10.3.13

Which of the following motivates attackers to use DoS and DDoS attacks?

Hacktivism, profit, and damage reputation

An attacker may use compromised websites and emails to distribute specially designed malware to poorly secured devices. This malware provides an access point to the attacker, which he can use to control the device. Which of the following devices can the attacker use?

Any device that can communicate over the Internet can be hacked.

Which of the following best describes the key difference between DoS and DDoS?

Attackers use numerous computers and connections.

Which of the following tools can be used to create botnets

Shark, PlugBot, and Poison Ivy

Creating an area of the network where offending traffic is forwarded and dropped is known as _________?

Black hole filtering

Which of the following is an attack where all traffic is blocked by taking up all available bandwidth between the target computer and the Internet?

Volumetric attack

You suspect that an ICMP flood attack is taking place from time to time, so you have used Wireshark to capture packets using the tcp.flags.syn==1 filter. Initially, you saw an occasional SYN or ACK packet. After a short while, however, you started seeing packets as shown in the image. Using the information shown, which of the following explains the difference between normal ICMP (ping) requests and an ICMP flood?

With the flood, all packets come from the same source IP address in quick succession.

The ping command is designed to test connectivity between two computers. There are several command options available to customize ping, making it a useful tool for network administrators. On Windows, the default number of ping requests is set is four. Which of the following command options will change the default number of ping requests?

-n

Which of the following best describes a reverse proxy method for protecting a system from a DoS attack?

Redirects all traffic before it is forwarded to a server, so the redirected system takes the impact.

It is important to be prepared for a DoS attack. These attacks are becoming more common. Which of the following best describes the response you should take for a service degradation?

Services can be set to throttle or even shut down.

You are using Wireshark to try and determine if a denial-of-service (DDoS) attack is happening on your network (128.28.1.1). You previously captured packets using the tcp.flags.syn==1 and tcp.flags.ack==1 filter, but only saw a few SYN-ACK packets. You have now changed the filter to tcp.flags.syn==1 and tcp.flags.ack==0. After examining the Wireshark results shown in the image, which of the following is the best reason to conclude that a DDoS attack is happening?

There are multiple SYN packets with different source addresses destined for 128.28.1.1.

Listen to exam instructions A hacker has discovered UDP protocol weaknesses on a target system. The hacker attempts to send large numbers of UDP packets from a system with a spoofed IP address, which broadcasts out to the network in an attempt to flood the target system with an overwhelming amount of UDP responses. Which of the following DoS attacks is the hacker attempting to use?

Fraggle attack

Which of the following best describes a DoS attack?

A hacker overwhelms or damages a system and prevents users from accessing a service.