Types of Attacks Flashcards
You are inspecting a user’s system after she has complained about slow Internet usage. After analyzing the system, you notice that the MAC address of the default gateway in the ARP cache is referencing the wrong MAC address. What type of attack has occurred?
Brute force
DNS poisoning
ARP poisoning
ARP poisoning
ARP poisoning occurs when the hacker alters the ARP cache in order to redirect communication to a particular IP address to the wrong MAC address. This is a popular attack with wireless networks
You want to implement a security control that limits tailgating in a high-security environment. Which of the following protective controls would you use?
Swipe cards
Mantrap
Locked door
Mantrap
Tailgating occurs when a unauthorized person tries to slip through a secured door after an authorized person opens it. A mantrap helps prevent tailgating; it is the area between two locked doors, in which the second door does not open until the first door closes. This enables you to watch who enters the building with you
Which of the following descriptions best describes a buffer overflow attack?
Injecting database code into a web page
Using a dictionary file to crack passwords
Sending too much data to an application that allows the hacker to run arbitrary code
Sending too much data to an application that allows the hacker to run arbitrary code
A buffer overflow attack occurs when a hacker sends more data to an application or service than it is expecting. The extra data that is sent flows out of the area of memory (the buffer) assigned to the application. It has been found that if the hacker can write information beyond the buffer, he can run whatever code he wants. Hackers typically write code that gives them remote shell access to the system with administrative capabilities
You are analyzing web traffic in transit to your web server and you notice someone logging on with a username of Bob with a password of “pass’ or 1=1–”. Which of the following describes what is happening?
XML injection
A SQL injection attack
LDAP injection
A SQL injection attack
A SQL injection attack is when the hacker inserts database (SQL) statements into an application, such as a web site, that manipulates the way the application executes. In this example, the hacker is trying to bypass the logon by typing “pass’ or 1=1–” into the password box
A user on your network receives an e-mail from the bank stating that there has been a security incident at the bank. The e-mail continues by asking the user to log on to her bank account by following the link provided and verify that her account has not been tampered with. What type of attack is this?
Phishing
Spam
Dictionary attack
Phishing
Phishing is when a hacker e-mails a victim and hopes she clicks the link that leads her to a fake site (typically a bank). At this point, the hacker hopes the user types information into the fake site (such as bank account information) that he can use to gain access to her real account
What type of attack involves the hacker modifying the source IP address of the packet?
Xmas attack
Spear phishing
Spoofing
Spoofing
A spoof attack is when the hacker modifies the source address of the packet. IP spoofing is when the source IP address is modified, MAC spoofing is when the source MAC address is modified, and e-mail spoofing is when the hacker alters the source e-mail address of the message
Which of the following files might a hacker modify after gaining access to your system in order to achieve DNS redirection?
/etc/passwd
Hosts
SAM
Hosts
The hosts file on the local hard drive of the computer is used to resolve fully qualified domain names (FQDNs) to IP addresses and could be used to redirect an unsuspecting person to the wrong site
What type of attack involves the hacker sending too much data to a service or application that typically results in the hacker gaining administrative access to the system?
Birthday attack
Eavesdrop
Buffer overflow
Buffer overflow
A buffer overflow attack involves the hacker sending too much data to an application to gain administrative access to the system
Which of the following methods could be used to prevent ARP poisoning on the network? (Choose two.)
Static ARP entries
Patching
Antivirus software
Physical security
Firewall
Static ARP entries
Physical security
ARP poisoning can be countered by adding static ARP entries to your ARP cache and by implementing physical security so that unauthorized persons cannot gain access to the network and poison everyone’s ARP cache
As a network administrator, what should you do to help prevent buffer overflow attacks from occurring on your systems?
Antivirus software
Physical security
Patching
Patching
The best countermeasure to buffer overflow attacks is to ensure that you keep up to date with system and application patches. As the vendor finds the vulnerabilities, that vendor will fix the issues through a patch
Which of the following is the term for a domain name that is registered and deleted repeatedly so that the registrant can avoid paying for the domain name?
DNS redirection
Domain poisoning
Domain kiting
Domain kiting
Domain kiting is a vulnerability in the domain name system in which the hacker registers a DNS name and then cancels it within the five-day grace period to avoid paying for the domain. After a few days, he deletes the name and re-creates it to get the five-day grace period again
You receive many calls from customers stating that your web site seems to be slow in responding. You analyze the traffic and notice that you are receiving a number of malformed requests on that web server at a high rate. What type of attack is occurring?
Eavesdrop
Denial of service
Man in the middle
Denial of service
The fact that you are receiving a high number of requests at a high rate is a great indication that someone is trying to perform a denial-of-service (DoS) attack on your system. The results of a DoS could be to keep your system so busy servicing bogus requests that it cannot service valid requests from customers, or the hacker may try to crash your system
What type of attack is a smurf attack?
Distributed denial of service (DDoS)
Denial of service (DoS)
Privilege escalation
Distributed denial of service (DDoS)
A smurf attack is a distributed denial-of-service (DDoS) attack, which is a DoS attack involving multiple systems. The smurf attack involves the hacker pinging a number of systems but spoofing the address of the ping packet so that all those systems reply to an intended victim. The victim would be so overburdened with the ping replies that it would cause a denial of service
Your manager has ensured that a policy is implemented that requires all employees to shred sensitive documents. What type of attack is your manager hoping to prevent?
Denial of service
Social engineering
Dumpster diving
Dumpster diving
Dumpster diving is when the hacker goes through a company’s garbage trying to locate information that can help the hacker perform an attack or gain access to the company assets
What type of attack involves the hacker inserting a client-side script into the web page?
XSS
Watering hole attack
ARP poisoning
XSS
Cross-site scripting (XSS) is an attack that involves the hacker inserting script code into a web page so that it is then processed and executed by a client system