3.

What type of network security threat

involves eavesdropping on data
EXERCISE 1 (40mks) transmissions to steal confidential
information?
1. What is the primary goal of network
security? a) Denial-of-Service (DoS) attack

a) To improve network performance b) Man-in-the-Middle (MitM) attack

b) To ensure the confidentiality, integrity, c) Social engineering attack

and availability of data.
d) Brute-force password attack
c) To simplify network management
4. Which security protocol encrypts data
d) To reduce the cost of network during transmission over a network,
infrastructure making it unreadable to unauthorized
users?
2. Which of the following is NOT a core
principle of CIA triad in network a) TCP/IP
security?
b) HTTP
a) Confidentiality: Keeping data private and
accessible only to authorized users. c) HTTPS (Secure Hypertext Transfer
Protocol)
b) Integrity: Ensuring data remains
unaltered during transmission or storage d) DNS (Domain Name System)

. c) Authentication: Verifying the identity of 5. What is a firewall in network security?

users and devices accessing the network.
a) A software program that filters incoming
d) Redundancy: Having backup systems to and outgoing network traffic based on
ensure continuous operation. ( ) predefined security rules.

b) A type of encryption algorithm used to

secure data at rest.

c) A method for authenticating users through

a challenge-response system.

d) A software program that scans for and

removes malware from a system.

6. A user clicks on a malicious link in a

email and enters their login credentials on
a fake website. What type of social a) To encrypt data during transmission over
engineering attack is this? a network.

a) Pretexting b) To verify the authenticity and integrity of

a message or document.
b) Tailgating
c) To grant temporary access to a network
c) Quid pro quo resource.

d) Phishing d) To filter incoming and outgoing network

traffic based on security rules. ( )
7. What is a common brute-force
password attack technique? 10. What is a vulnerability in network
security?
a) Guessing passwords based on personal
information of the target. a) A security control measure implemented
to protect a network.
b) Exploiting vulnerabilities in software to
gain unauthorized access. b) A weakness or flaw in a system or
software that can be exploited by attackers.
c) Tricking users into revealing their
passwords through social interaction. c) A type of malware that replicates itself
and spreads rapidly across a network.
d) Denying legitimate users access to a
network resource. d) A legitimate user who unintentionally
leaks sensitive information.
8. What is the difference between a
symmetric and asymmetric key 11. What is a Denial-of-Service (DoS)
encryption system? attack designed to do?

a) Symmetric uses two different keys for a) Steal confidential data from a network.
encryption and decryption, while
asymmetric uses the same key for both. b) Disrupt the normal operation of a
network by overwhelming it with traffic.
b) Asymmetric uses two different keys for
encryption and decryption, while symmetric c) Gain unauthorized access to a computer
uses the same key for both. system.

c) Symmetric is faster and more efficient, d) Corrupt or destroy data stored on a

while asymmetric is more secure. network.

d) Asymmetric is faster and more efficient, 12. What is a common type of DoS attack
while symmetric is more secure. that floods a server with large amounts of
data packets?
9. What is a Digital Signature used for in
network security? a) Smurf attack
b) Man-in-the-Middle (MitM) attack c) A social engineering attack that tricks
users into revealing sensitive information.
c) Phishing attack
d) A Denial-of-Service (DoS) attack that
d) Zero-day attack floods a network with traffic.

13. What is a common security best 16. What is the purpose of a DMZ
practice for creating strong passwords? (Demilitarized Zone) in network security?

a) Use short and easy-to-remember a) To isolate critical internal network

passwords. resources from the public internet.

b) Include a combination of uppercase and b) To segment the network into different

lowercase letters, numbers, and symbols. security zones based on function.

c) Use the same password for all your c) To provide a central location for storing
online accounts. user data and applications.

d) Share your passwords with trusted d) To encrypt all network traffic flowing
friends or colleagues. within the organization.

14. What is the purpose of a Security 17. What is a Wireless Intrusion

Information and Event Management Detection System (WIDS) used for in
(SIEM) system in network security? network security?

a) To encrypt data at rest and during a) To monitor and filter network traffic for
transmission. suspicious activity on wired networks.

b) To filter incoming and outgoing network b) To detect and prevent unauthorized

traffic based on security rules. access attempts on wireless networks.

c) To collect, analyze, and correlate c) To scan for vulnerabilities in network

security-related events from various sources devices and software.
to identify potential threats.
d) To encrypt data transmissions over a
d) To provide a secure virtual environment wireless network.
for running applications.
18. What is the concept of multi-factor
15 What is a Zero-Day attack in network authentication (MFA) used for in network
security? security?

a) A well-known and documented a) To grant temporary access to a network

cyberattack technique. resource based on defined roles.

b) A previously unknown vulnerability that

attackers exploit before a patch is available.
 b) To require additional verification factors b) To isolate critical network resources and
besides a password for stronger minimize the impact of a security breach.
authentication.
c) To provide high-speed bandwidth for all
c) To encrypt data at rest on storage devices. users on the network.

d) To filter incoming and outgoing email d) To reduce the cost of network security
messages for malicious content. infrastructure.

19. What is a honeypot in network 22. What does DDoS stand for?
security?
a) Direct Denial of Service
a) A decoy system designed to lure attackers
and analyze their techniques. b) Distributed Denial of Service

b) A software program that scans for and c) Data Disruption Over System
removes malware from a system.
d)data description of standards
c) A security measure that restricts access to
specific network resources. 23. What is the primary goal of a DDoS
attack?
d) A system that monitors and detects
unauthorized access attempts. a) To steal sensitive data from a network.

20. What is the purpose of a vulnerability b) To gain unauthorized access to a

assessment in network security? computer system.

a) To identify and evaluate potential c) To disrupt the normal operation of a

weaknesses in a network's security posture. network by overwhelming it with traffic.

b) To deploy security patches and updates d) To show the expertise of the hacker.
to address known vulnerabilities.
24. How does a DDoS attack typically
c) To train employees on cybersecurity best work?
practices and awareness.
a) By exploiting a software vulnerability in
d) To simulate cyberattacks to test the the target system.
effectiveness of network defenses.
b) By tricking users into clicking on
21. What is the importance of network malicious links.
segmentation in security?
c) By flooding the target system with a large
a) To simplify network management and volume of junk traffic, making it unavailable
administration tasks. to legitimate users.

d) By storing traffic in a router

26. What are some common types of a) A DoS attack is launched from a single
DDoS attacks? source, while a DDoS attack is distributed
across multiple compromised devices
a) Phishing attacks, malware attacks, zero- (botnet).
day attacks.
b) A DoS attack targets a specific user,
b) Application layer attacks, network layer while a DDoS attack targets the entire
attacks, protocol attacks. network.

c) Brute-force attacks, man-in-the-middle c) A DoS attack is easier to defend against

attacks, social engineering attacks. than a DDoS attack.

d) Brute-force attacks, man-in-the-middle d) DDoS is more dangerous than DoS

attacks, email attacks
30. What is a botnet, and how does it
27. What are some potential relate to DDoS attacks?
consequences of a successful DDoS
attack? a) A botnet is a network of legitimate
software programs working together.
a) Loss of confidential data
b) A botnet is a network of compromised
b) Damage to hardware components devices controlled by an attacker, often used
to launch DDoS attacks.
c) Financial losses due to service disruption
c) It is software application that produces
d) Identity theft network threats

28. How can organizations defend against d) All of the above

DDoS attacks?

a) By using strong passwords and keeping

software updated.

b) By implementing firewalls and intrusion

detection systems.
31. What are some emerging trends in
c) By educating employees about phishing DDoS attacks?
scams.
a) Attacks are becoming less frequent but
d) All of the above more sophisticated.

29. What is the difference between a DoS b) Attacks are targeting Internet of Things
(Denial-of-Service) attack and a DDoS (IoT) devices more frequently.
attack?
c) Attacks are becoming easier to launch
and require less technical expertise.
d) All of the above. 35. What happens during a normal TCP
three-way handshake (without a SYN
32. How can individuals stay informed flood)?
about the latest DDoS threats?
a) The client sends a SYN packet, the server
a) By following cyber security news ignores it, and the connection is not
websites and blogs. established.

b) By clicking on links in suspicious emails. b) The client sends a SYN packet, the
server responds with a SYN-ACK packet,
c) By opening attachments from unknown and the client sends an ACK packet to
senders. establish the connection.

d) By attacking hackers online c) The server sends a SYN packet, the client
responds with a SYN-ACK packet, and the
33. What is the primary goal of a SYN server sends an ACK packet to establish the
flood attack? connection.

a) To steal data from a server. d) Both the client and server send SYN
packets simultaneously, followed by an
b) To gain unauthorized access to a server. ACK packet from each to establish the
connection.
c) To disrupt a server's operation by
exhausting resources. 36. What are some signs that a server
might be under a SYN flood attack?
d) To bypass security measures on a server.
a) Unusually slow response times for
34. How does a SYN flood attack work? legitimate users.

a) By exploiting a specific software b) The server crashes or becomes

vulnerability in the server. unresponsive.

b) By sending a large number of SYN c) Error messages related to invalid login

packets with spoofed IP addresses, attempts.
overwhelming the server's connection
establishment process. d) A large number of suspicious login
attempts in the server logs.
c) By brute-forcing login credentials for
user accounts. 37. How can servers defend against SYN
flood attacks?
d) By tricking users into clicking on
malicious links. a) By increasing the password complexity
requirements for user accounts.
 b) By implementing firewalls and intrusion b) Allowing only authorized devices to
detection systems with SYN flood detection connect to the network.
capabilities.
c) Disabling unused network services on the
c) By educating employees about phishing server.
scams.
d) All of the above
d) By requiring users to complete
CAPTCHAs before logging in. EXERCISE 2 (40mks)

38. What are some limitations of SYN 1. Explain with a labeled diagram what
flood attacks? you understand by TCP/IP three way
handshake (10mks)
a) They are very difficult to launch and 2. Discuss briefly the following types
require advanced technical expertise.
of network attacks DDoS, man in
b) They are only effective against outdated the middle , phishing, bute force
server operating systems. and how can these attacks be
mitigated by network engineers.
c) They can be mitigated by increasing the (12mks)
server's processing power. 3. Briefly explain the main difference
between DDoS and DoS attacks .
d) They consume bandwidth on the
(4mks)
attacker's network as well.

39. How does a SYN cookie approach

help mitigate SYN flood attacks?

a) It challenges users with CAPTCHAs

before establishing connections.

b) It allocates server resources only to

connections with valid cookies.

c) It automatically blocks IP addresses

suspected of sending spoofed packets.

d) It requires users to change their

passwords more frequently.

40. What are some best practices for

network administrators to prevent SYN
flood attacks?

a) Keeping server software updated with the

latest security patches.