Multiple Choice
Identify the
choice that best completes the statement or answers the question.
|
|
|
1.
|
(1 point) A student
logs in to a website on public Wi‑Fi. Later, the student notices a password reset
email they did not request. Investigators find someone intercepted and altered web traffic before it
reached the real site. What type of attack best describes this?
a. | On-path (man-in-the-middle)
attack | b. | Evil-twin attack | c. | Jamming attack | d. | War
driving |
|
|
|
2.
|
(1 point) Which
description best matches an on-path attack?
a. | An adversary blocks Wi‑Fi by
transmitting strong noise on the same frequency. | b. | An adversary drives around looking for wireless
beacons. | c. | An adversary overwhelms a switch with random MAC
addresses. | d. | An adversary
intercepts network traffic and can steal or change data before forwarding
it. |
|
|
|
3.
|
(1 point) A bank
employee uses an untrusted network and an adversary captures session cookies and modifies a transfer
request before it arrives at the bank server. In one sentence, what should the risk documentation
emphasize?
a. | High impact because intercepted traffic can be altered
to steal funds or data during an on-path attack. | b. | No impact because traffic always goes directly to the
destination. | c. | Low likelihood
because public Wi‑Fi is always encrypted. | d. | Low impact because cookies are not related to
accounts. |
|
|
|
4.
|
(1 point) A user sends
a file over a network and the receiver gets a changed version of the file even though the sender did
not modify it. Which attack could explain data being altered in transit?
a. | War driving | b. | Jamming attack | c. | MAC flooding
attack | d. | On-path (man-in-the-middle)
attack |
|
|
|
5.
|
(1 point) At a coffee
shop, a user sees two Wi‑Fi networks: 'CoffeeShop_WiFi' and
'CoffeeShop_WiFi_Free'. The user connects to the second one and later their traffic is
found captured by a nearby laptop. What attack best describes this?
a. | DNS poisoning attack | b. | Jamming attack | c. | MAC flooding
attack | d. | Evil-twin attack |
|
|
|
6.
|
(1 point) Which detail
most strongly indicates an evil-twin attack is possible?
a. | A DNS server records are changed by an authoritative
server. | b. | A switch is forced into broadcast
mode. | c. | A router blocks private IP
addresses. | d. | A wireless access
point uses an SSID that is similar or identical to a trusted
network. |
|
|
|
7.
|
(1 point) A
school’s guest Wi‑Fi name is copied by an attacker who sets up
a fake access point in the parking lot. Students connect and the attacker captures logins. How should
the likelihood and impact be documented?
a. | Likelihood is high but impact is none because traffic
cannot be captured. | b. | Likelihood is low
because SSIDs cannot be copied; impact is low. | c. | Likelihood is
moderate to high in public areas; impact can be high if credentials and traffic are
captured. | d. | Likelihood is zero because Wi‑Fi
names are encrypted; impact is none. |
|
|
|
8.
|
(1 point) A user
reports, 'The Wi‑Fi looked normal, but after I connected, I kept getting
redirected to login pages.' Which attack involves tricking users into connecting to a fake
wireless network?
a. | MAC spoofing | b. | ARP poisoning attack | c. | Evil-twin
attack | d. | Jamming attack |
|
|
|
9.
|
(1 point) During a
school event, the Wi‑Fi suddenly stops working for everyone, but wired devices
still work. Security suspects someone is blasting a strong signal on the same frequency as the
wireless network. What attack is this?
a. | ARP poisoning attack | b. | Jamming attack (DoS) | c. | Evil-twin
attack | d. | DNS poisoning
attack |
|
|
|
10.
|
(1 point) Which outcome
best matches a jamming attack?
a. | Users connect to a fake network that captures their
traffic. | b. | A switch learns too many MAC addresses and broadcasts
frames. | c. | A DNS server sends users to the wrong
website. | d. | Legitimate wireless traffic is prevented between users
and the access point. |
|
|
|
11.
|
(1 point) A hospital
relies on Wi‑Fi medical devices. Someone jams the wireless frequency, causing
devices to disconnect. What is the best risk statement?
a. | High impact because jamming can disrupt critical
services by denying wireless connectivity. | b. | Low impact because
only passwords are affected. | c. | Low likelihood
because wireless signals cannot be interfered with. | d. | No impact because jamming only slows websites
slightly. |
|
|
|
12.
|
(1 point) A sports
arena notices wireless ticket scanners fail only inside one section of seating, and the problem stops
when security removes a suspicious transmitter. What attack is most consistent with this
evidence?
a. | War driving | b. | Jamming attack (DoS) | c. | DNS poisoning
attack | d. | MAC flooding
attack |
|
|
|
13.
|
(1 point) A network
admin sees the default gateway’s ARP table suddenly maps a staff
laptop’s IP address to an unknown MAC address. Traffic meant for the laptop begins
going to the attacker instead. What attack is this?
a. | Jamming attack | b. | ARP poisoning attack | c. | DNS poisoning
attack | d. | Evil-twin attack |
|
|
|
14.
|
(1 point) Which
statement best describes what ARP poisoning does?
a. | It floods a wireless channel to block
connections. | b. | It forces a switch
to broadcast all frames by filling its CAM table. | c. | It sends fake ARP packets to change IP-to-MAC mappings so traffic is
misdirected. | d. | It creates a fake
DNS record so URLs go to the wrong site. |
|
|
|
15.
|
(1 point) In an ARP
poisoning incident, what does MAC spoofing refer to?
a. | Blocking Wi‑Fi with
interference | b. | Driving around to
detect wireless beacons | c. | Faking a MAC
address to impersonate another device | d. | Changing a DNS
record on a server |
|
|
|
16.
|
(1 point) A student lab
network uses ARP to reach the default gateway. If ARP poisoning succeeds, what impact should be
documented?
a. | Impact is low because ARP only affects
printers. | b. | Impact can be high because traffic can be intercepted or
redirected to steal or alter data. | c. | Impact is none
because ARP tables cannot be changed. | d. | Impact is limited
to stronger Wi‑Fi signals. |
|
|
|
17.
|
(1 point) A user
reports that secure websites suddenly show certificate warnings right after joining the LAN, and the
gateway’s ARP table has unusual changes. Which attack best fits these
clues?
a. | MAC flooding attack | b. | Jamming attack | c. | War
driving | d. | ARP poisoning
attack |
|
|
|
18.
|
(1 point) A switch
begins sending frames out of many ports like a hub. Logs show thousands of frames arriving with
different source MAC addresses in seconds. What attack is most likely?
a. | Evil-twin attack | b. | MAC flooding attack | c. | DNS poisoning
attack | d. | ARP poisoning
attack |
|
|
|
19.
|
(1 point) What is the
main goal of a MAC flooding attack?
a. | Force a switch into broadcast mode so an adversary can
capture more network traffic. | b. | Trick users into
joining a fake Wi‑Fi network. | c. | Block Wi‑Fi by transmitting
noise. | d. | Replace DNS entries to redirect web
traffic. |
|
|
|
20.
|
(1 point) A company
uses a shared switch for sensitive devices. If MAC flooding succeeds, what is the most realistic risk
impact?
a. | No risk because switches always encrypt
frames. | b. | Risk is limited to password strength
only. | c. | Only risk is slower printing, not
security. | d. | Higher risk of data exposure because frames may be
broadcast and easier to capture. |
|
|
|
21.
|
(1 point) A technician
notices network performance drops and a packet sniffer on one port suddenly sees traffic from many
other devices. Which attack could cause this?
a. | MAC flooding attack | b. | Jamming attack | c. | War
driving | d. | Evil-twin attack |
|
|
|
22.
|
(1 point) Users type a
correct bank URL, but their browsers are redirected to a fake login page. Investigators find a DNS
server stored a fake record after being tricked by a server claiming to be authoritative. What attack
is this?
a. | Jamming attack | b. | MAC flooding attack | c. | DNS poisoning
attack | d. | ARP poisoning
attack |
|
|
|
23.
|
(1 point) Which outcome
best matches DNS poisoning?
a. | A user connects to a fake Wi‑Fi
access point. | b. | Wireless traffic
is blocked by interference. | c. | A switch
broadcasts all frames due to CAM table overflow. | d. | Browser traffic for a real URL is directed to a fake website for credential
harvesting. |
|
|
|
24.
|
(1 point) A
district’s DNS server is poisoned and staff enter passwords on a fake site. What
should a risk note emphasize?
a. | Low likelihood because DNS records cannot be
changed. | b. | Low impact because DNS only affects
email. | c. | No impact because browsers always ignore DNS
responses. | d. | High impact
because credentials can be harvested and users can be redirected without
noticing. |
|
|
|
25.
|
(1 point) A student
says, 'The URL looked right, but it took me to a website with a different login form.'
Which attack commonly uses a fake DNS record to send users to a fake site?
a. | DNS poisoning attack | b. | MAC spoofing | c. | War
driving | d. | Jamming attack |
|
|
|
26.
|
(1 point) An adversary
walks around a building with a laptop and antenna to detect Wi‑Fi beacons and map
where the signal leaks outside. What is this attack called?
a. | On-path attack | b. | War driving | c. | Jamming
attack | d. | MAC flooding
attack |
|
|
|
27.
|
(1 point) Which
activity best describes war driving?
a. | Intercepting and changing traffic between two
devices. | b. | Filling a switch’s CAM table with
random MAC addresses. | c. | Changing DNS
records to redirect websites. | d. | Searching for
wireless network beacons to learn network details and where signals extend beyond the
building. |
|
|
|
28.
|
(1 point) A
company’s Wi‑Fi signal reaches far into the parking lot. If
adversaries war drive the area, what risk statement is most accurate?
a. | Likelihood increases because signal leaks outside;
impact depends on what access the wireless network allows. | b. | Impact is always none because war driving cannot find
networks. | c. | Likelihood is zero because beacons are
invisible. | d. | Likelihood is low
because parking lots block radio waves. |
|
|
|
29.
|
(1 point) A student
finds a map online showing Wi‑Fi networks and their encryption types around town.
Which attack technique is most likely used to collect that data?
a. | War driving | b. | MAC flooding | c. | DNS
poisoning | d. | ARP poisoning |
|
|
|
30.
|
(1 point) Which attack
involves an adversary intercepting traffic between a user and a destination to steal or alter
data?
a. | Jamming attack | b. | On-path (man-in-the-middle) attack | c. | MAC flooding attack | d. | War
driving |
|
|
|
31.
|
(1 point) Which attack
is a denial-of-service (DoS) that targets wireless communication by using electromagnetic
interference?
a. | ARP poisoning attack | b. | DNS poisoning attack | c. | Evil-twin
attack | d. | Jamming attack |
|
|
|
32.
|
(1 point) A default
gateway has an ARP table. Which attack tries to change that table so the attacker receives traffic
meant for a victim?
a. | War driving | b. | ARP poisoning attack | c. | MAC flooding
attack | d. | Jamming attack |
|
|
|
33.
|
(1 point) Which attack
overwhelms a switch with many different MAC addresses to make it broadcast frames?
a. | MAC flooding attack | b. | On-path attack | c. | DNS poisoning
attack | d. | Evil-twin attack |
|
|
|
34.
|
(1 point) A small
business has no firewall on its network. How could an adversary exploit this to map the internal
network?
a. | They could map the network only by reading paper
manuals. | b. | They could send malicious traffic to probe devices and
learn the network’s structure because nothing filters the
scans. | c. | They could only attack if they have a physical key to
the building. | d. | They could only
attack if all devices are powered off. |
|
|
|
35.
|
(1 point) Why does an
improperly configured firewall increase the risk of disruption to network services?
a. | It prevents any devices from connecting to the
router. | b. | It automatically disables encryption on
Wi‑Fi. | c. | It may allow
malicious traffic into the network, including traffic meant to overload or disrupt
services. | d. | It forces all users to share the same
password. |
|
|
|
36.
|
(1 point) A school
allows inbound traffic to many unused ports. Explain the main risk that should be
documented.
a. | Inbound ports cannot be used unless the attacker is an
employee. | b. | Open ports only affect printing, not
security. | c. | Open ports can allow malicious traffic to enter for
scanning, spoofing, or service disruption, increasing risk. | d. | Unused ports reduce risk because they confuse
attackers. |
|
|
|
37.
|
(1 point) An adversary
sends traffic that pretends to be from a trusted device. How can weak firewall rules make this
easier?
a. | If rules allow traffic based on limited checks, spoofed
traffic may be accepted as legitimate and pass into the network. | b. | Spoofing can only happen on wired networks, not
wireless. | c. | Spoofing is prevented automatically by using
IPv4. | d. | Firewalls always verify identity with
fingerprints. |
|
|
|
38.
|
(1 point) A laptop on a
LAN is compromised by malware. How can an adversary use this to move laterally?
a. | They must jam Wi‑Fi to move
laterally. | b. | They can use their
access on the first device to try to compromise other devices on the same
LAN. | c. | They can only move laterally if the firewall blocks all
traffic. | d. | They can only attack devices in other countries, not the
same LAN. |
|
|
|
39.
|
(1 point) Why does
compromising one device increase the risk to other devices on the same LAN?
a. | Because compromising one device changes
everyone’s MAC address. | b. | Because LANs
automatically encrypt every file on every device. | c. | Because the attacker can attempt to access shared resources or exploit trust
relationships to compromise additional devices. | d. | Because a
compromised device stops all network traffic permanently. |
|
|
|
40.
|
(1 point) A hospital
documents an incident where one workstation was compromised. What additional risk should be noted
about the LAN?
a. | There is no risk because only one device was
affected. | b. | There is risk of lateral movement, where the adversary
could spread to other devices and services on the LAN. | c. | Risk is only to public websites, not internal
systems. | d. | Risk is limited to power outages
only. |
|
|
|
41.
|
(1 point) An attacker
gains access to a receptionist computer. Explain how this could become a bigger problem for the
entire office network.
a. | The attacker must first replace the router to do
anything else. | b. | The attacker can
only steal paper documents from the desk. | c. | The attacker
cannot reach anything else if the computer is turned on. | d. | The attacker could use that foothold to target other internal devices and gain
broader access through lateral movement. |
|
|
|
42.
|
(1 point) A visitor
finds an active ethernet port in a conference room and plugs in a laptop. How could this be exploited
if port security is not enabled?
a. | The visitor could only steal data if they know the
Wi‑Fi password. | b. | The visitor could
gain access to the LAN through the switch port and launch attacks like DoS, MAC flooding, or MAC
spoofing. | c. | The visitor would automatically be blocked by
DNS. | d. | The visitor can only access the internet and cannot
reach the LAN. |
|
|
|
43.
|
(1 point) Why does
enabling port security reduce risk when someone plugs into a switch port?
a. | Port security can restrict which devices (MAC addresses)
are allowed, limiting unauthorized physical connections. | b. | Port security disables all user accounts
automatically. | c. | Port security
encrypts all files on the network. | d. | Port security
prevents power failures. |
|
|
|
44.
|
(1 point) A company has
exposed data ports in a public lobby. What likelihood and impact concerns should be
documented?
a. | Likelihood is higher because access is easy; impact can
be high because an attacker could access the LAN and disrupt or capture
traffic. | b. | Likelihood is low because ethernet ports are harmless;
impact is none. | c. | Likelihood is zero
because switches cannot be attacked; impact is low. | d. | Likelihood is high but impact is only slower
Wi‑Fi. |
|
|
|
45.
|
(1 point) How could
physical access to a switch port lead to a denial-of-service (DoS) condition on a LAN?
a. | DoS only happens if the network uses
IPv6. | b. | An attacker could connect and generate overwhelming
traffic or use MAC flooding to degrade switch performance. | c. | DoS can only be done from outside the building over
Wi‑Fi. | d. | An attacker could
only cause DoS by changing a DNS record. |
|
|
|
46.
|
(1 point) A network
admin notices many different MAC addresses appearing on one switch port after hours. Explain what
this could mean.
a. | It may indicate a MAC flooding attempt from a device
plugged into that port to force the switch into broadcast behavior. | b. | It proves the firewall is working correctly. | c. | It means the router’s power supply is
failing. | d. | It shows the Wi‑Fi password is too
long. |
|
|
|
47.
|
(1 point) A
company’s Wi‑Fi signal reaches the parking lot. How can an
adversary exploit this without entering the building?
a. | They can capture beacon frames and signals to learn
network details and attempt eavesdropping or cryptographic attacks. | b. | They can only exploit it by physically stealing the
router. | c. | They must first plug into an ethernet port inside the
server room. | d. | They can only
exploit it if cameras are turned off. |
|
|
|
48.
|
(1 point) Why is it
risky when a wireless access point broadcasts outside a physically secure space?
a. | Broadcasting outside only affects device battery
life. | b. | Attackers outside can gather information about the
network and attempt interception or cracking attacks. | c. | It automatically disables the firewall. | d. | Wireless signals cannot be intercepted outside
buildings. |
|
|
|
49.
|
(1 point) A school
documents that Wi‑Fi is accessible from the sidewalk. What is the most important
risk to note?
a. | No impact because beacon frames contain no useful
info. | b. | Risk is only to wired devices, not
wireless. | c. | Lower likelihood because sidewalks are
public. | d. | Higher likelihood of attack because adversaries can
attempt eavesdropping or cracking without entering the
building. |
|
|
|
50.
|
(1 point) Explain how
an adversary could use information from Wi‑Fi beacon frames to plan an
attack.
a. | Beacon frames prevent encryption from being
used. | b. | Beacon frames automatically log attackers out of
networks. | c. | Beacon frames reveal network identifiers and settings
that can help attackers choose methods to join or intercept traffic. | d. | Beacon frames only contain the building’s street
address. |
|
|
|
51.
|
(1 point) A student
says, 'The network is safe because the building is locked.' Why can this be false for
wireless networks?
a. | Wireless networks can only be accessed with a physical
key. | b. | Locks automatically encrypt wireless
traffic. | c. | Locked doors stop radio
waves. | d. | Wireless signals can extend outside, letting attackers
attempt attacks without physical entry. |
|
|
|
52.
|
(1 point) A guest
network has no password. Explain how this makes attacks from inside the network easier.
a. | Open networks automatically block all traffic from new
devices. | b. | A passwordless network is always
encrypted. | c. | An adversary can
join without authentication and launch attacks from within the network
environment. | d. | Without a
password, devices cannot connect at all. |
|
|
|
53.
|
(1 point) Why does
authenticating both users and devices reduce network risk?
a. | It makes it harder for adversaries to join the network
and attack from inside. | b. | It guarantees that
malware cannot exist. | c. | It forces all
traffic to use the same IP address. | d. | It prevents power
outages and hardware failures. |
|
|
|
54.
|
(1 point) A
café offers open Wi‑Fi and has experienced suspicious activity. What
should be documented about risk?
a. | Risk is limited to printer jams
only. | b. | Likelihood of adversaries joining is higher; impact can
include attacks launched from within the network. | c. | Open Wi‑Fi prevents attackers from joining because it is
public. | d. | Likelihood is low because cafés are small;
impact is none. |
|
|
|
55.
|
(1 point) Explain how
an adversary joining a network can help them bypass some perimeter defenses.
a. | Once inside, the adversary may be treated like an
internal device, allowing easier access to internal services. | b. | Perimeter defenses become stronger when someone
joins. | c. | Internal networks always block internal
traffic. | d. | Joining the network automatically disables the
attacker’s tools. |
|
|
|
56.
|
(1 point) An attacker
plugs a small wireless router into an open wall port inside an office. Explain why this is
dangerous.
a. | It creates a rogue access point that can provide
wireless access to the internal LAN and bypass firewalls. | b. | It only affects DNS lookups, not network access. | c. | It encrypts all network traffic automatically. | d. | It strengthens the company’s Wi‑Fi
coverage securely. |
|
|
|
57.
|
(1 point) How can a
rogue access point allow an adversary to access the LAN from outside the building?
a. | The rogue AP blocks wireless signals from leaving the
building. | b. | The rogue AP turns off the switch CAM
table. | c. | The rogue AP forces all users to change
passwords. | d. | The adversary can
connect wirelessly to the rogue AP and reach internal resources through that wired
port. |
|
|
|
58.
|
(1 point) A company
finds an unknown access point connected to an internal switch. What impact should be
documented?
a. | Low impact because extra access points only improve
performance. | b. | Impact is limited
to slower printers. | c. | High impact
because it can bypass perimeter controls and give direct internal network
access. | d. | No impact because firewalls stop all internal wireless
connections. |
|
|
|
59.
|
(1 point) Why is an
open network port a vulnerability in physical spaces?
a. | Open ports automatically disable
encryption. | b. | Open ports prevent
any device from connecting. | c. | Open ports only
affect battery life. | d. | It can be used to
connect unauthorized devices, including rogue access points that bypass firewall
protections. |
|
|
|
60.
|
(1 point) Explain how a
rogue access point can change the attacker’s position from 'outside' to
'inside' the network.
a. | It provides a wireless entry point connected directly to
the LAN, letting the attacker operate as an internal client. | b. | It forces routers to drop private addresses. | c. | It automatically deletes network logs. | d. | It makes the attacker’s traffic invisible to
switches. |
|
|
|
61.
|
(1 point) A network
uses weak wireless encryption. Explain how an adversary could exploit this to steal
data.
a. | They would need to physically destroy the access point
to steal data. | b. | Weak encryption
only affects download speed, not security. | c. | They could attempt
to break the encryption and then intercept or read network traffic in
transit. | d. | They could only steal data by changing firewall rules on
the router. |
|
|
|
62.
|
(1 point) Why does
strong wireless encryption reduce the chance of eavesdropping?
a. | Encryption prevents devices from connecting to the
AP. | b. | Encrypted traffic is harder to capture and understand,
even if an attacker intercepts it. | c. | Encryption
replaces the need for authentication. | d. | Encryption
increases the broadcast range of Wi‑Fi. |
|
|
|
63.
|
(1 point) A school uses
outdated Wi‑Fi encryption and allows access from outside the building. What should
be documented about risk?
a. | Impact is none because encrypted traffic cannot be
intercepted. | b. | Risk is only to
wired connections. | c. | Likelihood of
interception is higher and impact can include data exposure if encryption is
broken. | d. | Likelihood is low because old encryption is
stronger. |
|
|
|
64.
|
(1 point) An adversary
captures wireless packets and tries to recover readable data from them. Which vulnerability are they
most likely exploiting?
a. | A locked server room door | b. | A firewall that blocks inbound scans | c. | Strong port security on switch ports | d. | Weak wireless encryption that can be
broken |
|
|
|
65.
|
(1 point) Explain why
firewalls are important for reducing malicious traffic used for scanning and spoofing.
a. | Firewalls make Wi‑Fi signals stop at
the wall. | b. | Firewalls only work on
printers. | c. | Firewalls prevent employees from losing
badges. | d. | Firewalls filter traffic and can block or limit
malicious probes and spoofed packets from entering the
network. |
|
|
|
66.
|
(1 point) A single
compromised device is called a 'foothold.' Explain why defenders worry about footholds on a
LAN.
a. | Because a foothold can be leveraged for lateral movement
to compromise more devices and services. | b. | Because LANs
cannot have more than one infected device. | c. | Because footholds
stop attackers from moving anywhere. | d. | Because footholds
automatically fix vulnerabilities. |
|
|
|
67.
|
(1 point) Explain why a
rogue access point can be more dangerous than an attacker outside the network
perimeter.
a. | It prevents any device from
connecting. | b. | It gives the
attacker internal access, bypassing perimeter defenses like firewalls and exposing internal
resources. | c. | It reduces risk by
adding more encryption. | d. | It only changes
the Wi‑Fi name and has no security effect. |
|
|
|
68.
|
(1 point) Explain how
lack of device/user authentication can lead to attacks that disrupt network
communication.
a. | Authentication only affects email, not network
access. | b. | Attackers cannot disrupt networks once
connected. | c. | If attackers can
join easily, they can generate malicious traffic from inside to disrupt services or steal
data. | d. | Disruption only happens through natural
disasters. |
|