CCNA Security Chapter 1

Approved & Edited by ProProfs Editorial Team
The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.
Learn about Our Editorial Process
| By Man04
M
Man04
Community Contributor
Quizzes Created: 14 | Total Attempts: 6,305
Questions: 17 | Attempts: 1,244

SettingsSettingsSettings
CCNA Security Chapter 1 - Quiz

Welcome to a helpful quiz on the opening chapter of your studies regarding network security, as part of your work towards the Cisco Certified Network Associate. Do you think you have all of the information memorised from the first chapter? Answer the questions and we’ll see for sure!


Questions and Answers
  • 1. 

    1 Which statement describes phone freaking?

    • A.

      A hacker uses password-cracking programs to gain access to a computer via a dialup account.

    • B.

      A hacker gains unauthorized access to networks via wireless access points.

    • C.

      A hacker mimics a tone using a whistle to make free long-distance calls on an analog telephone network.

    • D.

      A hacker uses a program that automatically scans telephone numbers within a local area, dialing each one in search of computers, bulletin board systems, and fax machines.

    Correct Answer
    C. A hacker mimics a tone using a whistle to make free long-distance calls on an analog telephone network.
    Explanation
    Phone freaking refers to the act of manipulating the telephone system to make unauthorized calls or gain free access to long-distance calls. This was commonly done by hackers in the past by mimicking a specific tone using a whistle, which allowed them to bypass the system and make free long-distance calls on analog telephone networks.

    Rate this question:

  • 2. 

    2 Which two statements describe access attacks? (Choose two.)

    • A.

      Port redirection attacks use a network adapter card in promiscuous mode to capture all network packets that are sent across a LAN.

    • B.

      Password attacks can be implemented using brute-force attack methods, Trojan Horses, or packet sniffers.

    • C.

      Buffer overflow attacks write data beyond the allocated buffer memory to overwrite valid data or exploit systems to execute malicious code. .

    • D.

      Port scanning attacks scan a range of TCP or UDP port numbers on a host to detect listening services.

    • E.

      Trust exploitation attacks can use a laptop acting as a rogue access point to capture and copy all network traffic in a public location on a wireless hotspot.

    Correct Answer(s)
    B. Password attacks can be implemented using brute-force attack methods, Trojan Horses, or packet sniffers.
    C. Buffer overflow attacks write data beyond the allocated buffer memory to overwrite valid data or exploit systems to execute malicious code. .
    Explanation
    Access attacks can take various forms, including password attacks and buffer overflow attacks. Password attacks involve using brute-force attack methods, Trojan Horses, or packet sniffers to gain unauthorized access to a system by guessing or stealing passwords. On the other hand, buffer overflow attacks exploit vulnerabilities in a system's memory allocation, causing data to be written beyond the allocated buffer memory. This can lead to overwriting valid data or executing malicious code, allowing attackers to gain unauthorized access or control over a system.

    Rate this question:

  • 3. 

    Which type of software typically uses a network adapter card in promiscuous mode to capture all network packets that are sent across a LAN?

    • A.

      Port scanner

    • B.

      Ping sweeper

    • C.

      Packet sniffer

    • D.

      Internet information query

    Correct Answer
    C. Packet sniffer
    Explanation
    A packet sniffer is a type of software that uses a network adapter card in promiscuous mode to capture all network packets sent across a LAN. It allows users to analyze and monitor network traffic, making it useful for network troubleshooting, security analysis, and network optimization. By capturing and analyzing packets, a packet sniffer can provide insights into network performance, identify potential security threats, and help diagnose network issues.

    Rate this question:

  • 4. 

    4 What are three goals of a port scan attack? (Choose three.)

    • A.

      Disable used ports and services

    • B.

      Determine potential vulnerabilities

    • C.

      Identify active services

    • D.

      Identify peripheral configurations

    • E.

      Identify operating systems

    Correct Answer(s)
    B. Determine potential vulnerabilities
    C. Identify active services
    E. Identify operating systems
    Explanation
    A port scan attack aims to determine potential vulnerabilities in a system by scanning for open ports and services. By identifying active services, an attacker can gather information about the target system and potentially exploit any vulnerabilities. Additionally, identifying the operating system can help the attacker tailor their attack to specific weaknesses or known vulnerabilities associated with that particular OS.

    Rate this question:

  • 5. 

    What is a ping sweep?

    • A.

      A ping sweep is a network scanning technique that indicates the live hosts in a range of IP addresses.

    • B.

      A ping sweep is a software application that enables the capture of all network packets sent across a LAN.

    • C.

      A ping sweep is a scanning technique that examines a range of TCP or UDP port numbers on a host to detect listening services.

    • D.

      A ping sweep is a query and response protocol that identifies information about a domain, including the addresses assigned to that domain.

    Correct Answer
    A. A ping sweep is a network scanning technique that indicates the live hosts in a range of IP addresses.
    Explanation
    A ping sweep is a network scanning technique used to identify live hosts within a specific range of IP addresses. By sending ICMP echo requests (pings) to each IP address in the range, the scanner can determine which hosts are active and responsive. This can be useful for network administrators to monitor and troubleshoot their networks, as well as for potential attackers to identify potential targets.

    Rate this question:

  • 6. 

    6 Which two are characteristics of DoS attacks? (Choose two.)

    • A.

      They always precede access attacks.

    • B.

      They attempt to compromise the availability of a network, host, or application.

    • C.

      They are difficult to conduct and are initiated only by very skilled attackers.

    • D.

      They are commonly launched with a tool called L0phtCrack.

    • E.

      Examples include smurf attacks and ping of death attacks.

    Correct Answer(s)
    B. They attempt to compromise the availability of a network, host, or application.
    E. Examples include smurf attacks and ping of death attacks.
    Explanation
    DoS attacks are characterized by attempts to compromise the availability of a network, host, or application. This means that the attacker aims to make the target system or service inaccessible or unusable for legitimate users. Examples of DoS attacks include smurf attacks and ping of death attacks. It is not necessary for DoS attacks to precede access attacks, and they are not always difficult to conduct or initiated only by skilled attackers. The mention of L0phtCrack is irrelevant to DoS attacks.

    Rate this question:

  • 7. 

    What occurs during a spoofing attack?

    • A.

      One device falsifies data to gain access to privileged information.

    • B.

      Large amounts of network traffic are sent to a target device to make resources unavailable to intended users.

    • C.

      Improperly formatted packets are forwarded to a target device to cause the target system to crash.

    • D.

      A program writes data beyond the allocated memory to enable the execution of malicious code.

    Correct Answer
    A. One device falsifies data to gain access to privileged information.
    Explanation
    During a spoofing attack, one device falsifies data in order to deceive a system or user and gain access to privileged information. This can involve impersonating a legitimate device or user, forging IP addresses or other identifying information, or manipulating data packets to trick the target system into granting unauthorized access. The attacker aims to exploit the trust placed in the falsified data to gain unauthorized privileges or steal sensitive information.

    Rate this question:

  • 8. 

    Which technology is an example of a host-based intrusion prevention system?

    • A.

      MARS

    • B.

      NAC

    • C.

      CSA

    • D.

      VPN

    Correct Answer
    C. CSA
    Explanation
    CSA (Cisco Security Agent) is an example of a host-based intrusion prevention system. Host-based intrusion prevention systems are designed to protect individual hosts or devices from unauthorized access or malicious activities. CSA is a software agent that is installed on individual hosts and monitors the host's activity to detect and prevent intrusions. It analyzes system calls, network traffic, and other indicators to identify and block suspicious behavior. By running directly on the host, CSA can provide real-time protection and is particularly effective at detecting and preventing attacks that target specific vulnerabilities or exploit known weaknesses in the host's operating system or applications.

    Rate this question:

  • 9. 

    Which two statements are characteristics of a virus? (Choose two.)

    • A.

      A virus typically requires end-user activation.

    • B.

      A virus has an enabling vulnerability, a propagation mechanism, and a payload.

    • C.

      A virus replicates itself by independently exploiting vulnerabilities in networks.

    • D.

      A virus provides the attacker with sensitive data, such as passwords.

    • E.

      A virus can be dormant and then activate at a specific time or date.

    Correct Answer(s)
    A. A virus typically requires end-user activation.
    E. A virus can be dormant and then activate at a specific time or date.
    Explanation
    A virus typically requires end-user activation means that a virus cannot infect a system without the user taking some action, such as opening an infected email attachment or clicking on a malicious link. A virus can be dormant and then activate at a specific time or date means that a virus can remain inactive on a system until a predetermined time or date, at which point it may activate and start executing its malicious activities.

    Rate this question:

  • 10. 

    What occurs during the persist phase of a worm attack?

    • A.

      Identification of vulnerable targets

    • B.

      Modification of system files and registry settings to ensure that the attack code is running

    • C.

      Transfer of exploit code through an attack vector

    • D.

      Extension of the attack to vulnerable neighboring targets

    Correct Answer
    B. Modification of system files and registry settings to ensure that the attack code is running
    Explanation
    During the persist phase of a worm attack, the attacker modifies system files and registry settings to ensure that the attack code is running. This allows the worm to maintain a persistent presence on the infected system, even after a reboot or attempted removal. By modifying these files and settings, the attacker ensures that the worm can continue to carry out its malicious activities without being easily detected or removed. This phase is crucial for the worm to establish control over the compromised system and maintain its ability to spread and cause further damage.

    Rate this question:

  • 11. 

    An attacker is using a laptop as a rogue access point to capture all network traffic from a targeted user. Which type of attack is this?

    • A.

      Trust exploitation

    • B.

      Buffer overflow

    • C.

      Man in the middle

    • D.

      Port redirection

    Correct Answer
    C. Man in the middle
    Explanation
    This is a man-in-the-middle attack. In this scenario, the attacker is intercepting and capturing network traffic between the targeted user and the intended destination. By acting as a rogue access point, the attacker can eavesdrop on the communication, potentially gaining access to sensitive information such as login credentials or financial data. This type of attack allows the attacker to secretly intercept and manipulate the communication between two parties without their knowledge.

    Rate this question:

  • 12. 

    A disgruntled employee is using Wireshark to discover administrative Telnet usernames and passwords. What type of network attack does this describe?

    • A.

      Denial of Service

    • B.

      Port redirection

    • C.

      Reconnaissance

    • D.

      Trust exploitation

    Correct Answer
    C. Reconnaissance
    Explanation
    The given scenario describes a disgruntled employee using Wireshark to uncover administrative Telnet usernames and passwords. This action falls under the category of reconnaissance. Reconnaissance refers to the process of gathering information about a target network or system, often with the intention of launching further attacks or exploiting vulnerabilities. In this case, the employee is actively seeking sensitive login credentials, indicating a reconnaissance attack.

    Rate this question:

  • 13. 

    13 Which phase of worm mitigation involves terminating the worm process, removing modified files or system settings that the worm introduced, and patching the vulnerability that the worm used to exploit the system?

    • A.

      Containment

    • B.

      Inoculation

    • C.

      Quarantine

    • D.

      Treatment

    Correct Answer
    D. Treatment
    Explanation
    The correct answer is treatment. In the context of worm mitigation, treatment refers to the phase where the worm process is terminated, any modified files or system settings introduced by the worm are removed, and the vulnerability that the worm exploited is patched. This phase aims to fully eliminate the worm's impact on the system and prevent any further exploitation.

    Rate this question:

  • 14. 

    14 Which phase of worm mitigation requires compartmentalization and segmentation of the network to slow down or stop the worm and prevent currently infected hosts from targeting and infecting other systems?

    • A.

      Containment phase

    • B.

      Inoculation phase

    • C.

      Quarantine phase

    • D.

      Treatment phase

    Correct Answer
    A. Containment phase
    Explanation
    The containment phase of worm mitigation requires compartmentalization and segmentation of the network to slow down or stop the worm. This is done to prevent currently infected hosts from targeting and infecting other systems. By isolating the infected hosts and limiting their ability to spread the worm, the containment phase helps to control the outbreak and minimize further damage.

    Rate this question:

  • 15. 

    What are three types of access attacks? (Choose three.)

    • A.

      Buffer overflow

    • B.

      Ping sweep

    • C.

      Port redirection

    • D.

      Trust exploitation

    • E.

      Port scan

    Correct Answer(s)
    A. Buffer overflow
    C. Port redirection
    D. Trust exploitation
    Explanation
    Buffer overflow, port redirection, and trust exploitation are all types of access attacks.

    A buffer overflow attack occurs when a program or system tries to store more data in a buffer than it can handle, causing the excess data to overflow into adjacent memory areas and potentially allowing an attacker to execute malicious code.

    Port redirection is a technique used by attackers to redirect network traffic from one port to another, allowing them to bypass security measures and gain unauthorized access to a system.

    Trust exploitation involves taking advantage of the trust relationship between different entities within a system or network. By exploiting this trust, an attacker can gain unauthorized access to sensitive information or resources.

    Rate this question:

  • 16. 

    Which type of security threat can be described as software that attaches to another program to execute a specific unwanted function ?

    • A.

      Virus

    • B.

      Worm

    • C.

      Proxy Trojan horse

    • D.

      Denial of Service Trojan horse

    Correct Answer
    A. Virus
    Explanation
    A virus is a type of security threat that can be described as software that attaches to another program to execute a specific unwanted function. Viruses are designed to replicate and spread themselves to other programs and systems, often causing damage or disrupting the normal functioning of the infected device. Unlike worms, which can spread independently, viruses require a host program to execute their malicious code. Proxy Trojan horse, Denial of Service Trojan horse, and worms are different types of security threats, but they do not specifically attach to another program like a virus does.

    Rate this question:

  • 17. 

    What is a characteristic of a Trojan Horse ?

    • A.

      A Trojan Horse can be carried in a virus or worm

    • B.

      A proxy Trohan Horse opens port 21 on the target system.

    • C.

      A FTP Trojan Horse stops anti-virus programs or firewalls from functioning.

    • D.

      A Trojan Horse can be hard to detect because it closes when the application that launches it closes

    Correct Answer
    A. A Trojan Horse can be carried in a virus or worm
    Explanation
    A Trojan Horse can be carried in a virus or worm, meaning that it can be hidden within these types of malicious software. This allows the Trojan Horse to be spread and delivered to unsuspecting users, who may unknowingly download the virus or worm containing the Trojan. Once inside a system, the Trojan Horse can carry out various malicious activities, such as stealing sensitive information, damaging files, or providing unauthorized access to the attacker. This characteristic of being able to piggyback on other types of malware makes Trojan Horses particularly dangerous and difficult to detect.

    Rate this question:

Quiz Review Timeline +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Mar 21, 2023
    Quiz Edited by
    ProProfs Editorial Team
  • Jul 08, 2010
    Quiz Created by
    Man04
Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.