Module 2: Quiz – Network Threats (Answers) Network Security

1. In what way are zombies used in security attacks?

  • They probe a group of machines for open ports to learn which services are running.
  • They target specific individuals to gain corporate or personal information.
  • They are infected machines that carry out a DDoS attack.
  • They are maliciously formed code segments used to replace legitimate applications.

Explanation: Zombies are infected computers that make up a botnet. The zombies are used to deploy a distributed denial of service (DDoS) attack.

2. What is an example of a local exploit?

  • A threat actor performs a brute force attack on an enterprise edge router to gain illegal access.
  • A threat actor tries to gain the user password of a remote host by using a keyboard capture software installed on it by a Trojan.
  • A buffer overflow attack is launched against an online shopping website and causes the server crash.
  • Port scanning is used to determine if the Telnet service is running on a remote server.

Explanation: Vulnerability exploits may be remote or local. In a local exploit, the threat actor has some type of user access to the end system, either physically or through remote access. The exploitation activity is within the local network.

3. Which two statements describe access attacks? (Choose two.)

  • Password attacks can be implemented by the use of brute-force attack methods, Trojan horses, or packet sniffers.
  • Trust exploitation attacks often involve the use of a laptop to act as a rogue access point to capture and copy all network traffic in a public location, such as a wireless hotspot.
  • Buffer overflow attacks write data beyond the allocated buffer memory to overwrite valid data or to exploit systems to execute malicious code.
  • To detect listening services, port scanning attacks scan a range of TCP or UDP port numbers on a host.
  • Port redirection attacks use a network adapter card in promiscuous mode to capture all network packets that are sent across a LAN.

Explanation: An access attack tries to gain access to a resource using a hijacked account or other means. The five types of access attacks include the following:

  • password – a dictionary is used for repeated login attempts
  • trust exploitation – uses granted privileges to access unauthorized material
  • port redirection – uses a compromised internal host to pass traffic through a firewall
  • man-in-the-middle – an unauthorized device positioned between two legitimate devices in order to redirect or capture traffic
  • buffer overflow – too much data sent to a memory location that already contains data

4. Why would a rootkit be used by a hacker?

  • to gain access to a device without being detected
  • to reverse engineer binary files
  • to do reconnaissance
  • to try to guess a password

Explanation: Hackers use rootkits to avoid detection as well as hide any software installed by the hacker.

5. Which statement describes the term attack surface?

  • It is the total number of attacks toward an organization within a day.
  • It is the total sum of vulnerabilities in a system that is accessible to an attacker.
  • It is the group of hosts that experiences the same attack.
  • It is the network interface where attacks originate.

Explanation: An attack surface is the total sum of the vulnerabilities in a system that is accessible to an attacker. The attack surface can consist of open ports on servers or hosts, software that runs on Internet-facing servers, wireless network protocols, and even users.

6. Which risk management plan involves discontinuing an activity that creates a risk?

  • risk reduction
  • risk avoidance
  • risk sharing
  • risk retention

Explanation: During a risk assessment it may be determined that an activity involves more risk than benefit. In such a situation an organization may decide to avoid the risk altogether by discontinuing the activity. This is known as risk avoidance.

7. What name is given to an amateur hacker?

  • black hat
  • blue team
  • script kiddie
  • red hat

Explanation: Script kiddies is a term used to describe inexperienced hackers.

8. What is the term used when a malicious party sends a fraudulent email disguised as being from a legitimate, trusted source?

  • backdoor
  • phishing
  • vishing
  • Trojan

Explanation: Phishing is used by malicious parties who create fraudulent messages that attempt to trick a user into either sharing sensitive information or installing malware.

9. Which two characteristics describe a worm? (Choose two.)

  • travels to new computers without any intervention or knowledge of the user
  • infects computers by attaching to software code
  • executes when software is run on a computer
  • hides in a dormant state until needed by an attacker
  • is self-replicating

Explanation: Worms are self-replicating pieces of software that consume bandwidth on a network as they propagate from system to system. They do not require a host application, unlike a virus. Viruses, on the other hand, carry executable malicious code which harms the target machine on which they reside.

10. A user receives a phone call from a person who claims to represent IT services and then asks that user for confirmation of username and password for auditing purposes. Which security threat does this phone call represent?

  • anonymous keylogging
  • DDoS
  • spam
  • social engineering

Explanation: Social engineering attempts to gain the confidence of an employee and convince that person to divulge confidential and sensitive information, such as usernames and passwords. DDoS attacks, spam, and keylogging are all examples of software based security threats, not social engineering.

11. Which evasion method describes the situation that after gaining access to the administrator password on a compromised host, a threat actor is attempting to login to another host using the same credentials?

  • traffic substitution
  • resource exhaustion
  • pivoting
  • protocol-level misinterpretation

Explanation: Pivoting is an evasion method that assumes the threat actor has compromised an inside host and the actor wants to expand the access further into the compromised network.

12. In what type of attack is a cybercriminal attempting to prevent legitimate users from accessing network services?

  • DoS
  • address spoofing
  • MITM
  • session hijacking

Explanation: In a DoS or denial-of-service attack, the goal of the attacker is to prevent legitimate users from accessing network services.

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x