CS6262 Final Exam with correct answers |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Random Scanning - correct answersEach comprised computer probes random addresses
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Permutation Scanning - correct answersAll comprised computers share a common psuedo-random |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
permutation of the IP address space |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Signpost Scanning - correct answersUses the communication patterns of the comprised computer to
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
find a new target
|||\\\ |||\\\ |||\\\ |||\\\
Hit List Scanning - correct answersA portion of a list of targets is supplied to a comprised computer
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Subnet Spoofing - correct answersGenerate random addresses within a given address space
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Random Sppofing - correct answersGenerate 32-bit numbers and stamp packets with them
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Fixed Spoofing - correct answersThe spoofed address is the address of the target
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Server Application - correct answersThe attack is targeted to a specific application on a server
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Network Access - correct answersThe attack is used to overload or crash the communication
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
mechanism of a network |||\\\ |||\\\ |||\\\
Infrastructure - correct answersThe motivation of this attack is a crucial service of a global internet
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
operation, for example core router |||\\\ |||\\\ |||\\\ |||\\\
DoS Bug (Amplification Attack) - correct answersDesign flaw allowing one machine to disrupt a
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
service
, DoS Flood (Amplification Attack) - correct answersCommand botnets to generate flood of requests
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
UDP-based NTP - correct answers-Particularly vulnerable to amplification attacks |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
-Small command can generate a large response |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
-Vulnerable to source IP spoofing |||\\\ |||\\\ |||\\\ |||\\\
-Difficult to ensure computers only communicate with legitimate NTP servers |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
IP Header Format - correct answers-Connectionless
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
-Unreliable
-No authentication |||\\\
SYN Flood - correct answersA type of DoS where an attacker sends a large amount of SYN request
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
packets to a server in an attempt to deny service. |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
SYN Flood Mitigations - correct answersSyn Cookies - remove state from server, but incur
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
performance overhead |||\\\
Crowdturfers - correct answers- Crowdsource to create, verify, and manage fake accounts |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
- Solve CAPTCHAs
|||\\\ |||\\\
Penetration Testing - correct answersFootprinting, Scanning, Enumeration, Gaining Access, |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Escalating Privileged, Pilfering (steal data), Covering Tracks, Creating Backdoors |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
NS Record - correct answersPoints to other server
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
A Record - correct answersContains IP Address
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
MX - correct answersAddress in charge of handling email
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
TXT - correct answersGeneric text; distribute site public keys
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Random Scanning - correct answersEach comprised computer probes random addresses
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Permutation Scanning - correct answersAll comprised computers share a common psuedo-random |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
permutation of the IP address space |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Signpost Scanning - correct answersUses the communication patterns of the comprised computer to
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
find a new target
|||\\\ |||\\\ |||\\\ |||\\\
Hit List Scanning - correct answersA portion of a list of targets is supplied to a comprised computer
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Subnet Spoofing - correct answersGenerate random addresses within a given address space
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Random Sppofing - correct answersGenerate 32-bit numbers and stamp packets with them
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Fixed Spoofing - correct answersThe spoofed address is the address of the target
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Server Application - correct answersThe attack is targeted to a specific application on a server
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Network Access - correct answersThe attack is used to overload or crash the communication
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
mechanism of a network |||\\\ |||\\\ |||\\\
Infrastructure - correct answersThe motivation of this attack is a crucial service of a global internet
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
operation, for example core router |||\\\ |||\\\ |||\\\ |||\\\
DoS Bug (Amplification Attack) - correct answersDesign flaw allowing one machine to disrupt a
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
service
, DoS Flood (Amplification Attack) - correct answersCommand botnets to generate flood of requests
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
UDP-based NTP - correct answers-Particularly vulnerable to amplification attacks |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
-Small command can generate a large response |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
-Vulnerable to source IP spoofing |||\\\ |||\\\ |||\\\ |||\\\
-Difficult to ensure computers only communicate with legitimate NTP servers |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
IP Header Format - correct answers-Connectionless
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
-Unreliable
-No authentication |||\\\
SYN Flood - correct answersA type of DoS where an attacker sends a large amount of SYN request
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
packets to a server in an attempt to deny service. |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
SYN Flood Mitigations - correct answersSyn Cookies - remove state from server, but incur
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
performance overhead |||\\\
Crowdturfers - correct answers- Crowdsource to create, verify, and manage fake accounts |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
- Solve CAPTCHAs
|||\\\ |||\\\
Penetration Testing - correct answersFootprinting, Scanning, Enumeration, Gaining Access, |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Escalating Privileged, Pilfering (steal data), Covering Tracks, Creating Backdoors |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
NS Record - correct answersPoints to other server
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
A Record - correct answersContains IP Address
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
MX - correct answersAddress in charge of handling email
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
TXT - correct answersGeneric text; distribute site public keys
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
