Ch 12 - Attack & Defense

Question 1

What protocol is used for a Smurf attack?

A. DNS
B. ICMP
C. TCP
D. SMTP

Answer 1

B.
ICMP

Question 2

If you were to see ’ or 1=1; in a packet capture, what would you expect was happening?

A. Cross‐site scripting
B. Command injection
C. SQL injection
D. XML external entity injection

Answer 2

C.
SQL injection

Question 3

Which protocol is commonly used for amplification attacks?

A. TCP
B. SMTP
C. DNS
D. XML

Answer 3

C.
DNS

Question 4

What is the purpose of a SYN flood?

A. Fill up connection buffers in the operating system
B. Fill up connection buffers in the web server
C. Fill up connection buffers at the Application layer
D. Fill up connection buffers for UDP

Answer 4

A.
Fill up connection buffers in the operating system

Question 5

How does a slowloris attack work?

A. Holds open connection buffers at the operating system
B. Holds open connection buffers at the web server
C. Holds open connection buffers at the Application layer
D. Holds open connection buffers for UDP

Answer 5

B.
Holds open connection buffers at the web server

Question 6

What would be the result of sending the string AAAAAAAAAAAAAAAAA into a variable that has been allocated space for 8 bytes?

A. Heap spraying
B. SQL injection
C. Buffer overflow
D. Slowloris attack

Answer 6

C.
Buffer overflow

Question 7

What is the target of a cross‐site scripting attack?

A. Web server
B. Database server
C. Third‐party server
D. User

Answer 7

D.
User

Question 8

If you were to see the following in a packet capture, what would you think was happening?

<!ENTITY xxe SYSTEM “file:///etc/passwd”>]>

A. Cross‐site scripting
B. SQL injection
C. Command injection
D. XML external entity injection

Answer 8

D.
XML external entity injection

Question 9

What protection could be used to prevent an SQL injection attack?

A. Buffer overflows
B. Input validation
C. XML filtering
D. Lateral movement

Answer 9

B.
Input validation

Question 10

What security element would be a crucial part of a defense‐in‐depth network design?

A. Firewall
B. SIEM
C. Web application firewall
D. Log management system

Answer 10

A.
Firewall

Question 11

What does a defense‐in‐breadth approach add?

A. Consideration for a broader range of attacks
B. Protection against SQL injection
C. Buffer overflow protection
D. Heap spraying protection

Answer 11

A.
Consideration for a broader range of attacks

Question 12

What attack injects code into dynamically allocated memory?

A. Buffer overflow
B. Cross‐site scripting
C. Heap spraying
D. Slowloris

Answer 12

C.
Heap spraying

Question 13

If you were to see the following in a packet capture, what attack would you expect is happening?

%3Cscript%3Ealert(‘wubble’);%3C/script%3E

A. SQL injection
B. Command injection
C. Cross‐site scripting
D. Buffer overflow

Answer 13

C.
Cross‐site scripting

Question 14

What has been done to the following string?

%3Cscript%3Ealert(‘wubble’);%3C/script%3E

A. Base64 encoding
B. URL encoding
C. Encryption
D. Cryptographic hashing

Answer 14

B.
URL encoding

Question 15

What technique does a slow read attack use?

A. Small HTTP header requests
B. Small HTTP body requests
C. Small HTTP POST requests
D. Small file retrieval requests

Answer 15

D.
Small file retrieval requests

Question 16

What element could be used to facilitate log collection, aggregation, and correlation?

A. Log manager
B. Firewall
C. IDS
D. SIEM

Answer 16

D.
SIEM

Question 17

What is the target of a command injection attack?

A. Operating system
B. Web server
C. Database server
D. User

Answer 17

A.
Operating system

Question 18

What would the Low Orbit Ion Cannon be used for?

A. SQL injection attacks
B. Log management
C. Denial‐of‐service attacks
D. Buffer overflows

Answer 18

C.
Denial‐of‐service attacks

Question 19

What could you use to inform a defensive strategy?

A. SIEM output
B. Attack life cycle
C. Logs
D. Intrusion detection system

Answer 19

B.
Attack life cycle

Question 20

What information does a buffer overflow intend to control?

A. Stack pointer
B. Frame pointer
C. Instruction pointer
D. Buffer pointer

Answer 20

C.
Instruction pointer

Question 21

Which of these prevention techniques would be best used against a SQL injection attack?

A. Return to libc
B. Web application firewall
C. Address space layout randomization
D. Stack canary

Answer 21

B.
Web application firewall

Question 22

If you wanted to get access to a file in the file system on a web server, which of these attack techniques might you use?

A. Cross‐site scripting
B. Command injection
C. SQL injection
D. Directory traversal

Answer 22

D.
Directory traversal

Question 23

What are two important characteristics that differentiate defensible network architectures from defense in depth?

A. Firewalls and DMZs
B. Honeypots and DMZs
C. Isolation and malware protection
D. Containment and monitoring

Answer 23

D.
Containment and monitoring

Question 24

What type of system could you use to trap and monitor an attacker?

A. Web application firewall
B. Next‐generation firewall
C. Honeypot
D. DMZ

Answer 24

C.
Honeypot

Question 25

What attack technique can be used to bypass address space layout randomization?

A. Return to libc
B. Stack canary
C. Buffer overflow
D. Return to JavaScript

Answer 25

A.
Return to libc