Security and Attacks

Question 1

A system is overwhelmed by a flood of ICMP echo requests, causing a denial of service. Another attack sends oversized packets that crash older systems. What two ICMP-based attacks are being described?

Answer 1

ICMP Flood (DoS) and Ping of Death; both exploit ICMP’s simplicity to disrupt service.

Question 2

What secure protocol suite is commonly used in VPNs to authenticate and encrypt data packets across IP networks?

Answer 2

IPsec – Internet Protocol Security, which creates encrypted communication paths by securing data at the network layer.

Question 3

What are the key differences between Packet Filtering, Stateful, and Next-Generation Firewalls in terms of traffic inspection?

Answer 3

Packet Filtering Firewall:
Inspects headers only (IP, port, protocol
Stateless; rule-based filtering

Stateful Firewall:
Tracks session state and connection context
Allows return traffic from valid sessions

Next-Generation Firewall (NGFW):
Performs Deep Packet Inspection (DPI)
App-aware; can filter by user, content, and behavior

Question 4

While analyzing LAN traffic, an engineer sees a packet with destination MAC 01:00:5E:00:00:FB. What type of traffic is this?

Answer 4

Multicast traffic—MAC addresses starting with 01:00:5E indicate IPv4 multicast packets sent to a group of device

Question 5

A network administrator is deciding between split tunnel, full tunnel, peer-to-peer VPN, and site-to-site VPN. He needs to support remote employees who require secure access to internal resources while minimizing bandwidth strain from general internet use. Explain each VPN type and choose the best option for his needs.

Answer 5

Split tunnel: Routes only internal traffic through the VPN

Full tunnel: Routes all traffic through the VPN

Peer-to-peer: Direct user-to-user connection

Site-to-site: Links entire networks

Best option: Split tunnel—minimizes bandwidth strain while securing internal access

Question 6

What are the weaknesses of WEP and why is it considered insecure?

Answer 6

Uses RC4 encryption, which is outdated and vulnerable. Relies on Initialization Vectors (IVs) that are short and reused—making it easy for attackers to reverse-engineer encryption keys.

Question 7

What improvements did WPA introduce over WEP?

Answer 7

Added Message Integrity Check (MIC) to detect tampering and prevent on-path attacks. Introduced Enterprise Mode, which uses unique credentials per user and authenticates via a central server (e.g., RADIUS).

Question 8

How does WPA2 enhance wireless security compared to WPA?

Answer 8

Replaces RC4 with AES (Advanced Encryption Standard) for stronger encryption. Uses CCMP for both encryption and integrity—ensuring confidentiality and protection against tampering.

Question 9

What are the vulnerabilities of Wi-Fi Protected Setup (WPS), and what is the recommended action?

Answer 9

WPS simplifies setup using a PIN or push-button, but the PIN method is highly vulnerable to brute-force attacks. Attackers can exploit predictable PIN structures to gain unauthorized access.
Best practice: Disable WPS on all access points to maintain strong network security.

Question 10

How does SAE protect against brute-force attacks during Wi-Fi authentication?

Answer 10

Requires active interaction with the access point for each password attempt.

Question 11

What is forward secrecy in WPA3, and how does SAE provide it?

Answer 11

SAE generates unique session keys for each connection—so previous traffic can’t be decrypted retroactively.

Question 12

A WPA3 network uses a handshake that resists password guessing and ensures each session has a unique key. What protocol is in use?

Answer 12

SAE — the authentication method in WPA3 Personal.

Question 13

Select all that apply to improve wireless security during router configuration:
A. Enable remote management over WAN
B. Disable WPS
C. Use WPA2 with a strong pre-shared key
D. Leave default SSID unchanged
E. Enable MAC address filtering
F. Use WEP for compatibility
G. Change default admin password
H. Disable SSID broadcast
I. Enable wireless isolation
J. Use WPA3 with SAE (if supported)

Answer 13

✅ Correct Answers:
B. Disable WPS
C. Use WPA2 with a strong pre-shared key
E. Enable MAC address filtering
G. Change default admin password
H. Disable SSID broadcast
I. Enable wireless isolation
J. Use WPA3 with SAE (if supported)

❌ Incorrect Answers & Why:
A. Enable remote management over WAN ❌ Increases attack surface—remote access should be disabled unless absolutely necessary and secured with strong authentication.

D. Leave default SSID unchanged ❌ Default SSIDs can reveal device make/model, making it easier for attackers to target known vulnerabilities.

F. Use WEP for compatibility ❌ WEP is deprecated and insecure due to weak encryption and IV vulnerabilities—never recommended.

Question 14

What is Network Access Control (NAC)?

Answer 14

A security method that inspects devices before allowing network access to ensure they meet security requirements.

Question 15

Which attack involves overwhelming a switch’s MAC address table to force it into broadcasting traffic like a hub?

Answer 15

MAC Flooding — overflows the MAC table, causing the switch to behave like a hub.

Question 16

What types of controls fall under NAC?

Answer 16

MAC filtering, port security, 802.1X authentication, and posture checks (e.g., antivirus, patch compliance).

Question 17

What is a Jumpbox, and what security measures should be taken?

Answer 17

A secure, intermediary server used to access devices in a screened subnet. Must be hardened, monitored, and restricted.

Question 18

Which attack targets a single host by associating its MAC address with a legitimate IP to intercept traffic?

Answer 18

ARP Spoofing — manipulates ARP tables to redirect traffic.

Question 19

Which ARP-based attack corrupts the ARP cache across an entire LAN?

Answer 19

ARP Poisoning — compromises ARP tables network-wide.

Question 20

What type of attack targets DNS infrastructure to redirect traffic, steal data, or disrupt services?

Answer 20

DNS Attack — exploits DNS vulnerabilities for redirection or theft.

Question 21

What is the term for using offensive techniques to retaliate against cyber attackers?

Answer 21

Hack Back — controversial due to legal and reputational risks.

Question 22

What are two key IoT security best practices?

Answer 22

Segregation: Isolate IoT devices on a separate network

Security: Enable protections and apply patches regularly

Question 23

How does Public Key Cryptography fit into the broader system of PKI?

Answer 23

PKI uses it for secure communication and includes certificate authorities, digital certificates, and key management.

Question 24

What is a Wildcard Certificate, and when is it unsuitable?

Answer 24

What is a Wildcard Certificate, and when is it unsuitable?

Question 25

When should you use a Wildcard Certificate vs. a SAN field?

Answer 25

Wildcard: For multiple subdomains under one domain SAN: For multiple distinct domains

Question 26

Why should specific rules be placed at the top of an Access Control List (ACL)?

Answer 26

ACLs are processed top-down; specific rules must be matched before broader ones.

Question 27

Explicit Allow vs. Explicit Deny vs. Implicit Deny in ACLs?

Answer 27

Explicit Allow: “permit” specific traffic Explicit Deny: “deny” specific traffic Implicit Deny: Blocks all traffic not explicitly permitted

Question 28

A threat actor gains access to a restricted VLAN by exploiting switch misconfigurations. What attack method are they using?

Answer 28

VLAN Hopping — bypasses VLAN boundaries through improper switch setup.

Question 29

Wireless clients keep disconnecting unexpectedly. What type of attack might be occurring, and what should you investigate?

Answer 29

A deauthentication attack — hackers force clients to disconnect and may capture handshake packets to crack the shared passphrase. Investigate continual deauthentication events as a sign of possible attack.

Question 30

What is Dynamic ARP Inspection (DAI) and what does it protect against?

Answer 30

DAI is a switch feature that validates ARP packets against trusted IP-MAC bindings to prevent ARP spoofing and on-path (Man-in-the-Middle) attacks.

Question 31

What is Mandatory Access Control (MAC) and when is it used?

Answer 31

MAC is a system-enforced access control model where both users and data have fixed security labels. Access decisions are based on these labels, ensuring strict control over sensitive information, ideal for high-security environments.

Question 32

What is Attribute-Based Access Control (ABAC) and when is it used?

Answer 32

ABAC grants access based on attributes of users, resources, and environment conditions. It allows fine-grained, context-aware access policies, useful for flexible and dynamic access control scenarios.

Question 33

How does Security Service Edge (SSE) differ from traditional perimeter-based security?

Answer 33

SSE uses cloud-based security services and real-time threat intelligence to monitor traffic, detect threats, and respond proactively, unlike traditional perimeter security, which relies on physical appliances at the network edge.

Question 34

How do ARP spoofing and MAC spoofing differ, and can they both intercept traffic?

Answer 34

ARP Spoofing: Sends fake ARP messages to redirect traffic by altering IP-to-MAC mappings. MAC Spoofing: Changes a device’s MAC address to impersonate another device, bypassing controls or receiving traffic. Both can intercept traffic, but ARP targets IP mapping, while MAC targets device identity at the data link layer.

Question 35

What happens to packets that don’t match any ACL rule?

Answer 35

They are dropped due to the implicit “deny all” at the end of every ACL.

Question 36

Why should you avoid applying the same ACL inbound and outbound on an interface?

Answer 36

It can block return traffic or cause asymmetric filtering, breaking valid connections.

Question 37

What’s the basic difference between IPSec Tunnel Mode and Transport Mode?

Answer 37

Tunnel Mode encrypts the entire packet including the original IP header Transport Mode encrypts only the payload while leaving the original IP header visible.

Question 38

What is DHCP snooping and why is it used in a network?

Answer 38

DHCP snooping is a security feature on switches that blocks unauthorized DHCP servers from assigning IP addresses and maintains a trusted binding table to prevent rogue devices from spoofing network configurations.

Question 39

Which dial-in user service provides centralized authentication over switches, wireless networks, and VPNs?

Answer 39

RADIUS (Remote Authentication Dial-In User Service) — it provides centralized authentication, authorization, and accounting (AAA) for users accessing network resources, supporting multiple access methods like wired, wireless, and VPN connections.