- (Topic 3)
When you are testing a web application, it is very useful to employ a proxy tool to save every request and response. You can manually test every request and analyze the response to find vulnerabilities. You can test parameter and headers manually to get more precise results than if using web vulnerability scanners.
What proxy tool will help you find web vulnerabilities?
Correct Answer:
C
- (Topic 3)
You are a cybersecurlty consultant for a smart city project. The project involves deploying a vast network of loT devices for public utilities like traffic control, water supply, and power grid management The city administration is concerned about the possibility of a Distributed Denial of Service (DDoS) attack crippling these critical services. They have asked you for advice on how to prevent such an attack. What would be your primary recommendation?
Correct Answer:
A
Implementing regular firmware updates for all IoT devices is the primary recommendation to prevent DDoS attacks on the smart city project. Firmware updates can fix security vulnerabilities, patch bugs, and improve performance of the IoT devices, making them less susceptible to malware infections and botnet recruitment12. Firmware updates can also enable new security features, such as encryption, authentication, and firewall, that can protect the IoT devices from unauthorized access and data theft3. Firmware updates should be done automatically or remotely, without requiring user intervention, to ensure timely and consistent security across the IoT network4.
The other options are not as effective or feasible as firmware updates for the following reasons:
✑ B. Deploying network intrusion detection systems (IDS) across the IoT network
can help detect and alert DDoS attacks, but not prevent them. IDS can monitor network traffic and identify malicious patterns, such as high volume, spoofed IP addresses, or unusual protocols, that indicate a DDoS attack5. However, IDS cannot block or mitigate the attack, and may even be overwhelmed by the flood of traffic, resulting in false positives or missed alerts. Moreover, deploying IDS across a vast network of IoT devices can be costly, complex, and resource-intensive, as it requires dedicated hardware, software, and personnel.
✑ C. Establishing strong, unique passwords for each IoT device can prevent
unauthorized access and brute-force attacks, but not DDoS attacks. Passwords can protect the IoT devices from being compromised by hackers who try to guess or crack the default or weak credentials. However, passwords cannot prevent DDoS attacks that exploit known or unknown vulnerabilities in the IoT devices, such as buffer overflows, command injections, or protocol flaws. Moreover, establishing and managing strong, unique passwords for each IoT device can be challenging and impractical, as it requires user awareness, memory, and effort.
✑ D. Implementing IP address whitelisting for all IoT devices can restrict network
access and communication to trusted sources, but not DDoS attacks. IP address whitelisting can filter out unwanted or malicious traffic by allowing only the predefined IP addresses to connect to the IoT devices. However, IP address whitelisting cannot prevent DDoS attacks that use spoofed or legitimate IP addresses, such as reflection or amplification attacks, that bypass the whitelisting rules. Moreover, implementing IP address whitelisting for all IoT devices can be difficult and risky, as it requires constant updating, testing, and monitoring of the whitelist, and may block legitimate or emergency traffic by mistake.
References:
✑ 1: How to proactively protect IoT devices from DDoS attacks - Synopsys
✑ 2: IoT and DDoS: Cyberattacks on the Rise | A10 Networks
✑ 3: Detection and Prevention of DDoS Attacks on the IoT - MDPI
✑ 4: How to Secure IoT Devices: 5 Best Practices | IoT For All
✑ 5: Intrusion Detection Systems (IDS) Part 1 - Network Security | Coursera
✑ : DDoS Attacks: Detection and Mitigation - Cisco
✑ : The Challenges of IoT Security - Infosec Resources
✑ : IoT Security: How to Protect Connected Devices and the IoT Ecosystem | Kaspersky
✑ : IoT Security: Common Vulnerabilities and Attacks | IoT For All
✑ : The Password Problem: How to Use Passwords Effectively in 2021 | Dashlane Blog
✑ : What is IP Whitelisting? | Cloudflare
✑ : DDoS Attacks: Types, Techniques, and Protection | Cloudflare
✑ : IP Whitelisting: Pros and Cons | Imperva
- (Topic 1)
Todd has been asked by the security officer to purchase a counter-based authentication system. Which of the following best describes this type of system?
Correct Answer:
C
- (Topic 1)
Which of the following Linux commands will resolve a domain name into IP address?
Correct Answer:
A
- (Topic 3)
John, a professional hacker, performs a network attack on a renowned organization and gains unauthorized access to the target network. He remains in the network without being detected for a long time and obtains sensitive information without sabotaging the organization. Which of the following attack techniques is used by John?
Correct Answer:
A
An advanced persistent threat (APT) may be a broad term wont to describe AN attack campaign within which an intruder, or team of intruders, establishes a bootleg, long presence on a network so as to mine sensitive knowledge.
The targets of those assaults, that square measure terribly fastidiously chosen and researched, usually embrace massive enterprises or governmental networks. the implications of such intrusions square measure huge, and include:
✑ Intellectual property thieving (e.g., trade secrets or patents)
✑ Compromised sensitive info (e.g., worker and user personal data)
✑ The sabotaging of essential structure infrastructures (e.g., information deletion)
✑ Total website takeovers
Executing an APT assault needs additional resources than a regular internet application attack. The perpetrators square measure typically groups of intimate cybercriminals having substantial resource. Some APT attacks square measure government-funded and used as cyber warfare weapons.
APT attacks dissent from ancient internet application threats, in that:
✑ They??re considerably additional advanced.
✑ They??re not hit and run attacks—once a network is infiltrated, the culprit remains so as to realize the maximum amount info as potential.
✑ They??re manually dead (not automated) against a selected mark and indiscriminately launched against an outsized pool of targets.
✑ They typically aim to infiltrate a complete network, as opposition one specific half. More common attacks, like remote file inclusion (RFI), SQL injection and cross-site scripting (XSS), square measure oftentimes employed by perpetrators to ascertain a footing in a very targeted network. Next, Trojans and backdoor shells square measure typically wont to expand that foothold and make a persistent presence inside the targeted perimeter.
