# CHFI2 Quiz 1

1. Which of the following techniques refers to missing events related to systems downstream from a failed system and avoids events that can cause the system to crash?
  - [ ] Root cause analysis
  - [ ] Event filtering
  - [ ] Event aggregation
  - [X] Event masking
 
2. Which of the following is NOT a common attack specific to wired networks?
  - [X] Rogue Access Point Attack
  - [ ] Packet Sniffing
  - [ ] Man-in-the-Middle Attack
  - [ ] Denial-of-Service
 
3. Which network attack is caused by an attacker flooding the target with large amounts of invalid traffic?
  - [ ] Packet Sniffing
  - [ ] Enumeration
  - [X] Denial-of-Service
  - [ ] Email Infection
 
4. Which attack exploits a flaw in the implementation of the four-way handshake process in the WPA2 authentication protocol?
  - [ ] Access Point MAC spoofing
  - [ ] Jamming Signal Attack
  - [ ] Packet Sniffing
  - [X] Key Reinstallation Attack
 
5. What is an indicator of compromise (IOC)?
  - [ ] A wireless protocol attack.
  - [ ] A wired network attack.
  - [ ] A ticket from the help desk.
  - [X] Evidence items that point to a security violation that has taken place on a host system or network.
 
6. Which of the following is NOT an indicator of compromise?
  - [ ] File modification.
  - [ ] Protocol violations.
  - [ ] Login anomalies.
  - [X] A windows update.
 
7. Which IOC involves user logins at abnormal times?
  - [ ] File modification.
  - [X] Logins from unknown locations.
  - [ ] Protocol violations.
  - [ ] Alerts
 
8. What is layer 1 of the TCP/IP model?
  - [ ] Transport Layer
  - [X] Network Access Layer
  - [ ] Application Layer
  - [ ] Internet Layer
 
9. Which of the following is not normally found in a Cisco firewall log?
  - [ ] Source IP Address
  - [ ] Date and Time
  - [ ] Destination IP Address
  - [X] MAC address
 
10. What is a honeypot?
  - [X] Devices that are deployed to bait attackers.
  - [ ] a type of firewall.
  - [ ] A rogue network.
  - [ ] Winnie the Poo's favorite treat.