CCNA Security Exam Module 1

CCNAS Chapter Chapter 1 - CCNA Security: Security: Implementing Implementing Network Network Security (Version 1.0) A disgruntled employee is using Wireshark to discover administrative Telnet usernames and passwords. What type of network attack does this describe? A. Denia eniall of Serv ervice ice B. port port redir edire ectio ction n C. reco recon nnais naissa sanc nce e D. trus trustt expl exploi oittatio ation n ANSWER: A,C Which two are characteristics of DoS attacks? (Choose two.) A. They always precede access attacks. B. They hey atte attemp mptt to comp comprrom omis ise e the the avai availlabil abilit ity y of a ne networ twork, k, host host,, or or app applic licatio ation. n. C. They hey are are dif diffi ficu cult lt to cond condu uct and are are init initia iate ted d on only by very ery skil skillled att attacke ackers rs.. D. They are commonly launched with a tool called L0phtCrack. E. Examples include smurf attacks and ping of death attacks. ANSWER: B,E Which two statements describe access attacks? (Choose two.) A. Port Port redi redire rect ctio ion n att attac acks ks use use a netw networ ork ka ada dapt pter er card card in prom promis iscu cuou ous sm mod ode e to to cap captu ture re all all net netw work ork p pac acke kets ts that are sent across a LAN. B. Pass Passw word ord att attac acks ks can can be impl implem emen ente ted d usi using ng bru brute te-f -for orce ce atta attack ck met metho hods ds,, Tro Troja jan n Hor Horse ses, s, or or pac packe kett sn snif iffe fers rs.. C. Buff Buffer er over overfl flow ow atta attack cks s wri write te data data beyo beyond nd the the all alloc ocat ated ed buff buffer er me memo mory ry to over overw write rite vali valid d dat data a or or ex exploi ploitt systems systems to execute malicious malicious code. code. D. Port Port scan scanni ning ng atta attack cks s sca scan n a rang range e of of TCP TCP or UD UDP P por portt num numbe bers rs on a hos hostt to to det detec ectt lis liste teni ning ng serv servic ices es.. E. Trus Trustt ex exploi ploita tati tion on atta attack cks s can can use use a lapt laptop op acti acting ng as a rog rogue ue acce access ss poin pointt to to cap captu ture re and and cop copy ya all ll netw networ ork k traffic in a public location on a wireless wireless hotspot.

ANSWER: B,C

Which two statements are characteristics of a virus? (Choose two.) A. A virus typically requires end-user activation. B. A viru virus s has has an enab enablling ing vu vulner lnerab abil ilit ity, y, a pr propag opagat atio ion n mec mecha hani nism sm,, and and a pay paylo load ad.. C. A vir virus us repl replic icat ate es its itse elf by inde indepe pend nde ently ntly expl exploi oiti ting ng vul vulnera nerab bili ilities ties in netw networ orks ks.. D. A vi virus pr provide ides th the at attacker wi with se sensit sitive da data, su such as pa passwords. E. A virus can be dormant and then activate at a specif cific time or date. ANSWER: A,E Which phase of worm mitigation involves terminating the worm process, removing modified files or system settings that the worm introduced, introduced, and patching the vulnerability that the worm used to exploit the the system? A. containment B. inoculation C. quarantine D. treatment ANSWER: D What is a characteristic of a Trojan Horse? A. A Trojan Horse can be carried in a virus or worm. B. A proxy Tr Trojan Ho Horse opens po port 21 on th the ta target system. C. An FTP FTP Tro Troja jan n Hor Horse se stop stops s ant antii-vi viru rus s pro progr gram ams s or or fir firew ewal alls ls from from func functi tion onin ing. g. D. A Tro Troja jan n Hor Horse se can can be be har hard d to to det detec ectt beca becaus use e itit clo close ses s whe when n the the appl applic icat atio ion n tha thatt lau launc nche hed d itit clos closes es.. ANSW ANSWER: ER: A Which phase of worm mitigation requires compartmentalization and segmentation of the network to slow down or s top the worm and prevent currently infected hosts from targeting and infecting other systems?

A. B. C.

containment phase inoculation phase quarantine phase treatment phase

D.

ANSWER: A

What are three goals of a port scan attack? (Choose three.) A. B. C. D. E. F.

disable used ports and services determine potential vulnerabilities identify active services identify peripheral configurations identify operating systems discover system passwords

ANSWER: B,C,E

What are three types of access attacks? (Choose three.) A. B. C. D. E.

buffer overflow ping sweep port redirection trust exploitation port scan Internet information query

F. ANSWER: A,C,D

Which type of security threat can be described as software that attaches to another program to execute a specific unwanted function? A. B. C.

virus worm proxy Trojan horse Denial of Service Trojan horse

D. ANSWER: A

An attacker is using a laptop as a rogue access point to capture all network traffic from a targeted user. Which type of attack is this? A.trust exploitation B.buffer overflow C.man in the middle

D.port redirection

ANSWER: C

Which type of software typically uses a network adapter card in promiscuous mode to capture all network packets that are sent across a LAN? A. port scanner B. ping sweeper C. packet sniff iffer D. Inte Intern rnet et info inform rmat atio ion n que query ry

ANSWER: C Which characteristic best describes the network security Compliance domain as specified by the ISO/IEC? A.the integration of security into applications B.an inventory and classification classification scheme for information assets assets C.the restriction of access rights to networks, systems, applications, functions, and data D.the process of ensuring conformance with security information information policies, standards, and regulations ANSWER: D

Which statement describes phone freaking? A. A hacker hacker uses passwo password-cra rd-cracking cking progra programs ms to gain gain access access to a computer computer via via a dialup dialup account. account. B. A hacker hacker gains gains unauthor unauthorized ized access access to to networks networks via via wireless wireless access points. points. C. A hacker mimics mimics a tone tone using a whistle whistle to make make free long-dist long-distance ance calls calls on an analog analog telephone telephone networ network. k. D. A hacker uses uses a program program that that automatical automatically ly scans telepho telephone ne numbers numbers within within a local area, area, dialing dialing each each one in search search of computers, bulletin board systems, and fax machines.

ANSWER: C What are the three major components of a worm worm attack? (Choose three.) A. enab enabli ling ng vuln vulner erab abil ilit ity y B. infe infect ctin ing g vuln vulner erab abil ilit ity y C. payload D. pene penetr trat atio ion n mech mechan anis ism m E. prob probin ing g mec mecha hani nism sm F. prop propag agat atio ion n me mech chan anis ism m ANSWER: A,C,F What occurs during during the persist phase phase of a worm worm attack? A. identi identific ficati ation on of vulner vulnerabl able e target targets s B. modificatio modification n of system system files files and registr registry y settings settings to ensure ensure that that the attack attack code code is running running C. transf transfer er of expl exploit oit code code thro throug ugh h an attac attack k vector vector D. extens extension ion of the the attack attack to to vulner vulnerable able neighb neighbori oring ng targe targets ts ANSWER: B Which technology is an example of a host-based intrusion prevention system? A. MARS B. NAC C. CSA D. VPN ANSWER: C

How is a Smurf attack conducted? A. by sending a large large number of packets, overflowing the allocated buffer buffer memory of the target device device B. by sending an echo echo request in an IP packet larger than the maximum packet size size of 65,535 bytes C. by sending a large large number of ICMP ICMP requests to directed broadcast addresses addresses from a spoofed source address on the same network D. by sending a large number of TCP SYN packets to a target device from a spoofed source address ANSWER: C

What is a ping sweep? A. A ping sweep sweep is a networ network k scanning scanning technique technique that indicat indicates es the live live hosts hosts in a range range of IP addresses. addresses. B. A ping sweep sweep is a software software applicati application on that enables enables the the capture capture of all network network packet packets s sent across across a LAN. C. A ping sweep sweep is a scanning scanning techniqu technique e that examines examines a range range of TCP TCP or UDP port port numbers numbers on a host host to detect detect listening services. D. A ping sweep sweep is a query and response response protocol protocol that identifi identifies es informatio information n about a domain, domain, including including the addresses addresses assigned assigned to that domain. domain.

ANSWER: A What occurs during a spoofing attack? A. One device falsifies falsifies data to gain gain access to privil privileged eged informatio information. n. B. Large amount amounts s of network network traffic traffic are sent sent to a target target device device to make resource resources s unavailable unavailable to to intended intended users. users. C. Improperly Improperly formatt formatted ed packets packets are forward forwarded ed to a target target device device to cause the the target target system system to crash. D. A program program writes writes data data beyond beyond the allocate allocated d memory memory to enable enable the execution execution of malicious malicious code. code.

ANSWER: A