Review 10

Question 1

When securing network traffic, which of the items below is NOT recommended?

Question options:

Implement switched networks

Encrypt sensitive traffic

Use IPv4

Use secure protocols

Answer 1

Use IPv4

Question 2

What mode does your network interface (NIC) need to be in order to effectively sniff traffic?

Question options:

Active

Passive

Isolation

Promiscuous

Answer 2

Promiscuous

Question 3

What type of DoS attack is also known as a “Teardrop” attack?

Question options:

Fragmentation

Smurf

Plashing

Fraggle

Answer 3

Fragmentation

Question 4

Which of the following is NOT a session hijacking vulnerability?

Question options:

Short session IDs

Simple algorithms

Simple passwords

No account lockout

Answer 4

Simple passwords

Question 5

What type of DoS attack targets ICMP protocol weaknesses?

Question options:

Fragmentation

Smurf

Fraggle

Plashing

Answer 5

Smurf

Question 6

What type of security device can search for anomalies in network traffic, and detect network cards running in promiscuous mode and flag MAC addresses that are not a part of the internal network.

Question options:

Port Scanners

Routers

Firewalls

NIDS

Answer 6

NIDS

Question 7

What type of DoS attack targets UDP protocol weaknesses?

Question options:

Smurf

Plashing

Fraggle

Fragmentation

Answer 7

Fraggle

Question 8

What term describes a cooperative team that is comprised a many zombie computers?

Question options:

Attacknet

Zombienet

Botnet

Coopnet

Answer 8

Botnet

Question 9

Which type of sniffing involves simply monitoring traffic?

Question options:

Active sniffing

Passive sniffing

Information sniffing

Traffic sniffing

Answer 9

Passive sniffing

Question 10

Which type of attack takes advantage of the fact that there is not a verified connection between the server or host machine and the client?

Question options:

UDP session hijacking

DNS spoofing

TCP/IP session hijacking

Session fixation

Answer 10

UDP session hijacking

Question 11

Which type of DoS attack exploits vulnerabilities in protocols and broadcast networks?

Question options:

Protocol

Volumetric

Fragmentation

Amplification

Answer 11

Amplification

Question 12

If a user recently completed a form, and you were able to find a session ID in a hidden field in the HTTP POST command, what type of Session Hijacking would this be?

Question options:

Application Level Hijacking

Session Level Hijacking

Transport Level Hijacking

Network Level Hijacking

Answer 12

Application Level Hijacking

Question 13

What sniffing method creates a duplicate of all network traffic on a port and sends it to another device?

Question options:

MAC spoofing

ARP poisoning

MAC flooding

Port mirroring

Answer 13

Port mirroring

Question 14

Which of the following is NOT a protocol that is vulnerable to sniffing?

Question options:

FTP

SSH

IMAP

SMTP

Answer 14

SSH

Question 15

__________ attacks involves the injection of malicious Java, Flash, or HTML script into web applications.

Question options:

Man-in-the-middle

Cross-site scripting

Script injection

Session fixation

Answer 15

Cross-site scripting