Security+ (Syo-201) Domain #2: Network Infrastructure

1. This is a fictitious environment that serves as bait for hackers to waste time and resources.

DMZ

Honey pot

Honey suckle

Internet content filter

A honey pot is a security mechanism that is designed to attract and deceive hackers. It is a fictitious environment that appears to be a valuable target, but in reality, it is isolated and closely monitored by security professionals. The purpose of a honey pot is to distract and waste the time and resources of hackers, while also gathering information about their tactics and techniques. By luring hackers into the honey pot, organizations can gather valuable intelligence and protect their actual systems and data from real attacks.

Explanation

A honey pot is a security mechanism that is designed to attract and deceive hackers. It is a fictitious environment that appears to be a valuable target, but in reality, it is isolated and closely monitored by security professionals. The purpose of a honey pot is to distract and waste the time and resources of hackers, while also gathering information about their tactics and techniques. By luring hackers into the honey pot, organizations can gather valuable intelligence and protect their actual systems and data from real attacks.

2. What type of attack is likely occuring if you see a significant increase in network traffic and users complain that the web server is hung up?

MITM

DNS spoofing

Ping sweep

DoS

If there is a significant increase in network traffic and users are complaining that the web server is hung up, it is likely that a Denial of Service (DoS) attack is occurring. A DoS attack involves overwhelming a system or network with excessive traffic or requests, causing it to become unresponsive or crash. This type of attack aims to disrupt the availability of a service or resource, which aligns with the symptoms described in the question.

Explanation

If there is a significant increase in network traffic and users are complaining that the web server is hung up, it is likely that a Denial of Service (DoS) attack is occurring. A DoS attack involves overwhelming a system or network with excessive traffic or requests, causing it to become unresponsive or crash. This type of attack aims to disrupt the availability of a service or resource, which aligns with the symptoms described in the question.

3. Which type of cabling allows for the greatest protection against compromising emanations and eavesdropping?

Shielded Twisted Pair (STP)

Coax

Wireless

Fiber optic

Fiber optic cabling allows for the greatest protection against compromising emanations and eavesdropping. This is because fiber optic cables use light signals to transmit data, rather than electrical signals used in other types of cables. This makes it extremely difficult for hackers or eavesdroppers to intercept or tap into the data being transmitted through fiber optic cables. Additionally, fiber optic cables are immune to electromagnetic interference, providing an extra layer of protection against compromising emanations.

Explanation

Fiber optic cabling allows for the greatest protection against compromising emanations and eavesdropping. This is because fiber optic cables use light signals to transmit data, rather than electrical signals used in other types of cables. This makes it extremely difficult for hackers or eavesdroppers to intercept or tap into the data being transmitted through fiber optic cables. Additionally, fiber optic cables are immune to electromagnetic interference, providing an extra layer of protection against compromising emanations.

4. This intrusion detection system look at the host system's audit trails and log files.

NIDS

NIPS

HIDS

KIDS

HIDS stands for Host-based Intrusion Detection System. This type of intrusion detection system focuses on monitoring and analyzing the audit trails and log files of a specific host system. It is designed to detect and respond to any suspicious or unauthorized activities that may occur on the host system. Unlike network-based intrusion detection systems (NIDS), which monitor network traffic, HIDS is specifically tailored to protect the host system itself. Therefore, HIDS is the correct answer in this context.

Explanation

HIDS stands for Host-based Intrusion Detection System. This type of intrusion detection system focuses on monitoring and analyzing the audit trails and log files of a specific host system. It is designed to detect and respond to any suspicious or unauthorized activities that may occur on the host system. Unlike network-based intrusion detection systems (NIDS), which monitor network traffic, HIDS is specifically tailored to protect the host system itself. Therefore, HIDS is the correct answer in this context.

5. Reverse hash matching, used to target a cryptographic hash based on the probability that a value can be guessed is known as what?

Birthday attack

Crypto hack

Nerd attack

Algorithm matching

Reverse hash matching, also known as a birthday attack, is a technique used to target a cryptographic hash by exploiting the probability that two different inputs can produce the same hash value. It takes advantage of the birthday paradox, which states that in a group of randomly chosen people, there is a high likelihood that two people will share the same birthday. Similarly, in hash functions, there is a higher probability of finding two different inputs that produce the same hash value. This attack is used to crack hashed passwords or find collisions in hash functions.

Explanation

Reverse hash matching, also known as a birthday attack, is a technique used to target a cryptographic hash by exploiting the probability that two different inputs can produce the same hash value. It takes advantage of the birthday paradox, which states that in a group of randomly chosen people, there is a high likelihood that two people will share the same birthday. Similarly, in hash functions, there is a higher probability of finding two different inputs that produce the same hash value. This attack is used to crack hashed passwords or find collisions in hash functions.

6. In this configuration, users can upload files to an FTP server, but they cannot view or download the contents.

Blind FTP

Secret FTP

Secured FTP

TFTP

Blind FTP refers to a configuration where users can only upload files to an FTP server, but they are unable to view or download the contents. This means that users can only transfer files to the server without any visibility or access to the existing files on the server. This configuration is often used for security purposes, where organizations want to restrict access to sensitive data on the server and only allow file uploads.

Explanation

Blind FTP refers to a configuration where users can only upload files to an FTP server, but they are unable to view or download the contents. This means that users can only transfer files to the server without any visibility or access to the existing files on the server. This configuration is often used for security purposes, where organizations want to restrict access to sensitive data on the server and only allow file uploads.

7. This type of firewall, also called a proxy, filters traffic based on the application or service used and requires the most resources or network bandwidth?

Application-level

Circuit-level

Packet filter

Stateful inspection

An application-level firewall, also known as a proxy, filters traffic based on the specific application or service being used. This type of firewall requires the most resources or network bandwidth because it examines the contents of each packet and makes decisions based on the application layer protocols. It provides a higher level of security by analyzing the data and enforcing security policies specific to each application, but this level of inspection and processing requires more resources compared to other types of firewalls.

Explanation

An application-level firewall, also known as a proxy, filters traffic based on the specific application or service being used. This type of firewall requires the most resources or network bandwidth because it examines the contents of each packet and makes decisions based on the application layer protocols. It provides a higher level of security by analyzing the data and enforcing security policies specific to each application, but this level of inspection and processing requires more resources compared to other types of firewalls.

8. Which of the following is NOT a private IP range?

10.0.0.0 - 10.255.255.255

127.0.0.0 - 127.255.255.255

172.16.0.0 - 172.32.255.255

192.168.0.0 - 192.168.255.255

The IP range 127.0.0.0 - 127.255.255.255 is not a private IP range. It is reserved for loopback addresses, which means it is used to test network connections on the local host. This range is used to communicate with the network stack on the same device and is not routable on the internet. The other three options (10.0.0.0 - 10.255.255.255, 172.16.0.0 - 172.32.255.255, and 192.168.0.0 - 192.168.255.255) are all private IP ranges that are commonly used in local networks.

Explanation

The IP range 127.0.0.0 - 127.255.255.255 is not a private IP range. It is reserved for loopback addresses, which means it is used to test network connections on the local host. This range is used to communicate with the network stack on the same device and is not routable on the internet. The other three options (10.0.0.0 - 10.255.255.255, 172.16.0.0 - 172.32.255.255, and 192.168.0.0 - 192.168.255.255) are all private IP ranges that are commonly used in local networks.

9. What type of attack includes sending numerous ICMP reply packets?

Fraggle

Smurf

Syn flood

Teardrop

The correct answer is "smurf". A smurf attack is a type of DDoS attack where the attacker sends a large number of ICMP echo request packets (ping) to a broadcast IP address, with the source IP address spoofed to be the victim's IP address. This causes all the devices on the network to respond to the victim's IP address, overwhelming it with traffic and potentially causing it to crash or become unavailable.

Explanation

The correct answer is "smurf". A smurf attack is a type of DDoS attack where the attacker sends a large number of ICMP echo request packets (ping) to a broadcast IP address, with the source IP address spoofed to be the victim's IP address. This causes all the devices on the network to respond to the victim's IP address, overwhelming it with traffic and potentially causing it to crash or become unavailable.

10. What protocol is defined by the IEEE 802.11 standard?

WEP

WPA

WAP

POW

The correct answer is WEP. The IEEE 802.11 standard defines the Wireless Equivalent Privacy (WEP) protocol. WEP is a security protocol used to secure wireless networks. It provides encryption and authentication mechanisms to protect data transmitted over a wireless network. However, it is now considered weak and vulnerable to attacks, and it has been largely replaced by more secure protocols like WPA and WPA2.

Explanation

The correct answer is WEP. The IEEE 802.11 standard defines the Wireless Equivalent Privacy (WEP) protocol. WEP is a security protocol used to secure wireless networks. It provides encryption and authentication mechanisms to protect data transmitted over a wireless network. However, it is now considered weak and vulnerable to attacks, and it has been largely replaced by more secure protocols like WPA and WPA2.