Ethical Hacking Module 10
Which of the following is an attack where all traffic is blocked by taking up all available bandwidth between the target computer and the Internet? Volumetric attack Phlashing attack Amplification attack Fragmentation attack
Volumetric attack
Which of the following is the term used to describe what happens when ana ttacker sends falsified messages to link their MAC address with the IP address of a legitimate computer or server on the network? MAC flooding ARP poisoning MAC spoofing Port mirroring
ARP poisoning
Which of the following best describes a DoS attack? A hacker intercepts traffic between two systems to gain access to a system A hacker penetrates a system by using every character, word, or letter to gain access A hacker attempts to impersonate an authorized user by stealing the user's token A hacker overwhelms or damages a system and prevents users from accessing a service
A hacker overwhelms or damages a system and prevents users from accessing a service
Which of the following is characterized by an attacker using a sniffer to monitor traffic between a victim and a host? Active hijacking Passive hijacking Session ID Session key
Passive hijacking
Your network administrator has set up training for all the users regarding clicking on links in emails or instant messages. Which of the following is your network administrator attempting to prevent? Packet filtering DNS spoofing Packet sniffing Session fixation
Session fixation
Using Wireshark filtering, you want to see all traffic except IP address 192.168.142.3. Which of the following is the best command to filter a specific source IP address? ip.src ne 192.168.142.3 ip.src == 192.168.142.3 ip.src && 192.168.142.3 ip.src eq 192.168.142.3
ip.src ne 192.168.142.3
A security analyst is using tcpdump to capture suspicious traffic detected on port 443 of a server. The analyst wants to capture the entire packet with hexadecimal and ascii output only. Which of the following tcpdump options will achieve this output? -SA port 443 src port 443 -SX port 443 -SXX port 443
-SX port 443
Which of the following describes a session ID? The symmetric key used to encrypt and decrypt communications between a client and a server. A unique token that a server assigns for the duration of a client's communications with the server. The destination IP address of an encrypted packet sent from a server to a client. The source IP address of an encrypted packet sent from a server to a client.
A unique token that a server assigns for the duration of a client's communications with the server.
Creating an area of the network where offending traffic is forwarded and dropped is known as ______? Black hole filtering Reverse proxy Anti-spoofing emasures Enable router throttling
Black hole filtering
Which of the following are network sniffing tools? Ettercap, Ufasoft snif, and Shark Cain and Abel, Ettercap, and TCPDump WinDump, KFSensor, and Wireshark Ufasoft snif, TCPDump, and Shark
Cain and Abel, Ettercap, and TCPDump
A hacker has discovered UDP protocol weaknesses on a target system. The hacker attempts to send large numbers of UDP packets from a system with a spoofed IP address, which broadcasts out to the network in an attempt to flood the target system with an overwhelming amount of UDP responses. Which of the following DoS attacks is the hacker attempting to use? SYN flood Teardrop attack Fraggle attack Smurf attack
Fraggle attack
Which of the following motivates attackers to use DoS and DDoS attacks? Hacktivism, profit, and damage reputation Hacktivism, turf wars, and profit Distraction, extortion, and theft Distraction, turf wars, and fun
Hacktivism, profit, and damage reputation
Which of the following protocols is one of the most common methods used to protect packet information and defend against network attacks in VPNs? SYN ECC BLE IPsec
IPsec
Which of the following tools can be used to create botnets? Trin00, Targa, and Jolt2 Jolt2, PlugBot, and Shark Shark, PlugBot, and Poison Ivy Poison Ivy, Targa, and LOIC
Shark, PlugBot, and Poison Ivy
An attacker may use compromised websites and emails to distribute specially designed malware to poorly secured devices. This malware provides an access point to the attacker, which he can use to control the device. Which of the following devices can the attacker use? Only servers and routers on the Internet can be hacked Only servers and workstations on the intranet can be hacked Only routers and switches on the Internet can be hacked Any device that can communicate over the intranet can be hacked
Any device that can communicate over the intranet can be hacked
Which of the following best described the key difference between DoS and DDoS? Attackers use numerous computers and connections The target server cannot manage the capacity Results in the server being inaccessible to users Sends a large number of legitimate-looking requests
Attackers use numerous computers and connections
It is important to be prepared for a DoS attack. These attacks are becoming more common. Which of the following best describes the response you should take for a service degradation? Services can be set to throttle or even shut down. Have more than one upstream connection to use as a failover. Include a checklist of all threat assessment tools. Add extra services, such as load balancing and excess bandwidth.
Services can be set to throttle or even shut down.
Which of the following tasks is being described? 1. Sniff the traffic between the target computer and the server. 2. Monitor traffic with the goal of predicting the packet sequence numbers. 3. Desynchronize the current session. 4. Predict the session ID and take over the session. 5. Inject commands to target the server. Application hijacking Passive hijacking Session hijacking Cookie hijacking
Session hijacking
A penetration tester discovers a vulnerable application and is able to hijack a website's URL hyperlink session ID. The penetration tester is able to intercept the session ID; when the vulnerable application sends the URL hyperlink to the website, the session IDs are embedded in the hyperlink. Which of the following types of session hijacking countermeasures is the penetration tester using? Man-in-the-middle attack UDP session hijacking TCP/IP session hijacking Session fixation attack
Session fixation attack
Jason, an attacker, has manipulated a client's connection to disconnect the real client and allow the server to think that he is the authenticated user. Which of the following describes what he has done? Session sniffing Active hijacking Cross-site scripting Passive hijacking
Active hijacking
Your network administrator is configuring settings so the switch shuts down a port when the max number of MAC addresses is reached. What is the network administrator taking countermeasures against? Hijacking Sniffing Spoofing Filtering
Sniffing
The ping command is designed to test connectivity between two computers. There are several command options available to customize ping, making it a useful tool for network administrators. On Windows, the default number of ping requests is set is four. Which of the following command options will change the default number of ping requests? -n -l -a -f
-n
Which of the following best describes the process of using prediction to gain session tokens in an Application level hijacking attack? Collect several session IDs that have been used before and then analyze them to determine a pattern. Obtain a user's HTTP cookies to collect session IDs embedded within the file to gain access to a session. Review a user's browsing history to enter a previously used URL to gain access to an open session. Convince the victim system that you are the server so you can hijack a session and collect sensitive information.
Collect several session IDs that have been used before and then analyze them to determine a pattern.
Using sniffers has become one way for an attacker to view and gather network traffic. If an attacker overcomes your defenses and obtains network traffic, which of the following is the best countermeasure for securing the captured network traffic? Use encryption for all sensitive traffic Implement acceptable use policies Use intrusion detection countermeasures Eliminate unnecessary system applications
Use encryption for all sensitive traffic
Which of the following are protocols included in the IPsec architecture? IKE, AH, and ESP SIP, AH, and ACK IKE, AH, and ACK SIP, AH, and ESP
IKE, AH, and ESP
Which term describes the process of sniffing traffic between a user and server, then re-directing the traffic to the attacker's machine, where malicious traffic can be forwarded to either the user or server? Cross-site scripting Man-in-the-middle DNS spoofing Session hijacking
Man-in-the-middle
Which of the following best describes a reverse proxy method for protecting a system from a DoS attack? Redirects all traffic before it is forwarded to a server, so the redirected system takes the impact. Creates an area of the network where offending traffic is forwarded and dropped. Adds extra services so that there are too many platforms for the attacker to be able to flood. Limits the potential impact of a DoS attack by providing additional response time.
Redirects all traffic before it is forwarded to a server, so the redirected system takes the impact.
