Network Support and Security: My Knowledge Check Answers

Explanation: In a ransomware attack, the attacker compromises the victum computer and encrypts the hard drive so that data can no longer be accessed by the user. The attacker then demands payment from the user to decrypt the drive.

Explanation: With the substitution troubleshooting method, a know suitable device is used to replace a suspected bad device. If this fixes the problem, then the problem was with the removed device. If the issue remains, the cause resides someplace else, and the troubleshooting continues.

Explanation: The importance of data integrity varies based on how an organization uses the data:

• Critical level of need: Data integrity might be a matter of life or death in a healthcare organization. For example, prescription information must be accurate. Therefore, all data is continuously validated, tested, and verified.
• High need: In an e-commerce or analytics-based organization, transactions and customer accounts must be accurate. All data is validated and verified at frequent intervals.
• Mid-level of need: Online sales and search engines collect data that has been publicly posted. Little verification is performed, and data is not completely trustworthy.
• Low level of need: Blogs, forums, and personal pages on social media are powered by public opinion and open contribution. Data may not be verified at all, and there is a low level of trust in the content.

Explanation: Traceroute is a command-line tool for tracing an IP packet’s path across routed networks.

Explanation: An advanced persistent threat (APT) is a continuous attack that uses elaborate espionage tactics involving multiple actors and sophisticated malware to gain access to the targeted network.

Explanation: There are two types of biometric identifiers:

• Physical characteristics: fingerprints, DNA, face, hands, retina, or ear features.
• Behavioral characteristics: behavior patterns such as gestures, voice, gait, or typing rhythm.

Explanation: Internet Protocol Security (IPsec) protects sensitive data and secures VPNs. IPsec tunneling encrypts all data sent between tunnel endpoints. IPsec also can be used to authenticate data originating from an authorized sender.

Explanation: Social engineering is a very effective way to get personal or sensitive corpoate information from an employee. Cybercriminals may try to get to know an employee and then use trust or familiarity to gather the needed information.

Explanation: A closed-ended question can be answered with a simple factual answer. In this case, the computer’s operating system is a factual answer that can only have a few possible answers.

Explanation: The ifconfig command can be used with both Linux and MAC OS to display interface IP configuration information.

Explanation: There are several benefits to using a stateful firewall in a network:

• Stateful firewalls are often used as a primary means of defense by filtering unwanted, unnecessary, or undesirable traffic.
• Stateful firewalls strengthen packet filtering by providing more stringent control over security.
• Stateful firewalls improve performance over packet filters or proxy servers.
• Stateful firewalls defend against spoofing and DoS attacks by determining whether packets belong to an existing connection or are from an unauthorized source.
• Stateful firewalls provide more log information than packet-filtering firewalls.

Explanation: If a penetration test is successful, the corporation should check to locate vulnerabilities in the network and also check to see if there are new unauthorized accounts.

Explanation: The seven-step troubleshooting process starts with defining the problem; then, the next step is to gather information, followed by analyzing the data. The process proceeds with eliminating possible causes, proposing a hypothesis, testing the hypothesis, and ending with solving the problem and documenting the solution.

Explanation: According to the CIA information security triad, the principle of availability means that authorized users must have uninterrupted access to important resources and data. It requires implementing redundant services, gateways, and links.

Explanation: A cybersecurity specialist needs to be familiar with the characteristics of the different types of malware and attacks that threaten an organization.

Explanation: One of the main reasons to establish an initial network performance baseline is to identify the average traffic volume and conditions on the network. Network baselines compare performance before and after network changes and identify abnormal traffic types or volumes.

Explanation: WPA2 is the current industry standard for securing wireless networks and uses the Advanced Encryption Standard (AES) for encryption.

Explanation: Phishing is a type of malware attack where threat actors use unsafe websites and suspicious emails to entice users to give away personal information.

Explanation: Netbus is a backdoor program used by cybercriminals to gain unauthorized access to a system by bypassing the standard authentication procedures. A logic bomb is a malicious program that waits for a trigger, such as a specified date or database entry, to set off the malicious code. Keyboard logging refers to recording or logging every key struck on a computer’s keyboard. Grayware is any unwanted application that behaves in an annoying or undesirable manner. It may not carry any recognizable malware, but it may still pose a risk to the user by tracking your location or delivering unwanted advertising.

Explanation: Packet filtering firewalls are usually part of a router firewall, which permits or denies traffic based on Layer 3 and 4 information. Stateless firewalls use a simple policy table look-up that filters traffic based on specific criteria.

Explanation: A hoax is an act intended to deceive or trick someone. This type of email can cause unnecessary disruption, extra work, and fear.

Explanation: The technician replaces a suspected bad piece of equipment with a known-good one. This represents the Substitution method of troubleshooting.

Explanation: The tracert command in Windows can help a technician locate Layer 3 problems by returning a list of hops a packet takes as it is routed through a network. This helps verify Layer 3 connectivity and identify the point along the path where a problem can be found if there is no end-to-end connectivity.

Explanation: The Task Manager tool can assist in troubleshooting issues on a Windows PC by displaying the applications and processes that are currently running.

Explanation: There are several measures that organizations and users need to implement to defend against wireless and mobile device attacks, including:

• Take advantage of basic wireless security features such as authentication and encryption by changing the default configuration settings.
• Restrict access point placement by placing these devices outside the firewall or within a demilitarized zone — a perimeter network that protects an organization’s LAN from untrusted devices.
• Use WLAN tools such as NetStumbler to detect rogue access points or unauthorized workstations.
• Develop a policy for secure guest access to an organization’s Wi-Fi network.
• Employees in an organization should use a remote access VPN for WLAN access when on public Wi-Fi networks.

Explanation: Worms are malicious code that replicates by independently exploiting vulnerabilities in networks. Worms usually slow down networks. Whereas a virus requires a host program to run, worms can run by themselves. Other than the initial infection, worms no longer require user participation. After a worm affects a host, it is able to spread very quickly over the network. Worms share similar patterns. They all have an enabling vulnerability, a way to propagate themselves, and they all contain a payload.

Explanation: Shoulder surfing is a simple attack that involves observing or looking over a shoulder of a target to gain valuable information such as PINs, access codes, or credit card details. As a result, ATM screens are only visible at certain angles. These types of safeguards make shoulder surfing much more difficult

Explanation: The limitations of a stateful firewall are:

• No Application Layer inspection
• Limited tracking of stateless protocols
• Difficult to defend against dynamic port negotiation
• No authentication support

Explanation: A site-to-site VPN is created between two VPN gateways to establish a secure tunnel. The VPN traffic is only encrypted between the two gateway devices and not between the client and the gateway. The client host will have no knowledge that a VPN is being used.

Explanation: It is important to determine how many users are affected to find the scope of a problem. This helps the technician determine if the problem is isolated to one computer, office, floor, or network.

Explanation: WPA2 Personal is recommended for home or small office networks. Wireless clients authenticate with the wireless router using a pre-shared password.

Explanation: There are two types of biometric identifiers:

• Physical characteristics: fingerprints, DNA, face, hands, retina, or ear features.
• Behavioral characteristics: behavior patterns such as gestures, voice, gait, or typing rhythm.

Explanation: Some examples of logical access controls are encryption, smart cards, passwords, biometrics, access control lists, protocols, firewalls, routers, intrusion detection systems, and clipping levels. Some examples of physical access controls are guards, fences, motion detectors, laptop locks, locked doors, swipe cards, guard dogs, video cameras, mantrap-style entry systems, and alarms.

Explanation: A cybersecurity specialist needs to be familiar with the characteristics of the different types of malware and attacks that threaten an organization.

Explanation: Many network management systems use SNMP to collect data from networking devices. SMTP is used to send emails between email servers. RDP is the protocol used to access desktop computers remotely. TFTP is an insecure protocol used to transfer files between devices.

Explanation: Although WPA2 included Wi-Fi Protected Setup (WPS) to quickly onboard devices without configuring them first, WPS is vulnerable to various attacks and not recommended. In WPA3, the Device Provisioning Protocol (DDP) addresses this need, providing an easy way for headless IoT devices to connect to the wireless network. Each IoT device has a hardcoded public key typically stamped on the outside of the device or the packaging as a QR code. The network administrator scans the QR code and quickly onboards the device.

Explanation: TCP Wrappers host-based firewall is a rule-based access control and logging system for Linux. Packet filtering is based on IP addresses and network services.

Explanation: A baseline is created to establish a regular network or system performance to determine the state of a network under normal conditions. It can identify areas in the network that are underutilized.

Explanation: Gatekeeper, an Apple macOS security feature, ensures that only authentic, digitally-signed software that an Apple-notarized software developer has created can be installed.

Explanation: The first dimension of the cybersecurity cube identifies the goals to protect cyberspace. The foundational principles of confidentiality, integrity and data availability provide a focus that enables the cybersecurity expert to prioritize actions when protecting any networked system.

Explanation: The United States Computer Emergency Readiness Team (US-CERT) and the U.S. Department of Homeland Security sponsor a dictionary of common vulnerabilities and exposures (CVE).

Each CVE entry contains a standard identifier number, a brief description of the security vulnerability and any important references to related vulnerability reports. The CVE list is maintained by a not-for-profit, the MITRE Corporation, on its public website.

Explanation: In spoofing attacks, hackers can disguise their devices by using a valid address from the network and therefore bypass authentication processes. MAC addresses and IP addresses can be spoofed and can also be used to spoof ARP relationships.

Explanation: The 802.11 wireless standards 802.11n and 802.11ax can operate in both the 2.4 and 5GHz frequency spectrums. The 802.11a and 802.11ac standards only operate in the 5GHz spectrum, and 802.11g only operates in the 2.4GHz spectrum.

Explanation: The show tech-support command automatically runs more than 40 show commands and can produce a very large amount of output that is useful for technicians troubleshooting a router.

Explanation: If CDP is enabled on devices, the show CDP neighbors command can help map the network by providing information about neighbors such as the hostname of the neighbor, the port from which the neighbor is reached, the port on the neighbor device that it is gone through, the device type of the neighbor, and the hardware platform of the neighbor.

Explanation: A rootkit commonly modifies an operating system to create a backdoor to bypass normal authentication mechanisms.

Explanation: Packet filtering firewalls are usually part of a router firewall, which permits or denies traffic based on Layer 3 and 4 information. Stateless firewalls use a simple policy table look-up that filters traffic based on specific criteria.

Explanation: BitLocker to Go is a tool that encrypts removable drives.

Explanation: Social engineering uses several different tactics to gain information from victims.

Explanation: Administrative access controls involve three security services: authentication, authorization, and accounting (AAA).

Explanation: To narrow down the problem, the technician asks if the computer was previously able to access the website and if other websites are accessible. If the answer is yes to both questions, the technician has narrowed the issue to problems with the single website on this day.

Explanation: The third dimension of the cybersecurity cube defines the pillars on which we need to base our cybersecurity defenses to protect data and infrastructure in the digital realm. These are technology , policy, and practices , and improving people’s education, training, and awareness.