Module 16 - Attacking the Foundation

Question 1

Users in a company have complained about network performance. After investigation, the IT staff has determined that an attacker has used a specific technique that affects the TCP three-way handshake. What is the name of this type of network attack?

DNS poisoning
session hijacking
SYN flood
DDoS

Answer 1

SYN flood

Question 2

Which type of attack involves the unauthorized discovery and mapping of network systems and services?

DoS
reconnaissance
trust exploitation
access

Answer 2

reconnaissance

Question 3

In which TCP attack is the cybercriminal attempting to overwhelm a target host with half-open TCP connections?

SYN flood attack
port scan attack
session hijacking attack
reset attack

Answer 3

SYN flood attack

Question 4

What kind of ICMP message can be used by threat actors to map an internal IP network?

ICMP echo request
ICMP redirects
ICMP router discovery
ICMP mask reply

Answer 4

ICMP mask reply

ICMP mask reply is used to map an internal IP network

Question 5

What is involved in an IP address spoofing attack?

A legitimate network IP address is hijacked by a rogue node.
A rogue DHCP server provides false IP configuration parameters to legitimate DHCP clients.
A rogue node replies to an ARP request with its own MAC address indicated for the target IP address.
Bogus DHCPDISCOVER messages are sent to consume all the available IP addresses on a DHCP server.

Answer 5

A legitimate network IP address is hijacked by a rogue node.

Question 6

How is optional network layer information carried by IPv6 packets?

attached to the main IPv6 packet header
inside an options field that is part of the IPv6 packet header
inside the Flow Label field
inside an extension header
inside the payload carried by the IPv6 packet

Answer 6

inside an extension header attached to the main IPv6 packet header

Question 7

An attacker is using a laptop as a rogue access point to capture all network traffic from a targeted user. Which type of attack is this?

man in the middle
port redirection
buffer overflow
trust exploitation

Answer 7

man in the middle

Question 8

A disgruntled employee is using some free wireless networking tools to determine information about the enterprise wireless networks. This person is planning on using this information to hack the wireless network. What type of attack is this?

Trojan horse
access
reconnaissance
DoS

Answer 8

A reconnaissance attack is the unauthorized discovery and documentation of various computing networks, network systems, resources, applications, services, or vulnerabilities

Question 9

Which term describes a field in the IPv4 packet header used to detect corruption in the IPv4 header?

TTL
source IPv4 address
protocol
header checksum

Answer 9

header checksum

Question 10

Which field in the IPv4 header is used to prevent a packet from traversing a network endlessly?

Time-to-Live
Sequence Number
Differentiated Services
Acknowledgment Number

Answer 10

Time-to-Live

Question 11

Which field in an IPv6 packet is used by the router to determine if a packet has expired and should be dropped?

TTL
No Route to Destination
Hop Limit
Address Unreachable

Answer 11

Hop Limit

Question 12

A threat actor uses a program to launch an attack by sending a flood of UDP packets to a server on the network. The program sweeps through all of the known ports trying to find closed ports. It causes the server to reply with an ICMP port unreachable message and is similar to a DoS attack. Which two programs could be used by the threat actor to launch the attack? (Choose two.)

Low Orbit Ion Cannon
WireShark
ping
Smurf
UDP Unicorn

Answer 12

Low Orbit Ion Cannon
UDP Unicorn

Question 13

A threat actor wants to interrupt a normal TCP communication between two hosts by sending a spoofed packet to both endpoints. Which TCP option bit would the threat actor set in the spoofed packet?

SYN
ACK
RST
FIN

Answer 13

RST