CS 6262 Quiz 1 Questions with Correct Answers Latest Version 2025-2026
Random Scanning - Answers Each compromised computer probes random addresses.
Permutation Scanning - Answers All compromised computers shared a common pseudo-
random permutation of the IP address space.
Signpost Scanning - Answers Uses the communication patterns of the compromised computer
to find new target.
Hitlist Scanning - Answers A portion of a list of targets is supplied to a compromised computer.
Subnet spoofing - Answers Generate random addresses with a given address space
Random spoofing - Answers Generate 32-bit numbers and stamp packets with them.
Fixed spoofing - Answers The spoofed address is the address of the target.
Server Application - Answers The attack is targeted to a specific application on a server.
Network Access Attack - Answers The attack is used to overload or crash the communication
mechanism of a network.
Infrastructure Attack - Answers The motivation of this attack is a crucial service of a global
internet operation, for example a core router.
Why is the UDP-based NTP protocol particularly vulnerable to amplification attacks? - Answers •
a small command can generate a large response.
• Vulnerable to source IP spoofing.
• It is difficult to ensure computers communicate only with legitimate NTP servers.
SYN Cookie - Answers The server must reject all TCP options because the server discards the
SYN queue entry.
UDP Flood Attacks - Answers • Attackers can spoof the IP address of their UDP packets.
• Firewalls cannot stop a flood because the firewall is susceptible to flooding.
CAPTCHA Puzzles - Answers • Client puzzles should be stateless.
• Puzzle complexity should increase as the strength of the attack increases.
What assumptions can be made about trace backs? - Answers Attackers may work alone or in
groups
Edge Sampling
, What assumptions can be made regarding edge sampling? - Answers • Multiple attackers can
be identified since edge identifies splits in reverse path.
• Requires space in the IP packet header.
Reflector Attacks
Self defense against reflector attacks should incorporate the following: - Answers • Server
redundancy - servers should be located in multiple networks and locations.
• Traffic limiting - traffic from a name server should be limited to reasonable thresholds.
Deep Web - Answers It is not indexed by standard search engines
Dark Web - Answers Web content that exists on darknets
Surface Web - Answers Readily available to the public, and searchable with standard search
engines.
Doorway pages - Answers A webpage that lists many keywords, in hopes of increasing search
engine ranking. Scripts on the page redirect to the attackers page.
Crypters - Answers A program that hides malicious code from anti-virus software.
Blackhat Search Engine Optimizer - Answers It increases traffic to the attacker's site by
manipulating search engines.
Trojan Download Manager - Answers Software that allows an attacker to update or install
malware on a victim's computer.
Name two identifying characteristics of Spam: - Answers 1) Inappropriate or irrelevant
2) Large number of recipients
Name the top three countries where spam directed visitors added items to their shopping carts:
- Answers 1) United States
2) Canada
3) Philippines
Which events should trigger a penetration test?
• Infastructure is added or modified
• Applications are added of modified
• End user policies are changed
Random Scanning - Answers Each compromised computer probes random addresses.
Permutation Scanning - Answers All compromised computers shared a common pseudo-
random permutation of the IP address space.
Signpost Scanning - Answers Uses the communication patterns of the compromised computer
to find new target.
Hitlist Scanning - Answers A portion of a list of targets is supplied to a compromised computer.
Subnet spoofing - Answers Generate random addresses with a given address space
Random spoofing - Answers Generate 32-bit numbers and stamp packets with them.
Fixed spoofing - Answers The spoofed address is the address of the target.
Server Application - Answers The attack is targeted to a specific application on a server.
Network Access Attack - Answers The attack is used to overload or crash the communication
mechanism of a network.
Infrastructure Attack - Answers The motivation of this attack is a crucial service of a global
internet operation, for example a core router.
Why is the UDP-based NTP protocol particularly vulnerable to amplification attacks? - Answers •
a small command can generate a large response.
• Vulnerable to source IP spoofing.
• It is difficult to ensure computers communicate only with legitimate NTP servers.
SYN Cookie - Answers The server must reject all TCP options because the server discards the
SYN queue entry.
UDP Flood Attacks - Answers • Attackers can spoof the IP address of their UDP packets.
• Firewalls cannot stop a flood because the firewall is susceptible to flooding.
CAPTCHA Puzzles - Answers • Client puzzles should be stateless.
• Puzzle complexity should increase as the strength of the attack increases.
What assumptions can be made about trace backs? - Answers Attackers may work alone or in
groups
Edge Sampling
, What assumptions can be made regarding edge sampling? - Answers • Multiple attackers can
be identified since edge identifies splits in reverse path.
• Requires space in the IP packet header.
Reflector Attacks
Self defense against reflector attacks should incorporate the following: - Answers • Server
redundancy - servers should be located in multiple networks and locations.
• Traffic limiting - traffic from a name server should be limited to reasonable thresholds.
Deep Web - Answers It is not indexed by standard search engines
Dark Web - Answers Web content that exists on darknets
Surface Web - Answers Readily available to the public, and searchable with standard search
engines.
Doorway pages - Answers A webpage that lists many keywords, in hopes of increasing search
engine ranking. Scripts on the page redirect to the attackers page.
Crypters - Answers A program that hides malicious code from anti-virus software.
Blackhat Search Engine Optimizer - Answers It increases traffic to the attacker's site by
manipulating search engines.
Trojan Download Manager - Answers Software that allows an attacker to update or install
malware on a victim's computer.
Name two identifying characteristics of Spam: - Answers 1) Inappropriate or irrelevant
2) Large number of recipients
Name the top three countries where spam directed visitors added items to their shopping carts:
- Answers 1) United States
2) Canada
3) Philippines
Which events should trigger a penetration test?
• Infastructure is added or modified
• Applications are added of modified
• End user policies are changed
