10.3.13 Practice Questions Flashcards
Listen to exam instructions
Which of the following best describes the key difference between DoS and DDoS?
answer
Results in the server being inaccessible to users.
Sends a large number of legitimate-looking requests.
The target server cannot manage the capacity.
Attackers use numerous computers and connections.
Attackers use numerous computers and connections.
An attacker may use compromised websites and emails to distribute specially designed malware to poorly secured devices. This malware provides an access point to the attacker, which he can use to control the device. Which of the following devices can the attacker use?
answer
Only routers and switches on the Internet can be hacked.
Any device that can communicate over the Internet can be hacked.
Only servers and routers on the Internet can be hacked.
Only servers and workstations on the intranet can be hacked.
Any device that can communicate over the Internet can be hacked.
Which of the following motivates attackers to use DoS and DDoS attacks?
answer
Hacktivism, turf wars, and profit
Hacktivism, profit, and damage reputation
Distraction, extortion, and theft
Distraction, turf wars, and fun
Hacktivism, profit, and damage reputation
Which of the following is an attack where all traffic is blocked by taking up all available bandwidth between the target computer and the Internet?
answer
Phlashing attack
Fragmentation attack
Amplification attack
Volumetric attack
Volumetric attack
Which of the following tools can be used to create botnets?
answer
Jolt2, PlugBot, and Shark
Shark, PlugBot, and Poison Ivy
Trin00, Targa, and Jolt2
Poison Ivy, Targa, and LOIC
Shark, PlugBot, and Poison Ivy
A hacker has discovered UDP protocol weaknesses on a target system. The hacker attempts to send large numbers of UDP packets from a system with a spoofed IP address, which broadcasts out to the network in an attempt to flood the target system with an overwhelming amount of UDP responses. Which of the following DoS attacks is the hacker attempting to use?
answer
SYN flood
Teardrop attack
Smurf attack
Fraggle attack
Fraggle attack
The ping command is designed to test connectivity between two computers. There are several command options available to customize ping, making it a useful tool for network administrators. On Windows, the default number of ping requests is set is four. Which of the following command options will change the default number of ping requests?
answer
-l
-n
-f
-a
-n
An illustration of a series of packets captured with Wireshark, using a filter.
You are using Wireshark to try and determine if a denial-of-service (DDoS) attack is happening on your network (128.28.1.1).
You previously captured packets using the tcp.flags.syn==1 and tcp.flags.ack==1 filter, but only saw a few SYN-ACK packets. You have now changed the filter to tcp.flags.syn==1 and tcp.flags.ack==0. After examining the Wireshark results shown in the image, which of the following is the best reason to conclude that a DDoS attack is happening?
answer
There was a flood of SYN packets without a matching SYN-ACK packet.
The source address for all SYN packets is 198.28.1.1.
The Transmission Control Protocol shows the hex value of the SYN flag is 0x002.
There are multiple SYN packets with different source addresses destined for 128.28.1.1.
There are multiple SYN packets with different source addresses destined for 128.28.1.1.
An illustration of a series of packets captured with Wireshark, using a filter.
You suspect that an ICMP flood attack is taking place from time to time, so you have used Wireshark to capture packets using the tcp.flags.syn==1 filter. Initially, you saw an occasional SYN or ACK packet. After a short while, however, you started seeing packets as shown in the image.
Using the information shown, which of the following explains the difference between normal ICMP (ping) requests and an ICMP flood?
answer
With the flood, all packets come from the same source IP address in quick succession.
The normal ICMP ping request only has one source address.
The only difference is the number of packets that are sent.
With the ICMP flood, ICMP packets are sent and received at a quicker rate than normal ICMP packets.
With the flood, all packets come from the same source IP address in quick succession.
Which of the following best describes a DoS attack?
answer
A hacker overwhelms or damages a system and prevents users from accessing a service.
A hacker penetrates a system by using every character, word, or letter to gain access.
A hacker intercepts traffic between two systems to gain access to a system.
A hacker attempts to impersonate an authorized user by stealing the user’s token.
A hacker overwhelms or damages a system and prevents users from accessing a service.
Which of the following best describes a reverse proxy method for protecting a system from a DoS attack?
answer
Adds extra services so that there are too many platforms for the attacker to be able to flood.
Redirects all traffic before it is forwarded to a server, so the redirected system takes the impact.
Creates an area of the network where offending traffic is forwarded and dropped.
Limits the potential impact of a DoS attack by providing additional response time.
Redirects all traffic before it is forwarded to a server, so the redirected system takes the impact.
Listen to exam instructions
Creating an area of the network where offending traffic is forwarded and dropped is known as _________?
answer
Enable router throttling
Anti-spoofing measures
Reverse proxy
Black hole filtering
Black hole filtering
It is important to be prepared for a DoS attack. These attacks are becoming more common. Which of the following best describes the response you should take for a service degradation?
answer
Add extra services, such as load balancing and excess bandwidth.
Include a checklist of all threat assessment tools.
Have more than one upstream connection to use as a failover.
Services can be set to throttle or even shut down.
Services can be set to throttle or even shut down.
