP) Dynamic Trunking Protocol (DTP)
IEEE 802.1Q
Cisco Discovery Protocol (CDP)
DHCP
Inter-Switch Link Protocol (ISL)

Answer 29

Yersinia