|
1. What are the basic phases of attack that can be used
by a virus or worm in sequential order?
|
|
|
|
paralyze, probe, penetrate, persist, and propagate
|
|
|
>>
|
probe, penetrate, persist,
propagate, and paralyze
|
|
|
|
penetrate, persist, propagate, paralyze, and probe
|
|
|
|
persist, propagate, paralyze, probe, and penetrate
|
|
|
|
2. Which two are
characteristics of DoS attacks? (Choose two.)
|
|
|
|
They always precede access attacks.
|
|
|
>>
|
They attempt to compromise
the availability of a network, host, or application.
|
|
|
|
They are difficult to conduct and are initiated only by
very skilled attackers.
|
|
|
|
They are commonly launched with a tool called
L0phtCrack.
|
|
|
>>
|
Examples include smurf
attacks and ping of death attacks.
|
|
|
|
3. Users report
to the helpdesk that icons usually seen on the menu bar are randomly
appearing on their computer screens. What could be a reason that computers
are displaying these random graphics?
|
|
|
|
An access attack has occurred.
|
|
|
>>
|
A virus has infected the
computers.
|
|
|
|
A DoS attack has been launched against the network.
|
|
|
|
The computers are subject to a reconnaissance attack.
|
|
|
|
|
|
4. What are
three types of access attacks? (Choose three.)
|
|
|
>>
|
buffer overflow
|
|
|
|
ping sweep
|
|
|
>>
|
port redirection
|
|
|
>>
|
trust exploitation
|
|
|
|
port scan
|
|
|
|
Internet information query
|
|
|
|
|
|
5. What occurs
during a spoofing attack?
|
|
|
>>
|
One device falsifies data
to gain access to privileged information.
|
|
|
|
Large amounts of network traffic are sent to a target
device to make resources unavailable to intended users.
|
|
|
|
Improperly formatted packets are forwarded to a target
device to cause the target system to crash.
|
|
|
|
A program writes data beyond the allocated memory to
enable the execution of malicious code.
|
|
|
|
|
|
6. What is a
characteristic of a Trojan Horse?
|
|
|
>>
|
A Trojan Horse can be
carried in a virus or worm.
|
|
|
|
A proxy Trojan Horse opens port 21 on the target
system.
|
|
|
|
An FTP Trojan Horse stops anti-virus
programs or firewalls from functioning.
|
|
|
|
A Trojan Horse can be hard to detect because it closes
when the application that launched it closes.
|
|
|
|
|
|
7. Which phase
of worm mitigation requires compartmentalization and segmentation of the
network to slow down or stop the worm and prevent currently infected hosts
from targeting and infecting other systems?
|
|
|
>>
|
containment phase
|
|
|
|
inoculation phase
|
|
|
|
quarantine phase
|
|
|
|
treatment phase
|
|
|
|
|
|
8. Which two
statements are characteristics of a virus? (Choose two.)
|
|
|
>>
|
A virus typically requires
end-user activation.
|
|
|
|
A virus has an enabling vulnerability, a propagation
mechanism, and a payload.
|
|
|
|
A virus replicates itself by independently exploiting
vulnerabilities in networks.
|
|
|
|
A virus provides the attacker with sensitive data, such
as passwords.
|
|
|
>>
|
A virus can be dormant and
then activate at a specific time or date.
|
|
|
|
|
|
9. What is a
ping sweep?
|
|
|
>>
|
A ping sweep is a network
scanning technique that indicates the live hosts in a range of IP addresses.
|
|
|
|
A ping sweep is a software application
that enables the capture of all network packets sent across a LAN.
|
|
|
|
A ping sweep is a scanning technique that examines a
range of TCP or UDP port numbers on a host to detect listening services.
|
|
|
|
A ping sweep is a query and response protocol that identifies
information about a domain, including the addresses assigned to that domain.
|
|
|
|
|
|
10. Which type
of security threat can be described as software that attaches to another
program to execute a specific unwanted function?
|
|
|
>>
|
Virus
|
|
|
|
Worm
|
|
|
|
proxy Trojan horse
|
|
|
|
Denial of Service Trojan horse
|
|
|
|
|
|
11. A
disgruntled employee is using Wireshark to discover administrative Telnet
usernames and passwords. What type of network attack does this describe?
|
|
|
|
Denial of Service
|
|
|
|
port redirection
|
|
|
>>
|
reconnaissance
|
|
|
|
trust exploitation
|
|
|
|
|
|
12. What occurs
during the persist phase of a worm attack?
|
|
|
|
identification of vulnerable targets
|
|
|
>>
|
modification of system
files and registry settings to ensure that the attack code is running
|
|
|
|
transfer of exploit code through an attack vector
|
|
|
|
extension of the attack to vulnerable neighboring
targets
|
|
|
|
|
|
13. What are the
three major components of a worm attack? (Choose three.)
|
|
|
>>
|
enabling vulnerability
|
|
|
|
infecting vulnerability
|
|
|
>>
|
payload
|
|
|
|
penetration mechanism
|
|
|
|
probing mechanism
|
|
|
>>
|
propagation mechanism
|
|
|
|
|
|
14. A network
administrator detects unknown sessions involving port 21 on the network. What
could be causing this security breach?
|
|
|
>>
|
An FTP Trojan Horse is
executing.
|
|
|
|
A reconnaissance attack is occurring.
|
|
|
|
A denial of service attack is occurring.
|
|
|
|
Cisco Security Agent is testing the network.
|
|
|
|
|
|
15. What are
three goals of a port scan attack? (Choose three.)
|
|
|
|
disable used ports and services
|
|
|
>>
|
determine potential
vulnerabilities
|
|
|
>>
|
identify active services
|
|
|
|
identify peripheral configurations
|
|
|
>>
|
identify operating systems
|
|
|
|
discover system passwords
|
|
|
|
|
|
16. How is a
Smurf attack conducted?
|
|
|
|
by sending a large number of packets, overflowing the
allocated buffer memory of the target device
|
|
|
|
by sending an echo request in an IP packet larger than
the maximum packet size of 65,535 bytes
|
|
|
>>
|
by sending a large number
of ICMP requests to directed broadcast addresses from a spoofed source
address on the same network
|
|
|
|
by sending a large number of TCP SYN packets to a
target device from a spoofed source address
|
|
|
|
|
|
17. Which access
attack method involves a software program attempting to discover a system
password by using an electronic dictionary?
|
|
|
|
buffer overflow attack
|
|
|
|
port redirection attack
|
|
|
|
Denial of Service attack
|
|
|
>>
|
brute-force attack
|
|
|
|
IP spoofing attack
|
|
|
|
packet sniffer attack
|
|
|
|
|
|
18 Which two network security solutions can be used to mitigate DoS attacks? (Choose two.)
|
|
|
|
virus scanning
|
|
|
|
data encryption
|
|
|
>>
|
anti-spoofing technologies
|
|
|
>>
|
intrusion protection
systems
|
|
|
|
applying user authentication
|
|
|
|
|
|
19. Which phase
of worm mitigation involves terminating the worm process, removing modified
files or system settings that the worm introduced, and patching the
vulnerability that the worm used to exploit the system?
|
|
|
|
containment
|
|
|
|
inoculation
|
|
|
|
quarantine
|
|
|
>>
|
treatment
|
|
|
|
|
|
20. Which
characteristic best describes the network security Compliance domain as
specified by the ISO/IEC?
|
|
|
|
the integration of security into applications
|
|
|
|
an inventory and classification scheme for information
assets
|
|
|
|
the restriction of access rights to networks, systems,
applications, functions, and data
|
|
|
>>
|
the process of ensuring
conformance with security information policies, standards, and regulations
|
|
|
|
|
|
21. Which
statement describes phone freaking?
|
|
|
|
A hacker uses password-cracking programs to gain access
to a computer via a dialup account.
|
|
|
|
A hacker gains unauthorized access to networks via
wireless access points.
|
|
|
>>
|
A hacker mimics a tone
using a whistle to make free long-distance calls on an analog telephone
network.
|
|
|
|
A hacker uses a program that automatically scans
telephone numbers within a local area, dialing each one in search of
computers, bulletin board systems, and fax machines.
|
|
|
|
|
|
22. Which two
statements describe access attacks? (Choose two.)
|
|
|
|
Port redirection attacks use a network adapter card in
promiscuous mode to capture all network packets that are sent across a LAN.
|
|
|
>>
|
Password attacks can be
implemented using brute-force attack methods, Trojan Horses, or packet
sniffers.
|
|
|
>>
|
Buffer overflow attacks write data beyond
the allocated buffer memory to overwrite valid data or exploit systems to
execute malicious code.
|
|
|
|
Port scanning attacks scan a range of TCP or UDP port
numbers on a host to detect listening services.
|
|
|
|
Trust exploitation attacks can use a laptop acting as a
rogue access point to capture and copy all network traffic in a public
location on a wireless hotspot.
|
|
|
|
|
|
23. Which
statement accurately characterizes the evolution of network security?
|
|
|
>>
|
Internal threats can cause even
greater damage than external threats.
|
|
|
|
Internet architects planned for network security from
the beginning.
|
|
|
|
Early Internet users often engaged in activities that
would harm other users.
|
|
|
|
Threats have become less sophisticated while the technical
knowledge needed by an attacker has grown.
|
|
|
|
|
|
24. Which three
options describe the phases of worm mitigation? (Choose three.)
|
|
|
>>
|
The containment phase
requires the use of incoming and outgoing ACLs on routers and firewalls.
|
|
|
|
The containment phase tracks down and identifies the
infected machines within the contained areas.
|
|
|
|
The inoculation phase disconnects, blocks, or removes
infected machines.
|
|
|
>>
|
The inoculation phase
patches uninfected systems with the appropriate vendor patch for the
vulnerability.
|
|
|
|
The quarantine phase terminates the worm process,
removes modified files or system settings, and patches the vulnerability the
worm used to exploit the system.
|
|
|
>>
|
The treatment phase
disinfects actively infected systems.
|
|
|
|
|
|
25. An attacker
is using a laptop as a rogue access point to capture all network traffic from
a targeted user. Which type of attack is this?
|
|
|
|
trust exploitation.
|
|
|
|
buffer overflow.
|
|
|
>>
|
man in the middle.
|
|
|
|
port redirection.
|
|
|
|
|
|
26. What is considered
a valid method of securing the control plane in the Cisco NFP framework?
|
|
|
|
authorization of actions.
|
|
|
|
DHCP snooping.
|
|
|
|
dynamic ARP inspection.
|
|
|
|
login and password policy.
|
|
|
>>
|
routing protocol
authentication.
|
|
|
|
role-based access control.
|
|
|
|
|
|
27. A port scan
is classified as what type of attack?
|
|
|
|
access attack.
|
|
|
|
Denial of Service attack.
|
|
|
>>
|
reconnaissance attack.
|
|
|
|
spoofing attack.
|
|
|
|
|
|
28. Which type
of software typically uses a network adapter card in promiscuous mode to
capture all network packets that are sent across a LAN?
|
|
|
|
port scanner.
|
|
|
|
ping sweeper.
|
|
|
>>
|
packet sniffer .
|
|
|
|
Internet information query.
|
|
|
|
|
|
29. What are two
reasons for securing the data plane in the Cisco NFP framework? (Choose two.)
|
|
|
>>
|
to protect against DoS
attacks.
|
|
|
>>
|
to provide bandwidth
control.
|
|
|
|
to force technicians to use SSH and HTTPS when managing
devices.
|
|
|
|
to provide a record of who accessed the device, what
occurred, and when it occurred.
|
|
|
|
to allow users to control the flow of traffic that is
managed by the route processor of their network devices.
|
No comments:
Post a Comment