Score Common TCP/IP Attacks

Question 1

TCP/IP include for main protocols ?

Answer 1

Ip
TCP
UPD
ICMP

Question 2

What is a MITM attack ?

Answer 2

An MITM attack intercepts communication between two systems. Essentially, the attacker inserts a device into a network that grabs packets that are streaming past. Those packets are then modified and placed back on the network for forwarding to their original destination.

Question 3

What is Session Hijacking ?

Answer 3

Session hijacking is a twist on the MITM attack. The attacker gains physical access to the network, initiates a MITM attack, and then hijacks that session. In this manner, an attacker can illicitly gain full access to a destination computer by assuming the identity of a legitimate user. The legitimate user sees the login as successful but then is cut off. Subsequent attempts to log back in might be met with an error message that indicates that the user ID is already in use.

Question 4

what is Ip address spoofing ?

Answer 4

Attackers spoof the source IP address in an IP packet. IP spoofing can be used for several purposes. In some scenarios, an attacker might want to inspect the response from the target victim (non-blind spoofing); in other cases, the attacker might not care (blind spoofing). Blind IP address spoofing is most frequently used in DoS attacks. Some reasons for non-blind spoofing include sequence-number prediction, hijacking an authorized session, and determining the state of a firewall.

Question 5

Describe a DoS attack

Answer 5

an attacker attempts to prevent legitimate users from accessing information or services. By targeting your computer and its network connection, or the computers and network of the sites that you are trying to use, an attacker may be able to prevent you from accessing email, websites, online accounts, or other services that rely on the affected computers.

Question 6

What is a DDos

Answer 6

A DDoS attack is a DoS attack that features a simultaneous, coordinated attack from multiple source machines. The best-known example of a DDoS attack is the “smurf” attack.

Question 7

What is a Resource exhaustion attack ?

Answer 7

Resource exhaustion attacks are forms of DoS attacks. These attacks cause the server’s or network’s resources to be consumed to the point where the service is no longer responding, or the response is significantly reduced. By targeting IP routers, an attacker may adversely affect the integrity and availability of the network infrastructure, including end-to-end IP connectivity. Router resources that are commonly affected by packet flood attacks include the following: CPU, packet memory, route memory, network bandwidth, and vty lines.

Question 8

a connectionless protocol that is mainly used to route information across the internet

Answer 8

an IP

Question 9

a connectionless protocol that does not use any port number and works on the network layer

Answer 9

ICMP

Question 10

What does ICMP unreachables mean ?

Answer 10

ICMP unreachables are commonly used by attackers to perform network reconnaissance. In cyber security, network reconnaissance refers to the act of scanning the target network to gather information about the target.

Question 11

What is ICMP mask reply ?

Answer 11

A feature that malicious insiders or outsiders can use to map your IP network. This feature allows the router to tell a requesting endpoint what the correct subnet mask is for a given network.

Question 12

describe an ICMP redirect attacks ?

Answer 12

A router uses IP redirects to inform the sender of a better route to a destination, intended for hosts on its directly connected networks. However, attackers can exploit this to send an ICMP redirect to a victim’s host, redirecting all traffic through a router they control. This ICMP redirect attack is a type of MITM attack, where the attacker intercepts all communication between the source and destination.

Question 13

What is ICMP router discovery ?

Answer 13

ICMP Router Discovery Protocol (IRDP) allows hosts to locate routers that can be used as a gateway to reach IP-based devices on other networks. Because IRDP does not have any form of authentication, it is impossible for end hosts to tell whether the information they receive is valid or not. Therefore, an attacker can perform a MITM attack using IRDP.

Question 14

What is Firewalk ?

Answer 14

Firewalking is an active reconnaissance technique that employs traceroute like techniques to analyze IP packet responses to determine the gateway access list filters and map out the networks.

Question 15

What is ICMP tunneling ??

Answer 15

An ICMP tunnel creates a hidden connection between two remote computers using ICMP echo requests and replies. This method can bypass firewall rules by disguising traffic within ICMP packets. Without deep packet inspection or log review, detecting this type of tunneling traffic is difficult.

Question 16

what is ICMP-based operating system fingerprinting

Answer 16

Operating system fingerprinting identifies the OS running on a device. ICMP can be used for active scanning; for example, a TTL value of 128 typically indicates a Windows machine, while a TTL of 64 suggests a Linux-based system.

Question 17

what are the DoS service attacks that use ICMP

Answer 17

ICMP flood attack
Smurf attack

Question 18

What is a ICMP flood attack

Answer 18

The attack overwhelms the targeted resource with ICMP echo request packets, large ICMP packets, and other ICMP types to significantly saturate and slow down the victims network infrastructure.

Question 19

Which information can an attacker use within the ICMP to determine which type of operating system the device is running?

total length

TTL value

version

checksum

Answer 19

TTL value

Question 20

Which option is used to establish a covert connection between two remote computers, using ICMP echo requests and reply packets, and which can be used to bypass firewall rules?

Smurf attack

Firewalking

ICMP tunneling

ICMP-based operating system fingerprinting

Answer 20

ICMP tunneling

Question 21

Which application-layer protocol that uses UDP to manage and monitor devices on the network could be exploited if it is not secured on devices?

TFTP

SNMP

HTTPS

FTP

SMTP

Answer 21

SNMP

Question 22

what is the UDP Vulnerabilities with checksum ?

Answer 22

Optional and easily recomputed, making it vulnerable to alteration by attackers.

Question 23

What are the different UDP Vulnerabilities ?

Answer 23

Checksum:
Source Verification
Eavesdropping
No Encryption

Question 24

What are common UDP attacks ?

Answer 24

Dos Attacks
Source IP spoofing

Question 25

The total sum of all the vulnerabilities in a given computing device or network that are accessible to the attackers.

Answer 25

Attack surface Attack surface may be categorized into different areas, such as software attack surfaces (open ports on a server), physical attack surfaces (USB ports on a laptop), network attack surfaces (console ports on a router)

Question 26

The paths or means by which the attackers gain access to a resource (such as end-user hosts or servers) to deliver malicious software or malicious outcome

Answer 26

Attck vector

Question 27

What are the four categories that attack surfaces are divided into ?

Answer 27

The network attack surface The software attack surface The physical attack surface The social engineering attack surface

Question 28

What is the network attack surface ?

Answer 28

The network attack surface comprises all vulnerabilities that are related to ports, protocols, channels, devices (smartphones, laptops, routers, and firewalls), services, network applications, and even firmware interfaces.

Question 29

What does CVE stand for ?

Answer 29

Common Vulnerabilites and Exposures

Question 30

What is the software attack surface ?

Answer 30

It is the complete profile of all functions in any code that is running in a given system that is available to an unauthenticated user. An attacker or malware can exploit various vulnerabilities to gain access and execute code on a target machine. The software attack surface includes applications, email services, configurations, databases, executables, DLLs, web pages, mobile apps, device OS, and more.

Question 31

What is the physical attack surface ?

Answer 31

The physical attack surface is composed of the security vulnerabilities in a given system that are available to an attacker in the same location as the target. The physical attack surface is exploitable through inside threats such as rogue employees, social engineering ploys, and intruders who are posing as service workers.

Question 32

What is social engineering attack surface ?

Answer 32

It is usually takes advantage of human psychology: the desire for something free, the susceptibilty to destractionm or the desire to be loked or to be helpful .

Question 33

What is Reconnaissance ?

Answer 33

The attacker attempts to gather information about targeted computers or networks that can be used as a preliminary step toward a further attack seeking to exploit the target system

Question 34

what are known vulnerabilities ?

Answer 34

The attacker finds a weakness in hardware and software and then exploits those vulnerabilities. There are several online resources that publish information about vulnerabilities that have been discovered in different systems. Often, a proof-of-concept attack code will be provided with the vulnerability disclosure.

Question 35

What is a SQL injection ?

Answer 35

This attack works by manipulating the SQL database queries that the web application sends. An application can be vulnerable if it does not sanitize user input properly or uses untrusted parameter values in database queries without validation.

Question 36

What is Phishing ?

Answer 36

The attacker sends out spam emails to thousands of recipients. The email contains a link to a malicious site that has been set up to look like, for instance, a regular bank's site.

Question 37

What is malware ?

Answer 37

Short for "malicious software," malware may be computer viruses, worms, Trojan horses, dishonest spyware, and malicious rootkits.

Question 38

What is a Weak authentication attack ?

Answer 38

These attacks exploit weak authentication, such as guessable passwords, lack of account lockout after failed attempts, or insecure password reset methods.

Question 39

cWhich two options might be considered attack surfaces in the network environment? (Choose two.) open ports privacy settings use of SSH use of Telnet

Answer 39

Use of Telnet Open ports

Question 40

Which type of a common security threat can be solved by patching the operating system or hardware device? phishing SQL injection malware known vulnerabilities weak authentication

Answer 40

known vulnerabilities

Question 41

An attempt to learn more about the intended victim before attempting a more intrusive attack, such as actual access or DoS.

Answer 41

A reconnaissance attack

Question 42

What are four main subcategories or methods for gathering network data

Answer 42

Packet sniffers / packet analysis, Ping sweeps port scans information queries

Question 43

What is packet sniffing ?

Answer 43

its the process of capturing any data this is passed over the local network and looking for any information that may be useful to an attacker.

Question 44

What are ping sweeps ?

Answer 44

ping sweep is another kind of network probe. In a ping sweep, the attacker sends a set of ICMP echo packets to a network of machines, usually specified as a range of IP addresses, and sees which ones respond.

Question 45

What are port scans ?

Answer 45

A port scanner is a software program that surveys a host network for open ports. As ports are associated with applications, the attacker can use the port and application information to determine a way to attack the network.

Question 46

Describe information queries

Answer 46

Information queries can resolve hostnames to IP addresses or vice versa, often using the nslookup command. To use it, open a command prompt and enter nslookup followed by the IP address or hostname.

Question 47

Which three options are methods that are used by an attacker while gathering network data? (Choose three.) unplug network devices packet sniffer port sniffer ping sniffer ping sweeps port scans

Answer 47

Packet sniffer port scans ping sweeps

Question 48

These are examples of what ? User groups website shodan

Answer 48

Passive Reconnaissance

Question 49

These are examples of what ? Port Scans DNS Lookups Ping Sweeps Traceroute OS Fingerprinting

Answer 49

Active reconnaissance

Question 50

What is the purpose of the Shodan Search Engine ?

Answer 50

can help an attacker identify a specific device, such as a computer, router, and server.

Question 51

What is the Robot.txt file ?

Answer 51

The Robots.txt file is publicly available and found on websites that give instructions to web robots (also known as search engine spiders) about what is and is not visible using the robots exclusion protocol. An attacker can find the Robots.txt file in the root directory of a target website.

Question 52

What is the purpose of NMAP port scans ?

Answer 52

Port scanning tools like Nmap can cycle through all well-known ports to provide a complete list of all services that are running on the hosts. Nmap is an open-source tool that is specialized in network exploration and security auditing.

Question 53

An attempt to access another user's account or network device through improper, unauthorized means.

Answer 53

Access attack

Question 54

What are password attacks ?

Answer 54

Password attack is typically used to obtain system access. When access is obtained, the attacker is able to read, modify, or delete data and also add, modify, or remove network resources.

Question 55

what is Spoofing/masquerading ?

Answer 55

Spoofing/masquerading attack is a situation in which one person or program successfully masquerades as another by falsifying data and gaining illegitimate access.

Question 56

What is session hijacking ?

Answer 56

Session hijacking is an attack in which the session established by the client to the server is taken over by a malicious person or process

Question 57

What is malware ?

Answer 57

Malware is used to infect the victim's system with malicious software.

Question 58

Which option is an attack in which the session established by the client to the server is taken over by a malicious person or process? password attack spoofing/masquerading attack session hijacking malware

Answer 58

Session hijacking

Question 59

What are the different OSI layer MITM attacks ?

Answer 59

Physical layer Data link layer Network Layer Session Layer Application Layer

Question 60

Describe a Physical Layer MITM attack

Answer 60

Tap someone's physical connection, and send all packets to the MITM

Question 61

Describe a Data Link Layer MITM attack

Answer 61

Use ARP poisoning to cause victims to send all their packets to the MITM

Question 62

What is ARP poisoning ?

Answer 62

ARP-based MITM attack is achieved when an attacker poisons the ARP cache of two devices with the MAC address of the attacker's network interface controller (NIC).

Question 63

Describe a Session Layer MITM attack

Answer 63

The SSL/TLS MITM de-crypts, examines, then re-encrypts the HTTP over SSL/TLS traffic. For this attack to work, the victim's web browser must trust the certificate that is presented by the SSL/TLS MITM, which can be caused by first injecting some malware into the victim's web browser.

Question 64

Describe an Application Layer MITM attack

Answer 64

Man-in-the-browser attack. Like most attacks, man-in-the-browser begins with a malware infection. The malware injects itself into the victim's web browser and waits in stealth mode until the user visits a specific website

Question 65

Describe a ICMP-based MITM attack

Answer 65

An ICMP MITM attack is accomplished by spoofing an ICMP redirect message to any router that is in the path between the victim client and server

Question 66

Describe a DNS-based MITM attack

Answer 66

DNS spoofing is a man-in-the-middle attack that provides false DNS information, redirecting a user from the legitimate website (e.g., https://www.xyzbank.com) to a fake one controlled by the attacker. This technique is used to steal sensitive information, like banking credentials, by directing users to a fraudulent site.

Question 67

Describe a DHCP-based MITM attack

Answer 67

Similar to the DNS attack, DHCP server queries and responses are intercepted. This interception helps the attacker gain complete knowledge of the network, such as hostnames, MAC addresses, IP addresses, and DNS servers. This information is further used to plant advanced attacks to steal the information.

Question 68

Which option best describes a MITM attack? easily detected and not a threat a system that has the ability to view the communication between two systems and imposes itself in the communication path between those other systems a device that connects to a switch and issues an enormous amount of DHCP requests until the DHCP server runs out of IP addresses a device that issues an extremely large amount of SYN requests to a server, preventing all other devices from making a connection

Answer 68

a system that has the ability to view the communication between two systems and imposes itself in the communication path between those other systems

Question 69

A type of DoS attack in which the attacker sends a flood of protocol request packets to various IP hosts.

Answer 69

A reflection attack

Question 70

Which TCP/IP application protocol can be used in an amplification attack by exploiting the protocol weakness in recursive lookup? HTTPS LDAP HTTP DNS SMTP

Answer 70

DNS

Question 70

A Layer 2 redirect, or a spoofing attack can be referred to as which type of an attack? MAC address spoofing IP address spoofing application or service spoofing land attack

Answer 70

MAC address spoofing

Question 71

What are the different types of spoofing ?

Answer 71

Ip address spoofing MAC address spoofing Application or service spoofing

Question 72

What is IP address spoofing ?

Answer 72

IP address spoofing is the most common type of spoofing. To perform IP address spoofing, attackers use source IP addresses that are different than their real IP addresses.

Question 73

What is MAC address spoofing ?

Answer 73

To perform MAC address spoofing, attackers use MAC addresses that are not their own. MAC address spoofing is generally used to exploit weakness at Layer 2 of the network.

Question 74

What is Application or service spoofing ?

Answer 74

Application or service spoofing exploits the trust users or systems place in recognized or reputable sources to gain access to confidential information, propagate malware, or perform other malicious activities. an example is DHCP spoofing

Question 75

What is DHCP server spoofing ?

Answer 75

the attacker runs DHCP server software and replies to DHCP requests from legitimate clients. As a rogue DHCP server, the attacker can cause a DoS by providing invalid IP information. The attacker can also perform confidentiality or integrity breaches via a man-in-the-middle attack

Question 76

What is DHCP starvation ?

Answer 76

A DHCP starvation attack works by the broadcasting of DHCP requests with spoofed MAC addresses. If enough requests are sent, the network attacker can exhaust the address space available to the DHCP servers in a time period.

Question 77

Which option is the illegitimate DHCP server that is referred in context to a DHCP server-based attack? a sitting duck server a rogue DHCP server a target server an erroneous server

Answer 77

a rogue DHCP server

Question 78

What is password guessing ?

Answer 78

a attacker can either manually enter passwords or use a software tool to automate the process. Truly weak passwords can be susceptible to a lone attacker who is making informed guesses.

Question 79

What is a brute force attack ?

Answer 79

Brute-force password attacks are performed by computer programs that are called "password crackers." A password cracker performs a brute force crack by systematically trying every possible password until it succeeds.

Question 80

What is a Dictionary attack ?

Answer 80

A dictionary attacks use word lists to structure log-in attempts. Word lists can contain millions of words, including words from natural language dictionaries and sports team names, profanity, and slang. Dictionary attacks are not always successful and are often attempted before a brute-force attack.

Question 81

What are Phishing attacks ?

Answer 81

are a type of cyberattack where attackers use deceptive tactics to trick individuals into revealing sensitive information, such as login credentials, financial information, or personal details.

Question 82

what are some common password attack tools ?

Answer 82

Cain and Abel, John the Ripper, OphCrack, and L0phtCrack.

Question 83

Which password attack type is characterized by trying every possible character combination until all combinations have been exhausted? phishing dictionary brute force guessing

Answer 83

brute force

Question 84

What is DNS tunneling ?

Answer 84

DNS tunneling is where another protocol or data is hidden in the DNS packets.

Question 85

Which two options are used for DNS covert tunnels? (Choose two.) modify data in the database stealthy data exfiltration issue CnC traffic to bots on the network DoS attacks to send DNS traffic within IPsec tunnel

Answer 85

stealthy data exfiltration issue CnC traffic to bots on the network

Question 86

What are countermeasures to attacks that are based on DNS tunneling ?

Answer 86

Monitor the DNS log for suspicious activities such as DNS queries with unusually long and suspicious domain names. Deploy a solution such as Cisco Umbrella to block the DNS tunneling traffic from going out to the malicious domains.

Question 87

Which two options are countermeasures that an administrator should employ to protect against DNS tunneling? (Choose two.) monitor the DNS log for suspicious activities deny all DNS transactions encrypt DNS communications using a hash deploy a solution such as Cisco Umbrella to block the DNS tunneling traffic block all DNS traffic on the firewall

Answer 87

deploy a solution such as Cisco Umbrella to block the DNS tunneling traffic monitor the DNS log for suspicious activities

Question 88

What are some countermeasures to attacks using HTTP 302 cushioning ?

Answer 88

Use Cisco Umbrella to block access to malicious websites. Deploy Cisco Web Security Appliance (WSA) to enhance web security and block malicious sites. Educate users on how HTTP 302 redirections can lead to malicious web pages that exploit their devices.

Question 89

What happens to the victim’s browser during an HTTP 302 cushioning? The browser is redirected to the malicious web page that delivers the exploit to the victim's machine through a series of HTTP 302 redirections. The browser displays the HTTP 302 redirection warning and prevents the web redirection to the malicious web page that delivers the exploit to the victim's machine. The browser executes the malicious script and is then redirected to the malicious web page that delivers the exploit to the victim's machine. The browser loads the iFrame and is then redirected to the malicious web page that delivers the exploit to the victim's machine.

Answer 89

The browser is redirected to the malicious web page that delivers the exploit to the victim's machine through a series of HTTP 302 redirections

Question 90

What is the functional purpose of the HTTP 302 response code? alert users that an attack is underway identify a temporary URL redirection for a website and redirect the user to it ask for authentication of the user alert the user that the webpage is no longer available

Answer 90

identify a temporary URL redirection for a website and redirect the user to it

Question 91

what is an attack whereby an attacker's goal is to execute arbitrary commands on the web server's OS via a vulnerable web application

Answer 91

command injection

Question 92

What are the different types of command injections ?

Answer 92

cross-site scripting SQL injection

Question 93

What are countermeasures to command injections ?

Answer 93

application developers should follow the best practices to perform proper user unput validation Deploy an intrusion prevention system (IPS) solution to detect and prevent malicious command injections.

Question 94

Which statement correctly describes the theory behind the command injection attacks? The goal of a command injection attack is to exfiltrate data on the web server's operating system via a vulnerable web application. The goal of a command injection attack is to execute arbitrary commands on the mail server. The user enters arbitrary commands on the web server's OS via a vulnerable web application. The goal of a command injection attack is to execute arbitrary commands on the web server's OS via a vulnerable web application.

Answer 94

The goal of a command injection attack is to execute arbitrary commands on the web server's OS via a vulnerable web application.

Question 95

If you see the string "or 1=1 --" in an HTTP form response, what should you suspect?

Answer 95

SQL injection

Question 96

What are some countermeasures for SQL injections ?

Answer 96

Application developers should follow the best practices to perform proper user input validation, constrain, and sanitize the user input data. Deploy an IPS solution to detect and prevent malicious SQL injections.

Question 97

Which two results are required to make an SQL injection possible? (Choose two.) The application was poorly programmed. User input was sufficiently validated. Strict security measures were followed when developing website code. User input was not sufficiently validated. The web server operating system has not been patched.

Answer 97

The application was poorly programmed User input was not sufficiently validated.

Question 98

What are the different types of XSS attacks ?

Answer 98

Stored (persistent) Reflected (non-persistent)

Question 99

What is a stored XSS attack ?

Answer 99

Stored XSS is the most damaging type because it is permanently stored in the XSS-infected server. The victim receives the malicious script from the server whenever they visit the infected web page.

Question 100

What is a reflected XSS attack ?

Answer 100

Reflected XSS attacks are typically delivered to the victims via an email message or through some other website. When the victim is tricked into clicking the infected link, the malicious script is reflected back to the victim's browser, where it is executed.

Question 101

What is an XSS attack ?

Answer 101

XSS involves the injection of malicious scripts into web pages that are executed on the client-side in the user’s web browser. Malicious scripts can be used to gain access to users' systems or sensitive information, such as session cookies.

Question 102

What are some countermeasures to XSS attacks ?

Answer 102

Deploy a service such as Cisco Umbrella to block the users from accessing malicious websites. Deploy a web proxy security solution, such as Cisco WSA, to block users from accessing malicious websites. Deploy an IPS solution to detect and prevent malicious XSS or CSRF. Educate end users—for example, how to recognize phishing attacks.

Question 103

What is CSRF ?

Answer 103

Cross-site request forgery is a web-based attack that can include unauthorized changes of user information or the extraction of user-sensitive data from a web application

Question 104

Which three statements apply to XSS? (Choose three.) Malicious scripts are injected into web pages and executed on the client side. A web application processes an attacker’s request using the victim’s authenticated session. Malicious scripts are injected into web pages and executed on the server side. Scripting languages used by XSS have security weaknesses. Clicking an infected link causes a malicious script to run in a background process. Scripting languages used by XSS do not have security weaknesses.

Answer 104

Malicious scripts are injected into web pages and executed on the client side Scripting languages used by XSS have security weaknesses. Clicking an infected link causes a malicious script to run in a background process..

Question 105

What are the different types of email threats ?

Answer 105

Attachment-based Email spoofing Spam An open mail relay Homoglyphs

Question 106

Which three threats are email-based? (Choose three.) spam SQL injection attachment-based attacks email address spoofing Cross-Site Request Forgery cross-site scripting insufficient user authentication

Answer 106

Spam attachment-based attacks email address spoofing

Question 107

Describe an email spoofing attack

Answer 107

Email spoofing is the creation of email messages with a forged sender address that is meant to fool the recipient into providing money or sensitive information

Question 107

Describe a spam email threat

Answer 107

Spam is unsolicited email or "junk" mail that you receive in your inbox. Spam generally contains advertisements, but it can also contain malicious files

Question 107

Describe an Attachment-based email attack ?

Answer 107

Embedding malicious content in business-appropriate files is most common for attachment-based attacks.

Question 108

Describe An open mail relay attack

Answer 108

An open mail relay is a Simple Mail Transfer Protocol (SMTP) server that is configured to allow anyone—not just known corporate users—on the internet to send an email.