Types of Attacks

Question 1

You are inspecting a user’s system after she has complained about slow Internet usage. After analyzing the system, you notice that the MAC address of the default gateway in the ARP cache is referencing the wrong MAC address. What type of attack has occurred?

Brute force

DNS poisoning

ARP poisoning

Answer 1

ARP poisoning

ARP poisoning occurs when the hacker alters the ARP cache in order to redirect communication to a particular IP address to the wrong MAC address. This is a popular attack with wireless networks

Question 2

You want to implement a security control that limits tailgating in a high-security environment. Which of the following protective controls would you use?

Swipe cards

Mantrap

Locked door

Answer 2

Mantrap

Tailgating occurs when a unauthorized person tries to slip through a secured door after an authorized person opens it. A mantrap helps prevent tailgating; it is the area between two locked doors, in which the second door does not open until the first door closes. This enables you to watch who enters the building with you

Question 3

Which of the following descriptions best describes a buffer overflow attack?

Injecting database code into a web page

Using a dictionary file to crack passwords

Sending too much data to an application that allows the hacker to run arbitrary code

Answer 3

Sending too much data to an application that allows the hacker to run arbitrary code

A buffer overflow attack occurs when a hacker sends more data to an application or service than it is expecting. The extra data that is sent flows out of the area of memory (the buffer) assigned to the application. It has been found that if the hacker can write information beyond the buffer, he can run whatever code he wants. Hackers typically write code that gives them remote shell access to the system with administrative capabilities

Question 4

You are analyzing web traffic in transit to your web server and you notice someone logging on with a username of Bob with a password of “pass’ or 1=1–”. Which of the following describes what is happening?

XML injection

A SQL injection attack

LDAP injection

Answer 4

A SQL injection attack

A SQL injection attack is when the hacker inserts database (SQL) statements into an application, such as a web site, that manipulates the way the application executes. In this example, the hacker is trying to bypass the logon by typing “pass’ or 1=1–” into the password box

Question 5

A user on your network receives an e-mail from the bank stating that there has been a security incident at the bank. The e-mail continues by asking the user to log on to her bank account by following the link provided and verify that her account has not been tampered with. What type of attack is this?

Phishing

Spam

Dictionary attack

Answer 5

Phishing

Phishing is when a hacker e-mails a victim and hopes she clicks the link that leads her to a fake site (typically a bank). At this point, the hacker hopes the user types information into the fake site (such as bank account information) that he can use to gain access to her real account

Question 6

What type of attack involves the hacker modifying the source IP address of the packet?

Xmas attack

Spear phishing

Spoofing

Answer 6

Spoofing

A spoof attack is when the hacker modifies the source address of the packet. IP spoofing is when the source IP address is modified, MAC spoofing is when the source MAC address is modified, and e-mail spoofing is when the hacker alters the source e-mail address of the message

Question 7

Which of the following files might a hacker modify after gaining access to your system in order to achieve DNS redirection?

/etc/passwd

Hosts

SAM

Answer 7

Hosts

The hosts file on the local hard drive of the computer is used to resolve fully qualified domain names (FQDNs) to IP addresses and could be used to redirect an unsuspecting person to the wrong site

Question 8

What type of attack involves the hacker sending too much data to a service or application that typically results in the hacker gaining administrative access to the system?

Birthday attack

Eavesdrop

Buffer overflow

Answer 8

Buffer overflow

A buffer overflow attack involves the hacker sending too much data to an application to gain administrative access to the system

Question 9

Which of the following methods could be used to prevent ARP poisoning on the network? (Choose two.)

Static ARP entries

Patching

Antivirus software

Physical security

Firewall

Answer 9

Static ARP entries

Physical security

ARP poisoning can be countered by adding static ARP entries to your ARP cache and by implementing physical security so that unauthorized persons cannot gain access to the network and poison everyone’s ARP cache

Question 10

As a network administrator, what should you do to help prevent buffer overflow attacks from occurring on your systems?

Antivirus software

Physical security

Patching

Answer 10

Patching

The best countermeasure to buffer overflow attacks is to ensure that you keep up to date with system and application patches. As the vendor finds the vulnerabilities, that vendor will fix the issues through a patch

Question 11

Which of the following is the term for a domain name that is registered and deleted repeatedly so that the registrant can avoid paying for the domain name?

DNS redirection

Domain poisoning

Domain kiting

Answer 11

Domain kiting

Domain kiting is a vulnerability in the domain name system in which the hacker registers a DNS name and then cancels it within the five-day grace period to avoid paying for the domain. After a few days, he deletes the name and re-creates it to get the five-day grace period again

Question 12

You receive many calls from customers stating that your web site seems to be slow in responding. You analyze the traffic and notice that you are receiving a number of malformed requests on that web server at a high rate. What type of attack is occurring?

Eavesdrop

Denial of service

Man in the middle

Answer 12

Denial of service

The fact that you are receiving a high number of requests at a high rate is a great indication that someone is trying to perform a denial-of-service (DoS) attack on your system. The results of a DoS could be to keep your system so busy servicing bogus requests that it cannot service valid requests from customers, or the hacker may try to crash your system

Question 13

What type of attack is a smurf attack?

Distributed denial of service (DDoS)

Denial of service (DoS)

Privilege escalation

Answer 13

Distributed denial of service (DDoS)

A smurf attack is a distributed denial-of-service (DDoS) attack, which is a DoS attack involving multiple systems. The smurf attack involves the hacker pinging a number of systems but spoofing the address of the ping packet so that all those systems reply to an intended victim. The victim would be so overburdened with the ping replies that it would cause a denial of service

Question 14

Your manager has ensured that a policy is implemented that requires all employees to shred sensitive documents. What type of attack is your manager hoping to prevent?

Denial of service

Social engineering

Dumpster diving

Answer 14

Dumpster diving

Dumpster diving is when the hacker goes through a company’s garbage trying to locate information that can help the hacker perform an attack or gain access to the company assets

Question 15

What type of attack involves the hacker inserting a client-side script into the web page?

XSS

Watering hole attack

ARP poisoning

Answer 15

XSS

Cross-site scripting (XSS) is an attack that involves the hacker inserting script code into a web page so that it is then processed and executed by a client system

Question 16

Your manager has read about SQL injection attacks and is wondering what can be done to protect against them for your applications that were developed in-house. What would you recommend?

Patching

Antivirus

Input validation

Answer 16

Input validation

A SQL injection attack involves the hacker inserting database code into an application (such as a web site) where it is not expected. The best countermeasure to this is to have your programmers validate any information (check its accuracy) passed into an application

Question 17

A hacker sitting in an Internet café ARP poisons everyone connected to the wireless network so that all traffic passes through the hacker’s laptop before she routes the traffic to the Internet. What type of attack is this?

Rainbow tables

Man in the middle

DNS poison

Answer 17

Man in the middle

When a hacker poisons everyone’s ARP cache in order to have them send any data destined for the Internet through the hacker’s system, this is a man-in-the-middle attack, because the hacker is receiving all traffic before it is sent to the Internet. The hacker will do this in order to see what you are doing on the Internet and ideally capture sensitive information

Question 18

Which of the following best describes a zero-day attack?

An attack that modifies the source address of the packet

An attack that changes the computer’s system date to 00/00/00

An attack that uses an exploit that the product vendor is not aware of yet

Answer 18

An attack that uses an exploit that the product vendor is not aware of yet

A zero-day attack is considered a new exploit that the vendor is not aware of yet, but the hacking community is

Question 19

What type of file on your hard drive stores preferences from web sites?

Cookie

Hosts

LMHOSTS

Answer 19

Cookie

A cookie is a text file on the hard drive of your system that stores preferences for specific web sites

Question 20

What type of attack involves the hacker disconnecting one of the parties from a communication and continues the communication while impersonating that system?

Denial of service

SQL injection

Session hijacking

Answer 20

Session hijacking

Session hijacking involves the hacker taking over a conversation by impersonating one of the parties involved in the conversation after the hacker kicks that party off. The hacker typically does a DoS attack in order to kick one of the parties out of the communication

Question 21

What type of password attack involves the use of a dictionary file and modifications of the words in the dictionary file?

Dictionary attack

Brute-force attack

Hybrid attack

Answer 21

Hybrid attack

In a hybrid password attack, the hacker uses a dictionary file and a brute-force attack to try to guess a user’s password; the software uses modifications of the dictionary words by placing numbers at the end of each word, and a brute-force attack then attempts to apply each password as it is created

Question 22

Which of the following countermeasures is designed to protect against a brute-force password attack?

Patching

Account lockout

Password complexity

Answer 22

Account lockout

Because brute-force attacks mathematically calculate all possible passwords, if you give the hacker enough time, the hacker will crack passwords, including complex passwords. The key point here is you need to take the time away from the hacker, and you do that by enabling account lockout—after a certain number of bad logon attempts, the account is locked

Question 23

Three employees within the company have received phone calls from an individual asking about personal finance information. What type of attack is occurring?

Phishing

Whaling

Vishing

Answer 23

Vishing

Vishing is a form of social engineering attack in which the hacker calls a user trying to trick the person into divulging secure information over the phone or a Voice over IP (VOIP) call. “Vishing” as a term comes from the fact that it is similar to phishing, but instead of the attack coming through e-mail, it is using the phone (voice)

Question 24

Tom was told to download a free tax program to complete his taxes this year. After downloading and installing the software, Tom notices that his system is running slowly and he receives a notification from his antivirus software. What type of malware has he installed?

Keylogger

Trojan

Worm

Answer 24

Trojan

Tom has installed a Trojan virus, a program disguised to do one thing but does something else or something additional

Question 25

Jeff recently reports that he is receiving a large number of unsolicited text messages to his phone. What type of attack is occurring?

Bluesnarfing

Whaling

Bluejacking

Answer 25

Bluejacking

Bluejacking is when the hacker sends unsolicited text messages to a Bluetooth device such as a phone

Question 26

An employee is suspected of sharing company secrets with a competitor. After seizing the employee’s laptop, the forensics analyst notices that there are a number of personal photos on the laptop that have been e-mailed to a third party on the Internet. When the analyst compares the hashes of the personal images on the hard drive to what is found in the employee’s mailbox, the hashes do not match. How was the employee sharing company secrets?

Digital signatures

Steganography

MP3Stego

Answer 26

Steganography

Steganography is the hiding of text file data in an image file and is a common technique used by hackers to share information

Question 27

You arrive at work today to find someone outside the building digging through their purse. As you approach the door, the person says, “I forgot my pass at home. Can I go in with you?” What type of attack could be occurring?

Tailgating

Dumpster diving

Brute force

Answer 27

Tailgating

Tailgating is when an unauthorized person tries to follow behind an authorized person to sneak through a locked door

Question 28

Your manager has requested that the combo pad locks used to secure different areas of the company facility be replaced with electronic swipe cards. What type of social engineering attack is your manager hoping to avoid with this change?

Tailgating

Dumpster diving

Shoulder surfing

Answer 28

Shoulder surfing

Shoulder surfing is a form of social engineering attack that involves someone looking over your shoulder to spy your passcode or other sensitive information

Question 29

Your manager has been hearing a lot about social engineering attacks and wonders why such attacks are so effective. Which of the following identifies reasons why the attacks are so successful? (Choose three.)

Authority

DNS poisoning

Urgency

Brute force

Trust

Answer 29

Authority

Urgency

Trust

There are a number of reasons why social engineering attacks are successful, including these three reasons: The victim believes he is receiving communications from a person of authority. Also, the attacker speaks with a sense of urgency, which makes the victim want to help out as quickly as possible. Trust is correct because social engineering works based on the fact that we trust people, especially people in need or people of authority. There are a number of other reasons why social engineering is effective, such as intimidation, consensus or social proof, scarcity of the event, and familiarity or liking of a person. Most social engineering experts have mastered being likeable, which transforms into trust

Question 30

A user calls and asks you to send sensitive documents immediately because a salesperson needs them to close a multimillion-dollar deal and their files are corrupted. What form of social engineering is this?

Familiarity

Intimidation

Consensus

Answer 30

Intimidation

Intimidation is when an attacker threatens the victim using bullying tactics or threats to get the victim to take an action

Question 31

An attacker tricks a user into clicking a malicious link that causes an unwanted action on a web site the user is currently authenticated to. What type of exploit is this?

Cross-site request forgery

Cross-site scripting

Replay

Answer 31

Cross-site request forgery

Cross-site request forgeries occur when an attacker tricks a user into executing unwanted actions on a web site she is currently authenticated to

Question 32

Your server is being flooded with DNS lookup requests and this is causing the server to be unavailable for legitimate clients. What sort of general attack is this?

Buffer overflow

Man-in-the-browser

Amplification

Answer 32

Amplification

An amplification attack involves sending a small amount of data to an unsuspecting third party, which sends a larger amount of data to the target

Question 33

A user calls you stating that his browser performed an unintended action after he clicked a button on a web page. What sort of attack has taken place?

Replay

Shimming

Click-jacking

Answer 33

Click-jacking

A click-jacking attack involves tricking the user into clicking an object that does not do what the user expects it to do

Question 34

A downloaded hardware driver does not match the checksum from the manufacturer, yet it installs and seems to behave as it should. Months later, you learn that sensitive information from your device has been leaked online. Which term best describes this type of attack?

Refactoring

Collision

ARP poisoning

Answer 34

Refactoring

A refactoring attack involves changing the internal code of the driver while maintaining the external behavior so it appears to be behaving normally

Question 35

A user is attempting to log into a web application but notices that the version of TLS being used is lower than expected. What sort of attack is this?

Weak implementations

Known plain text/cipher text

Downgrade

Answer 35

Downgrade

A downgrade attack involves forcing a connection to abandon a high-quality encryption method for a lower quality, more easily broken method