3.11.3 Module Quiz – Network Security Concepts Answers
1. The IT department is reporting that a company web server is receiving an abnormally high number of web page requests from different locations simultaneously. Which type of security attack is occurring?
- spyware
- phishing
- DDoS
- social engineering
- adware
Explanation: Phishing, spyware, and social engineering are security attacks that collect network and user information. Adware consists, typically, of annoying popup windows. Unlike a DDoS attack, none of these attacks generate large amounts of data traffic that can restrict access to network services.
2. What causes a buffer overflow?
- downloading and installing too many software updates at one time
- attempting to write more data to a memory location than that location can hold
- sending too much information to two or more interfaces of the same device, thereby causing dropped packets
- sending repeated connections such as Telnet to a particular device, thus denying other data sources
- launching a security countermeasure to mitigate a Trojan horse
Explanation: By sending too much data to a specific area of memory, adjacent memory locations are overwritten, which causes a security issue because the program in the overwritten memory location is affected.
3. Which objective of secure communications is achieved by encrypting data?
- authentication
- confidentiality
- integrity
- availability
Explanation: When data is encrypted, it is scrambled to keep the data private and confidential so that only authorized recipients can read the message. A hash function is another way of providing confidentiality.
4. What type of malware has the primary objective of spreading across the network?
- virus
- botnet
- Trojan horse
- worm
Explanation: The main purpose of a worm is to self-replicate and propagate across the network. A virus is a type of malicious software that needs a user to spread. A trojan horse is not self-replicating and disguises itself as a legitimate application when it is not. A botnet is a series of zombie computers working together to wage a network attack.
5. Which algorithm can ensure data confidentiality?
Explanation: Data confidentiality is ensured through symmetric encryption algorithms, including DES, 3DES, and AES.
6. What three items are components of the CIA triad? (Choose three.)
- scalability
- access
- intervention
- confidentiality
- integrity
- availability
Explanation: The CIA triad contains three components: confidentiality, integrity, and availability. It is a guideline for information security for an organization.
7. Which cyber attack involves a coordinated attack from a botnet of zombie computers?
- address spoofing
- ICMP redirect
- DDoS
- MITM
Explanation: DDoS is a distributed denial-of-services attack. A DDoS attack is launched from multiple coordinated sources. The sources of the attack are zombie hosts that the cybercriminal has built into a botnet. When ready, the cybercriminal instructs the botnet of zombies to attack the chosen target.
8. What specialized network device is responsible for enforcing access control policies between networks?
- firewall
- switch
- IDS
- bridge
Explanation: Firewalls are used to permit or block traffic between networks according to access control policies.
9. To which category of security attacks does man-in-the-middle belong?
- DoS
- access
- reconnaissance
- social engineering
Explanation: With a man-in-the-middle attack, a threat actor is positioned in between two legitimate entities in order to read, modify, or redirect the data that passes between the two parties.
10. What is the role of an IPS?
- to detect patterns of malicious traffic by the use of signature files
- to enforce access control policies based on packet content
- to filter traffic based on defined rules and connection context
- to filter traffic based on Layer 7 information
Explanation: For detecting malicious activity, an IPS uses a set of rules called signatures to detect patterns in network traffic.
11. Which type of DNS attack involves the cybercriminal compromising a parent domain and creating multiple subdomains to be used during the attacks?
- tunneling
- cache poisoning
- amplification and reflection
- shadowing
Explanation: Two threats to DNS are DNS shadowing and DNS tunneling attacks. DNS shadowing attacks compromise a parent domain and then the cybercriminal creates subdomains to be used in attacks. DNS tunneling attacks build botnets to bypass traditional security solutions. Three threats to DNS open resolvers are cache poisoning, amplification and reflection, and resource utilization attacks.
12. Which two types of hackers are typically classified as grey hat hackers? (Choose two.)
- script kiddies
- cyber criminals
- vulnerability brokers
- state-sponsored hackers
- hacktivists
Explanation: Grey hat hackers may do unethical or illegal things, but not for personal gain or to cause damage. Hacktivists use their hacking as a form of political or social protest, and vulnerability brokers hack to uncover weaknesses and report them to vendors. Depending on the perspective one possesses, state-sponsored hackers are either white hat or black hat operators. Script kiddies create hacking scripts to cause damage or disruption. Cyber criminals use hacking to obtain financial gain by illegal means.
13. What is a significant characteristic of virus malware?
- Virus malware is only distributed over the Internet.
- Once installed on a host system, a virus will automatically propagate itself to other systems.
- A virus can execute independently of the host system.
- A virus is triggered by an event on the host system.
Explanation: A virus is malicious code that is attached to a legitimate program or executable file, and requires specific activation, which may include user actions or a time-based event. When activated, a virus can infect the files it has not yet infected, but does not automatically propagate itself to other systems. Self-propagation is a feature of worms. In addition to being distributed over the Internet, viruses are also spread by USB memory sticks, CDs, and DVDs.
14. A cleaner attempts to enter a computer lab but is denied entry by the receptionist because there is no scheduled cleaning for that day. What type of attack was just prevented?
- phishing
- shoulder surfing
- war driving
- social engineering
- Trojan
Explanation: Social engineering is when a person attempts to manipulate another individual to gain access to information or resources to which they are not entitled.
15. Which network security statement is true?
- All threats come from external networks.
- Internal threats are always accidental.
- Internal threats are always intentional.
- Internal threats can cause greater damage than external threats.
Explanation: Internal threats can be intentional or accidental and can cause greater damage than external threats because an internal user has direct access to the internal corporate network and corporate data.
16. What commonly motivates cybercriminals to attack networks as compared to hacktivists or statesponsored hackers?
- Fame seeking
- Financial gain
- Political reasons
- Status among peers
Explanation: Cybercriminals are commonly motivated by money. Hackers are known to hack for status. Cyberterrorists are motivated to commit cybercrimes for religious or political reasons.
17. Which type of hacker is motivated by protesting political and social issues?
- Cybercriminal
- Hacktivist
- Script kiddie
- Vulnerability broker
Explanation: Hackers are categorized by motivating factors. Hacktivists are motivated by protesting political and social issues.
18. What is Trojan horse malware?
- It is malware that can only be distributed over the internet.
- It is software that appears useful but includes malicious code.
- It is software that causes annoying computer problems.
- It is the most easily detected form of malware.
Explanation: Trojan horse malware appears as useful software but hides malicious code. Trojan horse malware may cause annoying computer problems, but it can also cause fatal problems. Some Trojan horses may be distributed over the internet, but they can also be distributed by USB memory sticks and other means. Specifically targeted Trojan horse malware can be some of the most difficult malware to detect.
19. A user receives a call from someone in IT services, asking her to confirm her username and password for auditing purposes. Which security threat does this represent?
- Anonymous keylogging
- DDoS
- Social engineering
- Spam
Explanation: Social engineering involves attempting to gain the confidence of an employee and convince that person to divulge confidential and sensitive information, such as usernames and passwords. DDoS attacks, spam, and keylogging are all examples of software-based security threats, not social engineering.
20. What is a ping sweep?
- A DNS query and response protocol
- A network scanning technique that involves identifying active IP addresses
- A type of packet capturing software
- A TCP and UDP port scanner to detect open services
Explanation: A ping sweep is a technique that is used during a reconnaissance attack to locate line IP addresses. Other tools that might be used during this type of attack include a port scan or an internet information query. A reconnaissance attack is used to gather information about a particular network, usually in preparation for another type of network attack.
21. How are zombies used in security attacks?
- Zombies are infected machines that carry out a DDoS attack.
- Zombies are maliciously formed code segments used to replace legitimate applications.
- Zombies probe a group of machines for open ports to learn which services are running.
- Zombies target specific individuals to gain corporate or personal information.
Explanation: Zombies are infected computers that make up a botnet. They are used to deploy a distributed denial-of-service (DDoS) attack.
22. What is used to decrypt data that has been encrypted using an asymmetric encryption algorithm public key?
- A different public key
- A digital certificate
- A private key
- DH
Explanation: When an asymmetric algorithm is used, public and private keys are used for the encryption. Either key can be used for encryption, but the complementary matched key must be used for the decryption. For example, if the public key is used for encryption, the private key must be used for the decryption.
23. What are the SHA hash generating algorithms used for?
- Authentication
- Confidentiality
- Integrity
- Nonrepudiation
Explanation: Integrity is ensured by implementing SHA hash generating algorithms. Many modern networks ensure authentication with protocols such as HMACs. Data confidentiality is ensured through symmetric encryption algorithms, including 3DES and AES. Data confidentiality can also be ensured using asymmetric algorithms.
24. Which of the following is true of an IPS?
- It can stop malicious packets.
- It has no impact on latency.
- It is deployed in offline mode.
- It is primarily focused on identifying possible incidents.
Explanation: An advantage of an intrusion prevention system (IPS) is that it can identify and stop malicious packets. However, because an IPS is deployed inline, it can add latency to the network.
25. What is the term used to describe unethical criminals who compromise computer and network security for personal gain or for malicious reasons?
- Black hat hackers
- Hacktivists
- Script kiddies
- Vulnerability broker
Explanation: Black hat hackers are unethical threat actors who use their skills to compromise computer and network security vulnerabilities. The goal is usually financial gain or personal gain, or the hacker may have malicious intent. A vulnerability broker is a gray hat hacker who attempts to discover exploits and report them to vendors, sometimes for prizes or rewards. Hacktivists are gray hat hackers who publicly protest organizations or governments by posting articles or videos, leaking sensitive information, and performing network attacks. Script kiddies are inexperienced hackers (sometimes teenagers) running existing scripts, tools, and exploits to cause harm—but typically not for profit.
26. What is the term used to describe a potential danger to a company’s assets, data, or network functionality?
- Asymmetric encryption algorithm
- Exploit
- Threat
- Vulnerability
Explanation: A threat is a potential danger to a company’s assets, data, or network functionality. An exploit is a mechanism that takes advantage of a vulnerability. A vulnerability is a weakness in a system, or its design, that could be exploited by a threat.
27. What term is used to describe a guarantee that a message is not a forgery and does actually come from the person who is supposed to have sent it?
- Data nonrepudiation
- Exploit
- Mitigation
- Origin authentication
Explanation: Origin authentication guarantees that a message is not a forgery and does actually come from the person who is supposed to have sent it. Data nonrepudiation guarantees that the sender cannot repudiate, or refute, the validity of a message sent. An exploit is a mechanism that takes advantage of a vulnerability. Mitigation describes a countermeasure to eliminate or reduce the potential of a threat or risk.
28. What term is used to describe a mechanism that takes advantage of a vulnerability?
- Asymmetric encryption algorithm
- Exploit
- Threat
- Vulnerability
Explanation: An exploit is a mechanism that takes advantage of a vulnerability. A threat is a potential danger to a company’s assets, data, or network functionality. A vulnerability is a weakness in a system, or its design, that could be exploited by a threat.
29. Which of the following guarantees that the sender cannot repudiate, or refute, the validity of a message sent?
- Data nonrepudiation
- Exploit
- Mitigation
- Origin authentication
Explanation: Data nonrepudiation guarantees that the sender cannot repudiate, or refute, the validity of a message sent. An exploit is a mechanism that takes advantage of a vulnerability. Mitigation is a countermeasure to eliminate or reduce the potential of a threat or risk. Origin authentication guarantees that a message is not a forgery and does actually come from the person who is supposed to have sent it.