Network Attacks

Question 1

What security attribute is lost when attackers read private data?

Answer 1

Confidentiality

Question 2

Always-on, internet-connected networks increase what factor?

Answer 2

Exposure

Question 3

Three-letter model of Confidentiality, Integrity, Availability

Answer 3

CIA

Question 4

Which CIA pillar is harmed by service outages?

Answer 4

Availability

Question 5

Core aim of a denial-of-service campaign

Answer 5

Disruption

Question 6

Attack that floods a target from one host

Answer 6

DoS

Question 7

Attack that floods from many hosts at once

Answer 7

DDoS

Question 8

Network resource exhausted by a TCP SYN flood

Answer 8

Memory

Question 9

Which TCP handshake leg never arrives in a SYN flood?

Answer 9

ACK

Question 10

Technique that hides the real sender in a SYN flood

Answer 10

IP spoofing

Question 11

ICMP echo-reply storm abusing broadcasts

Answer 11

Smurf attack

Question 12

Edge rule that blocks Smurf amplification

Answer 12

Disable directed-broadcast

Question 13

Group of compromised machines awaiting orders

Answer 13

Botnet

Question 14

One infected botnet member

Answer 14

Zombie

Question 15

Server issuing botnet commands

Answer 15

C2

Question 16

Unexpected cloud bill after huge DDoS traffic

Answer 16

Cost spike

Question 17

Switch memory mapping MAC→port

Answer 17

CAM table

Question 18

Attack that overwhelms a switch with fake MACs

Answer 18

MAC flooding

Question 19

Switch behavior when CAM is full

Answer 19

Broadcast all

Question 20

NIC mode needed to sniff flooded traffic

Answer 20

Promiscuous

Question 21

Switch feature limiting learned MACs per port

Answer 21

Port security

Question 22

Easy hardening step for idle switch jacks

Answer 22

Disable unused ports

Question 23

Layer where Address Resolution Protocol works

Answer 23

Layer 2

Question 24

ARP maps an IP address to what?

Answer 24

MAC

Question 25

Sending fake ARP replies to one victim

Answer 25

ARP spoofing

Question 26

Corrupting many ARP caches on a LAN

Answer 26

ARP poisoning

Question 27

Switch feature validating ARP packets

Answer 27

DAI

Question 28

Trusted list DAI builds from DHCP snooping

Answer 28

Binding table

Question 29

Segmenting LANs into VLANs limits what attack scope?

Answer 29

Broadcast domain

Question 30

Encrypting traffic defeats sniffing after ARP abuse

Answer 30

TLS/SSL

Question 31

Logical LAN created with 802.1Q tagging

Answer 31

VLAN

Question 32

Attack slipping traffic into another VLAN with two tags

Answer 32

Double tagging

Question 33

Outer VLAN tag in a double-tag frame

Answer 33

Native VLAN

Question 34

Changing the native VLAN to unused ID thwarts

Answer 34

Double tagging

Question 35

Protocol auto-negotiating trunks on Cisco

Answer 35

DTP

Question 36

Impersonating a switch to form a trunk

Answer 36

Switch spoofing

Question 37

Static “switchport mode access” blocks which abuse?

Answer 37

Unauthorized trunk

Question 38

Overflowing CAM to leak traffic across VLANs

Answer 38

CAM flooding

Question 39

Global system translating names to IPs

Answer 39

DNS

Question 40

Injecting false records into resolver cache

Answer 40

DNS poisoning

Question 41

DNS security extension adding digital signatures

Answer 41

DNSSEC

Question 42

DDoS method turning small DNS queries into big replies

Answer 42

Amplification

Question 43

Hiding other protocols inside DNS messages

Answer 43

DNS tunneling

Question 44

Unauthorized change of domain registration

Answer 44

Domain hijacking

Question 45

Stealing full zone data via AXFR

Answer 45

Zone transfer attack

Question 46

Cryptographic control securing zone transfers

Answer 46

TSIG

Question 47

Positioning oneself between client and server

Answer 47

MitM

Question 48

Replay attack does what with captured packets?

Answer 48

Re-sends

Question 49

Relay attack forwards traffic in

Answer 49

Real time

Question 50

Downgrading HTTPS to HTTP for spying

Answer 50

SSL stripping

Question 51

Forcing negotiation of weak encryption

Answer 51

Downgrade attack

Question 52

Fake Wi-Fi AP mimicking a trusted SSID

Answer 52

Evil twin

Question 53

Policy engine blocking unknown devices

Answer 53

NAC

Question 54

Any hardware added without approval

Answer 54

Rogue device

Question 55

Inline hardware copying packets

Answer 55

Network tap

Question 56

Following someone into secure area unnoticed

Answer 56

Tailgating

Question 57

Entering with permission but against policy

Answer 57

Piggybacking

Question 58

Reading passwords off a coworker’s screen

Answer 58

Shoulder surfing

Question 59

Searching trash for sensitive info

Answer 59

Dumpster diving

Question 60

Mass fraudulent email blast

Answer 60

Phishing

Question 61

Targeted fraudulent email at one person/org

Answer 61

Spear phishing

Question 62

Phish aimed at executives

Answer 62

Whaling

Question 63

Malicious code needing user run and infecting files

Answer 63

Virus

Question 64

Self-replicating malware needing no user

Answer 64

Worm

Question 65

Legit-looking app hiding malicious code

Answer 65

Trojan

Question 66

Malware encrypting data for payment

Answer 66

Ransomware

Question 67

Software silently gathering user info

Answer 67

Spyware

Question 68

Program recording every keystroke

Answer 68

Keylogger

Question 69

Stealth kit giving hidden root access

Answer 69

Rootkit

Question 70

Which malware family builds giant botnets?

Answer 70

Worms

Question 71

Conficker exploited which 2008 flaw?

Answer 71

MS08-067

Question 72

Single-word goal of ransomware gangs

Answer 72

Extortion

Question 73

Social engineering preys on human

Answer 73

Trust

Question 74

Most effective counter to social scams

Answer 74

Training

Question 75

Door badge check enforces which concept?

Answer 75

Access control

Question 76

Crosscut shredder mitigates

Answer 76

Dumpster intel

Question 77

First step in any ARP attack

Answer 77

Network scan

Question 78

Non-scalable ARP defense for tiny LANs

Answer 78

Static entries

Question 79

Switch option “sticky” remembers what?

Answer 79

MAC addresses

Question 80

DNS record holding DNSSEC public keys

Answer 80

DNSKEY

Question 81

DDoS reflected UDP replies often have what ratio?

Answer 81

High amplification

Question 82

Service offloading web to edge nodes versus DDoS

Answer 82

CDN

Question 83

Best layer to filter ICMP floods

Answer 83

Edge firewall

Question 84

Portable Wi-Fi pineapple inside office equals

Answer 84

Rogue AP

Question 85

Overheard hallway chat leaking secrets is

Answer 85

Eavesdropping

Question 86

Policy forcing encrypted web only

Answer 86

HSTS

Question 87

Tool “macof” automates which switch attack?

Answer 87

MAC flooding

Question 88

Command “switchport port-security maximum 2” sets

Answer 88

MAC limit

Question 89

Spike of outbound DNS may signal

Answer 89

Data exfiltration

Question 90

Handshake phase abused in downgrade attacks

Answer 90

Negotiation

Question 91

TCP SYN flood counter encoding state in sequence

Answer 91

SYN cookies

Question 92

DNS TXT records often carry hidden

Answer 92

C2 commands

Question 93

Router setting “no ip directed-broadcast” blocks

Answer 93

Smurf

Question 94

IDS alert: burst of new MACs hints at

Answer 94

CAM flood

Question 95

ARP poisoning sets stage for bigger attack type

Answer 95

MitM

Question 96

Malware hiding in firmware before OS boots

Answer 96

Bootkit

Question 97

Quarterly physical walk-throughs catch

Answer 97

Rogue gear

Question 98

Common UDP port for DNS amplification

Answer 98

53

Question 99

SSL stripping forces traffic to which port?

Answer 99

80

Question 100

MitM violates which two CIA pillars?

Answer 100

Confidentiality & Integrity

Question 101

Virus vs worm: which requires user action?

Answer 101

Virus

Question 102

Highest Windows privilege a rootkit seeks

Answer 102

SYSTEM

Question 103

Simulated phish campaigns raise

Answer 103

Awareness

Question 104

Unusually long DNS queries suggest

Answer 104

Tunneling

Question 105

ARP broadcast packet opcode asks

Answer 105

Who-has

Question 106

Switch “violation shutdown” stops

Answer 106

Port abuse

Question 107

MITRE ATT&CK tactic covering phishing

Answer 107

Initial Access

Question 108

Tool “Yersinia” targets protocols like

Answer 108

STP

Question 109

DNS amplification leverages which transport?

Answer 109

UDP

Question 110

Keylogger payload often delivered via

Answer 110

Trojan

Question 111

Network segmentation reduces blast radius of

Answer 111

Attacks

Question 112

Central IP contacted by zombies

Answer 112

C2

Question 113

DNSSEC adds what to DNS responses?

Answer 113

Signature

Question 114

Firewall “deny ip any broadcast” blocks

Answer 114

Smurf

Question 115

Unapproved printer appearing on LAN is a

Answer 115

Rogue device

Question 116

Self-spreading property unique to

Answer 116

Worms

Question 117

Root in Unix equals which Windows account?

Answer 117

Administrator

Question 118

ARP request asks, “Who has”

Answer 118

IP address

Question 119

Phishing often uses what urgency emotion?

Answer 119

Fear

Question 120

Dynamic ARP Inspection relies first on

Answer 120

DHCP snooping

Question 121

Default VLAN number on many switches

Answer 121

1

Question 122

Open recursive DNS servers enable

Answer 122

Amplification

Question 123

Best cure when rootkit found

Answer 123

Reimage

Question 124

Padlock missing in browser warns of

Answer 124

SSL stripping

Question 125

Bot herder issues orders via

Answer 125

C2

Question 126

Large DNS reply sent to victim unsolicited

Answer 126

Amplification

Question 127

Primary defense enabling DNS trust

Answer 127

DNSSEC

Question 128

Shredding prevents info leaks during

Answer 128

Disposal

Question 129

In phishing, “account suspended” creates

Answer 129

Pressure

Question 130

Switch hardening: turn off auto-protocol

Answer 130

DTP

Question 131

Policy verifying only approved software runs

Answer 131

Whitelisting

Question 132

Malware disguised as useful program

Answer 132

Trojan

Question 133

Firmware-level rootkit also called

Answer 133

Bootkit

Question 134

One-time suspicious link in email likely

Answer 134

Phish

Question 135

Patch management strongly counters

Answer 135

Worms

Question 136

VPN tunnel protects against open-Wi-Fi

Answer 136

MitM

Question 137

Abnormal outbound DNS volume implies

Answer 137

Exfiltration

Question 138

Botnet handler traffic often seen on port

Answer 138

4444

Question 139

Port security “violation restrict” will

Answer 139

Limit packets

Question 140

“Sticky secure MAC” survives

Answer 140

Reboots

Question 141

Native VLAN should carry

Answer 141

No user traffic

Question 142

Evil twin AP often uses stronger

Answer 142

Signal

Question 143

Attack chain: phish → malware → botnet →

Answer 143

DDoS

Question 144

Mobile OS asking for unknown cert may show

Answer 144

MitM

Question 145

Keylogger defense needing extra device

Answer 145

Hardware token

Question 146

Default creds on IoT open door to

Answer 146

Rogue device

Question 147

Subnetting aids security through

Answer 147

Isolation

Question 148

Backward-compatible cipher suites invite

Answer 148

Downgrade

Question 149

Recommended frequency for security training

Answer 149

Annual

Question 150

Counting SYNs vs ACKs detects

Answer 150

SYN flood

Question 151

All-channel Wi-Fi jammer causes

Answer 151

DoS

Question 152

Switch control-plane protection stops excess

Answer 152

Protocol abuse

Question 153

Zone transfer limited by ACL on

Answer 153

Name server

Question 154

ARP spoof detection tool checks for

Answer 154

IP-MAC mismatch

Question 155

Slowloris targets which protocol?

Answer 155

HTTP

Question 156

Disabling “ip directed-broadcast” is done on

Answer 156

Routers

Question 157

DNS cache poisoning usually targets which record?

Answer 157

A

Question 158

Using nonce prevents which attack?

Answer 158

Replay

Question 159

Many new MACs in logs indicate

Answer 159

MAC flooding

Question 160

Disposable email links reduce

Answer 160

Phish success

Question 161

Wireless tailgating by cloned badge

Answer 161

Cloning

Question 162

DNS amplification sometimes abuses record type

Answer 162

ANY

Question 163

Standard port for HTTPS

Answer 163

443

Question 164

Ending a TCP connection frees what resource?

Answer 164

Socket

Question 165

Plaintext password theft easiest via

Answer 165

MitM

Question 166

Rootkit removal typically requires

Answer 166

Clean install

Question 167

Attacker holds door while carrying boxes—this is

Answer 167

Piggybacking

Question 168

DNS tunneling often hides what kind of data?

Answer 168

C2/exfiltration

Question 169

Switch “port-security aging” helps counter

Answer 169

MAC churn

Question 170

DNSKEY record stores a zone’s

Answer 170

Public key

Question 171

DHCP starvation is a form of

Answer 171

DoS

Question 172

Dual-tag VLAN hop affects which direction?

Answer 172

Outbound only

Question 173

IDS signature “X-Anubis” likely flags a

Answer 173

Botnet C2

Question 174

SSL stripping replaced by HSTS+

Answer 174

Preload list

Question 175

Static ARP entry downside

Answer 175

Not scalable

Question 176

Primary botnet earnings method besides DDoS

Answer 176

Spam

Question 177

Secure deletion tool for drives

Answer 177

Wipe

Question 178

Tailgating defense using

Answer 178

Mantrap

Question 179

Ransomware target selecting high value

Answer 179

Whaling (in context)

Question 180

Replay protection in Wi-Fi uses

Answer 180

Nonce & timestamp

Question 181

Evil twin lure offering

Answer 181

Free fast Wi-Fi

Question 182

Double tagging relies on switch

Answer 182

Native VLAN stripping

Question 183

MITM on HTTPS stopped by

Answer 183

Certificate pinning

Question 184

DNS resolver randomizes what to thwart poisoning?

Answer 184

Source port

Question 185

Backdoor vs Trojan key difference

Answer 185

Installed purpose

Question 186

DoS via many half-open HTTP headers

Answer 186

Slowloris

Question 187

NAC uses posture checks for

Answer 187

Compliance

Question 188

Zone file enumeration helps attacker in

Answer 188

Reconnaissance

Question 189

CAM flood first fills switch

Answer 189

MAC table

Question 190

C2 server hidden via

Answer 190

DNS tunneling

Question 191

“Smishing” is phishing over

Answer 191

SMS

Question 192

IoT patching difficulty leads to

Answer 192

Botnet recruitment

Question 193

ARP poisoning tool “arp-spoof” in suite

Answer 193

Dsniff

Question 194

Most common SMTP phish attachment type

Answer 194

PDF

Question 195

Amplification attack measurement

Answer 195

Response/request ratio