CIS 288 Final 2024- 2025 GRADE A 100% VERIFIED
Which protocol segments a network to minimize the risks of a broadcast storm? - ANS>>> Spanning-
tree protocol (STP) segments a network to minimize the risks of a broadcast storm.
Which attack involves intercepting and modifying communication between users? - ANS>>> The man-
in-the-middle attack involves intercepting and modifying communication between users
Stella, a security architect, discovered a zero-day vulnerability in the software application that her
company uses. This vulnerability needs to immediately to prevent damage to her organization's
network. Which of the following cybersecurity tools must she own in such a situation? Each correct
answer represents a complete solution. Choose all that apply. - ANS>>> -Behavior monitoring
-Intrusion Prevention Systems
- Fast incident response
A zero-day vulnerability is a software, hardware, or firmware flaw unknown to the manufacturer. When
hackers leverage that flaw to conduct a cyberattack, it's called a zero-day exploit. Stella must own the
following cybersecurity tools to fix this vulnerability immediately: Behavior monitoring: This detects
suspicious patterns, like cyberattacks, in the network's traffic. Intrusion Prevention Systems: These are
triggered after a behavior monitoring system notifies them. They attempt to stop any incoming threats
from entering your network. Fast incident response: The earlier a team of trained professionals
responds to a threat, the less damage it will cause. Answer B is incorrect. The zero-day vulnerability
needs to be fixed immediately to prevent damage to Stella's organization's network and for this she
can't rely on manufacturers to patch zero-day vulnerabilities immediately.
Which layer of the OSI model does a DDoS attack target? - ANS>>> -Transport
A distributed DoS (DDoS) attack targets transport and network layers.
What is another name for tarpitting? - ANS>>> -Sticky honeypot
Tarpitting is sometimes known as a sticky honeypot.
Stephen, a network specialist, is aware of the dictionary attack and fears that his organization's email
accounts can be accessed by spamme the following preventive measures should he adopt? Each correct
answer represents a complete solution. Choose two. - ANS>>> -Enforce a strict password methodology
- Limit the number of login attempts that can be performed in a given period of time
,Answers A and D are correct. A dictionary attack is simply a systematic, brute-force attack using every
word in a dictionary as a password. This type of attack is commonly used by spammers who guess
passwords of email accounts to gain access to an account and then use it for their spam distribution.
Stephen should adopt the following preventive measures: Enforce a strict password methodology Limit
the number of login attempts that can be performed in a given period of time Answer B is incorrect. A
slightly delayed response from the server prevents a hacker or spammer from checking multiple
passwords within a short period of time. Answer C is incorrect. Tarpitting is the practice of slowing the
transmission of e-mail messages sent in bulk as a means of thwarting spammers. It is used to prevent
the DoS attack. In email addresses, tarpitting is implemented for slowing down bulk email delivery to
block spam.
Which of the following is an electronic unsolicited message sent to a user's email address? - ANS>>> -
Spam
Answer B is correct. Spams are electronic unsolicited messages sent to a user's email address, which are
commercial in nature and also carry malicious contents. Answer A is incorrect. A virus is a malicious
piece of code that is designed to infiltrate a user's computer via an infected email attachment. Answer C
is incorrect. Worms are malicious programs that make copies of themselves again and again on the local
drive, network shares, and so on. Answer D is incorrect. Malware is designed to cause damage to a stand
alone computer or a networked personal computer.
Which cookie enables the user to identify and track his movements within the website? - ANS>>> -
Session
A session cookie enables the user to identify and track his movements within the website.
Which practice do spammers adapt to guess email addresses at a domain and then connect to the email
server of that domain? - ANS>>> - DHA
Spammers perform directory harvest attacks (DHAs), where they simply guess email addresses at a
domain and then connect to the email server of that domain
Which attack can be eliminated by limiting the number of login attempts that can be performed in a
given period of time? - ANS>>> - Dictionary
A dictionary attack is a systematic, brute-force attack using every word in a dictionary as a password.
This type of attack can be eliminated by limiting the number of login attempts that can be performed in
a given period of time.
,Edward is working as a network administrator in an organization. To prevent his organization's network
from the dictionary attack, he has use security process in his organization's network server through
which he can slow down the propagation of mass emails. Which security proce Edward used? - ANS>>>
- Tarpitting
Answer D is correct. To prevent his organization's server from the dictionary attack, Edward has used
tarpitting in his organization's network server, which is a network security and optimization process
through which he can slow down the propagation of mass emails by restricting spammers from sending
bulk messages. Answer C is incorrect because clickjacking is a type of attack that tricks a user into
clicking a webpage element which is invisible or disguised as another element. Answer A is incorrect
because Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected
into otherwise benign and trusted websites. Answer B is incorrect because clickstream tracking involves
tracking a user's activity on the Internet, including every Web site and every page of every Web site that
the user visits
What is the best way to minimize the impact of exploits like CryptoLocker? - ANS>>> -Incremental
Backups
Frequent and incremental backups are the best way to minimize the impact of exploits like
CryptoLocker.
Which of the following is a denial-of-service (DoS) attack that involves sending a large amount of
spoofed UDP traffic to a router's broadcast within a network? - ANS>>> -Fraggle
Answer A is correct. Fraggle Attack is a denial-of-service (DoS) attack that involves sending a large
amount of spoofed UDP traffic to a router's broadcast address within a network. Answers B, C, and D are
incorrect. Man-in-the-middle (MitM), SQL injection, and cross-site scripting are not DoS attacks.
Stephen, a network specialist, recently became aware of the man-in-the middle attack, which allows an
attacker to intrude into the communic between two communication networks and inject false
information. Which of the following techniques does an attacker use for this purpose? - ANS>>> -ARP
spoofing
Answer D is correct. An attacker uses ARP spoofing, which is a technique in which an attacker sends
falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the
linking of an attacker's MAC address with the IP address of a legitimate computer or server on the
network. By using this technique, the man-in-the-middle attack allows the attacker to intrude into the
communication between two communication networks, inject false information, and intercept the data
transferred between the communication networks. Answer B is incorrect. Port forwarding is the process
of intercepting traffic bound for a certain port combination and redirecting to a different port. Answer A
is incorrect. Port scanning refers to the surveillance of computer ports, most often by hackers for
malicious purposes. Answer C is incorrect. Greylisting is a powerful anti-spam technology that is used to
detect if the sending server of a message is RFC compliant.
, Which attack exploits the prime number sieve used in the key-generation process? - ANS>>> -Logjam
The logjam attack exploits the prime number sieve used in the key-generation process, forcing it to use a
512-bit prime.
Jenifer works as a security administrator at Infosoft Inc. Her network is being flooded by ICMP packets.
She observes that the packets came multiple different IP addresses. Which type of attack can be the
result of such situation? - ANS>>> -DDoS
Answer C is correct. A distributed denial-of-service (DDoS) attack on a network or web-based system is
designed to bring down the network or prevent access to a particular device by flooding it with useless
traffic. A DDoS or distributed denial-of-service attack involves multiple different machines initiating a
simultaneous denial-of-service attack on the target. Answer D is incorrect. A clickjacking attack employs
deceptive frame techniques to trick the user into clicking on their content rather than the intended
content. Answer A is incorrect. Embezzlement is the risk of fraudulent appropriation of money or
services from an organization. Various types of controls should be implemented to prevent this type of
exposure. Answer B is incorrect. A syn flood attack involves half opened connections that are never
completed.
An attacker, masquerading as a trusted entity, tricks a victim into opening an email. The user is then
tricked into clicking a malicious link, whi to the installation of malware and revealing sensitive
information. This is an example of which of the following attacks? - ANS>>> -Phishing
Answer C is correct. Phishing is a criminally fraudulent process of attempting to acquire sensitive
information such as usernames, passwords, and credit card details by masquerading as a trustworthy
entity in an electronic communication. Answer B is incorrect. Spyware is a software application that
covertly gathers information about a user's Internet usage and activity and then exploits this
information by sending adware and pop-up ads similar in nature to the user's Internet usage history.
Answer A is incorrect. Logic bomb is a dangerous attack that waits for a predetermined event or time to
execute its payload. Situational awareness is the best defense against this attack. Answer D is incorrect.
Denial of Service (DoS) occurs when an attacker consumes the resources on the computer, thus
preventing the normal use of the network resources for legitimate purposes.
Alicia is unable to access an SQL database online due to an SQL injection vulnerability. Which of the
following security controls should she t prevent this type of breach in the future? Each correct answer
represents a complete solution. Choose two. - ANS>>> -Database activity monitoring
-Input validation
Answers B and C are correct. To prevent this type of breach in the future, Alicia should do proper input
validation and database activity monitoring. If the database and the underlying OS do not have the
proper security controls in place, the attacker can create queries against the database that disclose
unauthorized information. Database activity monitor (DAM) systems have emerged because companies
face many more threats such as SQL injection than in the past. Answers D and A are incorrect. Secure
coding standards and browser security updates cannot prevent SQL injection.
Which protocol segments a network to minimize the risks of a broadcast storm? - ANS>>> Spanning-
tree protocol (STP) segments a network to minimize the risks of a broadcast storm.
Which attack involves intercepting and modifying communication between users? - ANS>>> The man-
in-the-middle attack involves intercepting and modifying communication between users
Stella, a security architect, discovered a zero-day vulnerability in the software application that her
company uses. This vulnerability needs to immediately to prevent damage to her organization's
network. Which of the following cybersecurity tools must she own in such a situation? Each correct
answer represents a complete solution. Choose all that apply. - ANS>>> -Behavior monitoring
-Intrusion Prevention Systems
- Fast incident response
A zero-day vulnerability is a software, hardware, or firmware flaw unknown to the manufacturer. When
hackers leverage that flaw to conduct a cyberattack, it's called a zero-day exploit. Stella must own the
following cybersecurity tools to fix this vulnerability immediately: Behavior monitoring: This detects
suspicious patterns, like cyberattacks, in the network's traffic. Intrusion Prevention Systems: These are
triggered after a behavior monitoring system notifies them. They attempt to stop any incoming threats
from entering your network. Fast incident response: The earlier a team of trained professionals
responds to a threat, the less damage it will cause. Answer B is incorrect. The zero-day vulnerability
needs to be fixed immediately to prevent damage to Stella's organization's network and for this she
can't rely on manufacturers to patch zero-day vulnerabilities immediately.
Which layer of the OSI model does a DDoS attack target? - ANS>>> -Transport
A distributed DoS (DDoS) attack targets transport and network layers.
What is another name for tarpitting? - ANS>>> -Sticky honeypot
Tarpitting is sometimes known as a sticky honeypot.
Stephen, a network specialist, is aware of the dictionary attack and fears that his organization's email
accounts can be accessed by spamme the following preventive measures should he adopt? Each correct
answer represents a complete solution. Choose two. - ANS>>> -Enforce a strict password methodology
- Limit the number of login attempts that can be performed in a given period of time
,Answers A and D are correct. A dictionary attack is simply a systematic, brute-force attack using every
word in a dictionary as a password. This type of attack is commonly used by spammers who guess
passwords of email accounts to gain access to an account and then use it for their spam distribution.
Stephen should adopt the following preventive measures: Enforce a strict password methodology Limit
the number of login attempts that can be performed in a given period of time Answer B is incorrect. A
slightly delayed response from the server prevents a hacker or spammer from checking multiple
passwords within a short period of time. Answer C is incorrect. Tarpitting is the practice of slowing the
transmission of e-mail messages sent in bulk as a means of thwarting spammers. It is used to prevent
the DoS attack. In email addresses, tarpitting is implemented for slowing down bulk email delivery to
block spam.
Which of the following is an electronic unsolicited message sent to a user's email address? - ANS>>> -
Spam
Answer B is correct. Spams are electronic unsolicited messages sent to a user's email address, which are
commercial in nature and also carry malicious contents. Answer A is incorrect. A virus is a malicious
piece of code that is designed to infiltrate a user's computer via an infected email attachment. Answer C
is incorrect. Worms are malicious programs that make copies of themselves again and again on the local
drive, network shares, and so on. Answer D is incorrect. Malware is designed to cause damage to a stand
alone computer or a networked personal computer.
Which cookie enables the user to identify and track his movements within the website? - ANS>>> -
Session
A session cookie enables the user to identify and track his movements within the website.
Which practice do spammers adapt to guess email addresses at a domain and then connect to the email
server of that domain? - ANS>>> - DHA
Spammers perform directory harvest attacks (DHAs), where they simply guess email addresses at a
domain and then connect to the email server of that domain
Which attack can be eliminated by limiting the number of login attempts that can be performed in a
given period of time? - ANS>>> - Dictionary
A dictionary attack is a systematic, brute-force attack using every word in a dictionary as a password.
This type of attack can be eliminated by limiting the number of login attempts that can be performed in
a given period of time.
,Edward is working as a network administrator in an organization. To prevent his organization's network
from the dictionary attack, he has use security process in his organization's network server through
which he can slow down the propagation of mass emails. Which security proce Edward used? - ANS>>>
- Tarpitting
Answer D is correct. To prevent his organization's server from the dictionary attack, Edward has used
tarpitting in his organization's network server, which is a network security and optimization process
through which he can slow down the propagation of mass emails by restricting spammers from sending
bulk messages. Answer C is incorrect because clickjacking is a type of attack that tricks a user into
clicking a webpage element which is invisible or disguised as another element. Answer A is incorrect
because Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected
into otherwise benign and trusted websites. Answer B is incorrect because clickstream tracking involves
tracking a user's activity on the Internet, including every Web site and every page of every Web site that
the user visits
What is the best way to minimize the impact of exploits like CryptoLocker? - ANS>>> -Incremental
Backups
Frequent and incremental backups are the best way to minimize the impact of exploits like
CryptoLocker.
Which of the following is a denial-of-service (DoS) attack that involves sending a large amount of
spoofed UDP traffic to a router's broadcast within a network? - ANS>>> -Fraggle
Answer A is correct. Fraggle Attack is a denial-of-service (DoS) attack that involves sending a large
amount of spoofed UDP traffic to a router's broadcast address within a network. Answers B, C, and D are
incorrect. Man-in-the-middle (MitM), SQL injection, and cross-site scripting are not DoS attacks.
Stephen, a network specialist, recently became aware of the man-in-the middle attack, which allows an
attacker to intrude into the communic between two communication networks and inject false
information. Which of the following techniques does an attacker use for this purpose? - ANS>>> -ARP
spoofing
Answer D is correct. An attacker uses ARP spoofing, which is a technique in which an attacker sends
falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the
linking of an attacker's MAC address with the IP address of a legitimate computer or server on the
network. By using this technique, the man-in-the-middle attack allows the attacker to intrude into the
communication between two communication networks, inject false information, and intercept the data
transferred between the communication networks. Answer B is incorrect. Port forwarding is the process
of intercepting traffic bound for a certain port combination and redirecting to a different port. Answer A
is incorrect. Port scanning refers to the surveillance of computer ports, most often by hackers for
malicious purposes. Answer C is incorrect. Greylisting is a powerful anti-spam technology that is used to
detect if the sending server of a message is RFC compliant.
, Which attack exploits the prime number sieve used in the key-generation process? - ANS>>> -Logjam
The logjam attack exploits the prime number sieve used in the key-generation process, forcing it to use a
512-bit prime.
Jenifer works as a security administrator at Infosoft Inc. Her network is being flooded by ICMP packets.
She observes that the packets came multiple different IP addresses. Which type of attack can be the
result of such situation? - ANS>>> -DDoS
Answer C is correct. A distributed denial-of-service (DDoS) attack on a network or web-based system is
designed to bring down the network or prevent access to a particular device by flooding it with useless
traffic. A DDoS or distributed denial-of-service attack involves multiple different machines initiating a
simultaneous denial-of-service attack on the target. Answer D is incorrect. A clickjacking attack employs
deceptive frame techniques to trick the user into clicking on their content rather than the intended
content. Answer A is incorrect. Embezzlement is the risk of fraudulent appropriation of money or
services from an organization. Various types of controls should be implemented to prevent this type of
exposure. Answer B is incorrect. A syn flood attack involves half opened connections that are never
completed.
An attacker, masquerading as a trusted entity, tricks a victim into opening an email. The user is then
tricked into clicking a malicious link, whi to the installation of malware and revealing sensitive
information. This is an example of which of the following attacks? - ANS>>> -Phishing
Answer C is correct. Phishing is a criminally fraudulent process of attempting to acquire sensitive
information such as usernames, passwords, and credit card details by masquerading as a trustworthy
entity in an electronic communication. Answer B is incorrect. Spyware is a software application that
covertly gathers information about a user's Internet usage and activity and then exploits this
information by sending adware and pop-up ads similar in nature to the user's Internet usage history.
Answer A is incorrect. Logic bomb is a dangerous attack that waits for a predetermined event or time to
execute its payload. Situational awareness is the best defense against this attack. Answer D is incorrect.
Denial of Service (DoS) occurs when an attacker consumes the resources on the computer, thus
preventing the normal use of the network resources for legitimate purposes.
Alicia is unable to access an SQL database online due to an SQL injection vulnerability. Which of the
following security controls should she t prevent this type of breach in the future? Each correct answer
represents a complete solution. Choose two. - ANS>>> -Database activity monitoring
-Input validation
Answers B and C are correct. To prevent this type of breach in the future, Alicia should do proper input
validation and database activity monitoring. If the database and the underlying OS do not have the
proper security controls in place, the attacker can create queries against the database that disclose
unauthorized information. Database activity monitor (DAM) systems have emerged because companies
face many more threats such as SQL injection than in the past. Answers D and A are incorrect. Secure
coding standards and browser security updates cannot prevent SQL injection.
