Modules 13 - 17: Threats and Attacks Group Exam

1. Question

1 points

What is the significant characteristic of worm malware?

Worm malware disguises itself as legitimate software.
Once installed on a host system, a worm does not replicate itself.
A worm must be triggered by an event on the host system.
A worm can execute independently of the host system.

2. Question

1 points

What are the three major components of a worm attack? (Choose three.)

a payload
a propagation mechanism
an infecting vulnerability
a probing mechanism
an enabling vulnerability
a penetration mechanism

3. Question

1 points

A user is curious about how someone might know a computer has been infected with malware. What are two common malware behaviors? (Choose two.)

The computer emits a hissing sound every time the pencil sharpener is used.
The computer beeps once during the boot process.
The computer gets increasingly slower to respond.
No sound emits when an audio CD is played.
The computer freezes and requires reboots.

4. Question

1 points

Which two types of attacks are examples of reconnaissance attacks? (Choose two.)

brute force
port scan
ping sweep
man-in-the-middle
SYN flood

5. Question

1 points

An administrator discovers a vulnerability in the network. On analysis of the vulnerability the administrator decides the cost of managing the risk outweighs the cost of the risk itself. The risk is accepted, and no action is taken. What risk management strategy has been adopted?

risk transfer
risk acceptance
risk reduction
risk avoidance

6. Question

1 points

Which protocol is exploited by cybercriminals who create malicious iFrames?

HTTP
DNS
ARP
DHCP

7. Question

1 points

How can a DNS tunneling attack be mitigated?

by preventing devices from using gratuitous ARP
by using a filter that inspects DNS traffic
by securing all domain owner accounts
by using strong passwords and two-factor authentication

8. Question

1 points

What is the function of a gratuitous ARP sent by a networked device when it boots up?

to request the netbios name of the connected system
to request the MAC address of the DNS server
to request the IP address of the connected network
to advise connected devices of its MAC address

9. Question

1 points

What is the result of a passive ARP poisoning attack?

Data is modified in transit or malicious data is inserted in transit.
Network clients experience a denial of service.
Confidential information is stolen.
Multiple subdomains are created.

10. Question

1 points

What are two methods used by cybercriminals to mask DNS attacks? (Choose two.)

reflection
shadowing
domain generation algorithms
fast flux
tunneling

11. Question

1 points

Match the security tool with the description. (Not all options apply.)

12. Question

1 points

Match the type of cyberattackers to the description. (Not all options are used.)

13. Question

1 points

Match the threat actors with the descriptions. (Not all options are used.)

14. Question

1 points

What scenario describes a vulnerability broker?

a teenager running existing scripts, tools, and exploits, to cause harm, but typically not for profit
a threat actor attempting to discover exploits and report them to vendors, sometimes for prizes or rewards
a threat actor publicly protesting against governments by posting articles and leaking sensitive information
a State-Sponsored threat actor who steals government secrets and sabotages networks of foreign governments

15. Question

1 points

In what type of attack is a cybercriminal attempting to prevent legitimate users from accessing network services?

DoS
session hijacking
MITM
address spoofing

16. Question

1 points

Which field in the IPv6 header points to optional network layer information that is carried in the IPv6 packet?

traffic class
version
flow label
next header

17. Question

1 points

Which type of attack is carried out by threat actors against a network to determine which IP addresses, protocols, and ports are allowed by ACLs?

social engineering
denial of service
phishing
reconnaissance

18. Question

1 points

What kind of ICMP message can be used by threat actors to create a man-in-the-middle attack?

ICMP echo request
ICMP unreachable
ICMP redirects
ICMP mask reply

19. Question

1 points

What are two purposes of launching a reconnaissance attack on a network? (Choose two.)

to escalate access privileges
to prevent other users from accessing the system
to scan for accessibility
to gather information about the network and devices
to retrieve and modify data

20. Question

1 points

Which type of network attack involves randomly opening many Telnet requests to a router and results in a valid network administrator not being able to access the device?

DNS poisoning
man-in-the-middle
SYN flooding
spoofing

21. Question

1 points

What functionality is provided by Cisco SPAN in a switched network?

It mirrors traffic that passes through a switch port or VLAN to another port for traffic analysis.
It prevents traffic on a LAN from being disrupted by a broadcast storm.
It protects the switched network from receiving BPDUs on ports that should not be receiving them.
It copies traffic that passes through a switch interface and sends the data directly to a syslog or SNMP server for analysis.
It inspects voice protocols to ensure that SIP, SCCP, H.323, and MGCP requests conform to voice standards.
It mitigates MAC address overflow attacks.

22. Question

1 points

Which statement describes an operational characteristic of NetFlow?

NetFlow collects basic information about the packet flow, not the flow data itself.
NetFlow captures the entire contents of a packet.
NetFlow flow records can be viewed by the tcpdump tool.
NetFlow can provide services for user access control.

23. Question

1 points

Match the network monitoring solution with a description. (Not all options are used.)

24. Question

1 points

Which technology is a proprietary SIEM system?

StealthWatch
NetFlow collector
SNMP agent
Splunk

25. Question

1 points

What are three functionalities provided by SOAR? (Choose three.)

It automates complex incident response procedures and investigations.
It provides 24×7 statistics on packets that flow through a Cisco router or multilayer switch.
It uses artificial intelligence to detect incidents and aid in incident analysis and response.
It presents the correlated and aggregated event data in real-time monitoring and long-term summaries.
It provides a complete audit trail of basic information about every IP flow forwarded on a device.
It provides case management tools that allow cybersecurity personnel to research and investigate incidents.

26. Question

1 points

Which devices should be secured to mitigate against MAC address spoofing attacks?

Layer 7 devices
Layer 4 devices
Layer 3 devices
Layer 2 devices

27. Question

1 points

A network administrator is checking the system logs and notices unusual connectivity tests to multiple well-known ports on a server. What kind of potential network attack could this indicate?

access
denial of service
information theft
reconnaissance

28. Question

1 points

What is a vulnerability that allows criminals to inject scripts into web pages viewed by users?

Cross-site scripting
XML injection
buffer overflow
SQL injection

29. Question

1 points

Which cyber attack involves a coordinated attack from a botnet of zombie computers?

ICMP redirect
MITM
DDoS
address spoofing

30. Question

1 points

What technique is a security attack that depletes the pool of IP addresses available for legitimate hosts?

reconnaissance attack
DHCP starvation
DHCP spoofing
DHCP snooping

31. Question

1 points

Which type of Trojan horse security breach uses the computer of the victim as the source device to launch other attacks?

proxy
FTP
DoS
data-sending

32. Question

1 points

What are two examples of DoS attacks? (Choose two.)

buffer overflow
SQL injection
port scanning
phishing
ping of death

33. Question

1 points

Why would a rootkit be used by a hacker?

to try to guess a password
to reverse engineer binary files
to gain access to a device without being detected
to do reconnaissance

34. Question

1 points

What causes a buffer overflow?

sending too much information to two or more interfaces of the same device, thereby causing dropped packets
attempting to write more data to a memory location than that location can hold
sending repeated connections such as Telnet to a particular device, thus denying other data sources
downloading and installing too many software updates at one time
launching a security countermeasure to mitigate a Trojan horse

35. Question

1 points

Which type of security threat would be responsible if a spreadsheet add-on disables the local software firewall?

DoS
Trojan horse
buffer overflow
brute-force attack

36. Question

1 points

Which two types of hackers are typically classified as grey hat hackers? (Choose two.)

hacktivists
cyber criminals
vulnerability brokers
script kiddies
state-sponsored hackers

37. Question

1 points

A white hat hacker is using a security tool called Skipfish to discover the vulnerabilities of a computer system. What type of tool is this?

debugger
fuzzer
vulnerability scanner
packet sniffer

38. Question

1 points

Which two functions are provided by NetFlow? (Choose two.)

It uses artificial intelligence to detect incidents and aid in incident analysis and response.
It provides a complete audit trail of basic information about every IP flow forwarded on a device.
It provides 24×7 statistics on packets that flow through a Cisco router or multilayer switch.
It allows an administrator to capture real-time network traffic and analyze the entire contents of packets.
It presents correlated and aggregated event data in real-time monitoring and long-term summaries.

39. Question

1 points

Which statement describes the function of the SPAN tool used in a Cisco switch?

It is a secure channel for a switch to send logging to a syslog server.
It provides interconnection between VLANs over multiple switches.
It supports the SNMP trap operation on a switch.
It copies the traffic from one switch port and sends it to another switch port that is connected to a monitoring device.

40. Question

1 points

What are two evasion methods used by hackers? (Choose two.)

scanning
access attack
resource exhaustion
phishing
encryption

41. Question

1 points

Which attack involves threat actors positioning themselves between a source and destination with the intent of transparently monitoring, capturing, and controlling the communication?

man-in-the-middle attack
DoS attack
ICMP attack
SYN flood attack

42. Question

1 points

What is the goal of a white hat hacker?

validating data
modifying data
stealing data
protecting data

43. Question

1 points

Once a cyber threat has been verified, the US Cybersecurity Infrastructure and Security Agency (CISA) automatically shares the cybersecurity information with public and private organizations. What is this automated system called?

AIS
NCSA
ENISA
NCASM

44. Question

1 points

A user receives a phone call from a person who claims to represent IT services and then asks that user for confirmation of username and password for auditing purposes. Which security threat does this phone call represent?

spam
anonymous keylogging
DDoS
social engineering

45. Question

1 points

Which two characteristics describe a worm? (Choose two)

is self-replicating
travels to new computers without any intervention or knowledge of the user
infects computers by attaching to software code
hides in a dormant state until needed by an attacker
executes when software is run on a computer

46. Question

1 points

An attacker is redirecting traffic to a false default gateway in an attempt to intercept the data traffic of a switched network. What type of attack could achieve this?

MAC address snoopin
DHCP snooping
MAC address starvation
DHCP spoofing

47. Question

1 points

What would be the target of an SQL injection attack?

DHCP
DNS
email
database

48. Question

1 points

The IT department is reporting that a company web server is receiving an abnormally high number of web page requests from different locations simultaneously. Which type of security attack is occurring?

social engineering
adware
DDoS
phishing
spyware

49. Question

1 points

Why would an attacker want to spoof a MAC address?

so that the attacker can capture traffic from multiple VLANs rather than from just the VLAN that is assigned to the port to which the attacker device is attached
so that a switch on the LAN will start forwarding frames to the attacker instead of to the legitimate host
so that a switch on the LAN will start forwarding all frames toward the device that is under control of the attacker (that can then capture the LAN traffic)
so that the attacker can launch another type of attack in order to gain access to the switch

50. Question

1 points

Match the security concept to the description.

51. Question

1 points

Which two characteristics describe a virus? (Choose two.)

Malicious code that can remain dormant before executing an unwanted action.
Malware that executes arbitrary code and installs copies of itself in memory.
Malware that relies on the action of a user or a program to activate.
Program code specifically designed to corrupt memory in network devices.
A self-replicating attack that is independently launched.

52. Question

1 points

Which type of security attack would attempt a buffer overflow?

ransomware
reconnaissance
DoS
scareware

Average score
Your score

Quiz-summary

Information

Results

Categories

1. Question

2. Question

3. Question

4. Question

5. Question

6. Question

7. Question

8. Question

9. Question

10. Question

11. Question

12. Question

13. Question

14. Question

15. Question

16. Question

17. Question

18. Question

19. Question

20. Question

21. Question

22. Question

23. Question

24. Question

25. Question

26. Question

27. Question

28. Question

29. Question

30. Question

31. Question

32. Question

33. Question

34. Question

35. Question

36. Question

37. Question

38. Question

39. Question

40. Question

41. Question

42. Question

43. Question

44. Question

45. Question

46. Question

47. Question

48. Question

49. Question

50. Question

51. Question

52. Question