Chapter 9 Quiz

Question 1

Which method used to detect sniffing works by sending a pulse down the wire, which it then uses to create a graph, and compares to previous responses?

Answer 1

TDR

Question 2

Which ARP poisoning tools can be used to sniff and analyze traffic generated by SSH?

Answer 2

Cain and Abel

Ettercap

Question 3

What type of network and method can be used for a sniffer to capture all network trafic?

Answer 3

Switched Ethernet, ARP spoofing
Switched Ethernet, MAC flooding
Shared Ethernet, Passive sniffing

Question 4

Which ARP poisoning technique targets network switches with excessive traffic, which causes them to change to hub mode, during which they become too busy to enforce port security features?

Answer 4

MAC Flooding

Question 5

Which of the following is a tool that can be used for lawful intercept, which is fully integrated with Wireshark, and uses elements called Views to allow administrators to analyze and visualize the network?

Answer 5

SteelCentral Packet Analyzer

Question 6

What is another way that all network traffic can be captured in a switched network?

Answer 6

Port mirroring, Switched Port Analyzer, Port monitoring

Question 7

What protocols are most vulnerable to sniffing

Answer 7

HTTP, Telnet, SNMP

Question 8

Which of the DNS poisoning techniques involves an attacker using a Trojan to change the victim’s DNS server IP address to that of the attackers machine?

Answer 8

Internet DNS spoofing

Question 9

When using Snort to capture packets, which switch is used to specify which class of network packets has to be captured by IP address.

Answer 9

-h

Question 10

Which method used to detech sniffing can identify a system operating in promiscuous mode by using a nonbroadcast IP address request?

Answer 10

ARP method