1. The IT department is reporting that a company web server is receiving an abnormally high number of web page requests from different locations simultaneously. Which type of security attack is occurring?
- spyware
- phishing
- DDoS
- social engineering
- adware
Explanation: Phishing, spyware, and social engineering are security attacks that collect network and user information. Adware consists, typically, of annoying popup windows. Unlike a DDoS attack, none of these attacks generate large amounts of data traffic that can restrict access to network services.
2. What causes a buffer overflow?
- downloading and installing too many software updates at one time
- attempting to write more data to a memory location than that location can hold
- sending too much information to two or more interfaces of the same device, thereby causing dropped packets
- sending repeated connections such as Telnet to a particular device, thus denying other data sources
- launching a security countermeasure to mitigate a Trojan horse
Explanation: By sending too much data to a specific area of memory, adjacent memory locations are overwritten, which causes a security issue because the program in the overwritten memory location is affected.
3. Which objective of secure communications is achieved by encrypting data?
- authentication
- confidentiality
- integrity
- availability
Explanation: When data is encrypted, it is scrambled to keep the data private and confidential so that only authorized recipients can read the message. A hash function is another way of providing confidentiality.
4. What type of malware has the primary objective of spreading across the network?
- virus
- botnet
- Trojan horse
- worm
Explanation: The main purpose of a worm is to self-replicate and propagate across the network. A virus is a type of malicious software that needs a user to spread. A trojan horse is not self-replicating and disguises itself as a legitimate application when it is not. A botnet is a series of zombie computers working together to wage a network attack.
5. Which algorithm can ensure data confidentiality?
- MD5
- PKI
- AES
- RSA
Explanation: Data confidentiality is ensured through symmetric encryption algorithms, including DES, 3DES, and AES.
6. What three items are components of the CIA triad? (Choose three.)
- scalability
- access
- intervention
- confidentiality
- integrity
- availability
Explanation: The CIA triad contains three components: confidentiality, integrity, and availability. It is a guideline for information security for an organization.
7. Which cyber attack involves a coordinated attack from a botnet of zombie computers?
- address spoofing
- ICMP redirect
- DDoS
- MITM
Explanation: DDoS is a distributed denial-of-services attack. A DDoS attack is launched from multiple coordinated sources. The sources of the attack are zombie hosts that the cybercriminal has built into a botnet. When ready, the cybercriminal instructs the botnet of zombies to attack the chosen target.
8. What specialized network device is responsible for enforcing access control policies between networks?
- firewall
- switch
- IDS
- bridge
Explanation: Firewalls are used to permit or block traffic between networks according to access control policies.
9. To which category of security attacks does man-in-the-middle belong?
- DoS
- access
- reconnaissance
- social engineering
Explanation: With a man-in-the-middle attack, a threat actor is positioned in between two legitimate entities in order to read, modify, or redirect the data that passes between the two parties.
10. What is the role of an IPS?
- to detect patterns of malicious traffic by the use of signature files
- to enforce access control policies based on packet content
- to filter traffic based on defined rules and connection context
- to filter traffic based on Layer 7 information
Explanation: For detecting malicious activity, an IPS uses a set of rules called signatures to detect patterns in network traffic.
11. Which type of DNS attack involves the cybercriminal compromising a parent domain and creating multiple subdomains to be used during the attacks?
- tunneling
- cache poisoning
- amplification and reflection
- shadowing
Explanation: Two threats to DNS are DNS shadowing and DNS tunneling attacks. DNS shadowing attacks compromise a parent domain and then the cybercriminal creates subdomains to be used in attacks. DNS tunneling attacks build botnets to bypass traditional security solutions. Three threats to DNS open resolvers are cache poisoning, amplification and reflection, and resource utilization attacks.
12. Which two types of hackers are typically classified as grey hat hackers? (Choose two.)
- script kiddies
- cyber criminals
- vulnerability brokers
- state-sponsored hackers
- hacktivists
Explanation: Grey hat hackers may do unethical or illegal things, but not for personal gain or to cause damage. Hacktivists use their hacking as a form of political or social protest, and vulnerability brokers hack to uncover weaknesses and report them to vendors. Depending on the perspective one possesses, state-sponsored hackers are either white hat or black hat operators. Script kiddies create hacking scripts to cause damage or disruption. Cyber criminals use hacking to obtain financial gain by illegal means.
13. What is a significant characteristic of virus malware?
- Virus malware is only distributed over the Internet.
- Once installed on a host system, a virus will automatically propagate itself to other systems.
- A virus can execute independently of the host system.
- A virus is triggered by an event on the host system.
Explanation: A virus is malicious code that is attached to a legitimate program or executable file, and requires specific activation, which may include user actions or a time-based event. When activated, a virus can infect the files it has not yet infected, but does not automatically propagate itself to other systems. Self-propagation is a feature of worms. In addition to being distributed over the Internet, viruses are also spread by USB memory sticks, CDs, and DVDs.
14. A cleaner attempts to enter a computer lab but is denied entry by the receptionist because there is no scheduled cleaning for that day. What type of attack was just prevented?
- phishing
- shoulder surfing
- war driving
- social engineering
- Trojan
Explanation: Social engineering is when a person attempts to manipulate another individual to gain access to information or resources to which they are not entitled.