Chapter 4 Quiz Answers – ITC 2.12

Chapter 4 Quiz Answers – ITC 2.12

1. What type of attack disrupts services by overwhelming network devices with bogus traffic?

   • port scans
   • zero-day
   • DDoS
   • brute force
     

     Answers Explanation & Hints: DDoS, or distributed denial of service, attacks are used to disrupt service by overwhelming network devices with bogus traffic.

2. Which tool can perform real-time traffic and port analysis, and can also detect port scans, fingerprinting and buffer overflow attacks?

   • Nmap
   • Netflow
   • SIEM
   • Snort
     

     Answers Explanation & Hints: Snort is an open source intrusion protection system (IPS) that is capable of performing real-time traffic and port analysis, packet logging, content searching and matching, as well as detecting probes, attacks, port scans, fingerprinting, and buffer overflow attacks.

3. Which tool can identify malicious traffic by comparing packet contents to known attack signatures?

   • Zenmap
   • Netflow
   • IDS
   • Nmap
     

     Answers Explanation & Hints: An IDS, or intrusion detection system, is a device that can scan packets and compare them to a set of rules or attack signatures. If the packets match attack signatures, then the IDS can create an alert and log the detection.

4. What is the last stage of the Cyber Kill Chain framework?

   • remote control of the target device
   • malicious action
   • creation of malicious payload
   • gathering target information
     

     Answers Explanation & Hints: The Cyber Kill Chain describes the phases of a progressive cyberattack operation. The phases include the following: *Reconnaissance *Weaponization *Delivery *Exploitation *Installation *Command and control *Actions on objectives In general, these phases are carried out in sequence. However, during an attack, several phases can be carried out simultaneously, especially if multiple attackers or groups are involved.

5. Which protocol is used by the Cisco Cyberthreat Defense Solution to collect information about the traffic that is traversing the network?

   • NAT
   • Telnet
   • NetFlow
   • HTTPS
     

     Answers Explanation & Hints: NetFlow is used both to gather details about the traffic that is flowing through the network, and to report it to a central collector.