A type of IDS that relies on predetermined attack patterns

A type of IDS that relies on predetermined attack patterns 

An unauthorized practice of obtaining confidential information by manipulating people into disclosing sensitive data is referred to as:

a .Shoulder surfing
b. Privilege escalation
c. Social engineering
d. Penetration testing

 

 

·         c. Social engineering

 

Which term best describes disgruntled employees abusing legitimate access to company's internal resources?

a. Script kiddies
b. Insider threat
c. Hacktivists
d. Organized crime

 

·         b. Insider threat

 

Malicious code activated by a specific event is known as:

a. Backdoor
b. Logic bomb
c. Rootkit
d. Trojan horse

 

·         b. Logic bomb

 

The term "Evil twin" refers to a rogue Wireless Access Point (WAP) set up for eavesdropping or stealing sensitive user data. Evil twin replaces the legitimate access point and by advertising its own presence with the same Service Set Identifier (SSID, a.k.a. network name) appears as a legitimate access point to connecting hosts.

a. True
b. False

 

·         True

 

An optimal Wireless Access Point (WAP) antenna placement provides a countermeasure against:

a. War chalking
b. Spoofing
c. War driving
d. Insider threat

 

·         c. War driving

 

A social engineering technique whereby attackers under disguise of legitimate request attempt to gain access to confidential information they shouldn't have access to is commonly referred to as:

a. Phishing
b. Privilege escalation
c. Backdoor access
d. Shoulder surfing

 

·         Phishing

 

A fraudulent email requesting its recipient to reveal sensitive information (e.g. user name and password) used later by an attacker for the purpose of identity theft is an example of: (Select 2 answers)

a. Phishing
b. Watering hole attack
c. Social engineering
d. Bluejacking
e. Vishing

 

·         Phishing
c. Social engineering

 

Malware that restricts access to a computer system by encrypting files or locking the entire system down until the user performs requested action is called:

a. Grayware
b. Adware
c. Ransomware
d. Spyware

 

·         c. Ransomware

 

Remapping a domain name to a rogue IP address is an example of what kind of exploit?

a. DNS poisoning
b. Domain hijacking
c. ARP poisoning
d. URL hijacking

 

·         DNS poisoning

 

 

An attacker managed to associate his/her MAC address with the IP address of the default gateway. In result, a targeted host is sending network traffic to the attacker's IP address instead of the IP address of the default gateway. Based on the given info, which type of attack is taking place in this scenario?

a. ARP poisoning
b. Replay attack
c. Cross-site request forgery
d. DNS poisoning

 

·         ARP poisoning

 

An email sent from unknown source disguised as the source known to the message receiver is an example of: (Select 2 answers)

a. Spoofing
b. Dictionary attack
c. Trojan horse
d. Brute forcing
e. Social engineering
f. Tailgating

 

·         Spoofing

e. Social engineering

 

Which of the answers listed below refers to a network protocol used in the most common types of spoofing attacks?

a. SMTP (Simple Mail Transfer Protocol)
b. RDP (Remote Desktop Protocol)
c. SNMP (Simple Network Management Protocol)
d. Telnet (A terminal emulation protocol used on the Internet and TCP/IP-based networks)

 

·         SMTP (Simple Mail Transfer Protocol)

 

A wireless disassociation attack is a type of:

a. Downgrade attack
b. Brute-force attack
c. Denial of Service (DoS) attack
d. Cryptographic attack

 

·         c. Denial of Service (DoS) attack

 

An attack against encrypted data that relies heavily on computing power to check all possible keys and passwords until the correct one is found is referred to as:

a. Replay attack
b. Brute-force attack
c. Dictionary attack
d. Birthday attack

 

·         b. Brute-force attack

 

Switch spoofing and double tagging are attack methods used in:

a. DDoS attacks
b. Downgrade attacks
c. VLAN hopping attacks
d. Wireless disassociation attacks

 

·         c. VLAN hopping attacks

 

Which of the following is an example of active eavesdropping?

a. Spoofing
b. Zero-day attack
c. Spear phishing
d. MITM

 

·         d. MITM

 

A type of attack that relies on intercepting and altering data sent between two networked hosts is known as:

a. Zero-day attack
b. MITM attack
c. Watering hole attack
d. Replay attack

 

·         b. MITM attack

 

In computer security, the term "Exploit" refers to a any method that allows malicious users to take advantage of a vulnerability found in computer systems.

a. True
b. False

 

·         True

 

Which of the answers listed below refers to a type of software embedded into a hardware chip?

a. Adware
b. Background app
c. Device driver
d. Firmware

 

·         d. Firmware

 

Hash functions allow for mapping large amounts of data content to a small string of characters. The result of hash function provides the exact "content in a nutshell" (in the form of a string of characters) derived from the main content. In case there's any change to the data after the original hash was taken, the next time when hash function is applied, the resulting hash value calculated after content modification will be different from the original hash. In computer forensics procedures, comparing hashes taken at different stages of evidence handling process ensures that the evidence hasn't been tampered with and retains its integrity.

a. True
b. False

 

·         True

 

Which of the following are hashing algorithms? (Select 2 answers)

a. MD5 (Message-Digest Algorithm)
b. CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol )
c. AES (Advanced Encryption Standard)
d. RC4 ( symmetric key cipher and bite-oriented algorithm)
e. SHA (Secure Hash Algorithm)

·         MD5 (Message-Digest Algorithm)

e. SHA (Secure Hash Algorithm)

 

 

 

A network device hardening process should include:

a. Changing default credentials / Avoiding common passwords
b. Firmware upgrades / Patching and updates
c. File hashing
d. Disabling unnecessary services and unused ports (physical and virtual)
e. Implementation of secure protocols
f. Cryptographic key renewal
g. All of the above

 

·         g. All of the above

 

Which of the actions listed below can be taken by an IDS? (Select 2 answers)

a. Firewall reconfiguration
b. Closing down connection
c. Logging
d. Terminating process
e. Sending an alert

c. Logging

·        
e. Sending an alert

 

A type of IDS that relies on predetermined attack patterns to detect intrusions is referred to as a signature-based IDS.


a. True
b. False

 

·         True

 

Changing the native VLAN on all trunk ports to an unused VLAN ID is one of the countermeasures against VLAN hopping.

a. True
b. False

 

·         True