Quiz: Module 08 Infrastructure Threats and Security Monitoring

Which attack intercepts communications between a web browser and the underlying OS?

a. MITM

b. MRTR

c. MTTR

d. MITB

d. MITB

Himari needs to protect against potential attacks on DNS. What are the locations she would need to protect?

a. web server buffer and host DNS server

b. reply referrer and domain buffer

c. web browser and browser add-on

d. local host file and external DNS server

d. local host file and external DNS server

What is the result of an ARP poisoning attack?

a. The ARP cache is compromised.

b. Users cannot reach a DNS server.

c. MAC addresses are altered.

d. An internal DNS must be used instead of an external DNS.

a. The ARP cache is compromised.

Yua has discovered that the network switch is broadcasting all packets to all devices. She suspects it is the result of an attack that has overflowed the switch MAC address table. Which type of attack would she report?

a. MAC spoofing attack

b. MAC cloning attack

c. MAC flooding attack

d. MAC overflow attack

c. MAC flooding attack

Sakura is explaining to a colleague the different types of DNS attacks. Which DNS attack would only impact a single user?

a. DNS hijack attack

b. DNS poisoning attack

c. DNS overflow attack

d. DNS resource attack

b. DNS poisoning attack

Which type of monitoring methodology looks for statistical deviations from a baseline?

a. behavioral monitoring

b. signature-based monitoring

c. anomaly monitoring

d. heuristic monitoring

c. anomaly monitoring

Ichika suspects that there may be infected devices on the network that are sending regular beacons to a threat actor's C&C server. Which type of analysis would she use to determine if this is true?

a. traffic analysis

b. port analysis

c. packet analysis

d. probe analysis

c. packet analysis

Akari has been asked to install a packet analysis tool on a Linux web server. Because this server does not do anything unnecessary so it reduces the footprint that a threat actor could exploit, all applications on the server are command-line applications and there is no graphical user interface (GUI). Which tool would Akari install?

a. Ethereal

b. Tcpdump

c. Network General

d. Sniffer

b. Tcpdump

Which of the following is NOT a reason that threat actors use PowerShell for attacks?

a. It cannot be detected by anti-malware running on the computer.

b. It leaves behind no evidence on a hard drive.

c. It can be invoked prior to system boot.

d. Most applications flag it as a trusted application.

c. It can be invoked prior to system boot.

Which attack uses the fewest number of computers to launch the attack?

a. DoS

b. DDoS

c. DoSS

d. DooS

a. DoS

Which of the following is used to write macros?

a. PowerShell

b. Python

c. Bash

d. VBA

d. VBA

Which of the following is NOT correct about an email header?

a. As email is transferred from MTA to MTA, information is added to the email header.

b. Email headers are encrypted to prevent someone from altering the contents.

c. The email header contains information about the sender, recipient, email's route through MTAs, and various authentication details.

d. Each MTA along the path adds its own information to the top of the email header.

b. Email headers are encrypted to prevent someone from altering the contents.

Which of the following is NOT correct about forwarding emails?

a. Corporations routinely allow employees to forward emails.

b. Employees may "auto-forward" corporate emails to utilize enhanced spam filtering.

c. Forwarded emails may not be available for email evidence.

d. Unauthorized users could access forwarded emails.

a. Corporations routinely allow employees to forward emails.

Which of the following email defenses uses a digital signature?

a. SPC

b. DKIM

c. DMARC

d. It depends on whether or not the email payload has been encrypted.

b. DKIM

Aoi uses the Python programming language and does not want her code to contain vulnerabilities. Which of the following best practices would she NOT use?

a. Only use compiled and not interpreted Python code.

b. Use the latest version of Python.

c. Use caution when formatting strings.

d. Download only vetted libraries.

a. Only use compiled and not interpreted Python code.

What is Bash?

a. the command-language interpreter for Linux/UNIX OSs

b. the open source scripting language that contains many vulnerabilities

c. a substitute for SSH

d. the underlying platform on which macOS is built

a. the command-language interpreter for Linux/UNIX OSs

Which of the following is a tool for editing packets and then putting the packets back onto the network to observe their behavior?

a. Tcpreplay

b. Tcpdump

c. Wireshark

d. Packetdump

a. Tcpreplay

Which of the following is NOT a limitation of an SEG?

a. slow processing speed

b. single-layer security

c. multiple root domains

d. revealing protections

a. slow processing speed

Amari has been asked to compare an organization's security against a set of open security standards. Which of the following would he choose?

a. SCAP

b. NFLOW

c. SOAR

d. SPF

a. SCAP

What does an SNMP trap do that is different from the normal SNMP function?

a. SNMP traps do not use PDU.

b. SNMP traps can only respond to administrator queries once per hour.

c. SNMP traps can send unsolicited messages.

d. SNMP traps require authentication while normal SNMP does not.

c. SNMP traps can send unsolicited messages.