what characteristic of arp makes it particularly vulnerable to being used in a dos attack?

How to detect: Press "Ctrl + F" in the browser and make full in whatever diction is in the question to find that question/respond. If the question is not hither, notice information technology in Questions Bank.

NOTE: If you have the new question on this exam, please comment Question and Multiple-Choice list in course below this commodity. We will update answers for y'all in the shortest time. Thanks! We truly value your contribution to the website.

CyberOps Associate (Version 1.0) – Modules 13 – 17: Threats and Attacks Group Exam

1. What is the significant characteristic of worm malware?

• Worm malware disguises itself as legitimate software.
• One time installed on a host organisation, a worm does not replicate itself.
• A worm must exist triggered by an event on the host system.
• A worm can execute independently of the host organisation.

Explanation: Worm malware can execute and copy itself without beingness triggered past a host program. It is a significant network and Internet security threat.

ii. What are the 3 major components of a worm assault? (Choose iii.)

• a payload
• a propagation mechanism
• an infecting vulnerability
• a probing mechanism
• an enabling vulnerability
• a penetration mechanism

Caption: A computer can have a worm installed through an email zipper, an executable program file, or a Trojan Horse. The worm set on not only affects ane reckoner, but replicates to other computers. What the worm leaves behind is the payload–the lawmaking that results in some action.

3. A user is curious almost how someone might know a computer has been infected with malware. What are two mutual malware behaviors? (Choose two.)

• The calculator emits a hissing audio every fourth dimension the pencil sharpener is used.
• The estimator beeps once during the boot procedure.
• The computer gets increasingly slower to respond.
• No sound emits when an sound CD is played.
• The computer freezes and requires reboots.

Explanation: Common symptoms of computers infected with malware:
Appearance of files, applications, or desktop icons
Security tools such as antivirus software or firewalls turned off or changed
System crashes
Emails spontaneously sent to others
Modified or missing files
Slow organization or browser response
Unfamiliar processes or services running
Unknown TCP or UDP ports open up
Connections made to unknown remote devices

4. Which two types of attacks are examples of reconnaissance attacks? (Cull two.)

• brute force
• port browse
• ping sweep
• man-in-the-eye
• SYN flood

Explanation: Reconnaissance attacks try to gather information about the targets. Ping sweeps will point which hosts are upwards and responding to pings, whereas port scans will indicate on which TCP and UDP ports the target is listening for incoming connections. Man-in-the-middle and brute force attacks are both examples of admission attacks, and a SYN flood is an example of a denial of service (DoS) assail.

5. An administrator discovers a vulnerability in the network. On analysis of the vulnerability the ambassador decides the price of managing the take chances outweighs the cost of the risk itself. The risk is accepted, and no activeness is taken. What take a chance management strategy has been adopted?

• risk transfer
• gamble acceptance
• take chances reduction
• risk abstention

Explanation: Risk acceptance is when the cost of risk management options outweighs the cost of the gamble itself, the risk is accustomed, and no action is taken.

6. Which protocol is exploited by cybercriminals who create malicious iFrames?

• HTTP
• DNS
• ARP
• DHCP

Explanation: An HTML element known every bit an inline frame or iFrame allows the browser to load a different web folio from another source.

seven. How tin can a DNS tunneling attack be mitigated?

• by preventing devices from using gratis ARP
• by using a filter that inspects DNS traffic
• by securing all domain owner accounts
• by using strong passwords and two-cistron authentication

Explanation: To be able to stop DNS tunneling, a filter that inspects DNS traffic must exist used. Also, DNS solutions such as Cisco OpenDNS block much of the DNS tunneling traffic by identifying suspicious domains.

8. What is the function of a complimentary ARP sent by a networked device when it boots upwards?

• to request the netbios name of the connected organisation
• to request the MAC address of the DNS server
• to asking the IP address of the continued network
• to propose connected devices of its MAC address

Explanation: A gratuitous ARP is often sent when a device start boots up to inform all other devices on the local network of the MAC address of the new device.

ix. What is the outcome of a passive ARP poisoning attack?

• Data is modified in transit or malicious data is inserted in transit.
• Network clients experience a denial of service.
• Confidential information is stolen.
• Multiple subdomains are created.

Caption: ARP poisoning attacks tin can be passive or agile. The result of a passive set on is that cybercriminals steal confidential information. With an active attack, cybercriminals modify information in transit or they inject malicious information.

10. What are 2 methods used by cybercriminals to mask DNS attacks? (Cull two.)

• reflection
• shadowing
• domain generation algorithms
• fast flux
• tunneling

Explanation: Fast flux, double IP flux, and domain generation algorithms are used by cybercrimals to assail DNS servers and bear upon DNS services. Fast flux is a technique used to hide phishing and malware delivery sites backside a quickly-irresolute network of compromised DNS hosts (bots within botnets). The double IP flux technique chop-chop changes the hostname to IP accost mappings and the authoritative name server. Domain generation algorithms randomly generate domain names to be used as rendezvous points.

11. Match the security tool with the description. (Not all options apply.)

12. Lucifer the type of cyberattackers to the description. (Not all options are used.)

13. Match the threat actors with the descriptions. (Not all options are used.)

• hacktivists : threat actors that publicly protest confronting organizations or governments by posting articles, videos, leaking sensitive information, and performing distributed denial of service (DDoS) attacks
• script kiddies : inexperienced threat actors running existing scripts, tools, and exploits, to crusade damage, but typically non for profit
• Land-sponsored : threat actors who steal regime secrets, gather intelligence, and sabotage networks of foreign governments, terrorist groups, and corporations

14. What scenario describes a vulnerability broker?

• a teenager running existing scripts, tools, and exploits, to cause harm, merely typically not for turn a profit
• a threat actor attempting to find exploits and report them to vendors, sometimes for prizes or rewards
• a threat thespian publicly protesting confronting governments past posting manufactures and leaking sensitive information
• a State-Sponsored threat actor who steals government secrets and sabotages networks of foreign governments

Caption: Vulnerability brokers typically refers to grey hat hackers who attempt to notice exploits and study them to vendors, sometimes for prizes or rewards.

15. In what blazon of attack is a cybercriminal attempting to prevent legitimate users from accessing network services?

• DoS
• session hijacking
• MITM
• address spoofing

Explanation: In a DoS or denial-of-service attack, the goal of the attacker is to forbid legitimate users from accessing network services.

16. Which field in the IPv6 header points to optional network layer information that is carried in the IPv6 packet?

• traffic class
• version
• flow label
• next header

Caption: Optional Layer three information nigh fragmentation, security, and mobility is carried inside of extension headers in an IPv6 package. The next header field of the IPv6 header acts as a pointer to these optional extension headers if they are present.

17. Which blazon of attack is carried out by threat actors confronting a network to decide which IP addresses, protocols, and ports are immune by ACLs?

• social engineering
• deprival of service
• phishing
• reconnaissance

Caption: Packet filtering ACLs utilise rules to filter incoming and outgoing traffic. These rules are defined by specifying IP addresses, port numbers, and protocols to be matched. Threat actors tin can use a reconnaissance assail involving port scanning or penetration testing to determine which IP addresses, protocols, and ports are immune by ACLs.

18. What kind of ICMP message tin can be used by threat actors to create a human being-in-the-middle attack?

• ICMP echo request
• ICMP unreachable
• ICMP redirects
• ICMP mask respond

Explanation:Common ICMP messages of interest to threat actors include the following:
ICMP echo request and echo reply: used to perform host verification and DoS attacks
ICMP unreachable: used to perform network reconnaissance and scanning attacks
ICMP mask reply: used to map an internal IP network
ICMP redirects: used to lure a target host into sending all traffic through a compromised device and create a human being-in-the-middle set on
ICMP router discovery: used to inject bogus route entries into the routing table of a target host

19. What are two purposes of launching a reconnaissance assail on a network? (Choose ii.)

• to escalate access privileges
• to prevent other users from accessing the system
• to scan for accessibility
• to gather data about the network and devices
• to recollect and change data

Explanation: Gathering information about a network and scanning for access is a reconnaissance attack. Preventing other users from accessing a system is a denial of service attack. Attempting to retrieve and modify data, and attempting to escalate access privileges are types of access attacks.

twenty. Which type of network assail involves randomly opening many Telnet requests to a router and results in a valid network administrator not being able to access the device?

• DNS poisoning
• homo-in-the-middle
• SYN flooding
• spoofing

Caption: The TCP SYN Inundation assail exploits the TCP three-way handshake. The threat player continually sends TCP SYN session asking packets with a randomly spoofed source IP address to an intended target. The target device replies with a TCP SYN-ACK packet to the spoofed IP address and waits for a TCP ACK package. Those responses never make it. Eventually the target host is overwhelmed with one-half-open TCP connections and denies TCP services.

21. What functionality is provided by Cisco SPAN in a switched network?

• It mirrors traffic that passes through a switch port or VLAN to another port for traffic analysis.
• Information technology prevents traffic on a LAN from being disrupted past a broadcast storm.
• It protects the switched network from receiving BPDUs on ports that should not exist receiving them.
• It copies traffic that passes through a switch interface and sends the data direct to a syslog or SNMP server for analysis.
• It inspects vocalization protocols to ensure that SIP, SCCP, H.323, and MGCP requests accommodate to voice standards.
• It mitigates MAC accost overflow attacks.

Explanation: SPAN is a Cisco technology used by network administrators to monitor suspicious traffic or to capture traffic to be analyzed.

22. Which argument describes an operational feature of NetFlow?

• NetFlow collects basic information about the parcel menstruum, not the menstruation data itself.
• NetFlow captures the entire contents of a packet.
• NetFlow menstruum records tin be viewed by the tcpdump tool.
• NetFlow can provide services for user access control.

Explanation: NetFlow does not capture the entire contents of a packet. Instead, NetFlow collects metadata, or information about the catamenia, not the menstruation data itself. NetFlow data can exist viewed with tools such as nfdump and FlowViewer.

23.. Lucifer the network monitoring solution with a description. (Non all options are used.)

24. Which technology is a proprietary SIEM system?

• StealthWatch
• NetFlow collector
• SNMP agent
• Splunk

Explanation: Security Data Event Management (SIEM) is a technology that is used in enterprise organizations to provide existent-fourth dimension reporting and long-term analysis of security events. Splunk is a proprietary SIEM organization.

25. What are three functionalities provided by SOAR? (Choose three.)

• It automates complex incident response procedures and investigations.
• Information technology provides 24×7 statistics on packets that menstruation through a Cisco router or multilayer switch.
• Information technology uses bogus intelligence to discover incidents and help in incident analysis and response.
• It presents the correlated and aggregated effect information in real-time monitoring and long-term summaries.
• It provides a complete inspect trail of basic information most every IP menstruum forwarded on a device.
• It provides case management tools that let cybersecurity personnel to research and investigate incidents.

Explanation: SOAR security platforms offer these functionalities:
• Gather alarm data from each component of the system
• Provide tools that enable cases to exist researched, assessed, and investigated
• Emphasize integration as a ways of automating complex incident response workflows that enable more rapid response and adaptive defense strategies
• Include predefined playbooks that enable automatic response to specific threats

26. Which devices should be secured to mitigate confronting MAC address spoofing attacks?

• Layer 7 devices
• Layer four devices
• Layer 3 devices
• Layer ii devices

Explanation: Layer 2 attacks such equally MAC accost spoofing can be mitigated by securing Layer 2 devices.

27. A network ambassador is checking the arrangement logs and notices unusual connectivity tests to multiple well-known ports on a server. What kind of potential network attack could this bespeak?

• admission
• deprival of service
• information theft
• reconnaissance

Explanation: A reconnaissance attack is the unauthorized discovery and mapping of systems, services, or vulnerabilities. 1 of the nigh common reconnaissance attacks is performed by using utilities that automatically observe hosts on the networks and determine which ports are currently listening for connections.

28. What is a vulnerability that allows criminals to inject scripts into web pages viewed by users?

• Cantankerous-site scripting
• XML injection
• buffer overflow
• SQL injection

Explanation: Cross-site scripting (XSS) allows criminals to inject scripts that contain malicious code into spider web applications.

29. Which cyber attack involves a coordinated attack from a botnet of zombie computers?

• ICMP redirect
• MITM
• DDoS
• address spoofing

Caption: DDoS is a distributed denial-of-services attack. A DDoS set on is launched from multiple coordinated sources. The sources of the attack are zombie hosts that the cybercriminal has built into a botnet. When ready, the cybercriminal instructs the botnet of zombies to attack the chosen target.

30. What technique is a security attack that depletes the pool of IP addresses available for legitimate hosts?

• reconnaissance set on
• DHCP starvation
• DHCP spoofing
• DHCP snooping

Caption: DHCP starvation attacks create a denial of service for network clients. The assaulter sends DHCP discovery letters that contain fake MAC addresses in an attempt to lease all of the IP addresses. In contrast, DHCP spoofing occurs when a cybercriminal configures a rogue DHCP server to provide network clients with incorrect IP configuration data.

31 Which type of Trojan horse security breach uses the calculator of the victim every bit the source device to launch other attacks?

• proxy
• FTP
• DoS
• information-sending

Explanation: The aggressor uses a proxy Trojan horse set on to penetrate one device and so use that device to launch attacks on other devices. The Dos Trojan horse slows or halts network traffic. The FTP trojan horse enables unauthorized file transfer services when port 21 has been compromised. A data-sending Trojan equus caballus transmits data back to the hacker that could include passwords.

32. What are two examples of DoS attacks? (Choose 2.)

• buffer overflow
• SQL injection
• port scanning
• phishing
• ping of death

Explanation: The buffer overflow and ping of death DoS attacks exploit organization memory-related flaws on a server by sending an unexpected corporeality of data or malformed data to the server.

33. Why would a rootkit be used by a hacker?

• to try to gauge a password
• to reverse engineer binary files
• to gain admission to a device without beingness detected
• to do reconnaissance

Caption: Hackers utilize rootkits to avert detection besides equally hide whatsoever software installed by the hacker.

34. What causes a buffer overflow?

• sending also much information to ii or more than interfaces of the same device, thereby causing dropped packets
• attempting to write more information to a memory location than that location tin hold
• sending repeated connections such as Telnet to a detail device, thus denying other data sources
• downloading and installing too many software updates at one time
• launching a security countermeasure to mitigate a Trojan horse

Explanation: Past sending too much data to a specific area of memory, side by side retentivity locations are overwritten, which causes a security issue considering the program in the overwritten memory location is afflicted.

35. Which blazon of security threat would be responsible if a spreadsheet improver disables the local software firewall?

• DoS
• Trojan horse
• buffer overflow
• beast-force attack

Explanation: A Trojan equus caballus is software that does something harmful, but is hidden in legitimate software code. A deprival of service (DoS) attack results in break of network services to users, network devices, or applications. A animal-force assault commonly involves trying to admission a network device. A buffer overflow occurs when a program attempts to store more data in a memory location than it can hold.

36. Which two types of hackers are typically classified as grey hat hackers? (Choose two.)

• hacktivists
• cyber criminals
• vulnerability brokers
• script kiddies
• state-sponsored hackers

Explanation: Grey hat hackers may do unethical or illegal things, just not for personal gain or to cause damage. Hacktivists use their hacking as a form of political or social protest, and vulnerability brokers hack to uncover weaknesses and report them to vendors. Depending on the perspective one possesses, state-sponsored hackers are either white hat or black chapeau operators. Script kiddies create hacking scripts to crusade damage or disruption. Cyber criminals use hacking to obtain fiscal gain by illegal means.

37. A white hat hacker is using a security tool called Skipfish to find the vulnerabilities of a computer system. What type of tool is this?

• debugger
• fuzzer
• vulnerability scanner
• parcel sniffer

Caption: Fuzzers are tools used by threat actors when attempting to discover the vulnerabilities of a figurer system. Examples of fuzzers include Skipfish, Wapiti, and W3af.

38. Which ii functions are provided by NetFlow? (Choose two.)

• It uses artificial intelligence to detect incidents and assist in incident analysis and response.
• It provides a consummate inspect trail of basic information well-nigh every IP flow forwarded on a device.
• It provides 24×7 statistics on packets that flow through a Cisco router or multilayer switch.
• It allows an administrator to capture real-time network traffic and analyze the entire contents of packets.
• It presents correlated and aggregated upshot information in existent-time monitoring and long-term summaries.

Caption: NetFlow is a Cisco IOS engineering that provides statistics and complete audit trails on TCP/IP flows on the network. Some of the capabilities of NetFlow include the following: 24×7 network and security monitoring, network planning, traffic analysis, identification of network bottlenecks, and IP accounting for billing purposes.

39. Which statement describes the office of the Bridge tool used in a Cisco switch?

• Information technology is a secure channel for a switch to ship logging to a syslog server.
• It provides interconnection between VLANs over multiple switches.
• It supports the SNMP trap operation on a switch.
• It copies the traffic from one switch port and sends it to another switch port that is continued to a monitoring device.

Explanation: To analyze network traffic passing through a switch, switched port analyzer (SPAN) can be used. Span tin send a copy of traffic from one port to another port on the same switch where a network analyzer or monitoring device is connected. Span is non required for syslog or SNMP. SPAN is used to mirror traffic, while syslog and SNMP are configured to ship data directly to the advisable server.

twoscore. What are two evasion methods used past hackers? (Choose 2.)

• scanning
• admission assail
• resource exhaustion
• phishing
• encryption

Caption: The following methods are used past hackers to avoid detection:Encryption and tunneling – hide or scramble the malware content
Resource exhaustion – continue the host device as well busy to detect the invasion
Traffic fragmentation – split the malware into multiple packets
Protocol-level misinterpretation – sneak by the firewall
Pivot – utilize a compromised network device to endeavour access to another device
Rootkit – allow the hacker to avoid detection as well as hide software installed by the hacker

41. Which attack involves threat actors positioning themselves between a source and destination with the intent of transparently monitoring, capturing, and controlling the communication?

• man-in-the-centre attack
• DoS attack
• ICMP attack
• SYN overflowing set on

Explanation: The human-in-the-center assail is a common IP-related set on where threat actors position themselves between a source and destination to transparently monitor, capture, and control the communication.

42. What is the goal of a white lid hacker?

• validating data
• modifying data
• stealing data
• protecting data

Explanation: White hat hackers are really "proficient guys" and are paid by companies and governments to examination for security vulnerabilities then that information is better protected.

43. Once a cyber threat has been verified, the Us Cybersecurity Infrastructure and Security Agency (CISA) automatically shares the cybersecurity data with public and private organizations. What is this automated organisation chosen?

• AIS
• NCSA
• ENISA
• NCASM

Caption: Governments are now actively promoting cybersecurity. For case, the US Cybersecurity Infrastructure and Security Agency (CISA) is leading efforts to automate the sharing of cybersecurity data with public and private organizations at no cost. CISA use a system chosen Automated Indicator Sharing (AIS). AIS enables the sharing of attack indicators between the United states of america government and the private sector every bit soon equally threats are verified. CISA offers many resources that help to limit the size of the United States attack surface.

44. A user receives a phone call from a person who claims to represent Information technology services and and then asks that user for confirmation of username and password for auditing purposes. Which security threat does this telephone phone call represent?

• spam
• anonymous keylogging
• DDoS
• social applied science

Caption: Social engineering attempts to gain the confidence of an employee and convince that person to divulge confidential and sensitive information, such as usernames and passwords. DDoS attacks, spam, and keylogging are all examples of software based security threats, not social engineering.

45. Which two characteristics describe a worm? (Cull two)

• is self-replicating
• travels to new computers without whatsoever intervention or knowledge of the user
• infects computers by attaching to software code
• hides in a dormant land until needed by an attacker
• executes when software is run on a computer

Explanation: Worms are self-replicating pieces of software that consume bandwidth on a network every bit they propagate from arrangement to system. They do non require a host application, unlike a virus. Viruses, on the other hand, carry executable malicious code which harms the target motorcar on which they reside.

46. An assaulter is redirecting traffic to a faux default gateway in an endeavour to intercept the data traffic of a switched network. What type of attack could reach this?

• MAC address snoopin
• DHCP snooping
• MAC accost starvation
• DHCP spoofing

Explanation: In DHCP spoofing attacks, an attacker configures a simulated DHCP server on the network to result DHCP addresses to clients with the aim of forcing the clients to utilize a false default gateway, and other false services. DHCP snooping is a Cisco switch feature that tin can mitigate DHCP attacks. MAC accost starvation and MAC address snooping are non recognized security attacks. MAC address spoofing is a network security threat.

47. What would be the target of an SQL injection attack?

• DHCP
• DNS
• email
• database

Explanation: SQL is the language used to query a relational database. Cybercriminals use SQL injections to get information, create simulated or malicious queries, or to breach the database in another way.

48. The Information technology department is reporting that a company web server is receiving an abnormally loftier number of web page requests from different locations simultaneously. Which type of security attack is occurring?

• social engineering
• adware
• DDoS
• phishing
• spyware

Caption: Phishing, spyware, and social technology are security attacks that collect network and user data. Adware consists, typically, of annoying popup windows. Unlike a DDoS attack, none of these attacks generate large amounts of information traffic that tin can restrict access to network services.

49. Why would an attacker want to spoof a MAC address?

• so that the attacker can capture traffic from multiple VLANs rather than from only the VLAN that is assigned to the port to which the attacker device is fastened
• so that a switch on the LAN will beginning forwarding frames to the attacker instead of to the legitimate host
• then that a switch on the LAN will start forwarding all frames toward the device that is nether control of the assailant (that can then capture the LAN traffic)
• and so that the assaulter can launch another type of attack in order to gain access to the switch

Explanation: MAC address spoofing is used to bypass security measures by assuasive an attacker to impersonate a legitimate host device, usually for the purpose of collecting network traffic.

fifty. Match the security concept to the clarification.

51. Which two characteristics depict a virus? (Cull two.)

• Malicious code that tin remain dormant before executing an unwanted activity.
• Malware that executes arbitrary code and installs copies of itself in memory.
• Malware that relies on the action of a user or a program to activate.
• Plan code specifically designed to corrupt retentivity in network devices.
• A cocky-replicating attack that is independently launched.

Explanation: A virus is malicious code that is attached to legitimate programs or executable files. Most viruses crave cease user activation, tin can lie dormant for an extended catamenia, and so activate at a specific fourth dimension or appointment. In contrast, a worm executes capricious code and installs copies of itself in the memory of the infected figurer. The main purpose of a worm is automatic replication to spread quickly across a network. A worm does not require a host program to run.

52. Which type of security attack would endeavour a buffer overflow?

• ransomware
• reconnaissance
• DoS
• scareware

Explanation: Denial of service (DoS) attacks attempt to disrupt service on the network by either sending a particular device an overwhelming amount of information so no other devices can access the attacked device or by sending malformed packets.

brophythingaing.blogspot.com

Source: https://itexamanswers.net/modules-13-17-threats-and-attacks-group-exam-answers.html

Share this post