CSEC 701 Quizzes

The following tasks except one are performed by TCP. Find the one that is not the function of TCP.

multicasting

TCP connection is established by 3-way handshaking process. What are the TCP flags involved in the second step?

SYN-ACK

Bob is attempting to sniff a wired network in his first pen test contract. He sees only the traffic from the segment he is connected to. What can Bob do to gather all switch traffic?

MAC flooding

ARP is a protocol for mapping a MAC address to an IP address. Each host keeps an ARP table for the mapping and ARP cache poisoning attack aims to inject false information into that cache. What method or protocol is used for injecting false information?

gratuitous ARP

Many sniffing attacks can lead to a man in the middle MITM attack. Which of the following attacks does not lead t MITM

DHCP starvation attack

in DNS cache poisoning attack, the attacker must collect some information in advance from the target DNS server. What is it?

current Query ID

in Nmap half-open scan, which step is missing from the full scan?

ACK

firewalls commonly block the traffic that is initiated from outside. Because of that, Nmap probe packets may not penetrate the firewall. Nmap uses a couple of techniques to work around it. Which one of these techniques Nmap uses?

ACK scanning

which TCP flag are used during Xmas scan?

FUN, URG, PSH

IP fragmentation attack breaks an IP packet into multiple pieces. What is the purpose of it?

to avoid detection by IDS

which of the following tools perform vulnerability scanning and compliance auditing?

Nessus

What is the purpose of using web manipulation proxy?

to change the content of the web response page

What benefits can you get by using ToR?

you can hide your true IP address

Typical buffer overflow attack has a NOP sled. What is the purpose of it?

to overcome the ambiguity of the exploit code location

Penetration testing is a localized, time-constrained, and authorized attempt to breach the information security. Which of the following tools will be most relevant for conducting penetration testing?

Metasploit

Among the security goals, which one is mostly affected by DoS or DDoS attack?

availability

Which of the following network attacks relies on sending abnormally large packet sizes that exceeds TCP/IP specifications?

Ping of death

Which DoS/DDoS attack does not rely on zombie machines?

teardrop attack

in SYN flooding attack, the attacker sends many SYN packets to a victim with a spoofed source IP address. Then the victim machine replies with SYN-ACK packets. Why is the SYN flooding attack bad?

it fills up the TCP buffer memory

LInux uses TCP SYN cookie to prevent SYN flooding attack. SYN cookie does not introduce a new field in IP or TCP header. Instead, it uses an existing field in the TCP header. What is it?

servers initial sequence number (32 bit)

There are two types of IPsec headers, AH (authentication header) and ESP (encapsulated security payload), what is the major difference between them?

ESP allows encryption

IPsec transport mode is used between two hosts. Which one of the following is the correct explanation of the IPsec transport mode?

the real IP addresses of the hosts are visible

in IKE, which public key algorithm is used for key exchange in a modified form?

Diffie-Hellman DH

Although TLS 1.2 protocol is not interoperable with SSL, it still follows the SSL version numbers. What is the corresponding SSL version number for TLS 1.2?

SSL 3.3

in SSL (up to TLS 1.2), there are 4 phases for handshaking. In phase 3, in case of RSA, the client sends a 48-byte pre-master secret that is encrypted to avoid eavesdropping. With which key is it encrypted?

servers public key

in TLS 1.1 and up, there is a field called SNI (server name indication). What is the purpose of this field?

to allow multiple domain names to be served by the same IP address

Perfect forward secrecy assures that session keys are not compromised even if long-term secrets are compromised. TLS 1.2 based on RSA method does not support perfect forward secrecy. How is it solved in TLS 1.3?

by using an ephemeral key for each connection

HTTP strict transport security HSTS is an IETF standard and a mechanism to enforce rules to prevent browsers from downgrading security. Which attack against SSL/TLS can it prevent?

SSL stripping

SSH transport layer performs server authentication. Which of the following method is not employed for this purpose?

Kerberos

SSH user authentication can be done using a public key. To use it, which key must a user store on the server?

RSA public key