CS6262 Lecture Quizzes Answered And Graded

CS6262 Lecture Quizzes Answered And Graded
Random Scanning - Correct Answer Each compromised computer probes random
addresses.

Permutation Scanning - Correct Answer All compromised computers shared a
common pseudo-random permutation of the IP address space.

Signpost Scanning - Correct Answer Uses the communication patterns of the
compromised computer to find new target.

Hitlist Scanning - Correct Answer A portion of a list of targets is supplied to a
compromised computer.

Subnet spoofing - Correct Answer Generate random addresses with a given address
space

Random spoofing - Correct Answer Generate 32-bit numbers and stamp packets with
them.

Fixed spoofing - Correct Answer The spoofed address is the address of the target.

Server Application - Correct Answer The attack is targeted to a specific application on
a server.

What is a "network access" attack used for? - Correct Answer The attack is used to
overload or crash the communication mechanism of a network.

Infrastructure - Correct Answer The motivation of this attack is a crucial service of a
global internet operation, for example a core router.

Why is the UDP-based NTP protocol particularly vulnerable to amplification attacks? -
Correct Answer • a small command can generate a large response.
• Vulnerable to source IP spoofing.
• It is difficult to ensure computers communicate only with legitimate NTP servers.

SYN Cookie - True Statement - Correct Answer The server must reject all TCP options
because the server discards the SYN queue entry.

True statements regarding UDP flood attacks - Correct Answer • Attackers can spoof
the IP address of their UDP packets.
• Firewalls cannot stop a flood because the firewall is susceptible to flooding.

True statements regarding CAPTCHA puzzles - Correct Answer • Client puzzles
should be stateless.
• Puzzle complexity should increase as the strength of the attack increases.

,What assumptions can be made about trace backs? - Correct Answer Attackers may
work alone or in groups

What assumptions can be made regarding edge sampling? - Correct Answer • Multiple
attackers can be identified since edge identifies splits in reverse path.
• Requires space in the IP packet header.

Self defense against reflector attacks should incorporate the following: - Correct Answer
• Server redundancy - servers should be located in multiple networks and locations.
• Traffic limiting - traffic from a name server should be limited to reasonable thresholds.

Deep Web - Correct Answer It is not indexed by standard search engines

Dark Web - Correct Answer Web content that exists on darknets

Surface Web - Correct Answer Readily available to the public, and searchable with
standard search engines.

Doorway pages - Correct Answer A webpage that lists many keywords, in hopes of
increasing search engine ranking. Scripts on the page redirect to the attackers page.

Crypters - Correct Answer A program that hides malicious code from anti-virus
software.

Blackhat Search Engine Optimizer - Correct Answer It increases traffic to the attacker's
site by manipulating search engines.

Trojan Download Manager - Correct Answer Software that allows an attacker to
update or install malware on a victim's computer.

Name two identifying characteristics of Spam: - Correct Answer 1) Inappropriate or
irrelevant
2) Large number of recipients

Name the top three countries where spam directed visitors added items to their
shopping carts: - Correct Answer 1) United States
2) Canada
3) Philippines

Which events should trigger a penetration test?
• Infastructure is added or modified
• Applications are added of modified
• End user policies are changed
• Security patches are installed - Correct Answer • Infastructure is added or modified
• Applications are added of modified
• End user policies are changed

, • Security patches are installed

Steps attackers used to access RSA's Adobe Flash software: - Correct Answer •
Identify employees that are vulnerable
• Craft an email subject line that entices an employee to open it.
• Hide an executable file in the email that will install onto the victim's computer when the
email is opened.

(Describe the social engineering tool) Flash or CD Autoplay - Correct Answer A flash is
created that has a program that creates a connection to the exploit server.

(Describe the social engineering tool) Reverse Shell Applet - Correct Answer A signed
Java applet is sent to the user, if they accept it, a shell is sent back to the exploit server.

(Describe the social engineering tool) Click Logger - Correct Answer used to determine
which users click on links in emails.

(Describe the social engineering tool) Download Connection - Correct Answer An
email contains an attachment. When the attachment is downloaded a connection is
made to the exploit server.

Top three industries that were targets of cyber attacks in 2016 - Correct Answer 1)
Defense contractor
2) Restaurant
3) Software

(Describe the motivation) Liking - Correct Answer A desire to fit and to be more easily
influenced by someone you like.

(Describe the motivation) Scarcity - Correct Answer A desire to pursue a limited or
exclusive item or service.

(Describe the motivation) Commitment - Correct Answer A desire to act in a consistent
manner

(Describe the motivation) Social Proof - Correct Answer Looking to others for clues on
how to behave.

(Describe this attack) Using components with known vulnerabilities - Correct Answer
Uses unpatched third party components

(Describe this attack) Missing function level access control - Correct Answer Privilege
functionality is hidden rather than enforced through access controls.

(Describe this attack) Sensitive data exposure - Correct Answer Abuses lack of data
encryption