EH CH11 MCQ's
12. What response is missing in a SYN flood attack? A. ACK B. SYN C. SYN-ACK D. URG
A. ACK
In a DDoS attack, what communications channel is commonly used to orchestrate the attack? A. Internet Relay Chat (IRC) B. MSN Messenger C. ICMP D. Google Talk
A. Internet Relay Chat (IRC)
Which DoS attack sends traffic to the target with a spoofed IP of the target itself? A. Land B. Smurf C. Teardrop D. SYN flood
A. Land
Which of the following attacks forges a TCP packet as both the source and destination IP address of the victim and causes the vicitm's computer to freeze or crash? A. Land B. Fraggle C. Teardrop D. Smurf
A. Land
What is the key difference between a smurf and a fraggle attack? A. TCP vs. UDP B. TCP vs. ICP C. UDP vs. ICMP D. TCP vs. ICMP
A. TCP vs. UDP
Which of the following attacks uses UDP packets to target the broadcast address and cause a DoS? A. Smurf B. Fraggle C. Land D. Teardrop
B. Fraggle
What is the name for the dynamic memory space that, unlike the stack, doesn't rely on sequential ordering or organization? A. Pointer B. Heap C. Pile D. Load
B. Heap
When applications create variable memory segments in a dynamic fashion, what type of memory is being used? A. Stack B. Heap C. Virtual memory D. Virtual stack
B. Heap
19. The stack operates on a __________ basis. A. FIFO B. LIFO C. FILO D. LILO
B. LIFO
10. What is the main difference between DoS and DDoS? A. Scale of attack B. Number of attackers C. Goal of the attack D. Protocols in use
B. Number of attackers
Adding to and removing from a program stack are known as what? A. Pop and lock B. Push and pop C. Stack and pull D. Plus and minus
B. Push and pop
While monitoring traffic on the network, Jason captures the following traffic. What is he seeing occur? A. ICMP flood B. SYN flood C. Teardrop D. Land
B. SYN flood
What is an eight-in-one DoS tool that can launch such attacks as land and teardrop? A. Jolt B. Targa C. TFN2K D. Trinoo
B. Targa
A method that defends against a flooding attack and massive DoS attacks is referred to as what? A. Defense in depth B. Spam blocker C. Flood safe D. Flood guard
D. Flood guard
Jason is the local network administrator who has been tasked with securing the network from possible DoS attacks. Within the last few weeks, some traffic logs appear to have internal clients making requests from outside the internal LAN. Based on the traffic Jason has been seeing, what action should he take? A. Throttle network traffic. B. Update antivirus definitions. C. Implement egress filtering. D. Implement ingress filtering.
D. Implement ingress filtering.
What command-line utility can you use to craft custom packets with specific flags set? A. Nmap B. Zenmap C. Ping D. hping3
D. hping3
Which type of network uses a group of zombie computers to carry out the commands of the bot master? A. Zombie net B. Zombie group C. Botnet D. Bot heard
C. Botnet
Which pointer in a program stack gets shifted or overwritten during a successful overflow attack? A. ESP B. ECP C. EIP (Extended Instruction Pointer) D. EBP
C. EIP (Extended Instruction Pointer)
What is a single-button DDoS tool suspected to be used by groups such as Anonymous? A. Trinoo B. Crazy Pinger C. LOIC D. DoSHTTP
C. LOIC
Zombies Inc. is looking for ways to better protect their web servers from potential DoS attacks. Their web admin proposes the use of a network appliance that receives all incoming web requests and forwards them to the web server. He says it will prevent direct customer contact with the server and reduce the risk of DoS attacks. What appliance is he proposing? A. Web proxy B. IDS C. Reverse proxy D. Firewall
C. Reverse proxy
What is the most common sign of a DoS attack? A. Weird messages B. Rebooting of a system C. Slow performance D. Stolen credentials
C. Slow performance
What protocol is used to carry out a fraggle attack? A. IPX B. TCP C. UDP D. ICMP
C. UDP
Which function(s) are considered dangerous because they don't check memory bounds? (Choose all that apply.) A. gets() B. strcpy() C. scanf() D. strcat() E. All above.
E. All above.