CNIT 340 Exam 1 Network Security Fundamentals
Actual Practice Questions: Complete Verified
Solutions & Assessment
SECTION 1: NETWORK SECURITY FUNDAMENTALS (Questions 1-14)
Q1: An attacker performs a reconnaissance scan against a corporate network to identify
open ports and services. Which phase of the Cyber Kill Chain does this represent?
A) Weaponization
B) Delivery
C) Reconnaissance
D) Exploitation
Correct Answer: C
Complete Solution:
The Lockheed Martin Cyber Kill Chain framework consists of seven phases:
Reconnaissance, Weaponization, Delivery, Exploitation, Installation, Command and
Control, and Actions on Objectives. Reconnaissance is the initial phase where attackers
gather information about the target network, including port scanning, service
identification, and OS fingerprinting. Weaponization (A) involves coupling exploits with
backdoors into deliverable payloads. Delivery (B) transmits the weapon to the target via
email, web, or USB. Exploitation (D) triggers the vulnerability to execute code.
Technical Reference: Lockheed Martin Cyber Kill Chain Framework (2011)
,Q2: Which security principle is primarily enforced by implementing the principle of least
privilege?
A) Confidentiality
B) Integrity
C) Availability
D) Accountability
Correct Answer: A
Complete Solution:
The principle of least privilege restricts user access rights to the minimum necessary to
perform job functions, directly protecting confidentiality by preventing unauthorized
access to sensitive data. While it supports integrity (preventing unauthorized
modifications) and accountability (through access logging), its primary alignment is
with confidentiality in the CIA triad. NIST SP 800-53 defines least privilege as a access
control requirement for protecting sensitive information.
Technical Reference: NIST SP 800-53 Rev. 5, Access Control (AC) Family
Q3: A company's web server experiences a DDoS attack that floods it with SYN packets
without completing the TCP handshake. What type of attack is this?
A) Application-layer attack
B) Protocol attack
C) Volumetric attack
,D) Reflection attack
Correct Answer: B
Complete Solution:
A SYN flood attack exploits the TCP three-way handshake protocol by sending SYN
packets but never completing the connection with ACK, exhausting server connection
queues. This is classified as a protocol attack (Layer 4) according to US-CERT
classifications. Volumetric attacks (C) consume bandwidth with massive traffic
volumes (e.g., UDP floods). Application-layer attacks (A) target Layer 7 resources (e.g.,
HTTP floods). Reflection attacks (D) use spoofed source IPs to bounce traffic off
third-party servers.
Technical Reference: US-CERT Alert TA14-017A, DDoS Attack Types
Q4: Which cryptographic property ensures that a message cannot be denied by the
sender after transmission?
A) Confidentiality
B) Integrity
C) Non-repudiation
D) Availability
Correct Answer: C
Complete Solution:
Non-repudiation provides proof of origin and integrity, preventing the sender from
denying they sent the message. This is achieved through digital signatures and audit
trails. Confidentiality (A) prevents unauthorized reading. Integrity (B) prevents
, unauthorized modification. Availability (D) ensures systems are accessible.
Non-repudiation is critical for legal and financial transactions.
Technical Reference: NIST SP 800-57 Part 1 Rev. 5, Recommendation for Key
Management
Q5: An attacker intercepts network traffic between a client and server, then relays and
potentially alters the communication. What is this attack called?
A) Man-in-the-middle (MITM)
B) Replay attack
C) Session hijacking
D) ARP spoofing
Correct Answer: A
Complete Solution:
A man-in-the-middle (MITM) attack positions the attacker between two communicating
parties, allowing eavesdropping and potential modification of traffic. ARP spoofing (D)
is a specific technique to achieve MITM on local networks. Replay attacks (B) capture
and retransmit valid data. Session hijacking (C) steals session tokens to impersonate
users. MITM is the broader category encompassing these techniques.
Technical Reference: OWASP Top 10 2021, A02:2021 – Cryptographic Failures
Q6: Which of the following is NOT a characteristic of a stateful firewall?
A) Maintains connection tracking table
Actual Practice Questions: Complete Verified
Solutions & Assessment
SECTION 1: NETWORK SECURITY FUNDAMENTALS (Questions 1-14)
Q1: An attacker performs a reconnaissance scan against a corporate network to identify
open ports and services. Which phase of the Cyber Kill Chain does this represent?
A) Weaponization
B) Delivery
C) Reconnaissance
D) Exploitation
Correct Answer: C
Complete Solution:
The Lockheed Martin Cyber Kill Chain framework consists of seven phases:
Reconnaissance, Weaponization, Delivery, Exploitation, Installation, Command and
Control, and Actions on Objectives. Reconnaissance is the initial phase where attackers
gather information about the target network, including port scanning, service
identification, and OS fingerprinting. Weaponization (A) involves coupling exploits with
backdoors into deliverable payloads. Delivery (B) transmits the weapon to the target via
email, web, or USB. Exploitation (D) triggers the vulnerability to execute code.
Technical Reference: Lockheed Martin Cyber Kill Chain Framework (2011)
,Q2: Which security principle is primarily enforced by implementing the principle of least
privilege?
A) Confidentiality
B) Integrity
C) Availability
D) Accountability
Correct Answer: A
Complete Solution:
The principle of least privilege restricts user access rights to the minimum necessary to
perform job functions, directly protecting confidentiality by preventing unauthorized
access to sensitive data. While it supports integrity (preventing unauthorized
modifications) and accountability (through access logging), its primary alignment is
with confidentiality in the CIA triad. NIST SP 800-53 defines least privilege as a access
control requirement for protecting sensitive information.
Technical Reference: NIST SP 800-53 Rev. 5, Access Control (AC) Family
Q3: A company's web server experiences a DDoS attack that floods it with SYN packets
without completing the TCP handshake. What type of attack is this?
A) Application-layer attack
B) Protocol attack
C) Volumetric attack
,D) Reflection attack
Correct Answer: B
Complete Solution:
A SYN flood attack exploits the TCP three-way handshake protocol by sending SYN
packets but never completing the connection with ACK, exhausting server connection
queues. This is classified as a protocol attack (Layer 4) according to US-CERT
classifications. Volumetric attacks (C) consume bandwidth with massive traffic
volumes (e.g., UDP floods). Application-layer attacks (A) target Layer 7 resources (e.g.,
HTTP floods). Reflection attacks (D) use spoofed source IPs to bounce traffic off
third-party servers.
Technical Reference: US-CERT Alert TA14-017A, DDoS Attack Types
Q4: Which cryptographic property ensures that a message cannot be denied by the
sender after transmission?
A) Confidentiality
B) Integrity
C) Non-repudiation
D) Availability
Correct Answer: C
Complete Solution:
Non-repudiation provides proof of origin and integrity, preventing the sender from
denying they sent the message. This is achieved through digital signatures and audit
trails. Confidentiality (A) prevents unauthorized reading. Integrity (B) prevents
, unauthorized modification. Availability (D) ensures systems are accessible.
Non-repudiation is critical for legal and financial transactions.
Technical Reference: NIST SP 800-57 Part 1 Rev. 5, Recommendation for Key
Management
Q5: An attacker intercepts network traffic between a client and server, then relays and
potentially alters the communication. What is this attack called?
A) Man-in-the-middle (MITM)
B) Replay attack
C) Session hijacking
D) ARP spoofing
Correct Answer: A
Complete Solution:
A man-in-the-middle (MITM) attack positions the attacker between two communicating
parties, allowing eavesdropping and potential modification of traffic. ARP spoofing (D)
is a specific technique to achieve MITM on local networks. Replay attacks (B) capture
and retransmit valid data. Session hijacking (C) steals session tokens to impersonate
users. MITM is the broader category encompassing these techniques.
Technical Reference: OWASP Top 10 2021, A02:2021 – Cryptographic Failures
Q6: Which of the following is NOT a characteristic of a stateful firewall?
A) Maintains connection tracking table
