Module G6: Deny Specific Attacks (PE) Flashcards

1
Q

What describes this type of DOS attack using TCP/IP to bombard a target system with SYN requests in an attempt to overwhelm connection queues and force a system to become unresponsive

SYN Attack
TCP/IP Attack
Smurf Attack
Fraggle Attack

A

SYN Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is it called when a hacker uses an IP address other than their own to conceal their identity.

SYN Attack
TCP/IP Attack
Spoofing
Fraggle Attack

A

spoofing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

All of the following are ways to mitigate SYN attacks except?

Increasing Backlog queue
Recycling the Oldest Half-Open TCP connection
SYN Cookies
Configuring Firewall to Allow any, any traffic

A

Configuring Firewall to Allow any, any traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

TCP Intercept Mode?

Actively intercepts each incoming connection request (SYN) and responds on behalf of the server with a SYN-ACK

Blocks all ingress connections during a DOS attack

Connections requests are allowed to pass through the router to the server but are watched until they become established

Actively sets your firewall to stop a DOS attack

A

Actively intercepts each incoming connection request (SYN) and responds on behalf of the server with a SYN-ACK

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

TCP watch Mode?

Actively intercepts each incoming connection request (SYN) and responds on behalf of the server with a SYN-ACK

Blocks all ingress connections during a DOS attack

Connections requests are allowed to pass through the router to the server but are watched until they become established

Actively sets your firewall to stop a DOS attack

A

Connections requests are allowed to pass through the router to the server but are watched until they become established

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A Land attack?

Only is a threat to networks with dial up modems

Is a common UDP Flood attack

Has the same source and destination address

Is no longer a threat

A

Has the same source and destination address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A Smurf Attack?

Deluge a vast multitude of devices with ICMP pings that contain the victim’s fabricated source IP address

Use fraudulent UDP packets to deteriorate a server’s normal operation

Has the same source and destination address

Is no longer a threat

A

Deluge a vast multitude of devices with ICMP pings that contain the victim’s fabricated source IP address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A Fraggle Attack?

Deluge a vast multitude of devices with ICMP pings that contain the victim’s fabricated source IP address

Use fraudulent UDP packets to deteriorate a server’s normal operation

Has the same source and destination address

Is no longer a threat

A

Use fraudulent UDP packets to deteriorate a server’s normal operation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

An ICMP Echo Reply is what number?

9

14

0

5

A

0

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Based on the targeted network components and the mechanisms used, DDoS attacks can be split into three top-level categories. They are all of the following accept:

Volumetric attacks

Protocol attacks

Application layer attacks

Data Link Layer attacks

A

Data Link Layer attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A SYN Flood attack exploits the ______ Three-way handshake.

A

TCP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

This DDoS attack leverages multiple User Datagram Protocol (UDP) packets. For the record, UDP connections lack a handshaking mechanism (unlike TCP), and therefore the IP address verification options are very limited. When this exploitation is in full swing, the volume of dummy packets exceeds the target server’s maximum capacity for processing and responding to requests.

UDP Flood

VOIP Flood

NTP Flood

DNS Flood

A

UDP Flood

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

This DDoS attack is a variant of UDP Flood that specifically homes in on DNS servers. The malefactor generates a slew of fake DNS request packets resembling legitimate ones that appear to originate from a huge number of different IP addresses. DNS Flood is one of the hardest denial-of-service raids to prevent and recover from

UDP Flood

VOIP Flood

NTP Flood

DNS Flood

A

DNS Flood

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

This attack is one of the oldest networking protocols tasked with clock synchronization between electronic systems, is at the core of another DDoS attack vector.

UDP Flood

VOIP Flood

NTP Flood

DNS Flood

A

NTP Flood

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

This is a common form of UDP Flood that targets a Voice over Internet Protocol (VoIP) server

UDP Flood

VOIP Flood

NTP Flood

DNS Flood

A

VOIP Flood

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

All of the following are responses to a DDOS except

Securing your Infrastructure

Train a response team

Practice Basic Network security

Use Default Cisco Configurations

A

Use Default Cisco Configurations

17
Q

Symptoms of a DDOS include all of the following except

Spotty Connectivity

Improved Performance

Slow Network

Host Machine Freezing

A

Improved performance

18
Q

A policy used to increase your security posture would be to Engage in strong security practices can keep business networks from being compromised. Secure practices include complex __________ that change on a regular basis,

A

passwords

19
Q

A zero Day DDOS is one that takes advantage of an unknown vulnerability

True
False

A

True

20
Q

This attacks goal is to overburden a program’s regular expression implementation with instances of highly complex string search patterns.

ReDOS

Slowloris

High Orbit Ion Cannon

Low Orbit Ion Cannon

A

ReDOS