Name:     ID: 
 
    Email: 

CNG 131 Chapter 03

True/False
Indicate whether the sentence or statement is true or false.
 

 1. 

A SYN flood exploits the nature of the TCP three-way handshake.
 

 2. 

Smurf is an OS-specific attack that uses the network to amplify its effect on the victim.
 

 3. 

Spoofing ARP packets and performing man-in-the-middle attacks is called ARP poisoning.
 

 4. 

Viruses are self-replicating programs that spread by infecting other programs.
 

Multiple Choice
Identify the letter of the choice that best completes the statement or answers the question.
 

 5. 

An attack that belongs to a family of attack methods that have the objective of making target systems unavailable to their legitimate users is called a(n):
a.
kiddie script
c.
brute force
b.
denial-of-service
d.
spoofing
 
 
131test_files/i0080000.jpg
 

 6. 

What type of attack is being illustrated in the figure above?
a.
UDP flooding
c.
denial-of-service
b.
spoofing
d.
distributed denial-of-service
 

 7. 

What method is used on LANs to map a host's IP address with it's physical address?
a.
ARP
c.
DNS
b.
MAC
d.
SYN
 

 8. 

An attack method in which the attacker places himself between two communicating hosts and listens in on their session is called:
a.
ARP poisoning
c.
Man in the middle
b.
DNS spoofing
d.
All of the above
 

 9. 

What exploits trust in the real world between people to gain information that attackers can then use to gain access to computer system?
a.
dumpster diving
c.
social engineering
b.
online attacks
d.
birthday attack
 

 10. 

What type of attack uses chat and e-mail to exploit trust relationships?
a.
online attack
c.
mathematical attack
b.
birthday attack
d.
password guessing
 

 11. 

What type of attack will use properties of the cryptographic algorithm to discover its secret keys?
a.
birthday attack
c.
password guessing
b.
mathematical attack
d.
All of the above
 

 12. 

An example of malicious software or malware might be:
a.
viruses
c.
Trojan horses
b.
worms
d.
All of the above
 

 13. 

An example of the type of worms that exploited Microsoft's IIS Server is:
a.
Melissa
c.
ILOVEYOU
b.
Nimda
d.
All of the above
 

 14. 

A type of malware that allows a malevolent user to gain remote access with the knowledge or permission of its owner is called a(n):
a.
virus
c.
backdoor
b.
worm
d.
All of the above
 

 15. 

An example of a backdoor program is:
a.
Back Office
c.
NetBus
b.
Naked Wife
d.
All of the above
 
 
131test_files/i0190000.jpg
 

 16. 

What action is taking place in the figure above?
a.
egress filtering
c.
IP address spoofing
b.
ingress filtering
d.
DNS spoofing
 

 17. 

Which of the following should be done to prevent IP spoofing?
a.
leave the DNS server unsecure
b.
enable source routing on all internal routers
c.
filter out packets entering the LAN from the Internet that have a source address of the LAN
d.
All of the above
 

 18. 

What is the attack called in which the aggressor poses as the victim's legitimate DNS server?
a.
ARP poisoning
c.
man in the middle
b.
DNS spoofing
d.
Web spoofing
 
 
131test_files/i0230000.jpg
 

 19. 

What type of attack is being illustrated in the figure above?
a.
birthday
c.
replay
b.
guess
d.
brute force
 

 20. 

What technique is used so that a file is encoded so only the intended recipient may read the original contents?
a.
encryption
c.
key
b.
algorithm
d.
password
 

 21. 

How can you void exploits by dumpster diving?
a.
use a paper shredder
c.
bulk erase magnetic media
b.
secure dumpsters
d.
all of the above
 

 22. 

Virus databases can be found at the following company(ies)
a.
Network Associates
c.
Computer Associates
b.
Symantec
d.
All of the above
 

 23. 

Backdoor programs can be installed on victim machines by which of the following methods:
a.
Trojan horse
c.
worms
b.
uploading control software
d.
All of the above
 

 24. 

What approach to password cracking uses a predetermined list of words?
a.
filtering
c.
thesaurus
b.
dictionary
d.
guessing
 

 25. 

You can protect your company from social engineering attacks by:
a.
having a solid organizational policy
b.
communicating security needs only to the CEO and CIO
c.
sharing passwords with others
d.
All of the above
 

Matching
 
 
Please match the best term from the list below to the most appropriate concept.
a.
handler
e.
brute force
b.
smurf
f.
malware
c.
DNS spoofing
g.
software exploitation
d.
backdoor
h.
social engineering
 

 26. 

A DoS attack that uses directed broadcasts to swamp the victim in traffic.
 

 27. 

A piece of malware that allows a malevolent user to gain remote access without the knowledge of the owner.
 

 28. 

A class of attacks that use trickery on people to accomplish a goal.
 

 29. 

A DoS attack program that controls agents or zombies.
 

 30. 

Examples of this are a virus and a Trojan horse
 
 
Please match the best term from the list below to the most appropriate concept.
a.
loopback address
e.
worm
b.
sniffer
f.
SMTP
c.
MAC
g.
SYN flood
d.
TCP/IP
h.
spoofing
 

 31. 

A program that intercepts and reads each network packet on an Ethernet LAN.
 

 32. 

A protocol used to exchange e-mail between servers on the Internet
 

 33. 

A DoS attack against servers that makes it impossible for the victim to accept new TCP connections.
 

 34. 

The act of falsely identifying a packet's IP address.
 

 35. 

A hardware address that uniquely identified each node of a LAN subnet.
 



 
Submit          Reset Help