TESTOUT SECURITY CHAPTER 5
PRACTICE QUESTIONS WITH ALL
ANSWERS
The DDoS attack uses zombie computers - correct answer-Which of the following is
the main difference between a DoS attack and a DDoS attack?
x Smurf- spoofs source address in ICMP packets and sends the ICMP packets to an
amplification sight. bounce site responds to the victim site with thousands of
messages that he did not send
x Fraggle- similar to smurf attack, but uses UDP packets directed to port 7 (echo)
and port 19 (chargen) - correct answer-Which of the following are denial of service
attacks?
Denial of service attack - correct answer-Which attack form either exploits a software
flaw or floods a system with traffic in order to prevent legitimate activities or
transactions from occurring?
Communicate with your upstream provider - correct answer-As a victim of a Smurf
attack, what protection measure is the most effective during the attack?
The system will be unavailable to respond to legitimate requests
The threat agent will obtain information about open ports on the system - correct
answer-You suspect that an Xmas tree attack is occurring on a system. Which of the
following could result if you do not stop the attack?
samspade
nslookup
neotrace
,>>nmap - correct answer-You need to enumerate the devices on your network and
display the configuration details of the network.
Which of the following utilities should you use?
War Driving
>>Browsing the organization's website
Social engineering
War Dialing
Scanning ports - correct answer-An attacker is conducting passive reconnaissance
on a targeted company. Which of the following could he be doing?
Christmas Tree
Stealth
FIN
>>Null - correct answer-Which type of active scan turns off all flags in a TCP
header?
>>Ping flood
LAND
Fragmentation
Ping of death - correct answer-Which of the following denial of service attacks uses
ICMP packets and is only successful if the victim has less bandwidth than the
attacker
>>Teardrop
NACK
Deauth
Banana - correct answer-In which of the following denial of service attacks does the
victim's system rebuild invalid UDP packets, causing the system to crash or reboot?
Teardrop attack
SYN flood
>>Land Attack
Ping of death - correct answer-A SYN packet is received by a server. The SYN
packet has the exact same address for both the sender and receiver addresses,
which is the address of the server. This is an example of what type of attack?
Session Hijacking
Fraggle
Fingerprinting
>>Smurf - correct answer-Which of the following is a form of Denial of service attack
that uses spoofed ICMP packets to flood a victim with echo requests using a
bounce/amplification network
FIN or Res
>>ACK
SYN
SYN/ACK - correct answer-A SYN attack or SYN flood exploits or alters which
element of the TCP three-way handshake?
,>>Land Attack
Analytic attack
Impersonation
Fraggle Attack - correct answer-When a SYN flood is altered so that the SYN
packets are spoofed in order to define the source and destination address as a
single victim IP address, the attack is now called what?
Redirecting echo responses from an ICMP communication
>>An ICMP packet that is larger than 65,536 bytes
Partial IP packets with overlapping sequencing numbers
Sending multiple spoofed ICMP packets to the victim - correct answer-Which of the
following best describes the ping of death?
>>IPsec
PPP
UDP
MIME email - correct answer-Which of the following is the best countermeasure
against man in the middle attacks?
Hash total
Protocol type field value
>>source address
destination address - correct answer-What is modified in the most common form of
spoofing on a typical IP packet
Sniffing
Spamming
Snooping
>>Spoofing - correct answer-Which type of activity changes or falsifies information in
order to mislead or re-direct traffic?
Malicious code planted on a system, where it waits for a triggering event before
activating.
A person convinces an employee to reveal their login credentials over the phone.
>>A false server intercepts communications from a client by impersonating the
intended server.
An IP packet is constructed that is larger than the valid size - correct answer-Which
of the following describes a man-in-the-middle attack?
>>Man-in-the-middle attack
DDoS
Spamming
Passive Logging - correct answer-Capturing packets as they travel from one host to
another with the intent of altering the contents of the packets is a form of which
security concern?
Spamming
, >>Hijacking
Masquerading
Replay - correct answer-When the TCP/IP session state is manipulated so that a
third party is able to insert alternate packets into the communication stream, what
type of attack has occurred?
Preventing Legitimate authorized access to a resource
Destroying data
>>Executing commands or accessing resources on a system the attacker does not
otherwise have authorization to access
Establishing an encryption tunnel between two remote systems over an otherwise
secured network - correct answer-What is the goal of a TCP/IP hijacking attack?
Time Stamps
ANTI-IP spoofing
>>DHCP reservations
Packet sequencing - correct answer-Which of the following is NOT a protection
against session hijacking?
Antivirus scanners
Digital signatures
Host-based IDS
>>Ingress and egress filters - correct answer-Which of the following is the most
effective protection against IP packet spoofing on a private network?
Man-the-the-middle
Hijacking
Spoofing
>>DNS poisoning - correct answer-While using the Internet, you type the URL of one
of your favorite sites in the browser. Instead of going to the correct site, however, the
browser displays a completely different website. When you use the IP address of the
Web server, the correct site is displayed.
Which type of attack has likely occurred?
Null session
Hijacking
>>ARP poisoning
MAC flooding - correct answer-Which of the following attacks tries to associate an
incorrect MAC address with a known IP address?
DNS query
File transfer
Session termination
>>Authentication - correct answer-What are the most common networks traffic
packets captured and used in a replay attack?
Spam
PRACTICE QUESTIONS WITH ALL
ANSWERS
The DDoS attack uses zombie computers - correct answer-Which of the following is
the main difference between a DoS attack and a DDoS attack?
x Smurf- spoofs source address in ICMP packets and sends the ICMP packets to an
amplification sight. bounce site responds to the victim site with thousands of
messages that he did not send
x Fraggle- similar to smurf attack, but uses UDP packets directed to port 7 (echo)
and port 19 (chargen) - correct answer-Which of the following are denial of service
attacks?
Denial of service attack - correct answer-Which attack form either exploits a software
flaw or floods a system with traffic in order to prevent legitimate activities or
transactions from occurring?
Communicate with your upstream provider - correct answer-As a victim of a Smurf
attack, what protection measure is the most effective during the attack?
The system will be unavailable to respond to legitimate requests
The threat agent will obtain information about open ports on the system - correct
answer-You suspect that an Xmas tree attack is occurring on a system. Which of the
following could result if you do not stop the attack?
samspade
nslookup
neotrace
,>>nmap - correct answer-You need to enumerate the devices on your network and
display the configuration details of the network.
Which of the following utilities should you use?
War Driving
>>Browsing the organization's website
Social engineering
War Dialing
Scanning ports - correct answer-An attacker is conducting passive reconnaissance
on a targeted company. Which of the following could he be doing?
Christmas Tree
Stealth
FIN
>>Null - correct answer-Which type of active scan turns off all flags in a TCP
header?
>>Ping flood
LAND
Fragmentation
Ping of death - correct answer-Which of the following denial of service attacks uses
ICMP packets and is only successful if the victim has less bandwidth than the
attacker
>>Teardrop
NACK
Deauth
Banana - correct answer-In which of the following denial of service attacks does the
victim's system rebuild invalid UDP packets, causing the system to crash or reboot?
Teardrop attack
SYN flood
>>Land Attack
Ping of death - correct answer-A SYN packet is received by a server. The SYN
packet has the exact same address for both the sender and receiver addresses,
which is the address of the server. This is an example of what type of attack?
Session Hijacking
Fraggle
Fingerprinting
>>Smurf - correct answer-Which of the following is a form of Denial of service attack
that uses spoofed ICMP packets to flood a victim with echo requests using a
bounce/amplification network
FIN or Res
>>ACK
SYN
SYN/ACK - correct answer-A SYN attack or SYN flood exploits or alters which
element of the TCP three-way handshake?
,>>Land Attack
Analytic attack
Impersonation
Fraggle Attack - correct answer-When a SYN flood is altered so that the SYN
packets are spoofed in order to define the source and destination address as a
single victim IP address, the attack is now called what?
Redirecting echo responses from an ICMP communication
>>An ICMP packet that is larger than 65,536 bytes
Partial IP packets with overlapping sequencing numbers
Sending multiple spoofed ICMP packets to the victim - correct answer-Which of the
following best describes the ping of death?
>>IPsec
PPP
UDP
MIME email - correct answer-Which of the following is the best countermeasure
against man in the middle attacks?
Hash total
Protocol type field value
>>source address
destination address - correct answer-What is modified in the most common form of
spoofing on a typical IP packet
Sniffing
Spamming
Snooping
>>Spoofing - correct answer-Which type of activity changes or falsifies information in
order to mislead or re-direct traffic?
Malicious code planted on a system, where it waits for a triggering event before
activating.
A person convinces an employee to reveal their login credentials over the phone.
>>A false server intercepts communications from a client by impersonating the
intended server.
An IP packet is constructed that is larger than the valid size - correct answer-Which
of the following describes a man-in-the-middle attack?
>>Man-in-the-middle attack
DDoS
Spamming
Passive Logging - correct answer-Capturing packets as they travel from one host to
another with the intent of altering the contents of the packets is a form of which
security concern?
Spamming
, >>Hijacking
Masquerading
Replay - correct answer-When the TCP/IP session state is manipulated so that a
third party is able to insert alternate packets into the communication stream, what
type of attack has occurred?
Preventing Legitimate authorized access to a resource
Destroying data
>>Executing commands or accessing resources on a system the attacker does not
otherwise have authorization to access
Establishing an encryption tunnel between two remote systems over an otherwise
secured network - correct answer-What is the goal of a TCP/IP hijacking attack?
Time Stamps
ANTI-IP spoofing
>>DHCP reservations
Packet sequencing - correct answer-Which of the following is NOT a protection
against session hijacking?
Antivirus scanners
Digital signatures
Host-based IDS
>>Ingress and egress filters - correct answer-Which of the following is the most
effective protection against IP packet spoofing on a private network?
Man-the-the-middle
Hijacking
Spoofing
>>DNS poisoning - correct answer-While using the Internet, you type the URL of one
of your favorite sites in the browser. Instead of going to the correct site, however, the
browser displays a completely different website. When you use the IP address of the
Web server, the correct site is displayed.
Which type of attack has likely occurred?
Null session
Hijacking
>>ARP poisoning
MAC flooding - correct answer-Which of the following attacks tries to associate an
incorrect MAC address with a known IP address?
DNS query
File transfer
Session termination
>>Authentication - correct answer-What are the most common networks traffic
packets captured and used in a replay attack?
Spam
