Unit 3 - Module 3

Question 1

```

What’s the difference between DDoS and DoS?

Answer 1

A denial-of-service (DoS) attack floods a server with traffic, making a website or resource unavailable, with just one machine. A distributed denial-of-service (DDoS) attack is a DoS attack that uses multiple computers or machines to flood a targeted resource.

Question 2

What is TCP? (Transmisson Control Protocol)

Answer 2

A communication standard that **enables ** application program and computing devices to exchange messages over a network.

Question 3

What do you call the DoS attack that simulates a TCP connection and floods a server with SYN packets?

Answer 3

A SYN ( Synchronzie ) Flood Attack

Question 4

What protocol informs data transmissions across the network?

Answer 4

Internet Control Message Protocol (ICMP)

Question 5

What do you call the DoS attack that sends ICMP packets repeatedly to a network server?

Answer 5

Internet Control Message Protocol (ICMP) Flood

Question 6

What do you call the type of DoS attack that a hacker pings a system by sending it oversized ICMP packets that are bigger than 64KB?

Answer 6

Ping of Death

Question 7

What is a network protocol analyzer also known as?

Answer 7

A Packet Sniffer

Question 8

What is a tcpdump and what does it display?

Answer 8

A tcpdump is a command-line network protocol analyzer. ( Think of a commandline like using “run” on windows)

It displays timestamp, IP address, destination IP addresses, and port numbers ( source and destination ) being used in the communications.

Question 9

What is passive packet sniffing?

Answer 9

A type of attack where data packets are in transit

ie) Think of the mailman reading someones mail before handing it off.

Question 10

What is active packet sniffing?

Answer 10

A type of attack where data packets are manipulated in transit

Question 11

What are 2 ways to prevent packet sniffing from threat actors?

Answer 11

Using a VPN and making sure your website is using HTTPS

Question 12

What are the 3 common IP spoofing attacks?

Answer 12

On-Path attack
Replay Attack
Smurf Attack

Question 13

What is an on-path attack?

Answer 13

Where malicious actor places themselves in the middle of an authorized connection and intercepts or alters the data in transit.

Question 14

What is a replay attack?

Answer 14

A network attack performed when a malicious actor intercepts a data packet in transit and delays it or reapets it at another time.

This can cause connection issues.

Question 15

What is a smurf attack?

Answer 15

A network attack performed when an attacker sniffs an authorized user’s IP address and floods it with packets.

Question 16

What do you call the process of strengthening a system to reduce it’s vulnerability and attack surface area?

Answer 16

Security hardening

Question 17

What do you call potential vulnerabilities that a threat actor could exploit?

Answer 17

Attack Surface

Question 18

What are 5 things Security Hardening looks at?

Answer 18

Hardware
Operating Systems
Applications
Computer Networks
Databases

Question 19

What do you call a simulated attack that help identify vulnerabilities in systems, networks, websites, applications, and processes.

Answer 19

Penetration Test

Question 20

What do you call the interface between compter hardware and the user?

Answer 20

Operating System (OS)

Question 21

What do you call a software and operating system update that addresses security vulnerabilities within a program or product?

Answer 21

Patch Update

Question 22

What is a security measure which requires a user to verify their identity in two or more ways to access a system or network?

Answer 22

Muti-factor authentication (MFA)

Question 23

What is a Baseline Configuration? (Baseline image)

Answer 23

A documented set of specifications with a system that is used as a basis for future builds, realeases, and updates.

Question 24

What is a trail-and-error process of discovering private information?

Answer 24

Brute Force Attack

Question 25

What are 2 kinds of a Brute Force Attacks?

Answer 25

Simple Brute Force Attack - Guessing a user’s login credentials.

Dictionary Attacks - Using commonly used passwords and stolen credentials from previous breaches.

Question 26

What are software versions of physical computers?

Answer 26

Virtual Machines (VMs)

Question 27

What do you call a testing enviroment that allows you to execute software of programs separate from your network?

Answer 27

A Sandbox Environment

Question 28

What do you call encrypting original text making it impossible for a threat actor can packet sniff data?

Answer 28

Salting and Hashing

Question 29

What are 4 prevention measure used to protect from brute force attacks?

Answer 29

Salting and Hashing
Multi-factor authentication (MFA) and two factor authentication (2FA)
CAPTCHA and reCAPTCHA
Password policies

Question 30

What’s the difference between MFA and 2FA?

Answer 30

2FA only needs 2 forms of verification.
While MFA uses more.

Question 31

What are 3 network security hardening tasks?

Answer 31

Port Filtering
Network access privilege
Encryption

Question 32

What do you call an application that monitors system activity, data packet sniffs and alerts on possible intrustions?

Answer 32

An Intrustion Detection System ( IDS )

Question 33

What do you call an application that monitors system activity and stop possible intrusions?

Answer 33

Intrusion Prevention System (IPS)

Question 34

What do you call on-demand network access to a share pool of configurable comptung resourses?

Answer 34

Cloud Computing

Question 35

What is the processes and technologies that helps organizations manage digital identities in their enviroment?

Answer 35

Identity Access Management (IAM)

Question 36

What is a zero day attack?

Answer 36

An exploit that was previously unknown

Bascially, a organization goes under attack and how the attack happens has never been seen before. Therefore the engineers have zero days worked on a patch for this attack.

Question 37

What is the shared responsibility model in regards to CSP’s?

Answer 37

Where CSP’s are responsible for cloud infrastructure, including physical data center, hypervisors, and host operating system.

While the company is responsible for the assests and processes that they store or operate in the cloud.