17. Common Types of Attacks Flashcards

1
Q
  1. Which of the following is not a technology-based attack?
    a. DoS
    b. Ping of death
    c. Shoulder surfing
    d. Malware
A

c. Shoulder surfing is not a technology-based attack. It is a social engineering attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  1. A comand and control server is a part of which of the following attacks?
    a. DDoS
    b. Ping of death
    c. Shoulder surfing
    d. Malware
A

a. The command and control server is used to control the zombies in a botnet, which is part of a DDoS attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  1. Which of the following is a DoS attack that floods its victim with spoofed broadcast ping messages?
    a. SYN flood
    b. Smurf
    c. Land attack
    d. Ping of death
A

b. Here’s how a smurf attack works: The bad guy spoofs the intended victim’s IP address and then sends a large number of pings (IP echo requests) to IP broadcast address. The receiving router responds by delivering the broadcast to all hosts in the subnet, and all the hosts respond with an IP echo reply - all of them at the same time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  1. Which of the following is an attack that inundates the receiving machine with lots of packets that cause the victim to waste resources by holding connections open?
    a. Ping of death
    b. Zero day
    c. Smurf
    d. SYN flood
A

d. In the SYN flood, the attacker sends a SYN, the victim sends back a SYN-ACK, and the attacker leaves the victim waiting for the final ACK. While the server is waiting for the response, a small part of memory is reserved for it. As the SYNs continue to arrive, memory is gradually consumed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  1. In which of the following does the attacker (and his bots) send a small spoofed 8 byte UDP packet to vulnerable NTP servers that requests a large amount of data (megabytes worth of traffic) be sent to the DDoS’s target IP address?
    a. SYN flood
    b. NTP amplification
    c. Smurf
    d. DNS amplification
A

b. The attackers use the monlist command, a remote command in older versions of NTP, that sends the requester a list of 600 hosts who have connected to that server. This attack can be prevented by using at least NTP version 4.2.7 (which was released in 2010).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  1. Which of the following was previously known as a man-in-the-middle-attack?
    a. VLAN hopping
    b. On-path attack
    c. LAND attack
    d. Smurf
A

b. A man-in-the-middle attack (also known as an on-path attack) happens when someone intercepts packets intended for one computer and reads the data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  1. Double tagging is a part of which of the following attacks?
    a. VLAN hopping
    b. Smurf
    c. DDoS
    d. Malware
A

a. A VLAN hopping attack results in traffic from one VLAN being sent to the wrong VLAN. Normally, this is prevented by the trunking protocol placing a VLAN tag in the packet to identify the VLAN to which the traffic belongs. The attacker can circumvent this by a process called double-tagging, which is placing a fake VLAN tag into the packet along with the real tag. When the frame goes through multiple switches, the real tag is taken off by the first switch, leaving the fake tag. When the frame reaches the second switch, the fake tag is read and the frame is sent to the VLAN to which the hacker intended the frame to go.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  1. Which of the following is the process of adopting another system’s MAC address for the purpose of receiving data meant for that system?
    a. Certificate spoofing
    b. ARP spoofing
    c. IP spoofing
    d. URL spoofing
A

b. ARP spoofing is the process of adopting another system’s MAC address for the purpose of receiving data meant for that system. It also usually involves ARP cache poisoning.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  1. Which of the following is connected to your wired infrastructure without your knowledge?
    a. Rogue AP
    b. Command and control server
    c. Zombies
    d. Botnet
A

a. These are APs that have been connected to your wired infrastructure without your knowledge. The rogue may have been placed there by a determined hacker who snuck into your facility and put it in an out of the way location or, more innocently, by an employee who just wants wireless access and doesn’t get how dangerous doing this is.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  1. Which of the following uses the same SSID as your AP?
    a. Rogue AP
    b. Rogue DHCP
    c. Evil twin
    d. Zombie
A

c. This ugly trick is achieved by placing their AP on a different channel from your legitimate APs and then setting its SSID in accordance with your SSID.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly