Module 21 - Network Threats - Q&A Flashcards
Which one of the following terms is used for impersonating a host or user? A. Smurf attack B. Man-in-the-middle C. Session hijacking D. Spoofing
D. A spoofing attack involves impersonating a user’s identity or the IP address, MAC address, or host name of a computer.
All of the following are characteristics of a man-in-the-middle (MITM) attack, except:
A. Intercepting data
B. Altering and retransmitting data
C. Spoofing both sides of the communications session
D. Flooding the network with ICMP packets
D. Flooding the network with ICMP packets is not a typical characteristic of a MITM attack.
Intercepting a user’s credentials and retransmitting them in the hopes of authenticating as that user is known as a \_\_\_\_\_\_\_\_\_\_ attack. A. session hijacking B. replay C. man-in-the-middle D. spoofing
B. A replay attack involves intercepting a user’s credentials and retransmitting them in the hopes of authenticating as that user.
Which of the following can be used to conduct a denial-of-service attack? (Choose all that apply.) A. Specially crafted traffic B. Malware C. Large amounts of traffic D. Man-in-the middle attacks
A, B, C. All of these can be used to conduct DoS attacks. A man-in-the-middle attack is not used to conduct a DoS attack; it is used to intercept and/ or modify data.
You have received reports that a user’s host is very sluggish and unresponsive. After troubleshooting other items, you decide to use a sniffer to examine the network traffic coming into the host. You see that large amounts of ICMP traffic, in the form of ping replies, are being sent to the host. The host is having trouble processing all of this traffic, causing it to slow down. Which of the following is the most likely explanation for this? A. Faulty network card B. Man-in-the-middle attack C. Smurf attack D. SYN flood
C. A smurf attack would cause large amounts of ICMP traffic to be directed at a host.
In a SYN flood attack, which of the following is a receiving host expecting back as a reply to complete the TCP three-way handshake? A. Repeated SYN segments B. A SYN/ ACK segment C. A SYN segment D. An ACK segment
D. A receiving host expects to receive an ACK segment as a reply to complete the TCP three-way handshake, but in a SYN flood, it receives continuous SYN segments instead.
Which of the following would be considered a distributed denial-of-service attack?
A. An attacker uses her own machine to attack another machine.
B. An attacker uses a network of 20 malware-infected hosts to attack a web server.
C. An attacker uses a SYN flood attack against a target’s external router.
D. An attacker uses a MITM attack against an unsuspecting rival hacker.
B. An attacker using a network of 20 malware-infected hosts to attack a web server qualifies as a distributed denial-of-service attack, since it involves using many hosts against the target.
Which of the following terms describes an infected host that joins a malicious network used to conduct a massive DDoS attack against another network? A. Zombie B. MITM C. Drone D. Trojan
A. A zombie is an infected host that joins a malicious network used to conduct a massive DDoS attack against another network.
Which of the following network attacks is used to further conduct a smurf attack on a victim host? A. SYN flood B. ARP poisoning C. IP spoofing D. MAC spoofing
C. IP spoofing is used to further conduct a smurf attack on a victim host.
All of the following actions could be used to protect against ICMP-based attacks, except:
A. Denying ICMP inbound at a border security device
B. Allowing ICMP inbound through a host-based firewall
C. Configuring the host OS to disregard ICMP packets
D. Configuring all hosts to ignore broadcast ICMP Answers
B. Allowing ICMP inbound through a host-based firewall will not prevent an ICMP attack.