CS6250 Exam 3 2025/2026 Exam
Questions and Answers 100%
Guaranteed Success | Already Rated A+
What are the properties of secure communication? (4) - 🧠 ANSWER ✔✔-
ANSWER : Confidentiality
Integrity
Authentication
Availability
How does Round Robin DNS work? - 🧠 ANSWER ✔✔- ANSWER : Method
used by large websites to distribute the load of incoming requests to
several servers at a single physical location.
Responds to a DNS request with a list of DNS A records, which it then
cycles through in a round robin manner. The DNS Client then chooses a
record using difference strategies.
COPYRIGHT©NINJANERD 2025/2026. YEAR PUBLISHED 2025. COMPANY REGISTRATION NUMBER:
619652435. TERMS OF USE. PRIVACY STATEMENT. ALL RIGHTS RESERVED 1
,How does DNS-based content delivery work? - 🧠 ANSWER ✔✔- ANSWER
: Use DNS-based techniques to distribute content but using more complex
strats.
CDNs distribute the load amongst multiple servers at a single location, but
also distribute these servers across the world. When accessing the name
of the service using DNS, the CDN computes the 'nearest edge server' and
returns its IP address to the DNS client
CDNs can react quickly to changes in link characteristics as their TTL is
lower than that in RRDNS
How do Fast-Flux Service Networks work? - 🧠 ANSWER ✔✔- ANSWER :
After a TTL expires, it returns a different set of A records from a larger set
of compromised machines. These compromised machines act as proxies
between the incoming request and control node/mothership, forming a
resilient, robust, one-hop overlay network
COPYRIGHT©NINJANERD 2025/2026. YEAR PUBLISHED 2025. COMPANY REGISTRATION NUMBER:
619652435. TERMS OF USE. PRIVACY STATEMENT. ALL RIGHTS RESERVED 2
,What are the main data sources to identify hosts that likely belong to rogue
networks, used by FIRE (FInding Rogue nEtworks system)? 3 - 🧠 ANSWER
✔✔- ANSWER : 1. Botnet command and control providers
2. Drive-by-download hosting providers
3. Phish housing providers
The design of ASwatch is based on monitoring global BGP routing activity
to learn the control plane behavior of a network. Describe 2 phases of this
system. - 🧠 ANSWER ✔✔- ANSWER : 1. Training Phase - The system
learns control-plane behavior typical of both types of ASes. The system is
given a list of known malicious and legitimate ASes. It then tracks the
behavior of these ASers over time.
a. Rewiring activity, frequent changes in providers connecting with less
popular providers is suspicious
b. IP Space Fragmentation and Churn, malicious ASes are likely to use
small BGP prefixes.
COPYRIGHT©NINJANERD 2025/2026. YEAR PUBLISHED 2025. COMPANY REGISTRATION NUMBER:
619652435. TERMS OF USE. PRIVACY STATEMENT. ALL RIGHTS RESERVED 3
, c. BGP Routing Dynamics - The BGP announcements and withdrawals for
malicious ASes follow different patterns.
2. Operational Phase - Given an unkown AS, it then calculates the features
for this ASes. It uses the model to assign a reputation score to the AS, if it
gets a low score for multiple days then it is identified as malicious.
What are 3 classes of features used to determine the likelihood of a
security breach within an organization? - 🧠 ANSWER ✔✔- ANSWER : 1.
Mismanagement symptoms such as:
misconfigured DNS resolvers
DNS source port randomization not implemented
BGP misconfiguration
untrusted HTTPS Certificates
Open SMTP Mail Relays
2. Malicious Activities
Capturing info on spam, phising, malware, scanning activity
COPYRIGHT©NINJANERD 2025/2026. YEAR PUBLISHED 2025. COMPANY REGISTRATION NUMBER:
619652435. TERMS OF USE. PRIVACY STATEMENT. ALL RIGHTS RESERVED 4
Questions and Answers 100%
Guaranteed Success | Already Rated A+
What are the properties of secure communication? (4) - 🧠 ANSWER ✔✔-
ANSWER : Confidentiality
Integrity
Authentication
Availability
How does Round Robin DNS work? - 🧠 ANSWER ✔✔- ANSWER : Method
used by large websites to distribute the load of incoming requests to
several servers at a single physical location.
Responds to a DNS request with a list of DNS A records, which it then
cycles through in a round robin manner. The DNS Client then chooses a
record using difference strategies.
COPYRIGHT©NINJANERD 2025/2026. YEAR PUBLISHED 2025. COMPANY REGISTRATION NUMBER:
619652435. TERMS OF USE. PRIVACY STATEMENT. ALL RIGHTS RESERVED 1
,How does DNS-based content delivery work? - 🧠 ANSWER ✔✔- ANSWER
: Use DNS-based techniques to distribute content but using more complex
strats.
CDNs distribute the load amongst multiple servers at a single location, but
also distribute these servers across the world. When accessing the name
of the service using DNS, the CDN computes the 'nearest edge server' and
returns its IP address to the DNS client
CDNs can react quickly to changes in link characteristics as their TTL is
lower than that in RRDNS
How do Fast-Flux Service Networks work? - 🧠 ANSWER ✔✔- ANSWER :
After a TTL expires, it returns a different set of A records from a larger set
of compromised machines. These compromised machines act as proxies
between the incoming request and control node/mothership, forming a
resilient, robust, one-hop overlay network
COPYRIGHT©NINJANERD 2025/2026. YEAR PUBLISHED 2025. COMPANY REGISTRATION NUMBER:
619652435. TERMS OF USE. PRIVACY STATEMENT. ALL RIGHTS RESERVED 2
,What are the main data sources to identify hosts that likely belong to rogue
networks, used by FIRE (FInding Rogue nEtworks system)? 3 - 🧠 ANSWER
✔✔- ANSWER : 1. Botnet command and control providers
2. Drive-by-download hosting providers
3. Phish housing providers
The design of ASwatch is based on monitoring global BGP routing activity
to learn the control plane behavior of a network. Describe 2 phases of this
system. - 🧠 ANSWER ✔✔- ANSWER : 1. Training Phase - The system
learns control-plane behavior typical of both types of ASes. The system is
given a list of known malicious and legitimate ASes. It then tracks the
behavior of these ASers over time.
a. Rewiring activity, frequent changes in providers connecting with less
popular providers is suspicious
b. IP Space Fragmentation and Churn, malicious ASes are likely to use
small BGP prefixes.
COPYRIGHT©NINJANERD 2025/2026. YEAR PUBLISHED 2025. COMPANY REGISTRATION NUMBER:
619652435. TERMS OF USE. PRIVACY STATEMENT. ALL RIGHTS RESERVED 3
, c. BGP Routing Dynamics - The BGP announcements and withdrawals for
malicious ASes follow different patterns.
2. Operational Phase - Given an unkown AS, it then calculates the features
for this ASes. It uses the model to assign a reputation score to the AS, if it
gets a low score for multiple days then it is identified as malicious.
What are 3 classes of features used to determine the likelihood of a
security breach within an organization? - 🧠 ANSWER ✔✔- ANSWER : 1.
Mismanagement symptoms such as:
misconfigured DNS resolvers
DNS source port randomization not implemented
BGP misconfiguration
untrusted HTTPS Certificates
Open SMTP Mail Relays
2. Malicious Activities
Capturing info on spam, phising, malware, scanning activity
COPYRIGHT©NINJANERD 2025/2026. YEAR PUBLISHED 2025. COMPANY REGISTRATION NUMBER:
619652435. TERMS OF USE. PRIVACY STATEMENT. ALL RIGHTS RESERVED 4
