CCSP SECUR FAQ : Attack Threats Defined and Detailed

CCSP SECUR FAQ : Attack Threats Defined and Detailed

Q1. Your boss insists that it is fine to use his wife’s name as his password, despite the fact that your security policy states that this is not a sufficient password. What weaknesses are revealed?
A. This shows a lack of an effective security policy (policy weakness).
B. This shows a technology weakness.
C. This shows a protocol weakness.
D. This shows a configuration weakness.
E. This shows that your boss is an idiot.

Answer: A, D

Q2. You receive a call from a writer for a computer magazine. They are doing a survey of network security practices. What form of attack could this be?
A. Reconnaissance
B. Unauthorized access
C. Data manipulation
D. Denial of service
E. None of the above

Answer: A

Q3. Walking past a programmer’s desk, you see that he is using a network analyzer. What category of attack should you watch for?
A. Reconnaissance
B. Unauthorized access
C. Data manipulation
D. Denial of service
E. None of the above

Answer: A

Q4. Looking at the logs, you notice that your manager has erased some system files from your NT system. What is the most likely motivation for this?
A. Intruding for political purposes
B. Intruding for profit
C. Intruding through lack of knowledge
D. Intruding for fun and pride
E. Intruding for revenge

Answer: C

Q5. Your new engineer, who has very little experience working in your corporate environment, has added a new VPN concentrator onto the network. You have been too busy with another project to oversee the installation. What weakness do you need to be aware of concerning his implementation of this device?
A. Lack of effective policy
B. Technology weakness
C. Lack of user knowledge
D. Operating system weakness
E. Configuration weakness

Answer: E

Q6. Statistically, what is the most likely launch site for an attack against your network?
A. From poor configurations on the firewall
B. From the Internet over FTP
C. From the Internet through e-mail
D. From within your network
E. None of the above

Answer: D

Q7. Your accountant claims that all the electronic funds transfers from the previous day were incorrect. What category of attack could this be caused by?
A. Reconnaissance
B. Unauthorized access
C. Denial of service
D. Data manipulation
E. None of the above

Answer: D

Q8. Your logs reveal that someone has attempted to gain access as the administrator of a server. What category of attack could this be?
A. Reconnaissance
B. Unauthorized access
C. Denial of service
D. Data manipulation
E. None of the above

Answer: B

Q9. Your firewall and IDS logs indicate that a host on the Internet scanned all of your public address space looking of connections to TCP port 25. What type of attack does this indicate?
A. Reconnaissance attack, vertical scan
B. Reconnaissance attack, block scan
C. Reconnaissance attack, horizontal scan
D. Reconnaissance attack, DNS scan
E Reconnaissance attack, SMTP scan

Answer: C

Q10. True or False: A “script kiddie” that is scanning the Internet for “targets of opportunity” represents a structured threat to an organization?
A. True
B. False

Answer: False

Q11. An application that is supposed to monitor your network and alert you in the event of an outage is being considered by your manager. You begin testing the product and discover that it requires a management connection to every network component (each requiring a password) but maintains these nonencrypted (clear-text) connections. This would require that the system send clear-text passwords to every network component that you want to manage. Would you consider this product for you network and why?

Answer: Any product that requires you to send passwords in clear text poses a significant risk. The passwords could be intercepted and used for a variety of different attacks.

Q12. How many TCP ports can an can a system communicate over if no ports are blocked and a service is listening on every available port?

Answer: It is possible to remotely connect to a computer on any of 65,535 ports.

Q13. What are three “self-imposed vulnerabilities”?

Answer: There are three main reasons that security attacks can become effective and damage networks: lack of effective policy (policy weakness), configuration weakness, and technology weakness.

Q14. Can a system misconfiguration be a security vulnerability.

Answer: Yes. A simple misconfiguration can cause severe security issues.

Q15. Why would you not want to install security devices using the default settings?

Answer: The default settings are the same on most network components when they ship from the factory. If you implement a component and do not change the password, that system could be accessed by anyone who knows the default password for that product. A very common type of attack includes using every default password combination to access a device.

Q16. How does NFS make network connections and why can it be difficult to secure?

Answer: Because NFS uses a random selection of ports, it can be difficult for an administrator to limit access.

Q17. Why is it difficult to determine whether IP traffic is spoofed?

Answer: The header and footer on an IP packet can be intercepted and modified without leaving evidence of the change.

Q18. What is a structured threat?

Answer: A structured thread is an organized effort to breach a specific target.

Q19. Which type of threat is more common: structured or unstructured?

Answer: Unstructured threats are by far the most common.

Q20. Why should your security administrator be well trained and very familiar with the product that she is using?

Answer: A poorly trained administrator of a firewall can mistakenly allow too many services to traverse the firewall and allow access to services that expose vulnerabilities and increase the potential success of an attack on the network.

Q21. What is the goal of a reconnaissance attack?

Answer: The goal of this reconnaissance is to determine the makeup of the targeted computer or network and to search for and map any vulnerabilities.

Q22. What is a “vertical scan”?

Answer: Scanning the service ports of a single host and requesting different services at each port.

Q23. What is a “worm”?

Answer: A worm attaches itself to other files or programs and exploits vulnerabilities on networked systems to replicate itself.

Q24. What is a DDoS attack?

Answer: A DDoS attack is an attack launched from multiple systems against a single target and is intended to interrupt that system or network by overwhelming it with traffic.

More Resources

About the author

Scott

Leave a Comment