REVIEW - CS6262 FINAL EXAM
QUESTIONS AND ANSWERS 2026
VERIFIED.
Random Scanning - ANS Each comprised computer probes random addresses
Permutation Scanning - ANS All comprised computers share a common psuedo-random
permutation of the IP address space
Signpost Scanning - ANS Uses the communication patterns of the comprised computer to find
a new target
Hit List Scanning - ANS A portion of a list of targets is supplied to a comprised computer
Subnet Spoofing - ANS Generate random addresses within a given address space
Random Spoofing - ANS Generate 32-bit numbers and stamp packets with them
Fixed Spoofing - ANS The spoofed address is the address of the target
Server Application - ANS The attack is targeted to a specific application on a server
@COPYRIGHT ALL RIGHTS RESERVED PAGE 1 OF 47
,Network Access - ANS The attack is used to overload or crash the communication mechanism
of a network
Infrastructure - ANS The motivation of this attack is a crucial service of a global internet
operation, for example core router
DoS Bug (Amplification Attack) - ANS Design flaw allowing one machine to disrupt a service
DoS Flood (Amplification Attack) - ANS Command botnets to generate flood of requests
UDP-based NTP - ANS -Particularly vulnerable to amplification attacks
-Small command can generate a large response
-Vulnerable to source IP spoofing
-Difficult to ensure computers only communicate with legitimate NTP servers
IP Header Format - ANS -Connectionless
-Unreliable
-No authentication
SYN Flood - ANS A type of DoS where an attacker sends a large amount of SYN request
packets to a server in an attempt to deny service.
SYN Flood Mitigations - ANS Syn Cookies - remove state from server, but incur performance
overhead
Crowdturfers - ANS - Crowdsource to create, verify, and manage fake accounts
- Solve CAPTCHAs
Penetration Testing - ANS Footprinting, Scanning, Enumeration, Gaining Access, Escalating
Privileged, Pilfering (steal data), Covering Tracks, Creating Backdoors
@COPYRIGHT ALL RIGHTS RESERVED PAGE 2 OF 47
,NS Record - ANS Points to other server
A Record - ANS Contains IP Address
MX - ANS Address in charge of handling email
TXT - ANS Generic text; distribute site public keys
DNS vulnerabilities - ANS - Users/hosts trust the host-address mapping provided by DNS
- Interception of requests or compromise of DNS servers
- Few use DNSsec
- Cache poisining
Cache Poisoning - ANS Corrupting an Internet server's DNS table by replacing an Internet
address with that of another, rogue address. When a Web user seeks the page with that
address, the request is redirected by the rogue entry in the table to a different address. At that
point, a worm, spyware, Web browser hijacking program, or other malware can be downloaded
to the user's computer from the rogue location.
DNSsec - ANS - Authenticity of DNS answer origin
- Integrity of reply
- Authenticity of denial of existence
- Uses public key crypto to sign responses
TCP Problems - ANS - Network packets pass untrusted hosts
- TCP state easily obtained by eavesdropping
- IP info not protected
@COPYRIGHT ALL RIGHTS RESERVED PAGE 3 OF 47
, Open Shortest Path First (OSPF) - ANS An interior gateway routing protocol developed for IP
networks based on the shortest path first or link-state algorithm.
Looks for the lowest cost path within nodes.
Border Gateway Protocol (BGP) - ANS A core routing protocol that bases routing decisions on
the network path and rules.
Protocol designed to exchange routing and reachability information among autonomous
systems (AS).
Botminer - ANS - Botnet can have different infection life cycles and they can change protocols
and structure of the command-and-control
- C-Plane monitor for C&C traffic
- A-Plane monitor malicious instances
Defense in Depth - ANS Prevention, Detection, Survival
Shamir's Scheme Simulation - ANS - Add or delete shares without affecting others
- Easy to create new shares without changing secret
- Easy to create hierarchical schemes
- Information theoretic security
Byzantine Fault Tolerance - ANS - A fault is the cause of an error that leads to a system failure
- Fault tolerance can be achieved through failure masking
DNS Reputation - ANS - Prejudge, Profile, Stereotype
DNS Black List - ANS White - Complete Trust
@COPYRIGHT ALL RIGHTS RESERVED PAGE 4 OF 47
QUESTIONS AND ANSWERS 2026
VERIFIED.
Random Scanning - ANS Each comprised computer probes random addresses
Permutation Scanning - ANS All comprised computers share a common psuedo-random
permutation of the IP address space
Signpost Scanning - ANS Uses the communication patterns of the comprised computer to find
a new target
Hit List Scanning - ANS A portion of a list of targets is supplied to a comprised computer
Subnet Spoofing - ANS Generate random addresses within a given address space
Random Spoofing - ANS Generate 32-bit numbers and stamp packets with them
Fixed Spoofing - ANS The spoofed address is the address of the target
Server Application - ANS The attack is targeted to a specific application on a server
@COPYRIGHT ALL RIGHTS RESERVED PAGE 1 OF 47
,Network Access - ANS The attack is used to overload or crash the communication mechanism
of a network
Infrastructure - ANS The motivation of this attack is a crucial service of a global internet
operation, for example core router
DoS Bug (Amplification Attack) - ANS Design flaw allowing one machine to disrupt a service
DoS Flood (Amplification Attack) - ANS Command botnets to generate flood of requests
UDP-based NTP - ANS -Particularly vulnerable to amplification attacks
-Small command can generate a large response
-Vulnerable to source IP spoofing
-Difficult to ensure computers only communicate with legitimate NTP servers
IP Header Format - ANS -Connectionless
-Unreliable
-No authentication
SYN Flood - ANS A type of DoS where an attacker sends a large amount of SYN request
packets to a server in an attempt to deny service.
SYN Flood Mitigations - ANS Syn Cookies - remove state from server, but incur performance
overhead
Crowdturfers - ANS - Crowdsource to create, verify, and manage fake accounts
- Solve CAPTCHAs
Penetration Testing - ANS Footprinting, Scanning, Enumeration, Gaining Access, Escalating
Privileged, Pilfering (steal data), Covering Tracks, Creating Backdoors
@COPYRIGHT ALL RIGHTS RESERVED PAGE 2 OF 47
,NS Record - ANS Points to other server
A Record - ANS Contains IP Address
MX - ANS Address in charge of handling email
TXT - ANS Generic text; distribute site public keys
DNS vulnerabilities - ANS - Users/hosts trust the host-address mapping provided by DNS
- Interception of requests or compromise of DNS servers
- Few use DNSsec
- Cache poisining
Cache Poisoning - ANS Corrupting an Internet server's DNS table by replacing an Internet
address with that of another, rogue address. When a Web user seeks the page with that
address, the request is redirected by the rogue entry in the table to a different address. At that
point, a worm, spyware, Web browser hijacking program, or other malware can be downloaded
to the user's computer from the rogue location.
DNSsec - ANS - Authenticity of DNS answer origin
- Integrity of reply
- Authenticity of denial of existence
- Uses public key crypto to sign responses
TCP Problems - ANS - Network packets pass untrusted hosts
- TCP state easily obtained by eavesdropping
- IP info not protected
@COPYRIGHT ALL RIGHTS RESERVED PAGE 3 OF 47
, Open Shortest Path First (OSPF) - ANS An interior gateway routing protocol developed for IP
networks based on the shortest path first or link-state algorithm.
Looks for the lowest cost path within nodes.
Border Gateway Protocol (BGP) - ANS A core routing protocol that bases routing decisions on
the network path and rules.
Protocol designed to exchange routing and reachability information among autonomous
systems (AS).
Botminer - ANS - Botnet can have different infection life cycles and they can change protocols
and structure of the command-and-control
- C-Plane monitor for C&C traffic
- A-Plane monitor malicious instances
Defense in Depth - ANS Prevention, Detection, Survival
Shamir's Scheme Simulation - ANS - Add or delete shares without affecting others
- Easy to create new shares without changing secret
- Easy to create hierarchical schemes
- Information theoretic security
Byzantine Fault Tolerance - ANS - A fault is the cause of an error that leads to a system failure
- Fault tolerance can be achieved through failure masking
DNS Reputation - ANS - Prejudge, Profile, Stereotype
DNS Black List - ANS White - Complete Trust
@COPYRIGHT ALL RIGHTS RESERVED PAGE 4 OF 47