Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Network Fundamentals > ch 10 > Flashcards

ch 10 Flashcards

1
Q

In which of the following phases of the social engineering attack cycle will an attacker require the most time investment?

A

Research

*Pic: this cycle might happen quickly over a few seconds, or take much longer, even years.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following methods requires the entry of a code to open a door?

A

Cipher Lock

or Keypad.

*Pic: a cipher lock can document who enters an area and when.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

In which of the following forms of attack can an attacker redirect and capture secure transmissions as they occur?

A

On-Path Attack

previously called a MitM (man-in-the-middle) attack.

EX: Evil Twin attack (type of On-Path attack).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

You, as a network engineer, want to have an insight into your network’s weaknesses that need attention. You want to search for devices with open ports indicating which insecure service might be used to craft an attack and identify unencrypted sensitive data. Which of the following scanning tools will you use in this scenario?

A

Nessus

developed byL Tenable Security.

Nessus performs even more sophisticated vulnerability scans than Nmap. Among other things, Nessus can identify unencrypted, sensitive data (such as credit card numbers) saved on your network’s hosts. The program can run on your network or from off-site servers continuously maintained and updated by the developer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following is not a social engineering strategy?

A

DoS (Denial-of-Service)

is an attack in which a legitimate user is unable to access normal network resources because of an attacker’s intervention. Most often, this type of attack is achieved by flooding a system with so many requests for services that it can’t respond to any of them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

At a security training exercise, you had to devise a strategy to penetrate into an organization’s data room by accessing one of their employee’s ID cards. You decided to demonstrate this exercise by offering a free gift to one of the employees in exchange for a few hours of data room access. Which kind of social engineering method have you used in such a scenario?

A

Quid Pro Quo

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Gary is a freelance network analyst. A client approaches him to provide a solution for his firm wherein employees have been found to carry sensitive information out of the office premises. This data breach has led to a lot of market speculations as a result of which there has been a significant drop in the share market prices of the company’s stocks. Gary is contracted to find a solution to this issue. Analyze which of the following options should be carried out by Gary keeping in mind the sensitivity of the situation.

A

Deploy a DLP solution.

DLP is a security technique that uses software to monitor confidential data, track data access and ownership, and prevent it from being copied or transmitted off the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

As a network administrator, you have asked one of the contracted vendors of the company to ship a consignment of spare parts and components of all the network devices. You have decided to place this order to store the devices for a rainy day. Now, as the consignment has been received by your organization, you want to store these devices in a secure location. Which of the following will you use in this scenario?

A

Locking Cabinets

is a storage container secured by a locked panel or door that might be used to store documents or hardware not in use.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Zeneth Computers is a software development company. It has received a random email claiming that there will be an attempt to hack and extract sensitive financial data of the company before the year end. The company has contacted you, a network analyst, to verify if such claims are indeed true. You have decided to set up a trap for the hackers by putting up a system containing false financial data. Which of the following will you use in this scenario?

A

Honeypot

is a decoy system isolated from legitimate systems and designed to be vulnerable to security exploits for the purposes of learning more about hacking techniques or nabbing a hacker in the act.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

You have been appointed as a network administrator at JJ Securities. The CEO of the company has requested your presence to address some security concerns. The CEO feels that certain members of the senior management who have access to privileged accounts might be under serious social engineering attacks by potential hackers. So, the CEO wants you to monitor the activities of these privileged accounts. Which of the following software will you use in this situation?

A

PAM (Privileged Account Management) tool

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Rob has enrolled himself as a network security trainee in JV Internet Securities. Which of the following terms should he know to understand the advantage taken of a software vulnerability that hasn’t yet or only very recently become public?

A

Zero-Day Exploit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following terms identifies the weakness of a system that could lead to compromised information or unauthorized access?

A

Vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Chelsea is a hacker who befriends Adele McCain over lunch at the cafeteria. Adele is the senior associate of Spandangle Ltd., a private law firm based in Alabama. Chelsea manages to successfully guess Adele’s password to a sensitive database in the law firm. What kind of password attack did she use?

A

Brute-Force Attack

is an attempt to discover an encryption key or password by trying numerous possible character combinations until the correct combination is found.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Kickstart Securities provides network analysis and safety measurement services to various clients. Recently, one of its clients has requested a technician to run a cross-check on the network system to ensure that there are no vulnerabilities that are exposed. You have been sent in to assess the situation and fix the errors if there are any. Which of the following will you use in such a scenario to track the vulnerabilities across systems?

A

CVE (Common Vulnerabilities and Exposures)

is a dictionary project funded by the U.S. Department of Homeland Security and managed by The MITRE Corporation to index cybersecurity vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Andy Bryant is a network analyst at Freewoods Centre for Policy Research. There are approximately 35 employees currently working on various issues of policy making and research, and this requires access to the network’s resources. He has been asked to set a list of dos and don’ts for all the employees to clarify what is acceptable use of company IT resources and what is not. He also needs to explain penalties for violations and describe how these measures protect the network’s security. Analyze which of the following security policies Andy should implement in this scenario.

A

AUP (Acceptable Use Policy)

is the portion of a security policy that explains to users what they can and cannot do while accessing a network’s resources and the penalties for violations. It might also describe how these measures protect the network’s security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following devices scans an individual’s unique physical characters such as iris color patterns to verify the person’s identity?

A

Biometrics

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which of the following testing tools combines known scanning and exploit techniques to explore potentially new attack routes?

A

Metasploit

*Pic: Metasploit detected a SOHO router’s administrative username and password!

18
Q

Ground Movers Ltd., a courier service provider, has recently encountered certain breaches that have led to packages being stolen and damaged. The company has contracted you, a network analyst, to fix this issue. You plan on installing a device that will be able to provide constant or periodic collection of information. This information can then be used by the management control software for monitoring and reporting. Which of the following devices will you install for Ground Movers Ltd.?

A

Asset Tags

monitor the movement and condition of equipment, inventory, and people. A simple barcode or a wireless-enabled transmitter, such as the RFID label on the box in the *Pic , asset tracking enables constant or periodic collection of information. This data is then reported to a central management application for monitoring, logging, and reporting.

19
Q

Which of these DoS (denial-of-service) attacks damages a device’s firmware beyond repair?

A

PDoS (Permanent Dos) Attack

an attack damages a device’s firmware beyond repair. This is called “bricking” the device because it effectively turns the device into a brick. PDoS attacks usually target routers or switches.

20
Q

You are working as a network administrator, and you want to conduct simulated attacks on a network to determine its weaknesses. To do so, you want to check for open ports so that you can remote in using that port and craft an attack. Which of the following software will you use to scan for open ports in this scenario?

A

Nmap (Network Mapper)

ia a scanning tool designed to assess large networks quickly and provide comprehensive, customized information about a network and its hosts.

21
Q

Bryden is a network analyst who has been recruited into Big Bay Burger’s security management. Which of the following terminologies must he use to explain to the company’s employees about the possibility of someone using a deception in following them into a restricted area?

A

Piggybacking

ia an attack type in which a person uses deception to follow an authorized employee into a restricted area.

22
Q

Which of the following versions is the most recent iteration of SHA (Secure Hash Algorithm), which was developed by private designers for a public competition in 2012?

A

SHA-3 (Secure Hash Algorithm)

is a hash algorithm originally designed by the NSA to eliminate the inherent weaknesses of the older MD5 hash

23
Q

The managing director of Seviicco Laminates wants to secure certain financial documents that can only be accessed by him and the finance team of the organization. He wants to install a sophisticated authentication process so that the documents are extremely safe. You have been contracted as a network analyst for this project. After having an overview of the office premises, you decide to provide this security via a specific barcode that will be used as a key to access the documents. Which of the following access control technologies will you install in this scenario?

A

Smart Locker

*Pic: Scan the barcode from an email to access the package

24
Q

An organization hires you to handle the security policies of the organization. In order to protect the organization’s network from data breaches and potential hacks, you decide to draft a policy that will require the employees of the organization to adhere to a certain set of rules while accessing the network’s resources. To ensure that these rules are followed without fail, you decide to impose certain penalties for situations where violations may occur. Which of the following will help you achieve these standards?

A

AUP (Acceptable use Policy)

25
Q

Must Eat is a company that allows online food delivery. Must Eat rolls out updates every month for better user interface. Recently, after one of its updates, the network team of the company detects certain unauthorized access to the main data frame of the company. On inspection, the team notices that there has been no breach of sensitive data. What kind of cybersecurity exploitation was attempted by the hackers in this scenario?

A

A zero-day attack might have been the cause.

26
Q

Hammond Industries has appointed Gavin as the network administrator to set up a complete secured and flawless network throughout the office premises. One of the employees has come to him to fix an error message that keeps popping up every time he tries to open the web browser. He also states that this error started popping up after the external hard drive had been used to transfer some of the necessary documents to the HR’s office. Analyze what kind of malware might possibly be behind this error.

A

Virus

is a program that replicates itself with the intent to infect more computers, either through network connections when it piggybacks on other files or through the exchange of external storage devices. A virus might damage files or systems, or it might simply annoy users by, for example, flashing messages or pictures on the screen.

27
Q

The University of Claudine plans on opening a new IT division for underprivileged students so that it can offer education free of cost to them. However, the university wants to ensure that there are no data breaches, so it has requested the network administrator to handle the configurations of the computers in order to comply with the organizational policies. Analyze which of the following practices the university should adopt in this scenario so that the network securities are not compromised.

A

CYOD (Choose your own Device)

28
Q

Youhan has been placed as the security in charge of an organization. Which of the following should he use to monitor the movement and condition of equipment, inventory, and people?

A

Asset Tags

is a barcode or wireless-enabled transmitter used to track the movement or condition of equipment, inventory, or people.

29
Q

Game Zone is a well-known games park located in Manhattan that allows gamers to engage in multiplayer competitions. The competitions function smoothly on the opening day, but on the following days, there are multiple instances of the computers getting disconnected temporarily from the wireless network. These connections however function normally when they are reconnected. Which type of attack is this most likely to be?

A

Deauth Attack (deauthentication)

is an attack on a wireless network in which the attacker sends faked deauthentication frames to the AP, the client, or both (or as a broadcast to the whole wireless network) to trigger the deauthentication process and knock one or more clients off the wireless network.

30
Q

The organization where you have been working as a network analyst decides to provide BYOD (bring your own device) options to the employees to cut down on its operating costs. The company has asked you to handle the BYOD policies and the necessary documentation. You have decided to install a software that will automatically handle the configuration process for the wireless clients when they require network access. Which of the following will you use in such a scenario?

A

MDM (Mobile Device Management)

is software that automatically handles the process of configuring wireless clients for network access.

31
Q

HealthCity Nursing Home is a newly opened hospital with many employees, doctors, nurses, and support staff. The upper management of the hospital wants to draft a security policy that outlines the guidelines, rules, restrictions, and consequences of violations, all of which help minimize the risk involved in allowing restricted access to some users. The doctors who have access to protected patient information must be informed what they can and can’t do with that patient data and what special precautions they must take to protect patients’ privacy. Certain checks and balances must also be maintained and defined in the policy measures in detail. Which of the following security policies should be used in this scenario?

A

PUA (privileged user agreement)

is a document that addresses the specific concerns related to privileged access given to administrators and certain support staff.

32
Q

Huey Dewey Ltd. is a talent management company with over a hundred employees. Gary has been appointed as a system analyst to ensure security across the office term-35networks during and after the period of employment. Some user accounts are given privileged access, which allows the users to perform more sensitive tasks, such as viewing or changing financial information, making configuration changes, or adjusting access privileges for other users. Analyze which of the following security precautions Gary should implement so that he can avoid users logging into the accounts even after their termination.

A

Limited Duration

privileged accounts should be carefully accounted for and disabled as soon as they’re not needed, such as when an employee is terminated.

33
Q

William has been working as a senior networking professional at Mediaworks Ltd. The company has a very strict policy regarding employees’ access to certain key rooms in the organization. The company wants William to provide a specific access technology to only a few selected employees so that they can access those certain rooms. Which of the following options are best suited for William in this scenario?

A

Cipher Lock

or keypad.

34
Q

Kristen has plans of starting an online food delivery company. She plans on making the company one of the most secured portals for online food delivery. She hires Brad, a network consultant, to guide her through the necessary security protocols. Brad conducts all the necessary security checks and involves a white hat hacker too to point out any vulnerability that might be overlooked. Analyze if Brad needs to conduct any other risk assessment procedures in this scenario.

A

He should conduct a vendor risk assessment.

a Vendor Risk Assessment is an evaluation of security and compliance risks related to suppliers and vendors a company does business with. Also called a third-party risk assessment.

35
Q

To ensure better security measures for the computers used in your organization, you, as a network administrator, have decided to update the passwords of each computer on a weekly basis. But managing and changing the passwords for all the computers is a tiresome task. Hence, you decide to apply a security measure with the help of a password management software. Which of the following software will you use in this scenario?

A

LastPass

is an online password manager and form filler.

36
Q

You have been invited to the University of Bert to deliver a lecture on network security. In your presentation, you want to focus solely on malware that can harm a system or its resources by disguising itself as something useful. Which of the following categories of malware would be best suited to demonstrate such an example?

A

Trojan Horse or Trojan

because Trojan horses do not replicate themselves, they are not considered viruses. An example of a Trojan horse is an executable file that someone sends you over the Internet, promising that the executable will install a great new game, when in fact it erases data on your hard disk or mails spam to all the users in your email app’s address book.

37
Q

Which of the following is a type of DoS (denial-of-service) attack that is bounced off uninfected computers before being directed at the target?

A

DRDoS Attack (Distributed Reflection DoS)

the attack is achieved by spoofing the source IP address in the attack to make it look like all the requests for response are being sent by the target. As a result, all the reflectors send their responses to the target, thereby flooding the target with traffic, as shown in *Pic.

38
Q

Which of the following anti-malware software will slow down your network performance considerably?

A

Server-Based

39
Q

You are working as a network analyst at BBM Infotech. The entire network of computers in the organization had recently been at the receiving end of an attempted hack that eventually turned out to be unsuccessful. However, certain computer systems have sustained sufficient damages. After inspection, it has been found that the firmware in few of the switches has been completely damaged because of the attack. What kind of an attack is this most likely to be?

A

PDos Attack (Permanent Dos) Attack

an attack damages a device’s firmware beyond repair. This is called “bricking” the device because it effectively turns the device into a brick. PDoS attacks usually target routers or switches.

40
Q

Robert has been working as a network security expert for Indus Grow Wealth Management, which allows its clients to view their current loan status online. With the recent cases of attempted hacks in banking systems, Robert has decided to test the security systems by hiring hackers to try and analyze the security risks at Grow Wealth Management. Analyze who among the following would best suit Robert’s requirement in this scenario.

A

White Hat Hackers

Network Fundamentals (17 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions