CCNA Cyber Ops FAQ: Types of Attacks and Vulnerabilities

CCNA Cyber Ops FAQ: Types of Attacks and Vulnerabilities

Q1. Which of the following are examples of vulnerability and port scanners? (Select all that apply.)
A. SuperScan
B. nmap
C. Nexpose
D. Nessus

Answer: B, C, D. Nexpose, Nessus, and nmap are all vulnerability and port scanners.

Q2. How do UDP scans work?
A. By establishing a three-way handshake.

B. By sending SYN packets to see what ports are open.

C. UDP scans have to rely on ICMP “port unreachable” messages to determine whether a port is open. When the scanner sends a UDP packet and the port is not open on the victim’s system, that system will respond with an ICMP “port unreachable” message.

D. By sending ICMP “port unreachable” messages to the victim.

Answer: C. Because UDP is a connectionless protocol and does not have a three-way handshake like TCP, the UDP scans have to rely on ICMP “port unreachable” messages to determine whether a port is open. When the scanner sends a UDP packet and the port is not open on the victim’s system, that system will respond with an ICMP “port unreachable” message.

Q3. What is a phishing attack?
A. A phishing attack is the act of incorporating malicious ads on trusted websites, which results in users’ browsers being inadvertently redirected to sites hosting malware.

B. A phishing attack uses SQL injection vulnerabilities in order to execute malicious code.

C. This is a type of denial-of-service (DoS) attack where the attacker sends numerous phishing requests to the victim.

D. This is a type of attack where the attacker presents a link that looks like a valid, trusted resource to a user. When the user clicks it, he is prompted to disclose confidential information such as his username and password.

Answer: D. In phishing attacks, the attacker presents a link that looks like a valid, trusted resource to a user. When the user clicks it, he is prompted to disclose confidential information such as his username and password.

Q4. What is a backdoor?
A. A backdoor is a social engineering attack to get access back to the victim.

B. A backdoor is a privilege escalation attack designed to get access from the victim.

C. A backdoor is an application or code used by an attacker either to allow future access or to collect information to use in further attacks.

D. A backdoor is malware installed using man-in-the-middle attacks

Answer: C. A backdoor is an application or code used by an attacker either to allow future access or to collect information to use in further attacks.

Q5. What is an amplification attack?
A. An amplification attack is a form of directed DDoS attack in which the attacker’s packets are sent at a much faster rate than the victim’s packets.

B. An amplification attack is a form of reflected attack in which the response traffic (sent by the unwitting participant) is made up of packets that are much larger than those that were initially sent by the attacker (spoofing the victim).

C. An amplification attack is a type of man-in-the-middle attack.

D. An amplification attack is a type of data exfiltration attack.

Answer: B. An amplification attack is a form of reflected attack in which the response traffic (sent by the unwitting participant) is made up of packets that are much larger than those that were initially sent by the attacker (spoofing the victim).

Q6. What is a buffer overflow?
A. A buffer overflow is when a program or software cannot write data in a buffer, causing the application to crash.

B. A buffer overflow is when a program or software sends the contents of the buffer to an attacker.

C. A buffer overflow is when an attacker overflows a program with numerous packets to cause a denial-of-service condition.

D. A buffer overflow is when a program or software puts more data in a buffer than it can hold or when a program tries to put data in a memory location past a buffer

Answer: D. A buffer overflow is when a program or software puts more data in a buffer than it can hold or when a program tries to put data in a memory location past a buffer. This is done so that data outside the bounds of a block of allocated memory can corrupt other data or crash the program or operating system. In a worst-case scenario, a buffer overflow can lead to the execution of malicious code.

Q7. What is a cross-site scripting (XSS) vulnerability?
A. A type of web application vulnerability where malicious scripts are injected into legitimate and trusted websites

B. A type of cross-domain hijack vulnerability

C. A type of vulnerability that leverages the crossing of scripts in an application

D. A type of cross-site request forgery (CSRF) vulnerability that is used to steal information from the network

Answer: A. XSS is a type of web application vulnerability where malicious scripts are injected into legitimate and trusted websites. An attacker can launch an attack against an XSS vulnerability using a web application to send malicious code (typically in the form of a browser-side script) to a different end user.

Q8. What is a SQL injection vulnerability?
A. A type of vulnerability where an attacker can insert or “inject” a SQL query via the input data from the client to the application or database

B. A type of vulnerability where an attacker can “inject” a new password to a SQL server or the client

C. A type of DoS vulnerability that can cause a SQL server to crash

D. A type of privilege escalation vulnerability aimed at SQL servers

Answer: A. Attackers can insert or “inject” a SQL query via the input data from the client to the application or database. Attackers can exploit SQL injection vulnerabilities to read sensitive data from the database, modify or delete database data, execute administration operations on the database, and even issue commands to the operating system.

Q9. Which of the following describes a rainbow table?
A. An attacker creates a table of mathematical calculations that can be used to perform cryptanalysis of encryption algorithms.

B. An attacker creates a table of mathematical calculations that can be used to perform cryptanalysis of hashing algorithms.

C. An attacker computes possible passwords and their hashes in a given system and puts the results into a lookup table.

D. An attacker computes possible hashing algorithms used in an encrypted channel and puts the results into a lookup table.

Answer: C. In a rainbow table, an attacker computes possible passwords and their hashes in a given system and puts the results into a lookup table.

Q10. Which of the following is a methodology used by attackers to find wireless access points wherever they may be?
A. War driving
B. Wireless LWAP scanning
C. Wireless driving
D. Wireless Aironet scanning

Answer: A. War driving is a technique used by attackers to find wireless access points and wireless routers wherever they may be.

Q11. Which of the following is a type of web application vulnerability where malicious scripts are injected into legitimate and trusted websites?
A. Buffer overflow
B. Cross-site scripting (XSS)
C. Cross-site injection (XSI)
D. SQL injection

Answer: B. XSS is one of the most common types of web application vulnerabilities where the attacker uses malicious scripts and injects them into legitimate and trusted websites.

Q12. Which of the following is a type of vulnerability that attackers can exploit to read sensitive data from the database, modify or delete database data, execute administration operations on the database, and even issue commands to the operating system?
A. SQL injection
B. SQL buffer overflow
C. SQL drop
D. SQL bomb

Answer: A. SQL injection vulnerabilities are used by attackers to read sensitive data from the database, modify or delete database data, execute administration operations on the database, and even issue commands to the operating system.

Q13. Which one of the following attacks results when attackers place themselves in line between two devices that are communicating, with the intent of performing reconnaissance or manipulating the data as it moves between the devices?
A. Man-in-the-path
B. Man-in-the-middle
C. Routing protocol attacks
D. Routing injection attacks

Answer: B. A man-in-the-middle attack results when attackers place themselves in line between two devices that are communicating, with the intent of performing reconnaissance or manipulating the data as it moves between the devices.

Q14. Which of the following is a type of vulnerability where an attacker can use or cause malformed data or unexpected data to abuse an application’s logic, cause a DoS attack, or execute arbitrary code?
A. Deserialization of untrusted data
B. Serialization of untrusted data
C. Deserialization of encrypted data
D. Serialization of encrypted data

Answer: A. Deserialization of untrusted data vulnerabilities is used by attackers to use or cause malformed data or unexpected data to abuse an application’s logic, cause a DoS attack, or execute arbitrary code.

Q15. Which of the following is a type vulnerability that describes when a program or software puts more data in a buffer than it can hold or when a program tries to put data in a memory location past a buffer?
A. Buffer deserialization
B. Buffer injection
C. Cross-site buffer injection
D. Buffer overflow

Answer: D. A buffer overflow is when a program or software puts more data in a buffer than it can hold or when a program tries to put data in a memory location past a buffer.

Q16. What type of attack is done when the attacker tries to create rogue access points so as to gain access to the network or steal information?
A. SSID injection
B. Evil twin
C. War driving
D. LWAP injection

Answer: B. In an evil twin attack the attacker tries to create rogue access points so as to gain access to the network or steal information.

Q17. Which of the following is an attack where threat actors can attack hosts, switches, and routers connected to your Layer 2 network by poisoning the ARP caches of systems connected to the subnet and by intercepting traffic intended for other hosts on the subnet?
A. ARP cache injection
B. ARP cache poisoning
C. DHCP snooping
D. ARP snooping

Answer: B. ARP cache poisoning is an attack where threat actors can attack hosts, switches, and routers connected to your Layer 2 network by poisoning the ARP caches of systems connected to the subnet and by intercepting traffic intended for other hosts on the subnet.

Q18. Cisco switches support a feature that validates ARP packets and intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings. What is this feature called?
A. DHCP cache snooping
B. ARP cache poisoning
C. ARP cache snooping
D. Dynamic ARP inspection

Answer: D. Dynamic ARP inspection is a feature in Cisco switches that validates ARP packets and intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings.

More Resources

About the author

Scott

Leave a Comment