NETSEC All Final Exam Guide Questions with Answer
Graded A+ 2025/2026
6) "Breadth of the perimeter" is a phrase used by network administrators to convey that
creating a 100% secure network is possible.
Answer: - FALSE
7) DoS network attacks are fairly uncommon.
Answer - FALSE
8) A DoS attack makes a server or network unavailable by flooding it with attack
packets.
Answer - TRUE
9) The ultimate goal of a DoS attack is to ________.
A) cause harm
B) frustrate users
C) practice hacking
D) None of the above
Answer - A
10) DoS attacks can cause harm by ________.
A) stopping a critical service
B) slowly degrading services over a period of time
C) Both A and B
D) Neither A nor B
Answer - C
11) A direct attack occurs when an attacker tries to flood a victim with a stream of
packets directly from the attacker's computer.
Answer - TRUE
12) An indirect attack occurs when an attacker tries to flood a victim with a stream of
packets directly from the attacker's computer.
Answer - FALSE
13) Similar to a direct attack, an indirect attack occurs when an attacker spoofs his/her
IP address.
Answer - TRUE
14) ________ is the process of obscuring an attackers source IP address.
A) Backscatter
B) Spoofing
C) IP Flood
D) None of the above
Answer: - B
,15) A ________ attack is when a victim is flooded with SYN packets in an attempt to
make many half-open TCP connections.
A) SYN flood
B) Ping flood
C) HTTP flood
D) None of the above
Answer - A
16) A ________ attack is when a victim is flooded with ICMP packets that appear to be
normal supervisory traffic.
A) SYN flood
B) Ping flood
C) HTTP flood
D) None of the above
Answer - B
17) A ________ attack is when a webserver is flooded with application layer web
requests.
A) SYN flood
B) Ping flood
C) HTTP flood
D) None of the above
Answer - C
18) ICMP can be best described as the second part of a three-way TCP handshake
sent in response to a SYN.
Answer - FALSE
19) SYN-ACK can be best described as the second part of a three-way TCP handshake
sent in response to a SYN.
Answer - TRUE
20) ________ are compromised hosts running malware controlled by the hacker.
A) DDoS
B) ICMP
C) Bots
D) None of the above
Answer: - C
21) An attacker controlling bots in a coordinated attack against a victim is known as a
________.
A) DoS attack
B) DDoS attack
C) ICMP
,D) None of the above.
Answer - B
22) Once established, botnets can be leased to other criminals for DoS attacks.
Answer - TRUE
23) ________ are an additional layer of compromised hosts that are used to manage
large groups of bots.
A) Botnets
B) Handlers
C) Phatbots
D) None of the above
Answer - B
24) In a P2P attack, there is a change in the overall volume of traffic but the traffic
pattern is the same.
Answer - FALSE
25) In a P2P attack, there is a change in traffic pattern but the overall volume of traffic is
the same.
Answer - TRUE
26) Listing your friend's home in the local classifieds at a low price is equivalent to a
________.
A) P2P redirect
B) P2P port
C) DDoS
D) None of the above
Answer - A
27) In a reflected DoS attack, attackers send spoofed requests to legitimate servers.
The servers then send all responses to the victim.
Answer - TRUE
28) In a smurf flood DoS attack, attackers can benefit from a multiplier effect because
multiple ICMP requests are responded to by a single host.
Answer - FALSE
29) In a smurf flood DoS attack, attackers can benefit from a multiplier effect because a
single ICMP request is responded to by multiple hosts.
Answer - FALSE
30) A ________ is an older attack that uses an illegally large IP packet to crash an
operating system.
A) smurf flood
B) P2P redirect
, C) ping of death
D) None of the above
Answer - C
31) Most DoS attacks are difficult to detect.
Answer - FALSE
32) ________ is one method of thwarting DoS attacks by dropping all IP packets from
an attacker.
A) Black holing
B) ICMP echo
C) P2P redirect
D) None of the above
Answer - A
33) A firewall does note set aside resources for a connection when a SYN segment
arrives, so handling a large number of false SYN segments is only a small burden.
Answer - TRUE
34) ________ is a good option if an attack is aimed at a single server because it keeps
transmission lines at least partially open for other communication.
A) Rate limiting
B) False open
C) Black holing
D) None of the above
Answer - A
35) ARP is used to resolve 48-bit IP addresses into 32-bit local MAC addresses.
Answer - FALSE
36) ARP is used to resolve 32-bit IP addresses into 48-bit local MAC addresses.
Answer - TRUE
37) Rerouting traffic using ARP poisoning is an attack on ________ of a network.
A) functionality
B) confidentiality
C) Both A and B
D) None of the above
Answer - C
38) One problem with ARP requests and replies is that they do not require
authentication of verification.
Answer - TRUE
39) In normal ARP traffic, generally an attacker on the same network cannot see traffic
between two hosts.
Graded A+ 2025/2026
6) "Breadth of the perimeter" is a phrase used by network administrators to convey that
creating a 100% secure network is possible.
Answer: - FALSE
7) DoS network attacks are fairly uncommon.
Answer - FALSE
8) A DoS attack makes a server or network unavailable by flooding it with attack
packets.
Answer - TRUE
9) The ultimate goal of a DoS attack is to ________.
A) cause harm
B) frustrate users
C) practice hacking
D) None of the above
Answer - A
10) DoS attacks can cause harm by ________.
A) stopping a critical service
B) slowly degrading services over a period of time
C) Both A and B
D) Neither A nor B
Answer - C
11) A direct attack occurs when an attacker tries to flood a victim with a stream of
packets directly from the attacker's computer.
Answer - TRUE
12) An indirect attack occurs when an attacker tries to flood a victim with a stream of
packets directly from the attacker's computer.
Answer - FALSE
13) Similar to a direct attack, an indirect attack occurs when an attacker spoofs his/her
IP address.
Answer - TRUE
14) ________ is the process of obscuring an attackers source IP address.
A) Backscatter
B) Spoofing
C) IP Flood
D) None of the above
Answer: - B
,15) A ________ attack is when a victim is flooded with SYN packets in an attempt to
make many half-open TCP connections.
A) SYN flood
B) Ping flood
C) HTTP flood
D) None of the above
Answer - A
16) A ________ attack is when a victim is flooded with ICMP packets that appear to be
normal supervisory traffic.
A) SYN flood
B) Ping flood
C) HTTP flood
D) None of the above
Answer - B
17) A ________ attack is when a webserver is flooded with application layer web
requests.
A) SYN flood
B) Ping flood
C) HTTP flood
D) None of the above
Answer - C
18) ICMP can be best described as the second part of a three-way TCP handshake
sent in response to a SYN.
Answer - FALSE
19) SYN-ACK can be best described as the second part of a three-way TCP handshake
sent in response to a SYN.
Answer - TRUE
20) ________ are compromised hosts running malware controlled by the hacker.
A) DDoS
B) ICMP
C) Bots
D) None of the above
Answer: - C
21) An attacker controlling bots in a coordinated attack against a victim is known as a
________.
A) DoS attack
B) DDoS attack
C) ICMP
,D) None of the above.
Answer - B
22) Once established, botnets can be leased to other criminals for DoS attacks.
Answer - TRUE
23) ________ are an additional layer of compromised hosts that are used to manage
large groups of bots.
A) Botnets
B) Handlers
C) Phatbots
D) None of the above
Answer - B
24) In a P2P attack, there is a change in the overall volume of traffic but the traffic
pattern is the same.
Answer - FALSE
25) In a P2P attack, there is a change in traffic pattern but the overall volume of traffic is
the same.
Answer - TRUE
26) Listing your friend's home in the local classifieds at a low price is equivalent to a
________.
A) P2P redirect
B) P2P port
C) DDoS
D) None of the above
Answer - A
27) In a reflected DoS attack, attackers send spoofed requests to legitimate servers.
The servers then send all responses to the victim.
Answer - TRUE
28) In a smurf flood DoS attack, attackers can benefit from a multiplier effect because
multiple ICMP requests are responded to by a single host.
Answer - FALSE
29) In a smurf flood DoS attack, attackers can benefit from a multiplier effect because a
single ICMP request is responded to by multiple hosts.
Answer - FALSE
30) A ________ is an older attack that uses an illegally large IP packet to crash an
operating system.
A) smurf flood
B) P2P redirect
, C) ping of death
D) None of the above
Answer - C
31) Most DoS attacks are difficult to detect.
Answer - FALSE
32) ________ is one method of thwarting DoS attacks by dropping all IP packets from
an attacker.
A) Black holing
B) ICMP echo
C) P2P redirect
D) None of the above
Answer - A
33) A firewall does note set aside resources for a connection when a SYN segment
arrives, so handling a large number of false SYN segments is only a small burden.
Answer - TRUE
34) ________ is a good option if an attack is aimed at a single server because it keeps
transmission lines at least partially open for other communication.
A) Rate limiting
B) False open
C) Black holing
D) None of the above
Answer - A
35) ARP is used to resolve 48-bit IP addresses into 32-bit local MAC addresses.
Answer - FALSE
36) ARP is used to resolve 32-bit IP addresses into 48-bit local MAC addresses.
Answer - TRUE
37) Rerouting traffic using ARP poisoning is an attack on ________ of a network.
A) functionality
B) confidentiality
C) Both A and B
D) None of the above
Answer - C
38) One problem with ARP requests and replies is that they do not require
authentication of verification.
Answer - TRUE
39) In normal ARP traffic, generally an attacker on the same network cannot see traffic
between two hosts.
