Types of Attacks

Question 1

You are inspecting a user’s system after she has complained about slow internet speeds. After analyzing the system, you notice that the default gateway in the Address resolution protocol (ARP) cache is referencing an unknown MAC address. What type of attack has occurred?

Answer 1

ARP poisoning
The attacker alters the ARP cache to redirect communication to a particular IP address to the wrong MAC address, which maps to the attacker’s machine

Question 2

You want to implement a security control that limits tailgating in a high security environment. Which of the following protective controls would you use?

Answer 2

Mantrap

Question 3

Which of the following descriptions best describes a buffer overflow attack?

a) Injecting database code into a web page
b) Using a dictionary file to crack passwords
c) Sending too much data to an application that then enables the attacker to run arbitrary code
d) Altering the source address of a packet

Answer 3

Sending too much data to an application that then enables the attacker to run arbitrary code.
The attacker sends more data to an application or service than it is expecting. The extra data is sent and flows out of the area of memory (the buffer) assigned to the application. If the attacker can write information beyond the buffer, he can run whatever code he wants, usually codes that will give remote shell access to the system.

Question 4

You are analyzing web traffic in transit to your web server and you notice someone logging on with a username of Bob with a password of “pass’ or 1=1–”. Which of the following describes what is happening?

Answer 4

A SQL injection attack
It occurs when an attacker inserts database (SQL) statements into the application, such as a web site, which then passes the SQL commands to a backend database to be processed. The end result could lead the attacker bypassing the authentication or manipulating the data.

Question 5

A user on your network received an e-mail from the bank stating that there has been a security incident at the bank. The e-mail asks the user to log on to her bank account by following the link provided and verify that her account has not been tampered with. What type of attack is this?

Answer 5

Phishing

Question 6

What type of attack involves the attacker modifying the source IP address of the packet?

Answer 6

Spoofing.

The attacker modifies the source address of the packet. In IP spoofing, the source IP address is modified.

Question 7

Which of the following files might an attacker modify after gaining access to your system in order to achieve DNS redirection?

Answer 7

Hosts. The hosts file on the local computer is used to resolve fully qualified domain names (FQDNs) to IP addresses that could be used to redirect an unsuspecting person to the wrong site.

Question 8

What type of attack involves the attacker sending too much data to a service or application that typically results in the attacker gaining administrative access to the system?

Answer 8

Buffer overflow

Question 9

Which of the following methods could be used to prevent address resolution protocol (ARP) poisoning on the network?

Answer 9

Static ARP entries and physical security.
ARP poisoning can be countered by adding static entries and by implementing physical security so that unauthorized people cannot gain access to the network.

Question 10

As a network administrator, what should you do to help prevent buffer overflow attacks from occurring on your system?

Answer 10

Patching.
The best countermeasure is to ensure that you keep up to date with system and application patches. As the vendor finds the vulnerabilities, that vendor will fix the issues through a patch.

Question 11

Which of the following is the term for a domain name that is registered and deleted repeatedly so that the registrant can avoid paying for the domain name?

Answer 11

Domain kitting.
It is a vulnerability in the domain name system in which attackers register a DNS name and then cancels it within the five-day grace and re-creates it to get the five day period again.

Question 12

You receive many calls from customer stating that the website seems to be slow in responding. You analyze the traffic and notice that you are receiving a number of malformed requested on that web server at a high rate. What type of attack is occurring?

Answer 12

Denial of service (DoS).
The results of DoS is keeping your system so busy servicing bogus requests that it cannot service valid requests from your customer.

Question 13

What type of attack is a smurf attack

Answer 13

Distributed denial of service (DDoS).
It involves the attacker pinging a number of systems but spoofing the address of the ICMP packet so that all those systems reply to an intended victim. The victim is overburdened with the ICMP replies that would cause the DoS.

Question 14

Your manager has ensured that a policy is implemented that requires all employees to shred sensitive documents. What type of attack is your manager hoping to prevent?

Answer 14

Dumpster diving

Question 15

What type of attack involves the attacker inserting a client-side script in the web page?

Answer 15

Cross-site scripting (XSS).
It involves the attacker inserting script code into a webpage so that it is then processed and executed by a client system.

Question 16

Your manager has read about SQL injection attacks and is wondering what can be done to protect against them for applications that were developed in-house. What would you recommend?

Answer 16

Input validation.
A SQL injection attack involves the attacker inserting database code into an application (such as website) where it is not expected. The best countermeasure to this is to have your programmers validate any information passed into an application.

Question 17

An attacker sitting in an internet café ARP poisons everyone connected to the wireless network so that all traffic passes through the attacker’s laptop before she routers the traffic to the internet. What type of attack is this?

Answer 17

Man-in-the-middle

Question 18

Which of the following best describes a zero-day attack?

Answer 18

An attack that uses an exploit that the product vendor is not aware of yet.

Question 19

What type of file on your hard drive stores preferences from web sites?

Answer 19

Cookies.

It is a text file on the hard drive of your system that stores preference for specific website.

Question 20

What type of attack involves the attacker disconnecting one of the parties from a communication and continues the communication while impersonating that system?

Answer 20

Session hijacking.
The attacker takes over a conversation by impersonating one of the parties involved in the conversation after the attacker kicks that party off.

Question 21

What type of password attack involves the use of dictionary file and modifications of the words in the dictionary file?

Answer 21

Hybrid attack.
The attacker uses dictionary file and a brute force attack to try to guess the user’s password. The software uses modifications of the dictionary words by placing numbers at the end of each word.

Question 22

Which of the following countermeasures is designed to protect against a brute-force password attack?

Answer 22

Account lockout

Question 23

Three employees within the company have received phone calls from an individual asking about personal finance information. What type of attack is occurring?

Answer 23

Vishing.
It is a form of social engineering attack in which the attacker calls a user trying to trick the person into divulging secure information over the phone or a Voice over IP.

Question 24

Tom was told to download a free tax program to complete his taxes this year. After downloading and installing the free software, Tom notices his system is running slowly and he receives a notification from his antivirus software. What type of malware has he installed?

Answer 24

Trojan

Question 25

Jeff recently reports that he is receiving a large number of unsolicited text messages to his phone. What type of attack is occurring?

Answer 25

Bluejacking.

It is when the attacker sends text message to a Bluetooth device.

Question 26

An employee is suspected of sharing company secrets with a competitor. After seizing the employee’s laptop, the forensic analyst notices that a number of personal photos on the laptop have been emailed to a third party over the internet. When the analyst compares the hashes of the personal images on the hard drive to what is found in the employee’s mailbox, the hashes don’t match. How was the employee sharing company secrets?

Answer 26

Steganography

Question 27

You arrive at work today to find someone outside the building digging through her purse. As you approach the door, the person says, “I forgot my pass at home. Can I go in with you?” What type of attack could be occurring?

Answer 27

Tailgating

Question 28

Your manager has requested that the combo padlocks used to secure different areas of the company facility be replaced with electronic swipe cards. What type of social-engineering attack is your manager hoping to avoid with this charge?

Answer 28

Tailgating

Question 29

Your manager has been hearing a lot about social-engineering attacks and wonder why such attacks are so effective. Which of the following identifies reasons why the attacks are so successful?

Answer 29

Authority, Urgency, Trust

Question 30

Jane is the lead security officer for your company and is monitoring network traffic. Jane notices suspicious activity and asks for your help in identifying the attack.

Answer 30

Directory traversal
It occurs when the attacker navigates the folder structure of the web server in URL to call upon commands found in the operating system of the web server.

Question 31

A user calls and asks you to send sensitive documents immediately because a salesperson needs them to close a multi-million-dollar deal and the sales person’s files are corrupted. She demands you do this immediately or she’ll be fired. What form of social engineering is this?

Answer 31

Intimidation

Question 32

An attacker tricks a user into clicking a malicious link that causes an unwanted action on a website the user is currently authenticated to. What type of exploit is this?

Answer 32

Cross-site request forgery

Question 33

Your server is being flooded with DNS lookup requests, which is causing the server to be unavailable for legitimate clients. What sort of general attack is this?

Answer 33

Amplification attack
It involves sending a small amount of data to an unsuspecting third party, which sends a larger amount of data to the target.

Question 34

A user calls you stating that his browser performed an unintended action after he clicked a button on a webpage. What sort of attack has taken place?

Answer 34

Click jacking

Question 35

A downloaded hardware driver does not match the checksum from the manufacturer, yet it installs and seems to behave as it should. Months later, you learn that sensitive information from your device has been leaked online. Which term describes this attack?

Answer 35

Refactoring
It involves changing the internal code of the driver while maintaining the external behavior so it appears to be behaving normally.

Question 36

A user is attempting to log into a web application but notices that the version of TLS being used is lower than expected. What sort of attack is this?

Answer 36

Downgrade attack.
It involves forcing a connection to abandon a high-quality encryption protocol for a lower quality, more insecure protocol.

Question 37

You have received a SMS text message from the bank stating that access to your bank account has been blocked. The message asks you to click a link to reactivate the account right away. What type of attack is this?

Answer 37

Smishing
It occurs when the attacker uses SMS text messaging to send a phishing style message to a user’s mobile phone, trying to trick the user into compromising security.

Question 38

An attacker obtain a connection to your LAN and then uses SETH to perform a MiTM attack between your system and the company RDP server, which enables the attacker to collect the logon information for the RDP server. What type of attack has occurred?

Answer 38

Credential harvesting

Attackers collect logon information and then uses that information to gain access to system at a later time.

Question 39

Which of the following mechanisms can be used by an attacker as a method in an influence campaign to trick the victim into compromising security?

Answer 39

Social media.

It is a tool that can be used as an influence campaign during a social-engineering attack.

Question 40

Which of the following represent reasons why social-engineering attacks are so effective?

Answer 40

Consensus, scarcity.

Question 41

You received a call from the network administrator who was supposed to be on vacations. She informs you that there was an update to the financial system, and she needs you to temporarily change the password to N3wSyst3m” so that the software can receive initial updates. What type of social engineering technique is being used here?

Answer 41

Impersonation

The attacker is pretending to be someone else.

Question 42

Which of the following is a layer 2 attack that involves the attacker sending a large number of frames to the switch in order to trick the switch into sending all new frames to every port on the switch?

Answer 42

MAC flooding

Question 43

What type of physical attack involves the attacker creating a component that contains a wireless controller embedded inside it that enables the attacker to send commands to the device from a nearby phone or PC?

Answer 43

Malicious USB cable.
It is a physical attack on systems because the USB cable must be physically connected to the system that an attacker wishes to exploit.

Question 44

Which of the following attack types involves an attacker manipulating data input in order to exploit vulnerabilities in the algorithm used by the system?

Answer 44

Adversarial AI attack.
The attacker sends malicious input into the learning system in order to compromise the system. The attack is based on the fact that machine-learning systems use models of data for their training, which may be tainted training data for machine learning (ML). The learning system may respond differently in production scenarios to different data input during an attack. This attack type is designed to test the security of the machine-learning algorithm.

Question 45

What type of DDoS attack involves consuming bandwidth with traffic coming from many different sources so that the company cannot access the Internet?

Answer 45

Network

Question 46

To execute a script you created, you first run the set-execution policy unrestricted command. What type of script file are you about to execute?

Answer 46

PowerShell.
First, you must set the execution policy on the system to allow scripts to execute. You can configure the execution policy on many systems at once with Group Policies, or you can use the set-executionpolicy cmdlet in PowerShell.