17.2.8 Check Your Understanding – Network Services Attacks Answers

1. What enables a threat actor to impersonate the default gateway and receive all traffic that is sent to hosts that are not on the local LAN segment?

  • DNS tunneling
  • cross-site scripting
  • ARP cache poisoning
  • iFrame attacks

Explanation: ARP cache poisoning occurs when a threat actor uses gratuitous ARP to manipulate the ARP caches of computers on a network segment. In this way, the treat actor’s MAC address can be mapped to the IP address of the default the gateway.

2. What should a cybersecurity analyst look for to detect DNS tunneling?

  • longer than average DNS queries
  • incorrect MAC to IP address mappings
  • gratuitous ARP requests
  • rogue DHCP servers

Explanation: DNS tunneling can frequently be detected by looking for unusual DNS queries, such as those that are too long or query for an unusual domain name.

3. A threat actor accesses a list of user email addresses by sending database commands through an insecure login page. What type of attack is this?

  • cross-site scripting
  • client-side scripting
  • iFrame attack
  • SQL injection

Explanation: SQL injection occurs when a threat actor sends SQL database commands into an insecure login field.

4. In what type of attack are HTTP redirect messages used to send users to malicious websites?

  • HTTP 302 cushioning
  • domain shadowing
  • iFrame attacks
  • cross-site scripting

Explanation: HTTP 302 cushioning uses HTTP redirect messages to make a browser access a malicious web page.

Notify of

Inline Feedbacks
View all comments