CCNA Cyber Ops FAQ: Security Evasion Techniques
Q1. Which of the following is when the attacker sends traffic slower than normal, not exceeding thresholds inside the time windows the signatures use to correlate different packets together?
A. Traffic insertion
B. Protocol manipulation
C. Traffic fragmentation
D. Timing attack
Q2. Which of the following would give an IPS the most trouble?
A. Jumbo packets
Q3. Which type of attack is when an IPS receives a lot of traffic/packets?
A. Resource exhaustion
B. DoS (denial of service)
C. Smoke and mirrors
D. Timing attack
Q4. Which of the following is not an example of traffic fragmentation?
A. Modifying routing tables
B. Modifying the TCP/IP in a way that is unexpected by security detection devices
C. Modifying IP headers to cause fragments to overlap
D. TCP segmentation
Q5. What is the best defense for traffic fragmentation attacks?
A. Deploying a passive security solution that monitors internal traffic for unusual traffic and traffic fragmentation
B. Deploying a next-generation application layer firewall
C. Configuring fragmentation limits on a security solution
D. Deploying a proxy or inline security solution
Q6. Which of the following is a TCP-injection attack?
A. Forging a TCP packet over an HTTPS session
B. Replacing legitimate TCP traffic with forged TCP packets
C. The addition of a forged TCP packet to an existing TCP session
D. Modifying the TCP/IP in a way that is unexpected by security detection
Q7. A traffic substitution and insertion attack does which of the following?
A. Substitutes the traffic with data in a different format but with the same meaning
B. Substitutes the payload with data in the same format but with a different meaning, providing a new payload
C. Substitutes the payload with data in a different format but with the same meaning, not modifying the payload
D. Substitutes the traffic with data in the same format but with a different meaning
Q8. Which of the following is not a defense against a traffic substitution and insertion attack?
A. Unicode de-obfuscation
B. Using Unicode instead of ASCII
C. Adopting the format changes
D. Properly processing extended characters
Q9. Which of the following is not a defense against a pivot attack?
A. Content filtering
B. Proper patch management
C. Network segmentation
D. Access control
Q10. Which security technology would be best for detecting a pivot attack?
A. Virtual private network (VPN)
B. Host-based antivirus
C. NetFlow solution looking for anomalies within the network
D. Application layer firewalls
Q11. What is SSH used for?
a. Remote access
b. To provide a client-based VPN solution for remote users
c. Managing network equipment remotely
d. Preventing man-in-the-middle attacks by securing traffic between the client and server
Q12. Which of the following is a true statement?
A. A remote access VPN must include a host installed on the client.
B. A clientless VPN can connect multiple concentrators together.
C. A remote access VPN may include a host installed on the client.
D. A clientless VPN installs software on the host to establish the VPN connection.
Q13. Which of the following is not a possible outcome of a resource exhaustion attack?
A. Corrupting applications by modifying their code
B. A denial of server on the target system
C. Bypassing access control security
D. Causing blackouts in network monitoring
Q14. Which of the following is not a technique used to confuse an IPS from assembling fragmenting packets?
A. Encrypting traffic
B. TCP segmentation and reordering attack
C. Overlapping fragments
D. Sending traffic in very slow method
Q15. Which of the following is the best explanation of an overlapping fragment attack?
A. This attack works by setting the offset values in the IP header to match up, causing one fragment to overlap another.
B. This attack works by setting the TCP values in the IP header to not match up, causing one fragment to overlap another.
C. This attack works by setting the UDP values in the IP header to match up, causing one fragment to overlap another.
D. This attack works by setting the offset values in the IP header to not match up, causing one fragment to overlap another.
Q16. Which of the following best describes a timing attack?
A. Sending a ton of traffic to render the system or data useless
B. Sending traffic in a method that is slower than the system can accept
C. Sending traffic slowly enough where the system can accept it but overlooks it
D. Sending the traffic over different protocols
Q17. Which of the following is an example of a traffic substitution and insertion attack?
A. Inputting more characters than requested
B. Using functions and classes
C. Changing spaces with tabs
D. Inputting wildcard characters
Q18. Which of the following is not a method used to pivot a network?
A. Exploiting a host on the same network
B. Creating a back door to the network
C. VLAN hopping
D. Exploiting a network server
Q19. Which is the best answer to explain why Cisco Identity Services Engine would reduce the risk of pivoting to a higher, trusted network?
A. ISE ensures systems have the latest antivirus updates prior to permitting access to the network.
B. ISE can unify and enforce the LAN, wireless, and VPN access control policies into one secure policy.
C. ISE can profile devices, providing greater detail on which ones can access what resources.
D. ISE enforces network segmentation
Q20. Which of the following statements is not true about SSH?
A. SSH uses TCP port 22.
B. SSH is composed of an SSH server, clients, and keys.
C. SSH uses asymmetric encryption.
D. SSH encrypts traffic between a client and an SSH server.