CompTIA Security Plus Mock Test Q719

Which of the following attacks involves the use of previously captured network traffic?

A. Replay
B. Smurf
C. Vishing
D. DDoS


Correct Answer: A
Section: Threats and Vulnerabilities

Explanation:
Replay attacks are becoming quite common. They occur when information is captured over a network. A replay attack is a kind of access or modification attack. In a distributed
environment, logon and password information is sent between the client and the authentication system. The attacker can capture the information and replay it later. This can also occur
with security certificates from systems such as Kerberos: The attacker resubmits the certificate, hoping to be validated by the authentication system and circumvent any time
sensitivity.
If this attack is successful, the attacker will have all of the rights and privileges from the original certificate. This is the primary reason that most certificates contain a unique session
identifier and a time stamp. If the certificate has expired, it will be rejected and an entry should be made in a security log to notify system administrators.

Incorrect Answers:
B: A smurf attack is a type of network security breach in which a network connected to the Internet is swamped with replies to ICMP echo (PING) requests. It does not involve the use
of previously captured network traffic.
C: Vishing is the act of using the telephone in an attempt to scam the user into surrendering private information that will be used for identity theft. The scammer usually pretends to be
a legitimate business, and fools the victim into thinking he or she will profit. Vishing does not involve the use of previously captured network traffic.
D: A Distributed Denial of Service (DDoS) attack is an attack from several different computers targeting a single computer. One common method of attack involves saturating the
target machine with external communications requests, so much so that it cannot respond to legitimate traffic or responds so slowly as to be rendered essentially unavailable. Such
attacks usually lead to a server overload. DDoS attacks do not involve the use of previously captured network traffic.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 325