Computer Networking Chapter 9

What does data locality require?

answer

Data to be encrypted at all times

Data storage within certain geographical boundaries

Data to be stored in the cloud

Unlimited data transfer between countries

Data storage within certain geographical boundaries

What poses a greater threat than zero-day vulnerabilities?

answer

Unpatched or legacy systems

Newly released software

Strong password policies

Encrypted data storage

Unpatched or legacy systems

What is the role of encryption in an access control solution?

answer

To physically secure devices and resources

To convert plaintext into ciphertext

To give readable access to data

To serve as the only method of access control

To convert plaintext into ciphertext

What does "integrity" in the context of the CIA Triad mean?

answer

The system is protected against unauthorized access and attacks.

Certain information should only be known to certain people.

Information is accessible to those authorized to view or modify it.

The data is stored and transferred as intended and that any modification is authorized.

The data is stored and transferred as intended and that any modification is authorized.

Under what condition can an organization process credit card transactions directly?

answer

If they use cloud storage

If they encrypt all their emails

If they adopt the PCI DSS standard

If they have an internet presence

If they adopt the PCI DSS standard

What is the purpose of a cybersecurity audit?

answer

To install security software on all company devices

To ensure a security posture aligns with established standards

To train employees on cybersecurity best practices

To assess the organization's IT budget

To ensure a security posture aligns with established standards

What can the most serious vulnerabilities allow an attacker to do?

answer

Encrypt system files for data protection

Increase system performance

Execute arbitrary code on the system

Improve application security

Execute arbitrary code on the system

What is meant by "data at rest"?

answer

Data present in volatile memory

Data being actively processed by a computer

Data being transmitted over a network

Data stored on a persistent storage media

Data stored on a persistent storage media

What is Personally Identifiable Information (PII)?

answer

Data that can identify, contact, or locate an individual

Data that is encrypted and stored securely

Any data that can be publicly accessed

Information related to a company's financial status

Data that can identify, contact, or locate an individual

What does a risk assessment involve?

answer

Reviewing employee performance and productivity

Auditing the company's systems for risk factors

Auditing the company's financial statements for fraud

Conducting physical security checks on company premises

Auditing the company's systems for risk factors

What does a ciphertext represent in the context of encryption?

answer

The key used to encrypt the plaintext

The conversion of plaintext into a hash

The original human-readable information

The encrypted version of plaintext

The encrypted version of plaintext

What is one of the key benefits of using a honeypot or honeynet in cybersecurity?

answer

Increasing the encryption strength

Completely eliminating cyber threats

Providing an early warning of attacks

Reducing the need for other security measures

Providing an early warning of attacks

What is the difficulty in implementing security controls?

answer

They are always too complex to implement.

They only address low-level risks.

They can be expensive.

They are not supported by IT service frameworks.

They can be expensive.

What does "availability" in the CIA Triad refer to?

answer

The system is protected against unauthorized access and attacks and disclosure.

The data is stored and transferred as intended and that any modification is authorized.

Information is protected from unauthorized access except to those with the proper permissions.

Information and resources are accessible to those authorized when needed.

Information and resources are accessible to those authorized when needed.

What is a honeypot in the context of cybersecurity?

answer

A software tool used for encrypting data

A computer system set up to attract attackers

A firewall configuration technique

A type of malware designed to steal data

A computer system set up to attract attackers

What is the purpose of spoofing attacks?

answer

To improve the security of DNS services

To enhance the performance of ARP services

To disguise the attacker's identity

To provide legitimate services to users

To disguise the attacker's identity

What is an example of an inadvertent vulnerability that users can create?

answer

Using shadow IT without authorization

Implementing strong encryption algorithms

Regularly updating software and applications

Employing multi-factor authentication

Using shadow IT without authorization

What are Potentially Unwanted Programs (PUPs)/Potentially Unwanted Applications (PUAs)?

answer

Applications that cannot be uninstalled by the user

Programs that enhance computer security without the user's knowledge

Software installed alongside a package selected by the user

Software that is always malicious but is installed without the user's consent

Software installed alongside a package selected by the user

What distinguishes an external threat actor from an internal threat actor?

answer

The sophistication of the attack

The geographical location of the actor

The type of malware they use

Whether they have authorized access to the system

Whether they have authorized access to the system

What can be a source of internal threats?

answer

Hackers from another country

Phishing emails from unknown senders

Employees within the organization

Malware found on the Internet

Employees within the organization

A cyber security technician responds to a department experiencing degraded network bandwidth, and customers call the department saying they cannot visit the company website.

What is likely causing the issue?

answer

DNS Poisoning

On-path attack

Distributed DoS (DDoS)

Malware

Distributed DoS (DDoS)

How are botnets typically created?

answer

By updating devices with the latest firmware

Through malware that opens a backdoor

By installing security software on devices

Through the use of strong passwords

Through malware that opens a backdoor

What types of devices are vulnerable to becoming part of a botnet?

answer

Devices without Internet access

Only outdated computers

Only servers and mainframes

Any type of Internet-enabled device

Any type of Internet-enabled device

What is malware?

answer

Software designed to protect computer networks

A type of computer hardware that performs poorly

Software that performs malicious actions

A beneficial software tool that enhances system performance

Software that performs malicious actions

What does the term "advanced persistent threat (APT)" refer to in the context of malware?

answer

A firewall feature that blocks all incoming traffic

A basic form of malware that is easily detected and removed

A sophisticated malware attack that remains undetected

A type of antivirus software

A sophisticated malware attack that remains undetected

What is the primary goal of most adversaries when launching network attacks?

answer

To enhance network performance

To steal information from the network

To provide free services to users

To improve network security

To steal information from the network

What does the payload of malware refer to?

answer

The amount of data the malware can steal

The method by which the malware spreads

The size of the malware file

The malware action other than replication

The malware action other than replication

What is the primary difference between footprinting and fingerprinting in network attacks?

answer

Fingerprinting is a legal method of gathering information, while footprinting is not.

Footprinting gathers general network information, while fingerprinting identifies specific device types.

Footprinting aims to improve network performance, while fingerprinting does not.

Footprinting is used to enhance network security, while fingerprinting is used to decrease it.

Footprinting gathers general network information, while fingerprinting identifies specific device types.

What is a Distributed Reflection DoS (DRDoS) attack?

answer

An attack that directly targets the attacker's network

An attack that improves server reflection capabilities

A method to reduce network bandwidth consumption

A type of attack where the victim's IP address is spoofed

A type of attack where the victim's IP address is spoofed

Which of the following best describes behavioral threat research?

answer

A commentary describing examples of attacks and TTPs

A database of all known computer viruses

A set of guidelines for installing security software

A method for improving the encryption of data

A commentary describing examples of attacks and TTPs

What is the result of a successful ARP poisoning attack?

answer

The attacker receives all traffic destined for remote networks.

All network traffic is encrypted automatically.

The attacker's device is disconnected from the network.

The network's speed is significantly increased.

The attacker receives all traffic destined for remote networks.

What is the primary difference between ARP spoofing and ARP poisoning?

answer

ARP spoofing involves broadcasting fake ARP messages, while ARP poisoning refers to the state of the ARP cache.

ARP spoofing is a passive attack while ARP poisoning is an active attack.

ARP poisoning is used to secure network communications, whereas ARP spoofing is a malicious activity.

ARP spoofing and ARP poisoning are terms for the same process, with no difference between them.

ARP spoofing involves broadcasting fake ARP messages, while ARP poisoning refers to the state of the ARP cache.

What is an on-path attack?

answer

A type of physical attack where the attacker physically intercepts a data transmission.

A cyber-attack that exclusively targets the path of data storage devices.

A type of spoofing attack where a threat actor intercepts communications between two hosts.

An attack where the threat actor creates a new path in a network to reroute data.

A type of spoofing attack where a threat actor intercepts communications between two hosts.

What is the primary purpose of ARP poisoning in an on-path attack?

answer

To encrypt all data packets on the network.

To increase the efficiency of the ARP protocol.

To redirect traffic through the attacker.

To physically damage the network infrastructure.

To redirect traffic through the attacker.

How do attackers exploit the native VLAN feature in a VLAN hopping attack?

answer

By sending a frame with three VLAN tag headers

By encrypting the traffic sent to the native VLAN

By crafting a frame with two VLAN tag headers

By deleting the native VLAN from the switch configuration

By crafting a frame with two VLAN tag headers

What is VLAN hopping?

answer

A method to increase the speed of VLAN traffic

An attack designed to send traffic to a VLAN other than the one the host system is in

A technique to reduce network congestion

A security feature of 802.1Q to enhance VLAN compatibility

An attack designed to send traffic to a VLAN other than the one the host system is in

What is the primary purpose of the Spanning Tree Protocol (STP) in a network?

answer

To encrypt traffic between switches

To facilitate VLAN hopping attacks

To increase network bandwidth

To prevent switching loops

To prevent switching loops

What happens when a switch's MAC address table is overwhelmed due to a MAC flooding attack?

answer

The switch automatically shuts down for security reasons.

The switch only forwards traffic to the attacker's port.

The switch increases its memory capacity automatically.

The switch begins to function as a hub.

The switch begins to function as a hub.

What feature of 802.1Q do VLAN hopping attacks exploit?

answer

Native VLANs

Port security

Access control lists (ACLs)

Port mirroring

Native VLANs

What is MAC spoofing?

answer

Using malware to reveal the MAC address of a device

Physically altering the network interface to change its MAC address

Intercepting MAC addresses during data transmission

Changing the MAC address of a network interface to any arbitrary value

Changing the MAC address of a network interface to any arbitrary value