CPSA Exam Questions with Correct Answers 2023.

CPSA Exam Questions with Correct Answers 2023. 1. TCP: Transmission Control Protocol 2. UDP: User Datagram Protocol 3. ICMP: Internet Control Message Protocol 4. IP: Internet Protocol 5. 10BaseT: 10 Mpbs (10 Mega Buts Per Second) 6. 802.11: 2.4GHz / 1 or 2Mbps / DSSS or FHSS / 20 m indoors or 100 m outdoors 7. 802.11a: 5GHz 6-54mbps 8. 802.11b: 2.4 GHz / 11 Mbps 9. 802.11g: 2.4 GHz, 54 Mbps 10. 802.11n: 2.4GHz or 5GHz up to 600mbps 11. VLAN hopping attack: Based on dynamic trunk protocol. DTP is used for negotiating trunking on a link between 2 devices and for negotiating the type of trunking (802.1Q) 12. Double encapsulation VLAN hopping attack: As basic VLAN hopping sttack hs been defeated. Attackers has found a new way to implement VLAN Hopping 13. ARP Attacks: ARP is based on ARP spoofing. Gratuitous is used by host to announce their IP address to local network and avoid duplicate IP address 14. SPANNING TREE Attack: STP is used to maintain loop free topologies in a redundant layer 2 infrastructure. Messages are sent using Bridge Protocol Data Unit (BPDU). The attacker send BPDU which can force a root bridge change and thus create a DOS condition on the network. The attacker also has the ability to see frames he couldn't. There are tools that are used to replay this attack (brconfig + macof). A bad idea, would be to disable STP. Introducing loops would introduce another source of attack. There are two features which are called BPDU Guard and Root Guard. BDPU Guard disables interfaces using portfast upon detection of a BDPU message on the interface (spanning-tree portfast dpguard). Root Guard disables interfaces who become the root bridge due to their BDPU advertisement (spanning-tree guard root). 15. VLAN Trunking Protocol Attack: VLAN Trunking = to extend VLAN across multiple switches. This attack is based on spanning tree. The VTP reduces administration in a switched network. When configuring a new VLAN on one VTP server. The VLAN is distributed through all switches in the domain. This reduces the need of configuring CPSA Exam Questions with Correct Answers 2023 2 / 26 the same VLAN everywhere. VTP is a Cisco proprietary protocol that is available on most Cisco Catalayst family products. 16. VMPS / VPQ Attack: This is a slightly unlikely attack as it requires the network to use VMPS. It is unusual as it imposes a significant load on the administrative resources of a company and Cisco, whose protocol this is, is moving towards 802.1X for the same functionality. However, if implemented, VMPS allows VLANs to be assigned based on the MAC address of the host and these relationships are stored in a database. This database is usually downloaded to the VMPS and then queried using VQP, an unauthenticated protocol that uses UDP (User Datagram Protocol), making it very easy to manipulate by an attacker. As a result, by using VQP, it is very easy to impersonate hosts as there is no authentication, which allows the attacker to join a VLAN that he or she is not authorised to access. The mitigation is to either monitor the network for misbehaviour, send VQP queries out of band or to disable it the protocol. 17. Analysis of output from tools used to map the route between the engagement point and a number of targets.: · Querying Domain WHOIS Registrars · Querying Netcraft · DNS Querying · Forward DNS Querying - eg. NSLookup · DNS Zone Transfer - eg. Host -t axfr . 18. Network Sweeping Techniques to prioritise a target list and potential for false positive: Ping sweep $ nmap -sn [ip] / (previously) $nmap -sP [ip] TCP Port Scan $ nmap -sT [ip] UDP Port Scan $ nmap -sU [ip] Top 10 ports $ nmap --top-ports 10 [ip] Service Scan $ nmap -sV [ip] No Ping Scan $ nmap -Pn [ip] Scan All Ports $ nmap -p1-65535 [ip] / $ nmap -p- [ip] Script Scan $ nmap --script=... [ip] 19. Egress Filtering: Egress filtering is the control of traffic leaving the network. Egress filtering prevents from sending unwanted traffic out of the internet. This could include leaking out private network address space or stopping compromised system attempting to communicate with remote hosts. Egress filtering can help in preventing information leaks due to misconfiguration. 20. Port consider blocking: MSRPC - TCP / UDP 135 NetBIOS - TCP / UDP 137 - 139 SMB / IP - TCP 445 TFTP - UDP 69 CPSA Exam Questions with Correct Answers 2023 3 / 26 Syslog - UDP 514 SNMP - UDP 161 / 162 SMTP - TCP 25 21. Ingress Filtering: Ingress filtering is a method of verifying inbound packet arriving at a network from the source computer. Ingress filtering is one method to reduce DDOS attacks which uses forged IP address to be propagated. While ingress traffic reduces the possibility of source address spoofing. It does not include preclude an attacker using a forged source address of another hosts within the permitted prefix filter range. It however ensures that when an attack occurs a network administrator will know where the originating prefixes that are being advertised. 22. Active Operating System Fingerprinting: Active Fingerprinting is the process of transmitting of packets to a remote hosts and analysing the corresponding replies. Nmap OS Detection $ nmap -O [ip] Aggressive Scan (equiv. -O -sV -sC --traceroute) $ nmap -A [ip] 23. Active Operating System Fingerprinting: Passive fingerprinting is the process of analysing packets from a host on a network. In this case a finger printer act as a sniffer and doesn't put any traffic on the network. Tools: · NetworkMiner · P0F · Satori .