CompTIA Security+ Practice Exam (2)
Comptia Security+ Practice Exam (2)
Full length Comptia Security+ Practice Exam. Take this exam like the real exam to see if you are completely prepared for the real exam. Time yourself to 90 minutes to get a feel of the pressures of the real exam. The practice test is designed to reflect the final exam.
- 1.
Which port is used by Kerberos by default?
- A.
Kerberos makes use of port 139
- B.
Kerberos makes use of port 443
- C.
Kerberos makes use of port 23
- D.
Kerberos makes use of port 88
- E.
None of the Above
Correct Answer
D. Kerberos makes use of port 88Explanation
Kerberos is a network authentication protocol that uses port 88 by default. This port is specifically reserved for Kerberos communication. It allows for secure authentication between clients and servers in a network environment.Rate this question:
-
- 2.
You run Nmap against a server on the Certkiller .com network. You discover more open ports than you anticipated. What should you do?
- A.
Your first step should be to close all the ports and to monitor it to see if a process tries to reopen the port.
- B.
Your first step should be to examine the process using the ports.
- C.
Your first step should be to leave the ports open and to monitor the traffic for malicious activity.
- D.
Your first step should be to run Nmap again and to monitor it to see if different results are obtained.
Correct Answer
B. Your first step should be to examine the process using the ports.Explanation
The correct answer suggests that the first step should be to examine the process using the ports. By doing so, you can identify which process is responsible for opening the unexpected ports. This will help you determine if the process is legitimate or if it may be a sign of malicious activity. Once you have identified the process, you can take appropriate actions such as terminating it or further investigating its behavior.Rate this question:
-
- 3.
Identify the port that permits a user to login remotely on a computer?
- A.
Port 3389
- B.
Port 8080
- C.
Port 143
- D.
Port 23
Correct Answer
A. Port 3389Explanation
Port 3389 is the correct answer because it is the default port for Remote Desktop Protocol (RDP), which allows users to connect and login remotely to a computer. RDP is a proprietary protocol developed by Microsoft and is commonly used for remote administration and accessing resources on a remote computer.Rate this question:
-
- 4.
Identify the ports utilized by e-mail users? (Choose TWO)
- A.
You should identify port 143
- B.
You should identify port 3389
- C.
You should identify port 110
- D.
You should identify port 334
- E.
You should identify port 23
Correct Answer(s)
A. You should identify port 143
C. You should identify port 110Explanation
The correct answer is to identify port 143 and port 110. Port 143 is used for the Internet Message Access Protocol (IMAP), which allows email clients to retrieve emails from a mail server. Port 110 is used for the Post Office Protocol version 3 (POP3), which also allows email clients to retrieve emails from a mail server.Rate this question:
-
- 5.
Which of the following occurs when a string of data is sent to a buffer that is larger than the buffer was designed to handle?
- A.
Brute Force attack
- B.
Spoofing attack
- C.
Buffer overflow
- D.
Man in the middle attack
- E.
SYN flood
Correct Answer
C. Buffer overflowExplanation
Buffer overflows occur when an application receives more data than it is programmed to accept. This situation can cause an application to terminate. The termination may leave the system sending the data with temporary access to privileged levels in the attacked system.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 135Rate this question:
-
- 6.
Which of the following attacks exploits the session initiation between the Transport Control Program (TCP) client and server in a network?
- A.
Birthday Attack
- B.
SYN Attack
- C.
Buffer Overflow
- D.
Smurf
- E.
None of the Above
Correct Answer
B. SYN AttackExplanation
SYN flood is a DoS attack in which the hacker sends a barrage of SYN packets. The receiving station tries to respond to each SYN request for a connection, thereby tying up all the resources. All incoming connections are rejected until all current connections can be established. Change this if you want but in the SYN flood the hacker sends a SYN packet to the receiving station with a spoofed return address of some broadcast address on their network. The receiving station sends out this SYN packets (pings the broadcast address) which causes multiple servers or stations to respond to the ping, thus overloading the originator of the ping (the receiving station). Therefore, the hacker may send only 1 SYN packet, whereas the network of the attacked station is actually what does the barrage of return packets and overloads the receiving station.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 530Rate this question:
-
- 7.
Which of the following attacks uses ICMP (Internet Control Message Protocol) and improperly formatted MTUs (Maximum Transmission Unit) to crash a target computer?
- A.
Man in the middle attack
- B.
Smurf attack
- C.
Ping of death attack
- D.
TCP SYN (Transmission Control Protocol / Synchronized) attack
- E.
None of the Above
Correct Answer
C. Ping of death attackExplanation
Explanation: The Ping of Death attack involved sending IP packets of a size greater than 65,535 bytes to the target computer. IP packets of this size are illegal, but applications can be built that are capable of creating them. Carefully programmed operating systems could detect and safely handle illegal IP packets, but some failed to do this. Note: MTU packets that are bigger than the maximum size the underlying layer can handle are fragmented into smaller packets, which are then reassembled by the receiver. For ethernet style devices, the MTU is typically 1500. Incorrect Answers A: A man in the middle attack allows a third party to intercept and replace components of the data stream. B: The "smurf" attack, named after its exploit program, is one of the most recent in the category of network-level attacks against hosts. A perpetrator sends a large amount of ICMP echo (ping) traffic at IP broadcast addresses, all of it having a spoofed source address of a victim. D: In a TCP SYN attack a sender transmits a volume of connections that cannot be completed. This causes the connection queues to fill up, thereby denying service to legitimate TCP users.Rate this question:
-
- 8.
Which of the following determines which operating system is installed on a system by analyzing its response to certain network traffic?
- A.
OS (Operating System) scanning
- B.
Reverse engineering.
- C.
Fingerprinting
- D.
Host hijacking.
- E.
None of the Above
Correct Answer
C. FingerprintingExplanation
Fingerprinting is the act of inspecting returned information from a server (ie. One method is ICMP Message quoting where the ICMP quotes back part of the original message with every ICMP error message. Each operating system will quote definite amount of message to the ICMP error messages. The peculiarity in the error messages received from various types of operating systems helps us in identifying the remote host's OS.Rate this question:
-
- 9.
Malicious port scanning determines the _______.
- A.
Computer name
- B.
Fingerprint of the operating system
- C.
Physical cabling topology of a network
- D.
User ID and passwords
- E.
All of the Above
Correct Answer
B. Fingerprint of the operating systemExplanation
Malicious port scanning is an attempt to find an unused port that the system won't acknowledge. Several programs now can use port scanning for advanced host detection and operating system fingerprinting. With knowledge of the operating system, the hacker can look up known vulnerabilities and exploits for that particular system.Rate this question:
-
- 10.
Which of the following fingerprinting techniques exploits the fact that operating systems differ in the amount of information that is quoted when ICMP (Internet Control Message Protocol) errors are encountered?
- A.
TCP (Transmission Control Protocol) options.
- B.
ICMP (Internet Control Message Protocol) error message quenching.
- C.
Fragmentation handling.
- D.
ICMP (Internet Control Message Protocol) message quoting
- E.
None of the Above
Correct Answer
D. ICMP (Internet Control Message Protocol) message quotingExplanation
ICMP Message quoting: The ICMP quotes back part of the original message with every ICMP error message. Each operating system will quote definite amount of message to the ICMP error messages. The peculiarity in the error messages received from various types of operating systems helps us in identifying the remote host's OS.Rate this question:
-
- 11.
Which of the following type of attacks exploits poor programming techniques and lack of code review?
- A.
CGI (Common Gateway Interface) script
- B.
Birthday
- C.
Buffer overflow
- D.
Dictionary
Correct Answer
C. Buffer overflowExplanation
Buffer overflows occur when an application receives more data than it is programmed to accept. This situation can cause an application to terminate. The termination may leave the system sending the data with temporary access to privileged levels in the attacked system. This exploitation is usually a result of a programming error in the development of the software.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 135Rate this question:
-
- 12.
Which of the following network attacks misuses TCP's (Transmission Control Protocol) three way handshake to overload servers and deny access to legitimate users?
- A.
Man in the middle.
- B.
Smurf
- C.
Teardrop
- D.
SYN (Synchronize)
Correct Answer
D. SYN (Synchronize)Explanation
SYN flood is a DoS attack in which the hacker sends a barrage of SYN packets. The receiving station tries to respond to each SYN request for a connection, thereby tying up all the resources. All incoming connections are rejected until all current connections can be established.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 530Rate this question:
-
- 13.
Which of the following is most common method of accomplishing DDoS (Distributed Denial of Service) attacks?
- A.
Internal host computers simultaneously failing.
- B.
Overwhelming and shutting down multiple services on a server.
- C.
Multiple servers or routers monopolizing and over whelming the bandwidth of a particular server or router.
- D.
An individual e-mail address list being used to distribute a virus.
Correct Answer
C. Multiple servers or routers monopolizing and over whelming the bandwidth of a particular server or router.Explanation
A distributed denial of service attack takes place from within, and is usually the doing of a disgruntled worker. They set up a zombie software that takes over numerous servers, and routers within the network to overwhelm the systems bandwidth. A and B are incorrect because a DDoS doesn't fail or shut down the servers, it merely compromises them.Rate this question:
-
- 14.
Which of the following is a DoS (Denial of Service) attack that exploits TCP's (Transmission Control Protocol) three-way handshake for new connections?
- A.
SYN (Synchronize) flood.
- B.
Ping of death attack.
- C.
Land attack.
- D.
Buffer overflow attack.
- E.
None of the Above
Correct Answer
A. SYN (Synchronize) flood.Explanation
The SYN flood attack works when a source system floods and end system with TCP SYN requests, but intentionally does not send out acknowledgements (ACK). Since TCP needs confirmation, the receiving computer is stuck with half-open TCP sessions, just waiting for acknowledgement so it can reset the port. Meanwhile the connection buffer is being overflowed, making it difficult or impossible for valid users to connect, therefore their service is denied.Rate this question:
-
- 15.
Which of the following is a DoS exploit that sends more traffic to a node than anticipated?
- A.
Ping of death
- B.
Buffer Overflow
- C.
Logic Bomb
- D.
Smurf
- E.
None of the Above
Correct Answer
B. Buffer OverflowExplanation
Buffer overflows occur when an application receives more data than it is programmed to accept. This situation can cause an application to terminate. The termination may leave the system sending the data with temporary access to privileged levels in the attacked system.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 135Rate this question:
-
- 16.
Which of the following is a security breach that does not usually result in the theft of information or other security loss but the lack of legitimate use of that system?
- A.
CRL
- B.
DoS
- C.
ACL
- D.
MD2
- E.
None of the above
Correct Answer
B. DoSExplanation
DOS attacks prevent access to resources by users authorized to use those resources. An attacker may attempt to bring down an e-commerce website to prevent or deny usage by legitimate customers.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 53Rate this question:
-
- 17.
Loki, NetCaZ, Masters Paradise and NetBus are examples of what type of attack?
- A.
Brute force
- B.
Spoofing
- C.
Man in the middle
- D.
Back door
- E.
None of the Above
Correct Answer
D. Back doorExplanation
Since backdoor's are publicly marketed/distributed software applications, they are characterized by having a trade name.Rate this question:
-
- 18.
What is usually the goal of TCP (transmission Control Protocol) session hijacking?
- A.
Taking over a legitimate TCP (transmission Control Protocol) connection.
- B.
Predicting the TCP (transmission Control Protocol) sequence number.
- C.
Identifying the TCP (transmission Control Protocol) port for future exploitation.
- D.
Identifying source addresses for malicious use.
- E.
None of the Above
Correct Answer
A. Taking over a legitimate TCP (transmission Control Protocol) connection.Explanation
The TCP/IP (Transmission Control Protocol/Internet Protocol) session state is altered in a way that intercepts legitimate packets and allows a third party host to insert acceptable packets. Thus hijacking the conversation, and continuing the conversation under the disguise of the legitimate party, and taking advantage of the trust bond.Rate this question:
-
- 19.
Which of the following best describes TCP/IP (Transmission Control Protocol/Internet Protocol) session hijacking?
- A.
The TCP/IP (Transmission Control Protocol/Internet Protocol) session state is altered in a way that intercepts legitimate packets and allows a third party host to insert acceptable packets.
- B.
The TCP/IP (Transmission Control Protocol/Internet Protocol) session state is altered allowing third party hosts to create new IP (Internet Protocol) addresses.
- C.
The TCP/IP (Transmission Control Protocol/Internet Protocol) session state remains unaltered allowing third party hosts to insert packets acting as the server.
- D.
The TCP/IP (Transmission Control Protocol/Internet Protocol) session state remains unaltered allowing third party hosts to insert packets acting as the client.
Correct Answer
A. The TCP/IP (Transmission Control Protocol/Internet Protocol) session state is altered in a way that intercepts legitimate packets and allows a third party host to insert acceptable packets.Explanation
A detailed site on how to hijack a TCP/IP a session can be found at: http://staff.washington.edu/dittrich/talks/qsm-sec/script.htmlRate this question:
-
- 20.
What characteristic of TCP/IP (transmission Control Protocol/Internet Protocol) does TCP/IP (transmission Control Protocol/Internet Protocol) session hijacking exploit?
- A.
The fact that TCP/IP (transmission Control Protocol/Internet Protocol) has no authentication mechanism, thus allowing a clear text password of 16 bytes
- B.
The fact that TCP/IP (transmission Control Protocol/Internet Protocol) allows a packet to be spoofed and inserted into a stream, thereby enabling commands to be executed on the remote host
- C.
The fact that TCP/IP (transmission Control Protocol/Internet Protocol) has no authentication mechanism, and therefore allows connectionless packets from anyone
- D.
The fact that TCP/IP (transmission Control Protocol/Internet Protocol) allows packets to be tunneled to an alternate network
Correct Answer
B. The fact that TCP/IP (transmission Control Protocol/Internet Protocol) allows a packet to be spoofed and inserted into a stream, thereby enabling commands to be executed on the remote hostExplanation
TCP/IP's connection orientated nature, and lack of natural security makes it easy to hijack a session by spoofing.Rate this question:
-
- 21.
Which of the following attacks can be mitigated against by implementing the following ingress/egress traffic filtering? * Any packet coming into the network must not have a source address of the internal network. * Any packet coming into the network must have a destination address from the internal network. * Any packet leaving the network must have a source address from the internal network. * Any packet leaving the network must not have a destination address from the internal networks. * Any packet coming into the network or leaving the network must not have a source or destination address of a private address or an address listed in RFC19lS reserved space.
- A.
SYN (Synchronize) flooding
- B.
Spoofing
- C.
DoS (Denial of Service) attacks
- D.
Dictionary attacks
- E.
None of the Above
Correct Answer
B. SpoofingExplanation
By having strict addressing filters; an administrator prevents a spoofed address from gaining access.Rate this question:
-
- 22.
In which of the following attacks does the attacker pretend to be a legitimate user?
- A.
Aliasing
- B.
Spoofing
- C.
Flooding
- D.
Redirecting
- E.
None of the Above
Correct Answer
B. SpoofingExplanation
A spoofing attack is simple an attempt by someone or something masquerading as someone else. This type of attack is usually considered an access attack.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 56Rate this question:
-
- 23.
Which of the attacks can involve the misdirection of the domain name resolution and Internet traffic?
- A.
DoS (Denial of Service)
- B.
Spoofing
- C.
Brute force attack
- D.
Reverse DNS (Domain Name Service)
Correct Answer
B. SpoofingExplanation
A spoofing attack is simply an attempt by someone or something masquerading as someone else.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 56Rate this question:
-
- 24.
In an IP (Internet Protocol) spoofing attack, what field of an IP (Internet Protocol) packet does the attacker manipulate?
- A.
The version field.
- B.
The source address field.
- C.
The source port field.
- D.
The destination address field.
Correct Answer
B. The source address field.Explanation
In IP Spoofing a hacker tries to gain access to a network by pretending his or her machine has the same network address as the internal network.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 515Rate this question:
-
- 25.
You are the network administrator at Certkiller .com. You discover that your domain name server is resolving the domain name to the wrong IP (Internet Protocol) address and thus misdirecting Internet traffic. You suspect a malicious attack. Which of the following would you suspect?
- A.
Reverse DNS (Domain Name Service)
- B.
Brute force attack
- C.
Spoofing
- D.
DoS (Denial of Service)
Correct Answer
C. SpoofingExplanation
Spoofing is when you forge the source address of traffic, so it appears to come from somewhere else, preferably somewhere safe and trustworthy. Web spoofing is a process where someone creates a convincing copy of a legitimate website or a portion of the world wide web, so that when someone enters a site that they think is safe, they end up communicating directly with the hacker. To avoid this you should rely on certificates, IPSEC, and set up a filter to block internet traffic with an internal network address.Rate this question:
-
- 26.
What is the process of forging an IP (Internet Protocol) address to impersonate another machine called?
- A.
TCP/IP (Transmission Control Protocol/Internet Protocol) hijacking
- B.
IP (Internet Protocol) spoofing
- C.
Replay
- D.
Man in the middle
Correct Answer
B. IP (Internet Protocol) spoofingExplanation
The word spoofing was popularized in the air-force. When a fighter jet notices an enemy missile (air-to-air or surface-to-air) coming, the pilot will fire off a flair or a chaff (depending on whether or not the missile is heat seeking or radar guided) to spoof (trick) the missile into going after the wrong target. IP spoofing works the same way, and is commonly used by computer hackers because it's easy to implement, it takes advantage of someone else's trust relationship, it makes it harder to identify the source of the true attack, and it focuses attention away to an innocent 3rd party.Rate this question:
-
- 27.
What is an attack whereby two different messages using the same hash function produce a common message digest known as?
- A.
Man in the middle attack.
- B.
Ciphertext only attack.
- C.
Birthday attack.
- D.
Brute force attack.
Correct Answer
C. Birthday attack.Explanation
A birthday attack is based on the principle that amongst 23 people, the probability of 2 of them having the same birthday is greater the 50%. By that rational if an attacker examines the hashes of an entire organizations passwords, they'll come up with some common denominators.Rate this question:
-
- 28.
Which of the following can be deterred against by increasing the keyspace and complexity of a password?
- A.
Dictionary
- B.
Brute force
- C.
Inference
- D.
Frontal
Correct Answer
B. Brute forceExplanation
Increasing the keyspace and complexity of a password can deter against brute force attacks. Brute force attacks involve systematically trying every possible combination of characters until the correct password is found. By increasing the keyspace, which refers to the number of possible characters that can be used in a password, and the complexity, which refers to the combination of uppercase and lowercase letters, numbers, and special characters, the time and effort required to guess the correct password through brute force is significantly increased, making it more difficult for attackers to gain unauthorized access.Rate this question:
-
- 29.
Which type of attack can easily break a user's password if the user uses simple and meaningful things such as pet names or birthdays for their passwords?
- A.
Mickey Mouse attack
- B.
Random guess attack
- C.
Brute Force attack
- D.
Dictionary attack
- E.
Role Based Access Control attack
Correct Answer
D. Dictionary attackExplanation
A dictionary attack is an attack which uses a dictionary of common words to attempt to find the password of a user.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 58Rate this question:
-
- 30.
What should the minimum length of a password be to deter dictionary password cracks?
- A.
6 characters
- B.
8 characters
- C.
10 characters
- D.
12 characters
- E.
16 characters
Correct Answer
B. 8 charactersExplanation
To deter dictionary password cracks, a minimum length of 8 characters is recommended. This is because shorter passwords are easier to crack using dictionary attacks, where an attacker systematically tries all words in a dictionary or common passwords. By having a longer password, it increases the number of possible combinations, making it more difficult and time-consuming for attackers to guess the correct password.Rate this question:
-
- 31.
In which of the following does someone use an application to capture and manipulate packets as they are passing through your network?
- A.
DDos
- B.
Back Door
- C.
Man in the Middle
- D.
Spoofing
Correct Answer
C. Man in the MiddleExplanation
The method used in these attacks places a piece of software between a server and the user. The software intercepts and then sends the information to the server. The server responds back to the software, thinking it is the legitimate client. The attacking software then sends this information on to the server, etc. The man in the middle software may be recording this information, altering it, or in some other way compromising the security of your system.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 57Rate this question:
-
- 32.
Which of the following is the best defense against a man in the middle attack?
- A.
Virtual LAN (Local Area Network)
- B.
GRE (Generic Route Encapsulation) tunnel IPIP (Internet Protocol-within-Internet Protocol Encapsulation Protocol)
- C.
PKI (Public Key Infrastructure)
- D.
Enforcement of badge system
Correct Answer
C. PKI (Public Key Infrastructure)Explanation
PKI is a two-key system. Messages are encrypted with a public key. Messages are decrypted with a private key. If you want to send an encrypted message to someone, you would request their public key. You would encrypt the message using their public key and send it to them. They would then use their private key to decrypt the message.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 331Rate this question:
-
- 33.
Which of the following is the best defense against man in the middle attacks?
- A.
A firewall
- B.
Strong encryption
- C.
Strong passwords
- D.
Strong authentication
Correct Answer
B. Strong encryptionExplanation
Strong encryption is the best defense against man-in-the-middle attacks because it ensures that the data being transmitted between two parties is encrypted and cannot be intercepted or tampered with by an attacker. Encryption algorithms scramble the data in such a way that it can only be decrypted and understood by the intended recipient with the correct decryption key. This prevents attackers from gaining access to sensitive information or altering the data being transmitted. Firewalls, strong passwords, and strong authentication can provide additional layers of security, but strong encryption is the most effective defense against man-in-the-middle attacks.Rate this question:
-
- 34.
You are the security administrator at Certkiller .com. All Certkiller users have a token and 4-digit personal identification number (PIN) that are used to access their computer systems. The token performs off-line checking for the correct PIN. To which of the following type of attack is Certkiller vulnerable?
- A.
Smurf
- B.
Man-in-the-middle
- C.
Brute force
- D.
Birthday
Correct Answer
C. Brute forceExplanation
Explanation: Brute force attacks are performed with tools that cycle through many possible character, number, and symbol combinations to guess a password. Since the token allows offline checking of PIN, the cracker can keep trying PINS until it is cracked.Rate this question:
-
- 35.
What is an attach in which the attacker spoofs the source IP address in an ICMP ECHO broadcast packet so it seems to have originated at the victim's system, in order to flood it with REPLY packets called?
- A.
SYN flood attack
- B.
Smurf attack
- C.
Ping of Dead Attack
- D.
Denial of Service (DOS) Attack
Correct Answer
B. Smurf attackExplanation
A smurf attack is a type of denial of service (DOS) attack where the attacker spoofs the source IP address in an ICMP ECHO broadcast packet to make it appear as if it originated from the victim's system. The attacker then sends a large number of these packets to multiple hosts on a network, causing them to flood the victim's system with ICMP REPLY packets. This overwhelms the victim's system and can lead to a loss of network connectivity and a denial of service.Rate this question:
-
- 36.
Which type of attack is based on the probability of two different messages using the same hash function producing a common message digest?
- A.
Differential cryptanalysis
- B.
Differential linear cryptanalysis
- C.
Birthday attack
- D.
Statistical attack
Correct Answer
C. Birthday attackExplanation
A good hashing algorithm should not produce the same hash value for two different messages. If the algorithm does produce the same value for two distinctly different messages, it is referred to as a collision. If an attacker finds an instance of a collision, he has more information to use when trying to break the cryptographic methods used. A complex way of attacking a one-way hash function is called the birthday attack. If an attacker has one hash value and wants to find a message that hashes to the same hash value, this process could take him years. However, if he just wants to find any two messages with the same hashing value, it could take him only a couple hours.Rate this question:
-
- 37.
Which of the following attacks attempts to crack passwords
- A.
SMURF
- B.
Dictionary
- C.
Teardrop
- D.
Spamming
Correct Answer
B. DictionaryExplanation
Dictionaries may be used in a cracking program to determine passwords. A short dictionary attack involves trying a list of hundreds or thousands of words that are frequently chosen as passwords against several systems. Although most systems resist such attacks, some do not. In one case, one system in five yielded to a particular dictionary attack.Rate this question:
-
- 38.
As the security administrator you monitor traces from IDS and detect the subsequent data: Date Time Source IP Destination IP Port Type 10/21 0845 192.168.155.28 10.1.20.1 20 SYN 10/21 0850 192.168.155.28 10.1.20.1 21 SYN 10/21 0900 192.168.155.28 10.1.20.1 23 SYN 10/21 0910 192.168.155.28 10.1.20.1 25 SYN You need to determine what will occur?
- A.
An expected TCP/IP traffic will occur.
- B.
A Port scanning will occur.
- C.
A SYN Flood will occur.
- D.
A Denial of Service (DoS) will occur.
Correct Answer
B. A Port scanning will occur.Explanation
The given traces show a pattern where the source IP (192.168.155.28) is scanning the destination IP (10.1.20.1) on different ports (20, 21, 23, 25) using SYN packets. This indicates that the source IP is actively probing the destination IP for open ports, which is characteristic of port scanning. Port scanning is a technique used by attackers to identify potential vulnerabilities in a target system. Therefore, the correct answer is that a port scanning will occur.Rate this question:
-
- 39.
Identify the attack that targets a web server if numerous computers send a lot of FIN packets at the same time with spoofed source IP addresses?
- A.
This attack is known as SYN flood.
- B.
This attack is known as DDoS
- C.
This attack is known as Brute force.
- D.
This attack is known as XMAS tree scan.
Correct Answer
B. This attack is known as DDoS -
- 40.
You implement IDS on the Certkiller .com network. You discover traffic from an internal host IP address accessing internal network resources from the Internet. What is causing this?
- A.
This occurred since a user without permission is spoofing internal IP addresses.
- B.
This occurred since information is accessed by a user from a remote login.
- C.
This occurred since traffic is routed outside the internal network.
- D.
This is normal behavior according to the IP RFC.
Correct Answer
A. This occurred since a user without permission is spoofing internal IP addresses.Explanation
The correct answer is that this occurred since a user without permission is spoofing internal IP addresses. This explanation suggests that someone within the network is pretending to have a different IP address in order to gain unauthorized access to internal resources. This is a common tactic used by hackers to bypass security measures and gain access to sensitive information.Rate this question:
-
- 41.
Identify the methods of password guessing that needs the longest attack time?
- A.
Brute force needs the longest attack time.
- B.
Dictionary needs the longest attack time.
- C.
Rainbow needs the longest attack time.
- D.
Birthday needs the longest attack time.
Correct Answer
A. Brute force needs the longest attack time.Explanation
Brute force is a method of password guessing where all possible combinations of characters are tried until the correct password is found. This method requires the longest attack time because it systematically checks every possible combination, which can be time-consuming and resource-intensive. Dictionary, rainbow, and birthday attacks are more efficient methods that exploit patterns or precomputed tables, making them faster than brute force.Rate this question:
-
- 42.
Identify the attack that consists of a PC sending PING packets with destination addresses set to the broadcast address and the source address set to the target PC's IP address?
- A.
You should identify a Smurf attack.
- B.
You should identify a XMAS Tree attack.
- C.
You should identify a Replay attack.
- D.
You should identify a Fraggle attack
Correct Answer
A. You should identify a Smurf attack.Explanation
A Smurf attack is a type of distributed denial of service (DDoS) attack where the attacker sends a large number of ICMP Echo Request (PING) packets with the source IP address spoofed as the target PC's IP address to the broadcast address of a network. This causes all devices on the network to respond to the target PC, overwhelming its resources and causing it to become unreachable.Rate this question:
-
- 43.
Identify common utilization of Internet-exposed network services?
- A.
Active content is a common utilization.
- B.
Illicit servers are a common utilization.
- C.
Trojan horse programs are a common utilization.
- D.
Buffer overflows is a common utilization. Buffer overflows is a common utilization.
Correct Answer
D. Buffer overflows is a common utilization. Buffer overflows is a common utilization. -
- 44.
What results in poor programming techniques and lack of code review?
- A.
It can result in the Buffer overflow attack.
- B.
It can result in the Dictionary attack.
- C.
It can result in the Birthday attack.
- D.
It can result in the Common Gateway Interface (CGI) script attack.
Correct Answer
A. It can result in the Buffer overflow attack.Explanation
Poor programming techniques and lack of code review can result in a buffer overflow attack. This type of attack occurs when a program writes data to a buffer, but exceeds the buffer's capacity, causing the excess data to overwrite adjacent memory locations. This can lead to the execution of malicious code or the corruption of data, potentially compromising the security and stability of the system. Therefore, it is important to follow good programming practices and conduct regular code reviews to prevent such vulnerabilities.Rate this question:
-
- 45.
Identify a port scanning tool?
- A.
Nmap is port scanning tool.
- B.
Cain & Abel is port scanning tool.
- C.
L0phtcrack is port scanning tool.
- D.
John the Ripper is port scanning tool.
Correct Answer
A. Nmap is port scanning tool.Explanation
Nmap is a widely used and highly regarded port scanning tool. It is designed to scan and discover open ports on a network, providing information about the services running on those ports. Nmap offers a range of scanning techniques and advanced features, making it a powerful tool for network administrators and security professionals.Rate this question:
-
- 46.
How can you determine whether the workstations on the internal network are functioning as zombies participating in external DDoS attacks?
- A.
You should use AV server logs to confirm the suspicion.
- B.
You should use HIDS logs to confirm the suspicion.
- C.
You should use Proxy logs to confirm the suspicion.
- D.
You should use Firewall logs to confirm the suspicion.
Correct Answer
D. You should use Firewall logs to confirm the suspicion.Explanation
Firewall logs can be used to determine whether the workstations on the internal network are functioning as zombies participating in external DDoS attacks. Firewall logs contain information about the network traffic and can provide insights into the connections made by the workstations. By analyzing the logs, suspicious or malicious connections can be identified, indicating the presence of zombies participating in DDoS attacks. This makes Firewall logs a suitable source of information for confirming the suspicion.Rate this question:
-
- 47.
You configure a computer to act as a zombie set in order to attack a web server on a specific date. What would this contaminated computer be part of?
- A.
The computer is part of a DDoS attack.
- B.
The computer is part of a TCP/IP hijacking.
- C.
The computer is part of a spoofing attack.
- D.
The computer is part of a man-in-the-middle attack.
Correct Answer
A. The computer is part of a DDoS attack.Explanation
The given correct answer suggests that the contaminated computer is part of a DDoS attack. A DDoS (Distributed Denial of Service) attack is a malicious attempt to disrupt the normal functioning of a network, service, or website by overwhelming it with a flood of internet traffic from multiple sources. In this scenario, the computer has been configured to act as a "zombie" or part of a botnet, which is a network of infected computers controlled by an attacker. These infected computers, including the one in question, are used to send a massive amount of traffic to the target web server, causing it to become overwhelmed and unavailable to legitimate users.Rate this question:
-
- 48.
What is used in a distributed denial of service (DDOS) attack?
- A.
DDOS makes use of Botnet.
- B.
DDOS makes use of Phishing.
- C.
DDOS makes use of Adware.
- D.
DDOS makes use of Trojan.
Correct Answer
A. DDOS makes use of Botnet.Explanation
A distributed denial of service (DDOS) attack uses a botnet, which is a network of compromised computers or devices that are controlled by an attacker. The attacker uses the botnet to flood a target system or network with a large amount of traffic, overwhelming its resources and causing it to become unavailable to legitimate users. This is done by infecting and taking control of multiple devices, such as computers, servers, or IoT devices, and coordinating them to send a massive amount of requests or data to the target. The use of a botnet allows the attacker to amplify the impact of the attack and make it more difficult to mitigate.Rate this question:
-
- 49.
Identify the attack where the purpose is to stop a workstation or service from functioning?
- A.
This attack is known as non-repudiation.
- B.
This attack is known as TCP/IP hijacking.
- C.
This attack is known as denial of service (DoS).
- D.
This attack is known as brute force.
Correct Answer
C. This attack is known as denial of service (DoS).Explanation
Denial of Service (DoS) attack is a type of attack where the purpose is to stop a workstation or service from functioning. It is achieved by overwhelming the target system with a flood of illegitimate requests or by exploiting vulnerabilities in the system to exhaust its resources. This attack is not related to non-repudiation, TCP/IP hijacking, or brute force.Rate this question:
-
- 50.
Which programming mechanism should be used to permit administrative access whilst bypassing the usual access control methods?
- A.
It is known as a logic bomb.
- B.
It is known as a back door.
- C.
It is known as a Trojan horse.
- D.
It is known as software exploit.
Correct Answer
B. It is known as a back door.Explanation
A back door is a programming mechanism that allows administrative access to a system while bypassing the usual access control methods. It is typically used by system administrators or developers to gain unauthorized access to a system for legitimate purposes, such as troubleshooting or maintenance. However, back doors can also be exploited by malicious individuals to gain unauthorized access to a system and carry out malicious activities. Therefore, it is important for system administrators to regularly monitor and secure their systems to prevent unauthorized access through back doors.Rate this question:
-
Quiz Review Timeline +
Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.
-
Current Version
-
May 02, 2023Quiz Edited by
ProProfs Editorial Team -
Apr 25, 2009Quiz Created by
Mastermind1100
Back to top