Security+ (Syo-201) Domain #2: Network Infrastructure

A honey pot is a security mechanism that is designed to attract and deceive hackers. It is a fictitious environment that appears to be a valuable target, but in reality, it is isolated and closely monitored by security professionals. The purpose of a honey pot is to distract and waste the time and resources of hackers, while also gathering information about their tactics and techniques. By luring hackers into the honey pot, organizations can gather valuable intelligence and protect their actual systems and data from real attacks.

If there is a significant increase in network traffic and users are complaining that the web server is hung up, it is likely that a Denial of Service (DoS) attack is occurring. A DoS attack involves overwhelming a system or network with excessive traffic or requests, causing it to become unresponsive or crash. This type of attack aims to disrupt the availability of a service or resource, which aligns with the symptoms described in the question.

Fiber optic cabling allows for the greatest protection against compromising emanations and eavesdropping. This is because fiber optic cables use light signals to transmit data, rather than electrical signals used in other types of cables. This makes it extremely difficult for hackers or eavesdroppers to intercept or tap into the data being transmitted through fiber optic cables. Additionally, fiber optic cables are immune to electromagnetic interference, providing an extra layer of protection against compromising emanations.

HIDS stands for Host-based Intrusion Detection System. This type of intrusion detection system focuses on monitoring and analyzing the audit trails and log files of a specific host system. It is designed to detect and respond to any suspicious or unauthorized activities that may occur on the host system. Unlike network-based intrusion detection systems (NIDS), which monitor network traffic, HIDS is specifically tailored to protect the host system itself. Therefore, HIDS is the correct answer in this context.

Reverse hash matching, also known as a birthday attack, is a technique used to target a cryptographic hash by exploiting the probability that two different inputs can produce the same hash value. It takes advantage of the birthday paradox, which states that in a group of randomly chosen people, there is a high likelihood that two people will share the same birthday. Similarly, in hash functions, there is a higher probability of finding two different inputs that produce the same hash value. This attack is used to crack hashed passwords or find collisions in hash functions.

Blind FTP refers to a configuration where users can only upload files to an FTP server, but they are unable to view or download the contents. This means that users can only transfer files to the server without any visibility or access to the existing files on the server. This configuration is often used for security purposes, where organizations want to restrict access to sensitive data on the server and only allow file uploads.

An application-level firewall, also known as a proxy, filters traffic based on the specific application or service being used. This type of firewall requires the most resources or network bandwidth because it examines the contents of each packet and makes decisions based on the application layer protocols. It provides a higher level of security by analyzing the data and enforcing security policies specific to each application, but this level of inspection and processing requires more resources compared to other types of firewalls.

The IP range 127.0.0.0 - 127.255.255.255 is not a private IP range. It is reserved for loopback addresses, which means it is used to test network connections on the local host. This range is used to communicate with the network stack on the same device and is not routable on the internet. The other three options (10.0.0.0 - 10.255.255.255, 172.16.0.0 - 172.32.255.255, and 192.168.0.0 - 192.168.255.255) are all private IP ranges that are commonly used in local networks.

The correct answer is "smurf". A smurf attack is a type of DDoS attack where the attacker sends a large number of ICMP echo request packets (ping) to a broadcast IP address, with the source IP address spoofed to be the victim's IP address. This causes all the devices on the network to respond to the victim's IP address, overwhelming it with traffic and potentially causing it to crash or become unavailable.

The correct answer is WEP. The IEEE 802.11 standard defines the Wireless Equivalent Privacy (WEP) protocol. WEP is a security protocol used to secure wireless networks. It provides encryption and authentication mechanisms to protect data transmitted over a wireless network. However, it is now considered weak and vulnerable to attacks, and it has been largely replaced by more secure protocols like WPA and WPA2.