Networks (D325)

Correct Answer

A. Input Validation

Explanation

The best defense against SQL injection, integer overflow, and buffer overflow attacks is input validation. By validating and sanitizing user inputs before processing them, you can ensure that only legitimate data is accepted. This reduces the chances of malicious input leading to vulnerabilities such as SQL injection or buffer overflows. For example, filtering out special characters that could be used in SQL injection and ensuring numerical inputs fall within expected ranges helps prevent these types of attacks.

Why other options are wrong

B. A host-based firewall with advanced security

While a host-based firewall can provide valuable protection against unauthorized traffic, it does not specifically address application-level vulnerabilities such as SQL injection or buffer overflows. It focuses more on controlling incoming and outgoing network traffic, not validating the data that enters the application.

C. Strcpy

The function strcpy is used in programming to copy strings. However, it is prone to causing buffer overflow vulnerabilities if proper bounds checking is not performed. This is not a solution but a potential vulnerability itself, so it should be avoided. Instead, safer alternatives such as strncpy should be used to prevent buffer overflows.

D. Hashing

Hashing is primarily used for securely storing passwords and ensuring data integrity, not specifically for preventing SQL injection, integer overflow, or buffer overflow attacks. While hashing is important for password management and data security, it does not mitigate the risks associated with input validation vulnerabilities in the application.

Correct Answer

B. AES

Explanation

WPA2 (Wi-Fi Protected Access 2) primarily uses the Advanced Encryption Standard (AES) protocol to provide strong encryption for wireless networks. AES is a symmetric encryption algorithm known for its high security and efficiency, making it the preferred method for securing wireless communications in WPA2. It replaced the less secure TKIP (Temporal Key Integrity Protocol) used in WPA.

Why other options are wrong

A. TKIP

TKIP was used in the earlier WPA standard but was replaced by AES in WPA2 due to its vulnerability to attacks. TKIP is no longer considered secure for modern wireless networks.

C. RC4

RC4 is an encryption stream cipher that was used in the WEP (Wired Equivalent Privacy) protocol, which is now considered insecure. WPA2 does not use RC4 for encryption, as AES provides a much higher level of security.

D. DES

The Data Encryption Standard (DES) is an older encryption algorithm that was widely used in the past but has been deprecated due to its relatively weak security. WPA2 uses AES, not DES, for encryption.

Correct Answer

A. 128, 192, or 256 bits

Explanation

The Advanced Encryption Standard (AES) supports key sizes of 128, 192, and 256 bits. AES is a symmetric encryption algorithm used to secure data, and the key size determines the strength of the encryption. AES with larger key sizes, such as 256 bits, provides stronger security compared to the smaller 128-bit key. AES is widely used because of its efficiency and strength in encrypting sensitive data.

Why other options are wrong

B. 112 or 168 bits

This key size corresponds to the older Data Encryption Standard (DES) and Triple DES (3DES) encryption standards, not AES. AES does not support key sizes of 112 or 168 bits.

C. 64 bits

AES does not support a 64-bit key size. A 64-bit key size is typically associated with older encryption algorithms like DES, which is no longer considered secure. AES uses 128, 192, or 256 bits for its key sizes.

D. 56 bits

A 56-bit key size is also associated with older encryption algorithms, specifically the DES standard. AES uses longer key sizes for better security, with no support for 56-bit keys.

Correct Answer

C. Obtain written permission from your boss to perform the Nmap sweep.

Explanation

Before conducting a security audit using Nmap, it is essential to obtain written permission from relevant authorities, such as your boss or network administrator. Unauthorized scanning of network systems can be illegal or considered unethical. Written permission ensures that you are conducting the audit within legal and organizational guidelines and helps protect you from any potential liability.

Why other options are wrong

A. Back up /etc/passwd on the target systems to eliminate the possibility of its being damaged.

Backing up /etc/passwd is not necessary before running an Nmap scan. Nmap is a tool used for network discovery and does not modify system files like /etc/passwd. The backup of critical files is more relevant to activities like system updates or configuration changes, not simple network scans.

B. Obtain the root passwords to the target systems so that you can properly configure them to accept the Nmap probes.

Nmap does not require root passwords to run basic scans. While some advanced scans may need root privileges (for example, scanning for open ports), it is not necessary to obtain root passwords beforehand, especially for a basic security audit.

D. Configure /etc/sudoers on the computer you intend to use for the sweep, to give yourself the ability to run Nmap.

This step is unnecessary unless you need root privileges to perform specific types of Nmap scans. It is better to have sudo privileges only if required, and such configurations should be done following organizational protocols, but this is not a general requirement for running Nmap.

E. Disable any firewall between the computer that's running Nmap and the servers you intend to scan.

Disabling firewalls is not advisable as it could expose systems to unnecessary risks. Nmap can operate through firewalls if configured correctly, and disabling firewalls would compromise the security of the network.

Correct Answer

C. Data link layer

Explanation

Layer 2 of the OSI model is the Data Link Layer. It is responsible for the reliable transmission of data frames between two devices on the same network. This layer handles error detection, frame synchronization, and flow control, ensuring that data is transferred smoothly across a physical link. It also manages access to the physical medium, ensuring that devices can send and receive data correctly.

Why other options are wrong

A. Transport layer

The Transport layer (Layer 4) is responsible for end-to-end communication and flow control between devices on different networks. It ensures that data is delivered reliably, but it is not related to the Data Link Layer's functions of direct device-to-device communication on the same network.

B. Network layer

The Network layer (Layer 3) is responsible for routing data between different networks. It determines the best path for data to travel across networks, but it does not manage the direct communication between devices on the same local network, which is the job of the Data Link Layer.

D. Physical layer

The Physical layer (Layer 1) deals with the transmission of raw bits over a physical medium like cables or wireless signals. It does not manage the reliable transfer of data frames between devices on the same network, which is handled by the Data Link Layer.

Correct Answer

B. Layer 2 - Data Link

Explanation

VLAN Hopping is an attack that occurs at Layer 2, the Data Link layer, of the OSI model. The attack exploits vulnerabilities in network configurations, particularly in the way VLANs are implemented on switches. In VLAN hopping, an attacker can manipulate VLAN tags in Ethernet frames to send traffic between VLANs that should otherwise be isolated, gaining unauthorized access to data on different VLANs. This typically occurs by exploiting the misconfiguration of VLAN trunking.

Why other options are wrong

A. Layer 4 - Transport

Layer 4 (Transport) deals with end-to-end communication and flow control, such as through protocols like TCP and UDP. VLAN hopping is not related to transport protocols, so this option is incorrect.

C. Layer 5 - Session

Layer 5 (Session) is responsible for managing and controlling sessions between communication endpoints. VLAN hopping is not related to session management, making this option incorrect.

D. Layer 3 - Network

Layer 3 (Network) handles routing between different networks, typically with IP addresses. VLAN hopping occurs within the same network, at the Data Link layer (Layer 2), so this option is incorrect.

Correct Answer

C. Session layer

Explanation

The session layer is responsible for managing sessions between devices, which includes establishing, maintaining, and terminating connections. It ensures that data is properly synchronized and that communication sessions are effectively controlled.

Why other options are wrong

A. Application layer

The application layer provides services directly to the user, like email, web browsing, and file transfer, but it does not manage the establishment, management, or termination of connections between devices.

B. Network layer

The network layer is responsible for routing packets and managing the addressing of devices across networks. It handles the logical addressing (IP addresses) but does not manage the sessions or connections between devices.

D. Physical layer

The physical layer is concerned with transmitting raw bits over a physical medium, including cables and radio waves. It does not handle connections or sessions between devices, which is the role of the session layer.

Correct Answer

B. It utilizes multiple computers to respond to a single ICMP packet while spoofing the source address.

Explanation

A SMURF DDoS attack takes advantage of ICMP (Internet Control Message Protocol) packets and network vulnerabilities to amplify the attack. In this type of attack, the attacker sends a small ICMP packet to a broadcast address, which then causes all devices on the network to respond to the targeted victim's IP address. This results in an overwhelming amount of traffic being directed at the victim, effectively launching a DDoS attack. The attacker also spoofs the source address, making it appear as if the request came from the target, complicating mitigation efforts.

Why other options are wrong

A. It involves a single computer sending multiple ICMP packets to overwhelm a target.

While this describes a form of DDoS attack, it does not accurately define a SMURF attack. A SMURF attack specifically involves the use of broadcast addresses and source address spoofing to amplify the effect using multiple systems.

C. It targets only the application layer of the OSI model.

A SMURF DDoS attack targets the network layer (Layer 3), not the application layer. It focuses on overwhelming the target with traffic using ICMP, which operates at Layer 3.

D. It requires the attacker to have physical access to the network infrastructure.

A SMURF attack does not require physical access to the network. The attack is conducted remotely by exploiting the network's broadcast address, allowing an attacker to launch it from anywhere in the world.

Correct Answer

B. Flooding a victim with ping requests.

Explanation

A Ping Flood is a type of Denial of Service (DoS) attack where the attacker floods a victim with a large volume of ICMP Echo Request (ping) packets. This is done to overwhelm the victim’s network and exhaust its resources, causing the target system to become unresponsive or slow. It relies on the excessive number of requests rather than the content of the messages themselves.

Why other options are wrong

A. Making an online service unavailable to users, usually by temporarily interrupting or suspending the services of its hosting server.

This describes the general concept of a Denial of Service (DoS) attack, but it is not specific to a Ping Flood, which involves flooding the target with ping requests rather than service interruption through other means.

C. Exploiting publicly-accessible Network Time Protocol (NTP) servers to overwhelm a targeted server with UDP traffic.

This describes a reflection attack, specifically an NTP amplification attack, which involves exploiting NTP servers to amplify traffic to the target server. This is different from a Ping Flood, which focuses on flooding with ICMP requests.

D. Sending a large amount of spoofed UDP traffic to a router's broadcast address within a network.

This describes a Smurf Attack, which is a type of DoS attack where UDP packets are sent to a broadcast address. While similar in purpose, it is not the same as a Ping Flood, which uses ICMP Echo requests.