mis 170 ch 4.3-4.8
Studied by 0 people
Call Kai
Learn
Practice Test
Spaced Repetition
Match
Flashcards
Knowt Play1/86
There's no tags or description
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced |
|---|
No study sessions yet.
87 Terms
What is a Man-In-The-Middle (MITM) attack?
An attack where an attacker eavesdrops on or modifies communications between two parties who believe they are communicating directly with each other.
At which OSI layer does a MITM attack operate?
Network layer (Layer 3).
In a MITM attack, what is the attacker’s goal?
To intercept, alter, or impersonate communications between two parties.
What type of channel prevents a MITM attack?
A secure channel — ensures both data authenticity and confidentiality.
What is a secure channel?
A communication channel that guarantees data authenticity and confidentiality.
Is DNS poisoning a type of MITM attack?
Yes — It modifies DNS queries to redirect users and intercept their communications.
An attacker that only eavesdrops on communications is conducting what kind of attack?
A) Not an MITM attack
B) An MITM attack
B) An MITM attack — Eavesdropping alone qualifies as an MITM behavior.
To prevent MITM attacks, both ____ and _____ must be guaranteed.
Data authenticity and data confidentiality — preventing tampering and unauthorized access.
An ARP poisoning attack that associates an attacker’s MAC address with a target host’s IP address is an example of what?
A Man-In-The-Middle (MITM) attack — It allows eavesdropping and interception of data between devices.
What is a Man-In-The-Browser (MITB) attack?
A type of MITM attack that uses malware within a web browser to intercept or modify communications between a browser and a web server.
At which OSI layer does an MITB attack operate?
Application layer (Layer 7).
What is the primary goal of a Man-In-The-Browser (MITB) attack?
To intercept or alter data exchanged between a user’s browser and a web server, often to steal financial or sensitive information.
How does malware typically execute an MITB attack?
By exploiting browser vulnerabilities through Trojan-infected extensions or user scripts that alter form inputs and webpage data.
Why is an MITB attack difficult to detect or remove?
Because the malware is embedded in browser extensions that may appear legitimate and only activate on specific websites.
In an MITB attack, what happens first?
A) The attacker eavesdrops on a network channel
B) The target host is infected with malware
B) The target host is infected with malware — It enables the attacker to capture browser data.
An attacker eavesdropping on a wireless network between a user and a web server is conducting what kind of attack?
A) MITB
B) MITM
B) MITM — MITB occurs within the browser, not over a wireless channel.
Is an MITB attack limited only to banking websites?
A) True
B) False
B) False — It can target any website that processes user data, not just financial ones.
What allows an MITB attacker to alter a user’s input before submission?
A compromised browser extension or injected script that modifies HTML form data.
What kind of protection helps mitigate MITB attacks?
Using up-to-date browsers, disabling untrusted extensions, employing antivirus and behavioral monitoring software.
Why is the MITB attack considered a type of MITM attack?
Because it intercepts and manipulates data between two communicating parties (browser and web server).
What is SSH (Secure Shell Protocol)?
A cryptographic network protocol that provides a secure channel for operating network services over an insecure network.
What was SSH designed to replace?
Telnet and other unsecured remote shell protocols that transmit information (including passwords) in plaintext.
Which port does SSH use by default?
A) TCP port 80
B) TCP port 49
C) TCP port 22
C) TCP port 22 — SSH uses TCP port 22 for secure communication.
How does SSH provide data confidentiality?
A) By using encryption
B) By using message authentication codes
C) By using digital signatures
A) By using encryption — Encryption ensures that transmitted data remains confidential.
How does SSH provide data integrity?
A) By using encryption
B) By using message authentication codes
C) By using digital signatures
B) By using message authentication codes — MACs verify that data is not altered in transit.
How does an SSH server authenticate a user?
A) SSH cannot be used for authentication
B) By using a user's public key to decrypt a random message that the user encrypted with their private key
C) By using a user's private key to decrypt a random message that the user encrypted with their private key
B) The SSH server verifies the user by decrypting a message with the user’s public key that was encrypted using their private key.
What is protocol tunneling in SSH?
Encapsulation of one protocol’s packets within another, allowing any network service to be secured over SSH.
What are the main security features provided by SSH?
Data confidentiality (encryption), data integrity (MACs), and secure authentication (public/private key).
What is public key authentication in SSH?
A method of authenticating users without passwords by using a key pair — the private key is used by the user, and the public key is stored on the server.
What benefit does SSH provide for automation and single sign-on (SSO)?
It enables passwordless logins using public key authentication, allowing secure automated access.
What is FTPS?
File Transfer Protocol Secure — an extension of FTP that uses SSL/TLS to secure data transmission.
What is SFTP?
SSH File Transfer Protocol — an extension of SSH that provides secure file transfer and remote file system management.
Which protocol uses SSL/TLS?
A) FTP
B) FTPS
C) SFTP
B) FTPS — It uses SSL/TLS to secure communications between hosts.
Which protocol uses TCP port 22?
A) FTP
B) FTPS
C) SFTP
C) SFTP — It’s built on SSH and uses TCP port 22 for secure transfers.
Which protocol uses TCP ports 989 and 990?
A) FTP
B) FTPS
C) SFTP
B) FTPS — TCP port 989 is the data channel, and 990 is the control channel.
Which protocol provides remote file system management functionality?
A) FTP
B) FTPS
C) SFTP
C) SFTP — It allows directory listing, deletion, and resuming interrupted transfers.
Are FTPS and SFTP compatible with each other?
No — FTPS uses SSL/TLS while SFTP uses SSH
What encryption and hashing algorithms are supported by FTPS?
AES and 3DES for encryption
What types of certificates does FTPS support?
X.509 self-signed or trusted public key certificates for authentication.
What ports does traditional FTP use?
TCP port 20 (data channel) and TCP port 21 (control channel).
What is the main difference between FTPS and SFTP?
FTPS secures FTP using SSL/TLS, while SFTP is built on SSH and uses SSH protocol extensions for security.
What is one advantage of using SFTP over FTP?
SFTP provides both encryption and authentication via SSH, ensuring secure file transfer and system management.
What is the main purpose of using FTPS or SFTP?
To securely transfer files between networked hosts while ensuring data confidentiality and integrity.
What is IPSec?
A protocol suite for securing data communications over an IP network that ensures authenticity, integrity, and confidentiality at the network layer (Layer 3).
What are the two main IPSec protocols?
Authentication Header (AH) and Encapsulating Security Protocol (ESP).
What does the Authentication Header (AH) provide?
Authentication and integrity for an IP packet, and protection against replay attacks.
What does the Encapsulating Security Protocol (ESP) provide?
Authentication, integrity, confidentiality (encryption), and protection against replay attacks.
How does AH ensure data integrity?
By using a message digest created with a shared secret key.
How does AH protect against replay attacks?
By including a sequence number in the AH header to detect duplicate packets.
What part of an IP packet does AH authenticate?
The entire IP packet — both the IP header and IP payload.
What part of an IP packet does ESP authenticate?
Only the IP payload.
Which IPSec protocol provides protection against replay attacks?
A) AH
B) ESP
C) AH and ESP
C) AH and ESP — Both use sequence numbers for replay protection.
Which IPSec protocol provides data confidentiality?
A) AH
B) ESP
C) AH and ESP
B) ESP — It uses encryption to provide confidentiality.
Which IPSec protocol provides authentication and integrity?
A) AH
B) ESP
C) AH and ESP
C) AH and ESP — Both ensure authentication and integrity of IP packets.
Which IPSec protocol authenticates an entire IP packet?
A) AH
B) ESP
C) AH and ESP
A) AH — Authenticates both the IP header and payload.
Which IPSec protocol only authenticates the IP payload?
A) AH
B) ESP
C) AH and ESP
B) ESP — Only authenticates the payload, not the IP header.
What are the two IPSec operation modes?
Transport mode and Tunnel mode.
What is transport mode in IPSec?
A mode where only the IP payload is authenticated and encrypted, not the IP header. Used for end-to-end communication between a client and server.
What is tunnel mode in IPSec?
A mode where the entire IP packet (header and payload) is authenticated, encrypted, and encapsulated within another protocol, commonly L2TP.
In which IPSec mode is the IP header not authenticated?
A) Transport
B) Tunnel
C) Both
A) Transport — Only the payload is protected.
In which IPSec mode is an entire IP packet encapsulated in another protocol?
A) Transport
B) Tunnel
C) Both
B) Tunnel — The entire packet is encapsulated for transmission.
In which IPSec mode is the IP payload encrypted?
A) Transport
B) Tunnel
C) Both
C) Both — The payload is encrypted in both IPSec modes.
Which IPSec mode is used for communications between a server and a client?
A) Transport
B) Tunnel
C) Both
A) Transport — Used for end-to-end communications.
Which IPSec mode is used for communications between two gateways?
A) Transport
B) Tunnel
C) Both
B) Tunnel — Commonly used between network gateways or VPN endpoints.
In which IPSec mode is the IP payload authenticated?
A) Transport
B) Tunnel
C) Both
C) Both — The payload is authenticated in both IPSec modes.
What protocol is commonly used to encapsulate IPSec in tunnel mode?
Layer 2 Tunneling Protocol (L2TP).
At what OSI layer does IPSec operate?
Layer 3 — The network layer.
What are the key security services provided by IPSec?
Authentication, integrity, confidentiality, and replay attack protection.
What is the Post Office Protocol (POP)?
An Internet standard protocol used by an email client to retrieve email from a mail server.
At what OSI layer does POP operate?
Application layer (Layer 7).
Which version of POP is the latest?
POP3 (Post Office Protocol version 3).
Which port does POP use by default?
A) TCP port 443
B) TCP port 110
C) TCP port 22
B) TCP port 110 — POP uses TCP port 110 for unencrypted communication.
What is the purpose of POP?
A) Send an email
B) Retrieve an email
C) Configure a mail server
B) Retrieve an email — POP downloads emails from the server to the client.
What happens to an email after it’s downloaded via POP by default?
It is removed from the POP server.
Why is POP not secure?
Data, including credentials, is transmitted in cleartext.
What is POPS (POP3S)?
POP Secure — a version of POP that uses SSL/TLS to secure communication between the client and the server.
Which port does POP3S use?
A) TCP port 80
B) UDP port 1812
C) TCP port 995
C) TCP port 995 — POPS uses SSL/TLS over TCP port 995.
What is the difference between POP and POPS?
POPS uses SSL/TLS to provide data privacy and integrity, while POP transmits data in cleartext.
What is an IMAP (Internet Message Access Protocol)?
A protocol that allows an email client to retrieve and manage email directly on a mail server.
At what OSI layer does IMAP operate?
Application layer (Layer 7).
Which port does IMAP use by default?
TCP port 143.
Which port does IMAPS use?
TCP port 993 — IMAPS uses SSL/TLS to secure communications.
Which protocol supports the creation of folders on a mail server?
A) POP
B) IMAP
B) IMAP — IMAP allows organizing emails into folders on the server.
Which protocol is typically used for accessing email from a single device?
A) POP
B) IMAP
A) POP — It downloads emails and removes them from the server by default.
Which protocol supports searching emails on the mail server?
A) POP
B) IMAP
B) IMAP — IMAP can search and organize emails directly on the server.
In which protocol is a retrieved email removed from the server by default?
A) POP
B) IMAP
A) POP — Emails are deleted from the server after being downloaded.
What is IMAPS?
A secure version of IMAP that uses SSL/TLS to provide data privacy and integrity over TCP port 993.