Chapter 3 - Network Security Concepts

Question 1

what is RISK

Answer 1

likelihood of a threat to exploit the vulnerability of an asset
probability of the occurrence of an event and its consequences

Question 2

what is THREAT

Answer 2

a potential danger to a company’s assets, data or network functionality

Question 3

what is data loss or data exfiltration

Answer 3

when data is intentionally or unintentionally lost, stolen or leaked to outside world

Question 4

common data loss vectors

Answer 4

• email/social networking
• unencrypted devices
• cloud storage devices
• removable media
• hard copy
• improper access control (weak or compromised passwords)

Question 5

what kind of hacker:

• commit crimes and may do unethical things but not for personal gain or to cause damage
• may disclose vulnerability to affected org

Answer 5

Grey Hat Hacker

Question 6

term that includes any device, person, group or nation state that is intentionally or unintentionally the source of an attack?

Answer 6

threat actor

Question 7

what is a vulnerability broker

Answer 7

usually a grey hat hacker who attempts to discover exploits and reports them to vendors, sometimes for rewards

Question 8

what type of attack does the threat actor rely on users to install to help exploit the security gaps

Answer 8

Malware

Question 9

types of malware

Answer 9

• virus
• Trojan horse
• Adware
• Ransomeware
• rootkit
• spyware
• worm

Question 10

networks are susceptible to these kinds of attacks

Answer 10

• reconnaissance attacks
• access attacks
• DoS attacks

Question 11

techniques used by threat actors to conduct recon attacks

Answer 11

• perform an info query of a target
• initiate ping sweep of target network
• initiate a port scan of active IP addresses
• run vulnerability scanners
• run exploitation tools

Question 12

access attacks exploits known vulnerabilities in…

Answer 12

authentication services, FTP services and web services

Question 13

types of access attacks include

Answer 13

• social engineering
• password attacks
• spoofing attacks
• trust exploitations (threat actor uses unauthorized privileges to gain access to a system)
• port redirections
• MITM attack
• buffer overflow attacks

Question 14

this tool was designed to help white hat hackers and other network security professionals create social engineering attacks to test their own networks

Answer 14

SET - Social Engineering Toolkit

Question 15

what are the two types of DoS and DDoS attack

Answer 15

• overwhelming quantity of traffic

- maliciously formatted packets

Question 16

a collection of zombies is called

Answer 16

botnet

Question 17

how does Smurf attack overwhelm a target host?

Answer 17

1. Amplification - threat actor forwards ICMP echo request msgs to many hosts. These msgs contain source IP address of the victim
2. Reflection - hosts all reply to spoofed IP of the victim to overwhelm it

Question 18

what info can a threat actor gather using ICMP attacks

Answer 18

• map out the network topology
• discover hosts that are reachable/active
• identify host OS
• state of firewall

Question 19

two types of IP address spoofing attacks:

Answer 19

• non-blinding spoofing - threat actor can see traffic btwn host and the target; can determine firewall state and sequence-number prediction and can hijack authorized session
• blind spoofing - threat actor can’t see traffic btwn host and target; used in DoS attacks

Question 20

when does a threat actor use MAC add attack?

Answer 20

when threat actor has access to internal network