CNT 4406 Chapter 3

Which of the following correctly represents the port used by FTP control traffic and FTP file transfer traffic respectively

21,20

What can an IDPS check to try to determine weather a packet has been has been tampered with or damaged in transit

Checksum

What type of attack does a remote access Trojan attempt to perpetrate

Composite attack

Which protocol is responsible for automatic assignment of IP address

DHCP

Let the other computer know it is finished sending data

FIN packet

A packet monkey is a unskilled programmer who spreads viruses and other malicious scripts to exploit computer weakness

False

All atomic attack is a barrage of hundreds of packets directed at a host

False

All device interpret attack signature uniformly

False

Packet fragment is not normal, and can only occur if an attack has been initiated

False

Reviewing log files is a time consuming task and therefore should only be done when an attack on the network has occured

False

What is the tern used when an IDPS doesn't recognize that an attack is underway

False negative

What is the packet called where a Web browser sends a request to the Web server for Web page data

HTTP GET

Which of the following is an accurate set of characteristic you would find in an attack signature

IP address,TCP flags,port numbers

In which of the following situations can CVE improve the coordination of intrusion information on a network

Installing application patches can thwart a report attack

Crafted packets that are inserted into network traffic

Packet injection

A series of ICMP echo request packets in a range of IP address

Pin sweep

Which of the following is true about cryptographic primitive

Primitives are usually not the source of security failures

The signature of a normal FTP connection includes a three-way handshake

True

With discretionary access control, network users can share information with other users, making it more risky than MAC

True

Which element of an ICMP header would indicate that the packet is an ICMP echo request message

Type

A set of characteristic that define a type of network security

Signature

Which of the following is NOT a category of suspicious TCP/IP packet

Suspicious CRC value

Under which attack category does a UNIX sendmail exploitation fall

Suspicious data payload

Security devices on a network process digital information, such as text files and web pages, in the same way.However,which of the following pieces of information might they handle differently

Attack signature

Which of the following is NOT among the items of information that a CVE reference reports

Attack signature

An undocumented hidden opening through which an attacker can access a computer

Back door

The maximum packet size that can be transmitted

MTU

Of what category of attack is a DoS attack an example

Multiple-packet attack

In which OSI model layer will you find the OSPF protocol

Network

A standard set of communications rules that allows one computer to request a service from another computer

RPC

Which TCP flag can be default response to a probe on a closed port

RST

Sent when one computer wants to stop and restart the connection

RST packet

Which of the following is an element of the TCP header that can indicate that a connection has been established

SEQ/ACK analysis

What is the typical packet sequence of packets for a successful three-way handshake

SYN,SYN ACK,ACK

Which of the following is NOT a critical goal of information security

Scalability

Used by attackers to delay the progression of a scan

Scan throttling

How does CVE standard make network security devices and tools more effective

They share information about attack signature

A worm creates files that copy themselves repeatedly and consume disk space

True

Newer Trojans listen at a predetermined port on the target computer so that detection is more difficult

True

Physical security protects a system fro theft,fire,or environmental disater

True

All ports from 0 to 65.535 are probed one after another

Vanilla scan

Which type of scan has FIN,PSH,and URG flag set

Xmas scan

Under which suspicious traffic signature category would a port scan fall

denial of service

Which of the following is the description of a land attack

source and destination IP address/port are the same

In which type of scan does an attacker scan only ports that are commonly used by specific programs

strobe scan