Module 17: Attacking What We Do

Question 1

Which action best describes a MAC address spoofing attack?

flooding the LAN with excessive traffic
bombarding a switch with fake source MAC addresses
altering the MAC address of an attacking host to match that of a legitimate host
forcing the election of a rogue root bridge

Answer 1

altering the MAC address of an attacking host to match that of a legitimate host

Question 2

What is the result of a DHCP starvation attack?

Clients receive IP address assignments from a rogue DHCP server.
Legitimate clients are unable to lease IP addresses.
The IP addresses assigned to legitimate clients are hijacked.
The attacker provides incorrect DNS and default gateway information to clients.

Answer 2

Legitimate clients are unable to lease IP addresses.

Question 3

In which type of attack is falsified information used to redirect users to malicious Internet sites?

domain generation
ARP cache poisoning
DNS amplification and reflection
DNS cache poisoning

Answer 3

DNS cache poisoning

Question 4

Which type of DNS attack involves the cybercriminal compromising a parent domain and creating multiple subdomains to be used during the attacks?

• shadowing
• cache poisoning
• tunneling
• amplification and reflection

Answer 4

shadowing

Question 5

Which language is used to query a relational database?

• Java
• Python
• SQL
• C++

Answer 5

SQL

Question 6

Which term is used for bulk advertising emails flooded to as many end users as possible?

• spam
• adware
• brute force
• phishing

Answer 6

spam

Question 7

Which protocol would be the target of a cushioning attack?

• ARP
• DHCP
• HTTP
• DNS

Answer 7

HTTP

Explanation: The HTTP 302 cushioning attack is used by cybercriminals to take advantage of the 302 Found HTTP response status code to redirect the browser of the user to a new location, usually a malicious site.

Question 8

Which protocol is attacked when a cybercriminal provides an invalid gateway in order to create a man-in-the-middle attack?

• ICMP
• DNS
• DHCP
• HTTP or HTTPS

Answer 8

DHCP

Question 9

What is an objective of a DHCP spoofing attack?

• to intercept DHCP messages and alter the information before sending to DHCP clients
• to gain illegal access to a DHCP server and modify its configuration
• to provide false DNS server addresses to DHCP clients so that visits to a legitimate web server are directed to a fake server
• to attack a DHCP server and make it unable to provide valid IP addresses to DHCP clients

Answer 9

to provide false DNS server addresses to DHCP clients so that visits to a legitimate web server are directed to a fake server

Question 10

How do cybercriminals make use of a malicious iFrame?

• The attacker embeds malicious content in business appropriate files.
• The iFrame allows multiple DNS subdomains to be used.
• The attacker redirects traffic to an incorrect DNS server.
• The iFrame allows the browser to load a web page from another source.

Answer 10

The iFrame allows the browser to load a web page from another source.

Question 11

What is a characteristic of a DNS amplification and reflection attack?

• Threat actors hide their phishing and malware delivery sites behind a quickly-changing network of compromised DNS hosts.
• Threat actors use malware to randomly generate domain names to act as rendezvous points.
• Threat actors use DNS open resolvers to increase the volume of attacks and to hide the true source of an attack.
• Threat actors use a DoS attack that consumes the resources of the DNS open resolvers.

Answer 11

Threat actors use DNS open resolvers to increase the volume of attacks and to hide the true source of an attack.

Question 12

Which two attacks target web servers through exploiting possible vulnerabilities of input functions used by an application? (Choose two.)

• SQL injection
• port scanning
• cross-site scripting
• port redirection
• trust exploitation

Answer 12

SQL injection
cross-site scripting