CNET 311 Final Test

docx

School

Humber College *

*We aren’t endorsed by this school

Course

CNET311

Subject

Information Systems

Date

Oct 30, 2023

Type

docx

Pages

Uploaded by DukeCaterpillarMaster966

CNET 311 Exam questions Time 90 minutes Points : 100 marks 1.What are the data loss vectors in Cyber security. Describe. Data loss vectors are procedures and ways to do a cyber security attack are a threat for the information security. The most common attack vectors include malware, viruses, email attachments, web pages, pop-ups, instant messages, text messages, and social engineering. Data loss vector uses that method to steal information, regularly they work between the end users and a destination. Generally, vectors use scripts, redirection of routing paths, installation of some internal processes into systems and also employees. 2.Describe different type of hacker types.  White Hat / Ethical Hackers White hat hackers are types of hackers who’re professionals with expertise in cybersecurity. They are authorized or certified to hack the systems. These White Hat Hackers work for governments or organizations by getting into the system. They hack the system from the loopholes in the cybersecurity of the organization. This hacking is done to test the level of cybersecurity in their organization. By doing so, they identify the weak points and fix them to avoid attacks from external sources. White hat hackers work per the rules and regulations the government sets. White hat hackers are also known as ethical hackers.  Black Hat Hackers Black hat hackers are also knowledgeable computer experts but with the wrong intention. They attack other systems to get access to systems where they do not have authorized entry. On gaining entry they might steal the data or destroy the system. The hacking practices these types of hackers use depend on the individual’s hacking capacity and knowledge. As the intentions of the hacker make the hacker a criminal.  Gray Hat Hackers The intention behind the hacking is considered while categorizing the hacker. The Gray hat hacker falls between the black and white hat hackers. They are not certified, hackers. These types of hackers work with either good or bad intentions. The hacking might be for their gain.

The intention behind hacking decides the type of hacker. If the intention is for personal gain, the hacker is considered a gray hat hacker.  Script Kiddies It is a known fact that half knowledge is always dangerous. The Script Kiddies are amateurs types of hackers in the field of hacking. They try to hack the system with scripts from other fellow hackers. They try to hack the systems, networks, or websites. The intention behind the hacking is just to get the attention of their peers. Script Kiddies are juveniles who do not have complete knowledge of the hacking process.  Green Hat Hackers Green hat hackers are types of hackers who learn the ropes of hacking. They are slightly different from the Script Kiddies due to their intention. The intent is to strive and learn to become full-fledged hackers. They are looking for opportunities to learn from experienced hackers.  Blue Hat Hackers Blue Hat Hackers are types of hackers who’re similar to Script Kiddies. The intent to learn is missing. They use hacking as a weapon to gain popularity among their fellow beings. They use hacking to settle scores with their adversaries. Blue Hat Hackers are dangerous due to the intent behind the hacking rather than their knowledge.  Red Hat Hackers Red Hat Hackers are synonymous with Eagle-Eyed Hackers. They are the types of hackers who’re similar to white hackers. The red hat hackers intend to stop the attack of black hat hackers. The difference between red hat hackers and white hat hackers is that the process of hacking through intention remains the same. Red hat hackers are quite ruthless when dealing with black hat hackers or counteracting malware. The red hat hackers continue to attack and may end up having to replace the entire system setup.  State/Nation Sponsored Hackers Government appoints hackers to gain information about other countries. These types of hackers are known as State/Nation sponsored hackers. They use their knowledge to gain confidential information from other countries to be well prepared for any upcoming danger to their country. The sensitive information aids in being on top of every

situation but also in avoiding upcoming danger. They report only to their governments.  Hacktivist These types of hackers intend to hack government websites. They pose themselves as activists, so known as a hacktivist. Hacktivists can be an individual or a bunch of nameless hackers whose intent is to gain access to government websites and networks. The data gained from government files accessed are used for personal political or social gain.  Malicious insider or Whistleblower These types of hackers include individuals working in an organization who can expose confidential information. The intent behind the exposure might be a personal grudge against the organization, or the individual might have come across illegal activities within the organization. The reason for exposure defines the intent behind the exposure. These individuals are known as whistleblowers. 3.What is the first common type of Computer Malware. Describe Worm. Computer worms are among the most common types of malware. They spread over computer networks by exploiting operating system vulnerabilities. 4.What are the common network attacks  Unauthorized access. Unauthorized access refers to attackers accessing a network without receiving permission. ...  Distributed Denial of Service (DDoS) attacks. ...  Man in the middle attacks. ...  Code and SQL injection attacks. ...  Privilege escalation. ...  Insider threats. 5.Describe different type of Social Engineering attacks  Baiting

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

As its name implies, baiting attacks use a false promise to pique a victim’s greed or curiosity. They lure users into a trap that steals their personal information or inflicts their systems with malware. The most reviled form of baiting uses physical media to disperse malware. For example, attackers leave the bait—typically malware-infected flash drives—in conspicuous areas where potential victims are certain to see them (e.g., bathrooms, elevators, the parking lot of a targeted company). The bait has an authentic look to it, such as a label presenting it as the company’s payroll list. Victims pick up the bait out of curiosity and insert it into a work or home computer, resulting in automatic malware installation on the system. Baiting scams don’t necessarily have to be carried out in the physical world. Online forms of baiting consist of enticing ads that lead to malicious sites or that encourage users to download a malware-infected application.  Scareware Scareware involves victims being bombarded with false alarms and fictitious threats. Users are A deceived to think their system is infected with malware, prompting them to install software that has no real benefit (other than for the perpetrator) or is malware itself. Scareware is also referred to as deception software, rogue scanner software and fraudware. A common scareware example is the legitimate-looking popup banners appearing in your browser while surfing the web, displaying such text such as, “Your computer may be infected with harmful spyware programs.” It either offers to install the tool (often malware-infected) for you, or will direct you to a malicious site where your computer becomes infected. Scareware is also distributed via spam email that doles out bogus warnings, or makes offers for users to buy worthless/harmful services.  Pretexting Here an attacker obtains information through a series of cleverly crafted lies. The scam is often initiated by a perpetrator pretending to need sensitive information from a victim so as to perform a critical task. The attacker usually starts by establishing trust with their victim by impersonating co-workers, police, bank and tax officials, or other persons who have right-to-know authority. The pretexter asks questions that are ostensibly required to confirm the victim’s identity, through which they gather important personal data. All sorts of pertinent information and records is gathered using this scam, such as social security numbers, personal addresses and phone numbers, phone records, staff vacation dates, bank records and even security information related to a physical plant.

 Phishing As one of the most popular social engineering attack types, phishing scams are email and text message campaigns aimed at creating a sense of urgency, curiosity or fear in victims. It then prods them into revealing sensitive information, clicking on links to malicious websites, or opening attachments that contain malware.  Spear phishing This is a more targeted version of the phishing scam whereby an attacker chooses specific individuals or enterprises. They then tailor their messages based on characteristics, job positions, and contacts belonging to their victims to make their attack less conspicuous. Spear phishing requires much more effort on behalf of the perpetrator and may take weeks and months to pull off. They’re much harder to detect and have better success rates if done skillfully. 6.What is ARP Cache Poisoning. ARP Poisoning is a type of cyberattack that abuses weaknesses in the widely used Address Resolution Protocol (ARP) to disrupt, redirect, or spy on network traffic. 7.What is NAT? How does NAT works? A Network Address Translation (NAT) is the process of mapping an internet protocol (IP) address to another by changing the header of IP packets while in transit via a router. This helps to improve security and decrease the number of IP addresses an organization needs. 8.What are the advantages and disadvantages of NAT? Advantages of NAT • The main advantage of NAT (Network Address Translation) is that it can prevent the depletion of IPv4 addresses. • NAT (Network Address Translation) can provide an additional layer of security by making the oringinal source and destination addresses hidden. • NAT (Network Address Translation) provides increased flexibility when connecting to the public Internet.

• NAT (Network Address Translation) allows to use your own private IPv4 addressing system and prevent the internal address changes if you change the service provider. Disadvantages of NAT • NAT (Network Address Translation) is a processor and memory resource consuming technology, since NAT (Network Address Translation) need to translate IPv4 addresses for all incoming and outgoing IPv4 datagrams and to keep the translation details in memory. • NAT (Network Address Translation) may cause delay in IPv4 communication . • NAT (Network Address Translation) cause loss of end-device to end- device IP traceability • Some technologies and network applications will not function as expected in a NAT (Network Address Translation) configured network. 9.What is Named standard ACL? Give examples of Named standard ACL. Standard ACLs identify the destination IP addresses of OSPF routes and can be used in a route map for OSPF redistribution . The most common examples of these are web servers, DNS servers, and remote access or VPN systems. The internal router of a DMZ contains more restrictive ACLs designed to protect the internal network from more defined threats. 10.Configure extended IPV4 ACLs enable configure terminal access-list 100 permit tcp 172.22.34.64 0.0.0.31 host 172.22.34.62 eq ftp access-list 100 permit icmp 172.22.34.64 0.0.0.31 host 172.22.34.62 interface gigabitEthernet 0/0 ip access-group 100 in ip access-list extended HTTP_ONLY permit tcp 172.22.34.96 0.0.0.15 permit tcp 172.22.34.96 0.0.0.15 host 172.22.34.62 eq www permit icmp 172.22.34.96 0.0.0.15 host 172.22.34.62 interface gigabitEthernet 0/1 ip access-group HTTP_ONLY in

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version