Exam #4 - Threats, Attacks, and Vulnerabilities - P.2

Nội dung: Các mối đe dọa, tấn công và lỗ hổng - P2 - Số câu: 15 - Yêu cầu: 13/15

Aug 23, 2023 - 18:53

1. Frank is a network administrator for a small college. He discovers that several machines on his network are infected with malware. That malware is sending a flood of packets to a target external to the network. What best describes this attack?

A. SYN flood
C. Botnet
D. Backdoor

2. Dennis uses an on-path attack to cause a system to send HTTPS traffic to his system and then forwards it to the actual server the traffic is intended for. What type of password attack can he conduct with the data he gathers if he captures all the traffic from a login form?

A. A plain-text password attack
B. A pass-the-hash attack
C. A SQL injection attack
D. A cross-site scripting attack

3. Which of the following is not a common means of attacking RFID badges?

A. Data capture
B. Spoofing
C. Denial-of-service
D. Birthday attacks

4. CVE is an example of what type of feed?

A. A threat intelligence feed
B. A vulnerability feed
C. A critical infrastructure listing feed
D. A critical virtualization exploits feed

5. Farès is the network security administrator for a company that creates advanced routers and switches. He has discovered that his company’s networks have been subjected to a series of advanced attacks over a period of time. What best describes this attack?

B. Brute force
D. Disassociation attack

6. What type of information is phishing not commonly intended to acquire?

A. Passwords
B. Email addresses
C. Credit card numbers
D. Personal information

7. Matt discovers that a system on his network is sending hundreds of Ethernet frames to the switch it is connected to, with each frame containing a different source MAC address. What type of attack has he discovered?

A. Etherspam
B. MAC flooding
C. Hardware spoofing
D. MAC hashing

8. Spyware is an example of what type of malware?

A. Trojan
D. Ransomware

9. Which of the following is commonly used in a distributed denial-of-service (DDoS) attack?

A. Phishing
B. Adware
C. Botnet
D. Trojan

10. Angela reviews the authentication logs for her website and sees attempts from many different accounts using the same set of passwords. What is this attack technique called?

A. Brute forcing
B. Password spraying
C. Limited login attacks
D. Account spinning

11. What process typically occurs before card cloning attacks occur?

A. A brute-force attack
B. A skimming attack
C. A rainbow table attack
D. A birthday attack

12. Which of the following is an attack that seeks to attack a website, based on the website’s trust of an authenticated user?

C. Buffer overflow

13. Angela has discovered an attack against some of the users of her website that leverage URL parameters and cookies to make legitimate users perform unwanted actions. What type of attack has she most likely discovered?

A. SQL injection
B. Cross-site request forgery
C. LDAP injection
D. Cross-site scripting

14. Nathan discovers the following code in the directory of a compromised user. What language is it using, and what will it do?

echo "ssh-rsa ABBAB4KAE9sdafAK...Mq/jc5YLfnAnbFDRABMhuWzaWUp root@localhost" >> /root/.ssh/authorized_keys

A. Python, adds an authorized SSH key
B. Bash, connects to another system using an SSH key
C. Python, connects to another system using an SSH key
D. Bash, adds an authorized SSH key

15. Michelle discovers that a number of systems throughout her organization are connecting to a changing set of remote systems on TCP port 6667. What is the most likely cause of this, if she believes the traffic is not legitimate?

A. An alternate service port for web traffic
B. Botnet command and control via IRC
C. Downloads via a peer-to-peer network
D. Remote access Trojans

Cảm xúc của bạn?