Network Attacks Flashcards

Mock Exam Revision

1
Q

A type of DDoS attack where an attacker exploits vulnerabilities in certain services or protocols to generate responses that are much larger than the original request is referred to as:

A. Amplified DDoS attack
B. Volumetric DDoS attack
C. Reflected DDoS attack
D. Application DDoS attack

A

An amplified DDoS attack is a Distributed Denial-of-Service (DDoS) attack where hackers exploit vulnerable servers (e.g., DNS, NTP) to generate massive, reflected traffic toward a target. By spoofing the victim’s IP in small requests, attackers trigger disproportionately large responses, overwhelming the victim’s bandwidth/resources. Mitigation involves securing amplification vectors, deploying scrubbing centres, and implementing traffic filtering.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Remapping a domain name to a rogue IP address is an example of what kind of exploit?

A. URL hijacking
B. DNS cache poisoning
C. Domain hijacking
D. ARP poisoning

A

DNS cache poisoning (or DNS spoofing) is a cyberattack where corrupt Domain Name System (DNS) data is introduced into a resolver’s cache, causing it to return incorrect IP addresses for legitimate sites. Attackers exploit vulnerabilities in DNS transactions (e.g., predictable query IDs) to redirect users to malicious servers, enabling phishing, malware delivery, or man-in-the-middle attacks. Mitigation includes DNSSEC, rate limiting, and secure DNS configurations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A wireless disassociation attack is a type of: (Select 2 answers)

A. Downgrade attack
B. Deauthentication attack
C. Brute-force attack
D. DoS attack
E. Cryptographic attack

A

B. Deauthentication attack

D. DoS attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which wireless attack focuses on exploiting vulnerabilities found in WEP?

A. IV attack
B. War driving
C. SSID spoofing
D. Bluejacking

A

An IV attack exploits weak initialisation vectors in cryptographic protocols (like WEP). IVs are supposed to randomise encryption, but poor implementation allows attackers to deduce the encryption key by analysing repeated patterns. This compromises data confidentiality, leading to deprecated standards (WEP) in favour of WPA2/3.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the characteristic features of a session ID?

A
  1. A unique identifier assigned by the website to a specific user.
  2. A piece of data that can be stored in a cookie, or embedded as an URL parameter.

3.Typically stored on the client side (in the user’s browser) rather than on the server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly