ICS Final Exam Review

What is a DHCP starvation attack?

An attack that exhausts a DHCP server's address pool

What can be a source of internal threats?

Employees within the organization

What is a common way for threat actors to gain access to a network?

By obtaining credentials to access the network

Which of the following is a potential consequence of a rogue DHCP server changing the default gateway address for a subnet?

Routing communications through the attacker's machine

What does the client do to ensure the offered IP address is not already in use?

Broadcasts an ARP message

Which Neighbor Discovery Protocol function enables a router to inform a host of a better route to a particular destination in an IPv6 network?

Redirection

An IT support technician receives a call from a user complaining that they cannot access the website www.examplecorp.com. The user has already tried clearing their browser cache and restarting their computer but to no avail.

The technician decides to troubleshoot the issue starting with DNS resolution.

Which of the following steps should the technician take first to diagnose the problem?

Check to see if the user's computer can resolve other domain names.

What is the purpose of a cybersecurity audit?

To ensure a security posture aligns with established standards

What is a common indicator of a compromised machine in the context of DNS attacks?

Suspect entries in the HOSTS file

Which version of SNMP supports encryption and strong user-based authentication?

SNMP v3

What does the -w switch do in tcpdump?

Writes output to a file

What is the role of Router Advertisements (RAs) in the IPv6 address configuration process?

To inform hosts of network prefixes and autoconfiguration options

What does a risk assessment involve?

Auditing the company's systems for risk factors

How is a connection uniquely identified in a TCP/IP network?

By the combination of server port and IP address and client port and IP address

What does "integrity" in the context of the CIA Triad mean?

The data is stored and transferred as intended and that any modification is authorized.

What is a basic type of IP scanning mentioned in the document?

Host discovery

Can the same domain name be registered within different top-level domains?

Yes, the same domain name can be registered within different TLDs.

What is an on-path attack?

A type of spoofing attack where a threat actor intercepts communications between two hosts.

What is the purpose of spoofing attacks?

To disguise the attacker's identity

What is the purpose of installing a special driver for a software-based sniffer?

To allow the frames to be read from the network stack

What does disaster recovery focus on?

Switching services to failover systems or sites

Which of the following can be considered a rogue device?

A wireless access point installed without IT approval

What is referred to as configuration drift?

The deviation of a CI from its baseline

What is the primary goal of most adversaries when launching network attacks?

To steal information from the network

An organization wants to enhance its network security to prevent on-path attacks, specifically targeting ARP spoofing techniques.

Which of the following measures would be most effective?

Enabling Dynamic ARP Inspection (DAI) on switches

Which type of scanners use specially crafted probes to locate hosts that might be configured not to respond to pings?

Security-oriented scanners

On your way into the back entrance of your work building one morning, a man dressed as a plumber asks you to let him in so he can fix the restroom.

What should you do?

Direct him to the front entrance and instruct him to check in with the receptionist.

What is the primary purpose of ARP poisoning in an on-path attack?

To redirect traffic through the attacker.

A user reports that they cannot browse to a specific website on the Internet.

From the user's computer, a computer tech finds that a ping test to the web server succeeds. A traceroute test shows 17 hops to the destination web server.

What is the MOST likely cause of the problem?

Incorrect DNS server address

What does an IP scanner do?

Establishes the logical topology of the network

What is established between a server and a client after successful authentication with TLS?

An encrypted tunnel

What are latency and jitter in the context of network performance?

Problems of timing and sequence of packet delivery

Which of the following attacks can also be used to perform denial of service (DoS) attacks?

ARP spoofing

Why must a DHCP server, without the use of relays, be placed in the same subnet as its clients?

To ensure it can assign IP addresses to them

What happens if a Windows host does not receive a response from a DHCP server within a given time frame?

It will select an address at random from the APIPA range.

What does SMTP use to discover the IP address of the recipient's SMTP server?

The domain name part of the recipient's email address

How does an SNMP monitor typically retrieve information from a device?

By using the Get command

Which option is used with tcpdump to specify the network interface to listen on?

-i

What is the purpose of the PRI code in a syslog message?

To indicate the message's priority

What does Nmap use to determine whether a host is present when used without switches?

It pings and sends a TCP ACK packet to ports 80 and 443.

What is the role of a packet sniffer in the context of a protocol analyzer?

To capture frames moving over the network medium

Which password cracking method involves trying every possible combination to find the matching password?

Brute Force

What is the significance of conducting validation tests in disaster recovery?

To ensure services can be restored

What does a syslog message comprise?

A PRI code, a header, and a message part

Why do routers normally not forward broadcast traffic?

To prevent network congestion

Which of the following examples BEST describes shoulder surfing?

Someone nearby watching you enter your password on your computer and recording it

What does a client use to identify the resource it wants to request from an HTTP server?

Uniform Resource Locator (URL)

What is considered an acceptable error rate in general terms?

Under 1 percent

What happens during a TLS handshake?

The server provides its digital certificate to the client for authentication

Why are longer and more complex passwords more secure against brute force attacks?

They increase the amount of time the attack takes to run.

What type of information does a root DNS server contain?

Complete information about top-level domain servers

What is the purpose of applying a unicast address to DHCP frames by the DHCP relay?

To directly communicate with the DHCP server without broadcasting

You have a network with 50 workstations. You want to automatically configure the workstations with the IP address, subnet mask, and default gateway values.

Which device should you use?

DHCP server

What is one of the primary purposes of the Internet Message Access Protocol (IMAP)?

To manage a mailbox on a server

What does "availability" in the CIA Triad refer to?

Information and resources are accessible to those authorized when needed.

Which backup mode creates a snapshot-type image of the whole system?

State/bare metal

What is the purpose of a socket in the context of network communications?

To serve as a unique identifier for a network connection

What is the purpose of a Business Impact Analysis (BIA) in continuity planning?

To identify risk disruption for primary business functions

What type of events does an audit log generally record?

Success/fail type events related to authentication

What is the primary difference between footprinting and fingerprinting in network attacks?

Footprinting gathers general network information, while fingerprinting identifies specific device types.

Which statement BEST describes the use of port numbers in TCP/IP networking?

Port numbers are used in conjunction with IP addresses to direct packets to specific services or applications.

Which of the following is a potential consequence of a rogue DHCP server changing the default gateway address for a subnet?

Routing communications through the attacker's machine

Which of the following is the BEST approach when a configuration has drifted from its baseline?

Perform testing to determine whether to revert.

Which of the following attacks can also be used to perform denial of service (DoS) attacks?

ARP spoofing

What makes a router RFC 1542 compliant?

The capability to forward DHCP traffic between subnets

What feature does version 2 of HTTP add to enhance its functionality?

More state-preserving features

What is typically indicated when a host can ping a server by its IP address but not by its name?

Incorrect DNS configuration

What is the purpose of a community string in SNMP?

To serve as a type of password

What is packet loss?

The discarding of data packets in a network

How is a connection uniquely identified in a TCP/IP network?

By the combination of server port and IP address and client port and IP address

What is a key feature of performance/traffic logs?

They record metrics for network resources.

Which TCP port does HTTPS encrypted traffic default to?

443

What type of data transfer is described as bursty?

File Transfer

What should be checked if a single client cannot resolve names?

The client's DNS server configuration

What role does a Change Advisory Board (CAB) play in change management?

It approves major or significant changes.

You are setting up a secure website for your online store. You want to ensure that all data transmitted between your website and your customers is encrypted.

Which of the following steps is essential for you to achieve this?

Obtain and install a digital certificate.

What is typically indicated when a host can ping a server by its IP address but not by its name?

Incorrect DNS configuration

What does the term "stateless protocol" imply about HTTP?

Each request from a client to a server is treated as a new request.

In a Windows environment, which protocol is typically used to access Microsoft Exchange mailboxes?

MAPI