CompTIA And Security Exam 2
(86).webp "CompTIA And Security Exam 2 - Quiz")
Comptia Security+ Practice Exam (2)
Full length Comptia Security+ Practice Exam. Take this exam like the real exam to see if you are completely prepared for the real exam. Time yourself to 90 minutes to get a feel of the pressures of the real exam. The practice test is designed to reflect the final exam.
- 1.
Which port is used by Kerberos by default?
- A.
Kerberos makes use of port 139
- B.
Kerberos makes use of port 443
- C.
Kerberos makes use of port 23
- D.
Kerberos makes use of port 88
- E.
None of the Above
Correct Answer
D. Kerberos makes use of port 88Explanation
Kerberos is a network authentication protocol that uses port 88 by default. This port is specifically assigned for Kerberos services, allowing clients and servers to communicate and authenticate each other securely. Port 88 is commonly used in Windows Active Directory environments and is essential for the functioning of Kerberos-based authentication systems.Rate this question:
-
- 2.
You run Nmap against a server on the Certkiller .com network. You discover more open ports than you anticipated. What should you do?
- A.
Your first step should be to close all the ports and to monitor it to see if a process tries to reopen the port.
- B.
Your first step should be to examine the process using the ports.
- C.
Your first step should be to leave the ports open and to monitor the traffic for malicious activity.
- D.
Your first step should be to run Nmap again and to monitor it to see if different results are obtained.
Correct Answer
B. Your first step should be to examine the process using the ports.Explanation
The correct answer is to examine the process using the ports. This is the most logical and effective step to take when faced with unexpected open ports. By examining the process using the ports, you can determine if any unauthorized or malicious activity is taking place. This will help you identify and address any potential security vulnerabilities or threats.Rate this question:
-
- 3.
Identify the port that permits a user to login remotely on a computer?
- A.
Port 3389
- B.
Port 8080
- C.
Port 143
- D.
Port 23
Correct Answer
A. Port 3389Explanation
Port 3389 is the correct answer because it is the default port used by Microsoft's Remote Desktop Protocol (RDP), which allows users to connect to a computer remotely and login. RDP is commonly used for remote administration and accessing files or applications on a remote computer.Rate this question:
-
- 4.
Identify the ports utilized by e-mail users? (Choose TWO)
- A.
You should identify port 143
- B.
You should identify port 3389
- C.
You should identify port 110
- D.
You should identify port 334
- E.
You should identify port 23
Correct Answer(s)
A. You should identify port 143
C. You should identify port 110Explanation
The correct answer is to identify port 143 and port 110. Port 143 is used for the Internet Message Access Protocol (IMAP), which allows users to access their email on a remote mail server. Port 110 is used for the Post Office Protocol (POP3), which is another protocol for retrieving email from a remote server.Rate this question:
-
- 5.
Which of the following occurs when a string of data is sent to a buffer that is larger than the buffer was designed to handle?
- A.
Brute Force attack
- B.
Spoofing attack
- C.
Buffer overflow
- D.
Man in the middle attack
- E.
SYN flood
Correct Answer
C. Buffer overflowExplanation
Buffer overflows occur when an application receives more data than it is programmed to accept. This situation can cause an application to terminate. The termination may leave the system sending the data with temporary access to privileged levels in the attacked system.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 135Rate this question:
-
- 6.
Which of the following attacks exploits the session initiation between the Transport Control Program (TCP) client and server in a network?
- A.
Birthday Attack
- B.
SYN Attack
- C.
Buffer Overflow
- D.
Smurf
- E.
None of the Above
Correct Answer
B. SYN AttackExplanation
SYN flood is a DoS attack in which the hacker sends a barrage of SYN packets. The receiving station tries to respond to each SYN request for a connection, thereby tying up all the resources. All incoming connections are rejected until all current connections can be established. Change this if you want but in the SYN flood the hacker sends a SYN packet to the receiving station with a spoofed return address of some broadcast address on their network. The receiving station sends out this SYN packets (pings the broadcast address) which causes multiple servers or stations to respond to the ping, thus overloading the originator of the ping (the receiving station). Therefore, the hacker may send only 1 SYN packet, whereas the network of the attacked station is actually what does the barrage of return packets and overloads the receiving station.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 530Rate this question:
-
- 7.
Which of the following attacks uses ICMP (Internet Control Message Protocol) and improperly formatted MTUs (Maximum Transmission Unit) to crash a target computer?
- A.
Man in the middle attack
- B.
Smurf attack
- C.
Ping of death attack
- D.
TCP SYN (Transmission Control Protocol / Synchronized) attack
- E.
None of the Above
Correct Answer
C. Ping of death attackExplanation
Explanation: The Ping of Death attack involved sending IP packets of a size greater than 65,535 bytes to the target computer. IP packets of this size are illegal, but applications can be built that are capable of creating them. Carefully programmed operating systems could detect and safely handle illegal IP packets, but some failed to do this. Note: MTU packets that are bigger than the maximum size the underlying layer can handle are fragmented into smaller packets, which are then reassembled by the receiver. For ethernet style devices, the MTU is typically 1500. Incorrect Answers A: A man in the middle attack allows a third party to intercept and replace components of the data stream. B: The "smurf" attack, named after its exploit program, is one of the most recent in the category of network-level attacks against hosts. A perpetrator sends a large amount of ICMP echo (ping) traffic at IP broadcast addresses, all of it having a spoofed source address of a victim. D: In a TCP SYN attack a sender transmits a volume of connections that cannot be completed. This causes the connection queues to fill up, thereby denying service to legitimate TCP users.Rate this question:
-
- 8.
Which of the following determines which operating system is installed on a system by analyzing its response to certain network traffic?
- A.
OS (Operating System) scanning
- B.
Reverse engineering.
- C.
Fingerprinting
- D.
Host hijacking.
- E.
None of the Above
Correct Answer
C. FingerprintingExplanation
Fingerprinting is the act of inspecting returned information from a server (ie. One method is ICMP Message quoting where the ICMP quotes back part of the original message with every ICMP error message. Each operating system will quote definite amount of message to the ICMP error messages. The peculiarity in the error messages received from various types of operating systems helps us in identifying the remote host's OS.Rate this question:
-
- 9.
Malicious port scanning determines the _______.
- A.
Computer name
- B.
Fingerprint of the operating system
- C.
Physical cabling topology of a network
- D.
User ID and passwords
- E.
All of the Above
Correct Answer
B. Fingerprint of the operating systemExplanation
Malicious port scanning is an attempt to find an unused port that the system won't acknowledge. Several programs now can use port scanning for advanced host detection and operating system fingerprinting. With knowledge of the operating system, the hacker can look up known vulnerabilities and exploits for that particular system.Rate this question:
-
- 10.
Which of the following fingerprinting techniques exploits the fact that operating systems differ in the amount of information that is quoted when ICMP (Internet Control Message Protocol) errors are encountered?
- A.
TCP (Transmission Control Protocol) options.
- B.
ICMP (Internet Control Message Protocol) error message quenching.
- C.
Fragmentation handling.
- D.
ICMP (Internet Control Message Protocol) message quoting
- E.
None of the Above
Correct Answer
D. ICMP (Internet Control Message Protocol) message quotingExplanation
ICMP Message quoting: The ICMP quotes back part of the original message with every ICMP error message. Each operating system will quote definite amount of message to the ICMP error messages. The peculiarity in the error messages received from various types of operating systems helps us in identifying the remote host's OS.Rate this question:
-
- 11.
Which of the following type of attacks exploits poor programming techniques and lack of code review?
- A.
CGI (Common Gateway Interface) script
- B.
Birthday
- C.
Buffer overflow
- D.
Dictionary
Correct Answer
C. Buffer overflowExplanation
Buffer overflows occur when an application receives more data than it is programmed to accept. This situation can cause an application to terminate. The termination may leave the system sending the data with temporary access to privileged levels in the attacked system. This exploitation is usually a result of a programming error in the development of the software.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 135Rate this question:
-
- 12.
Which of the following network attacks misuses TCP's (Transmission Control Protocol) three way handshake to overload servers and deny access to legitimate users?
- A.
Man in the middle.
- B.
Smurf
- C.
Teardrop
- D.
SYN (Synchronize)
Correct Answer
D. SYN (Synchronize)Explanation
SYN flood is a DoS attack in which the hacker sends a barrage of SYN packets. The receiving station tries to respond to each SYN request for a connection, thereby tying up all the resources. All incoming connections are rejected until all current connections can be established.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 530Rate this question:
-
- 13.
Which of the following is most common method of accomplishing DDoS (Distributed Denial of Service) attacks?
- A.
Internal host computers simultaneously failing.
- B.
Overwhelming and shutting down multiple services on a server.
- C.
Multiple servers or routers monopolizing and over whelming the bandwidth of a particular server or router.
- D.
An individual e-mail address list being used to distribute a virus.
Correct Answer
C. Multiple servers or routers monopolizing and over whelming the bandwidth of a particular server or router.Explanation
A distributed denial of service attack takes place from within, and is usually the doing of a disgruntled worker. They set up a zombie software that takes over numerous servers, and routers within the network to overwhelm the systems bandwidth. A and B are incorrect because a DDoS doesn't fail or shut down the servers, it merely compromises them.Rate this question:
-
- 14.
Which of the following is a DoS (Denial of Service) attack that exploits TCP's (Transmission Control Protocol) three-way handshake for new connections?
- A.
SYN (Synchronize) flood.
- B.
Ping of death attack.
- C.
Land attack.
- D.
Buffer overflow attack.
- E.
None of the Above
Correct Answer
A. SYN (Synchronize) flood.Explanation
The SYN flood attack works when a source system floods and end system with TCP SYN requests, but intentionally does not send out acknowledgements (ACK). Since TCP needs confirmation, the receiving computer is stuck with half-open TCP sessions, just waiting for acknowledgement so it can reset the port. Meanwhile the connection buffer is being overflowed, making it difficult or impossible for valid users to connect, therefore their service is denied.Rate this question:
-
- 15.
Which of the following is a DoS exploit that sends more traffic to a node than anticipated?
- A.
Ping of death
- B.
Buffer Overflow
- C.
Logic Bomb
- D.
Smurf
- E.
None of the Above
Correct Answer
B. Buffer OverflowExplanation
Buffer overflows occur when an application receives more data than it is programmed to accept. This situation can cause an application to terminate. The termination may leave the system sending the data with temporary access to privileged levels in the attacked system.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 135Rate this question:
-
- 16.
Which of the following is a security breach that does not usually result in the theft of information or other security loss but the lack of legitimate use of that system?
- A.
CRL
- B.
DoS
- C.
ACL
- D.
MD2
- E.
None of the above
Correct Answer
B. DoSExplanation
DOS attacks prevent access to resources by users authorized to use those resources. An attacker may attempt to bring down an e-commerce website to prevent or deny usage by legitimate customers.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 53Rate this question:
-
- 17.
Loki, NetCaZ, Masters Paradise and NetBus are examples of what type of attack?
- A.
Brute force
- B.
Spoofing
- C.
Man in the middle
- D.
Back door
- E.
None of the Above
Correct Answer
D. Back doorExplanation
Since backdoor's are publicly marketed/distributed software applications, they are characterized by having a trade name.Rate this question:
-
- 18.
What is usually the goal of TCP (transmission Control Protocol) session hijacking?
- A.
Taking over a legitimate TCP (transmission Control Protocol) connection.
- B.
Predicting the TCP (transmission Control Protocol) sequence number.
- C.
Identifying the TCP (transmission Control Protocol) port for future exploitation.
- D.
Identifying source addresses for malicious use.
- E.
None of the Above
Correct Answer
A. Taking over a legitimate TCP (transmission Control Protocol) connection.Explanation
The TCP/IP (Transmission Control Protocol/Internet Protocol) session state is altered in a way that intercepts legitimate packets and allows a third party host to insert acceptable packets. Thus hijacking the conversation, and continuing the conversation under the disguise of the legitimate party, and taking advantage of the trust bond.Rate this question:
-
- 19.
Which of the following best describes TCP/IP (Transmission Control Protocol/Internet Protocol) session hijacking?
- A.
The TCP/IP (Transmission Control Protocol/Internet Protocol) session state is altered in a way that intercepts legitimate packets and allows a third party host to insert acceptable packets.
- B.
The TCP/IP (Transmission Control Protocol/Internet Protocol) session state is altered allowing third party hosts to create new IP (Internet Protocol) addresses.
- C.
The TCP/IP (Transmission Control Protocol/Internet Protocol) session state remains unaltered allowing third party hosts to insert packets acting as the server.
- D.
The TCP/IP (Transmission Control Protocol/Internet Protocol) session state remains unaltered allowing third party hosts to insert packets acting as the client.
Correct Answer
A. The TCP/IP (Transmission Control Protocol/Internet Protocol) session state is altered in a way that intercepts legitimate packets and allows a third party host to insert acceptable packets.Explanation
A detailed site on how to hijack a TCP/IP a session can be found at: http://staff.washington.edu/dittrich/talks/qsm-sec/script.htmlRate this question:
-
- 20.
What characteristic of TCP/IP (transmission Control Protocol/Internet Protocol) does TCP/IP (transmission Control Protocol/Internet Protocol) session hijacking exploit?
- A.
The fact that TCP/IP (transmission Control Protocol/Internet Protocol) has no authentication mechanism, thus allowing a clear text password of 16 bytes
- B.
The fact that TCP/IP (transmission Control Protocol/Internet Protocol) allows a packet to be spoofed and inserted into a stream, thereby enabling commands to be executed on the remote host
- C.
The fact that TCP/IP (transmission Control Protocol/Internet Protocol) has no authentication mechanism, and therefore allows connectionless packets from anyone
- D.
The fact that TCP/IP (transmission Control Protocol/Internet Protocol) allows packets to be tunneled to an alternate network
Correct Answer
B. The fact that TCP/IP (transmission Control Protocol/Internet Protocol) allows a packet to be spoofed and inserted into a stream, thereby enabling commands to be executed on the remote hostExplanation
TCP/IP's connection orientated nature, and lack of natural security makes it easy to hijack a session by spoofing.Rate this question:
-
- 21.
Which of the following attacks can be mitigated against by implementing the following ingress/egress traffic filtering? * Any packet coming into the network must not have a source address of the internal network. * Any packet coming into the network must have a destination address from the internal network. * Any packet leaving the network must have a source address from the internal network. * Any packet leaving the network must not have a destination address from the internal networks. * Any packet coming into the network or leaving the network must not have a source or destination address of a private address or an address listed in RFC19lS reserved space.
- A.
SYN (Synchronize) flooding
- B.
Spoofing
- C.
DoS (Denial of Service) attacks
- D.
Dictionary attacks
- E.
None of the Above
Correct Answer
B. SpoofingExplanation
By having strict addressing filters; an administrator prevents a spoofed address from gaining access.Rate this question:
-
- 22.
In which of the following attacks does the attacker pretend to be a legitimate user?
- A.
Aliasing
- B.
Spoofing
- C.
Flooding
- D.
Redirecting
- E.
None of the Above
Correct Answer
B. SpoofingExplanation
A spoofing attack is simple an attempt by someone or something masquerading as someone else. This type of attack is usually considered an access attack.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 56Rate this question:
-
- 23.
Which of the attacks can involve the misdirection of the domain name resolution and Internet traffic?
- A.
DoS (Denial of Service)
- B.
Spoofing
- C.
Brute force attack
- D.
Reverse DNS (Domain Name Service)
Correct Answer
B. SpoofingExplanation
A spoofing attack is simply an attempt by someone or something masquerading as someone else.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 56Rate this question:
-
- 24.
In an IP (Internet Protocol) spoofing attack, what field of an IP (Internet Protocol) packet does the attacker manipulate?
- A.
The version field.
- B.
The source address field.
- C.
The source port field.
- D.
The destination address field.
Correct Answer
B. The source address field.Explanation
In IP Spoofing a hacker tries to gain access to a network by pretending his or her machine has the same network address as the internal network.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 515Rate this question:
-
- 25.
You are the network administrator at Certkiller .com. You discover that your domain name server is resolving the domain name to the wrong IP (Internet Protocol) address and thus misdirecting Internet traffic. You suspect a malicious attack. Which of the following would you suspect?
- A.
Reverse DNS (Domain Name Service)
- B.
Brute force attack
- C.
Spoofing
- D.
DoS (Denial of Service)
Correct Answer
C. SpoofingExplanation
Spoofing is when you forge the source address of traffic, so it appears to come from somewhere else, preferably somewhere safe and trustworthy. Web spoofing is a process where someone creates a convincing copy of a legitimate website or a portion of the world wide web, so that when someone enters a site that they think is safe, they end up communicating directly with the hacker. To avoid this you should rely on certificates, IPSEC, and set up a filter to block internet traffic with an internal network address.Rate this question:
-
- 26.
What is the process of forging an IP (Internet Protocol) address to impersonate another machine called?
- A.
TCP/IP (Transmission Control Protocol/Internet Protocol) hijacking
- B.
IP (Internet Protocol) spoofing
- C.
Replay
- D.
Man in the middle
Correct Answer
B. IP (Internet Protocol) spoofingExplanation
The word spoofing was popularized in the air-force. When a fighter jet notices an enemy missile (air-to-air or surface-to-air) coming, the pilot will fire off a flair or a chaff (depending on whether or not the missile is heat seeking or radar guided) to spoof (trick) the missile into going after the wrong target. IP spoofing works the same way, and is commonly used by computer hackers because it's easy to implement, it takes advantage of someone else's trust relationship, it makes it harder to identify the source of the true attack, and it focuses attention away to an innocent 3rd party.Rate this question:
-
- 27.
You are the security administrator at Certkiller .com. You detect intruders accessing your internal network. The source IP (Internet Protocol) addresses originate from trusted networks. What type of attack are you experiencing?
- A.
Social engineering
- B.
TCP/IP (Transmission Control Protocol/Internet Protocol) hijacking
- C.
Smurfing
- D.
Spoofing
Correct Answer
D. SpoofingExplanation
Spoofing is the process of trying to deceive, or to spoof, someone into believing that a source address is coming from somewhere else. Incorrect answers:
A: Social engineering deals with the human aspect of gaining access and passwords.
B: TCP/IP hijacking requires an existing session.
C: Smurfing is a legitimate kind of DoS attack that does involve spoofing, however it doesn't match the above description.Rate this question:
-
- 28.
What is an attack whereby two different messages using the same hash function produce a common message digest known as?
- A.
Man in the middle attack.
- B.
Ciphertext only attack.
- C.
Birthday attack.
- D.
Brute force attack.
Correct Answer
C. Birthday attack.Explanation
A birthday attack is based on the principle that amongst 23 people, the probability of 2 of them having the same birthday is greater the 50%. By that rational if an attacker examines the hashes of an entire organizations passwords, they'll come up with some common denominators.Rate this question:
-
- 29.
Which of the following can be deterred against by increasing the keyspace and complexity of a password?
- A.
Dictionary
- B.
Brute force
- C.
Inference
- D.
Frontal
Correct Answer
B. Brute forceExplanation
Increasing the keyspace and complexity of a password can deter against brute force attacks. Brute force attacks involve trying all possible combinations of characters until the correct password is found. By increasing the keyspace (the range of characters that can be used in the password) and complexity (the length and variety of characters used), it becomes exponentially more difficult and time-consuming for an attacker to guess the correct password through brute force methods.Rate this question:
-
- 30.
Which type of attack can easily break a user's password if the user uses simple and meaningful things such as pet names or birthdays for their passwords?
- A.
Mickey Mouse attack
- B.
Random guess attack
- C.
Brute Force attack
- D.
Dictionary attack
- E.
Role Based Access Control attack
Correct Answer
D. Dictionary attackExplanation
A dictionary attack is an attack which uses a dictionary of common words to attempt to find the password of a user.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 58Rate this question:
-
- 31.
What should the minimum length of a password be to deter dictionary password cracks?
- A.
6 characters
- B.
8 characters
- C.
10 characters
- D.
12 characters
- E.
16 characters
Correct Answer
B. 8 charactersExplanation
A password should be at least 8 characters long to deter dictionary password cracks. A longer password provides more combinations, making it harder for hackers to guess or crack the password using automated tools that rely on dictionary words or common combinations. Therefore, an 8-character minimum length helps to enhance the security of the password and protect against dictionary attacks.Rate this question:
-
- 32.
In which of the following does someone use an application to capture and manipulate packets as they are passing through your network?
- A.
DDos
- B.
Back Door
- C.
Man in the Middle
- D.
Spoofing
Correct Answer
C. Man in the MiddleExplanation
The method used in these attacks places a piece of software between a server and the user. The software intercepts and then sends the information to the server. The server responds back to the software, thinking it is the legitimate client. The attacking software then sends this information on to the server, etc. The man in the middle software may be recording this information, altering it, or in some other way compromising the security of your system.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 57Rate this question:
-
- 33.
Which of the following is the best defense against a man in the middle attack?
- A.
Virtual LAN (Local Area Network)
- B.
GRE (Generic Route Encapsulation) tunnel IPIP (Internet Protocol-within-Internet Protocol Encapsulation Protocol)
- C.
PKI (Public Key Infrastructure)
- D.
Enforcement of badge system
Correct Answer
C. PKI (Public Key Infrastructure)Explanation
PKI is a two-key system. Messages are encrypted with a public key. Messages are decrypted with a private key. If you want to send an encrypted message to someone, you would request their public key. You would encrypt the message using their public key and send it to them. They would then use their private key to decrypt the message.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 331Rate this question:
-
- 34.
Which of the following is the best defense against man in the middle attacks?
- A.
A firewall
- B.
Strong encryption
- C.
Strong passwords
- D.
Strong authentication
Correct Answer
B. Strong encryptionExplanation
Strong encryption is the best defense against man-in-the-middle attacks because it ensures that the data being transmitted between two parties is encrypted and cannot be intercepted or modified by an attacker. Encryption converts the data into a secure format that can only be decrypted by the intended recipient, making it extremely difficult for an attacker to access or manipulate the information. Firewalls, strong passwords, and strong authentication can provide additional layers of security, but they do not directly address the issue of intercepting and tampering with data in transit like strong encryption does.Rate this question:
-
- 35.
You are the security administrator at Certkiller .com. All Certkiller users have a token and 4-digit personal identification number (PIN) that are used to access their computer systems. The token performs off-line checking for the correct PIN. To which of the following type of attack is Certkiller vulnerable?
- A.
Smurf
- B.
Man-in-the-middle
- C.
Brute force
- D.
Birthday
Correct Answer
C. Brute forceExplanation
Explanation: Brute force attacks are performed with tools that cycle through many possible character, number, and symbol combinations to guess a password. Since the token allows offline checking of PIN, the cracker can keep trying PINS until it is cracked.Rate this question:
-
- 36.
What is an attach in which the attacker spoofs the source IP address in an ICMP ECHO broadcast packet so it seems to have originated at the victim's system, in order to flood it with REPLY packets called?
- A.
SYN flood attack
- B.
Smurf attack
- C.
Ping of Dead Attack
- D.
Denial of Service (DOS) Attack
Correct Answer
B. Smurf attackExplanation
A Smurf attack is a type of denial of service (DOS) attack where the attacker spoofs the source IP address in an ICMP ECHO broadcast packet to make it appear as if it originated from the victim's system. The attacker then sends a large number of these packets to a network's broadcast address, causing all devices on the network to respond with ICMP REPLY packets to the victim's system. This flood of REPLY packets overwhelms the victim's system, resulting in a denial of service.Rate this question:
-
- 37.
Which type of attack is based on the probability of two different messages using the same hash function producing a common message digest?
- A.
Differential cryptanalysis
- B.
Differential linear cryptanalysis
- C.
Birthday attack
- D.
Statistical attack
Correct Answer
C. Birthday attackExplanation
A good hashing algorithm should not produce the same hash value for two different messages. If the algorithm does produce the same value for two distinctly different messages, it is referred to as a collision. If an attacker finds an instance of a collision, he has more information to use when trying to break the cryptographic methods used. A complex way of attacking a one-way hash function is called the birthday attack. If an attacker has one hash value and wants to find a message that hashes to the same hash value, this process could take him years. However, if he just wants to find any two messages with the same hashing value, it could take him only a couple hours.Rate this question:
-
- 38.
Which of the following attacks attempts to crack passwords
- A.
SMURF
- B.
Dictionary
- C.
Teardrop
- D.
Spamming
Correct Answer
B. DictionaryExplanation
Dictionaries may be used in a cracking program to determine passwords. A short dictionary attack involves trying a list of hundreds or thousands of words that are frequently chosen as passwords against several systems. Although most systems resist such attacks, some do not. In one case, one system in five yielded to a particular dictionary attack.Rate this question:
-
- 39.
As the security administrator you monitor traces from IDS and detect the subsequent data: Date Time Source IP Destination IP Port Type 10/21 0845 192.168.155.28 10.1.20.1 20 SYN 10/21 0850 192.168.155.28 10.1.20.1 21 SYN 10/21 0900 192.168.155.28 10.1.20.1 23 SYN 10/21 0910 192.168.155.28 10.1.20.1 25 SYN You need to determine what will occur?
- A.
An expected TCP/IP traffic will occur.
- B.
A Port scanning will occur.
- C.
A SYN Flood will occur.
- D.
A Denial of Service (DoS) will occur.
Correct Answer
B. A Port scanning will occur.Explanation
The given traces indicate that the source IP address (192.168.155.28) is sending SYN packets to the destination IP address (10.1.20.1) on different ports (20, 21, 23, 25). This behavior suggests that the source IP is scanning the destination IP for open ports. Port scanning is a common technique used by attackers to identify potential vulnerabilities in a system. Therefore, the correct answer is that a port scanning will occur.Rate this question:
-
- 40.
Identify the attack that targets a web server if numerous computers send a lot of FIN packets at the same time with spoofed source IP addresses?
- A.
This attack is known as SYN flood.
- B.
This attack is known as DDoS
- C.
This attack is known as Brute force.
- D.
This attack is known as XMAS tree scan.
Correct Answer
B. This attack is known as DDoS -
- 41.
You implement IDS on the Certkiller .com network. You discover traffic from an internal host IP address accessing internal network resources from the Internet. What is causing this?
- A.
This occurred since a user without permission is spoofing internal IP addresses.
- B.
This occurred since information is accessed by a user from a remote login.
- C.
This occurred since traffic is routed outside the internal network.
- D.
This is normal behavior according to the IP RFC.
Correct Answer
A. This occurred since a user without permission is spoofing internal IP addresses.Explanation
The correct answer is that this occurred since a user without permission is spoofing internal IP addresses. This means that someone is pretending to have an internal IP address in order to access internal network resources from the Internet. This is a security concern as it indicates unauthorized access and potential malicious activity.Rate this question:
-
- 42.
Identify the methods of password guessing that needs the longest attack time?
- A.
Brute force needs the longest attack time.
- B.
Dictionary needs the longest attack time.
- C.
Rainbow needs the longest attack time.
- D.
Birthday needs the longest attack time.
Correct Answer
A. Brute force needs the longest attack time.Explanation
Brute force is a method of password guessing where every possible combination of characters is tried until the correct password is found. This method requires the longest attack time because it systematically tries every possible option, which can be time-consuming, especially for longer and more complex passwords. Dictionary attacks, rainbow attacks, and birthday attacks are all more efficient methods that exploit weaknesses in password systems, such as common or easily guessable passwords, precomputed tables, or hash collisions, respectively.Rate this question:
-
- 43.
Identify the attack that consists of a PC sending PING packets with destination addresses set to the broadcast address and the source address set to the target PC's IP address?
- A.
You should identify a Smurf attack.
- B.
You should identify a XMAS Tree attack.
- C.
You should identify a Replay attack.
- D.
You should identify a Fraggle attack
Correct Answer
A. You should identify a Smurf attack.Explanation
A Smurf attack is a type of DDoS attack where an attacker sends a large number of ICMP ping requests (PING packets) with the source IP address set to the target PC's IP address and the destination IP address set to the broadcast address. This causes all the devices on the network to respond to the ping requests, overwhelming the target PC with an excessive amount of traffic and potentially causing it to crash or become unavailable.Rate this question:
-
- 44.
Identify common utilization of Internet-exposed network services?
- A.
Active content is a common utilization.
- B.
Illicit servers are a common utilization.
- C.
Trojan horse programs are a common utilization.
- D.
Buffer overflows is a common utilization. Buffer overflows is a common utilization.
Correct Answer
D. Buffer overflows is a common utilization. Buffer overflows is a common utilization. -
- 45.
What results in poor programming techniques and lack of code review?
- A.
It can result in the Buffer overflow attack.
- B.
It can result in the Dictionary attack.
- C.
It can result in the Birthday attack.
- D.
It can result in the Common Gateway Interface (CGI) script attack.
Correct Answer
A. It can result in the Buffer overflow attack.Explanation
Poor programming techniques and lack of code review can result in a buffer overflow attack. This type of attack occurs when a program writes data outside the allocated memory buffer, causing the program to crash or allowing an attacker to execute malicious code. Inadequate programming practices and the absence of code review can lead to vulnerabilities in the code, making it easier for attackers to exploit and carry out buffer overflow attacks.Rate this question:
-
- 46.
Identify a port scanning tool?
- A.
Nmap is port scanning tool.
- B.
Cain & Abel is port scanning tool.
- C.
L0phtcrack is port scanning tool.
- D.
John the Ripper is port scanning tool.
Correct Answer
A. Nmap is port scanning tool.Explanation
Nmap is a well-known and widely used port scanning tool. It is designed to scan networks and discover open ports on remote systems. Nmap provides a comprehensive set of features and options that allow users to perform various types of scans, such as TCP, UDP, SYN, and more. It also offers advanced techniques like OS fingerprinting and version detection. Nmap is highly flexible and can be used for both legitimate network administration tasks and malicious activities, making it a popular choice among both security professionals and hackers.Rate this question:
-
- 47.
How can you determine whether the workstations on the internal network are functioning as zombies participating in external DDoS attacks?
- A.
You should use AV server logs to confirm the suspicion.
- B.
You should use HIDS logs to confirm the suspicion.
- C.
You should use Proxy logs to confirm the suspicion.
- D.
You should use Firewall logs to confirm the suspicion.
Correct Answer
D. You should use Firewall logs to confirm the suspicion.Explanation
The correct answer is to use Firewall logs to confirm the suspicion. Firewall logs can provide information about the network traffic and connections that are being allowed or blocked by the firewall. By analyzing these logs, you can identify any suspicious or abnormal traffic patterns that may indicate the presence of zombies participating in external DDoS attacks. This can help you determine whether the workstations on the internal network are functioning as zombies.Rate this question:
-
- 48.
You configure a computer to act as a zombie set in order to attack a web server on a specific date. What would this contaminated computer be part of?
- A.
The computer is part of a DDoS attack.
- B.
The computer is part of a TCP/IP hijacking.
- C.
The computer is part of a spoofing attack.
- D.
The computer is part of a man-in-the-middle attack.
Correct Answer
A. The computer is part of a DDoS attack.Explanation
The computer is part of a DDoS attack, where multiple compromised computers are used to overwhelm a target server or network with a flood of internet traffic, causing it to become unavailable to legitimate users.Rate this question:
-
- 49.
What is used in a distributed denial of service (DDOS) attack?
- A.
DDOS makes use of Botnet.
- B.
DDOS makes use of Phishing.
- C.
DDOS makes use of Adware.
- D.
DDOS makes use of Trojan.
Correct Answer
A. DDOS makes use of Botnet.Explanation
A distributed denial of service (DDOS) attack utilizes a botnet. A botnet is a network of compromised computers or devices that are under the control of a malicious actor. These compromised devices, also known as bots, are used to flood a target system or network with an overwhelming amount of traffic, rendering it inaccessible to legitimate users. By using a botnet, the attacker can amplify the impact of the attack by coordinating multiple sources of traffic simultaneously.Rate this question:
-
- 50.
Identify the attack where the purpose is to stop a workstation or service from functioning?
- A.
This attack is known as non-repudiation.
- B.
This attack is known as TCP/IP hijacking.
- C.
This attack is known as denial of service (DoS).
- D.
This attack is known as brute force.
Correct Answer
C. This attack is known as denial of service (DoS).Explanation
Denial of service (DoS) attack is a type of attack where the purpose is to stop a workstation or service from functioning. In a DoS attack, the attacker overwhelms the target system with a flood of illegitimate requests or excessive traffic, causing the system to become unresponsive or crash. This prevents legitimate users from accessing the system or service. The goal of this attack is to disrupt the availability of the targeted resource rather than gaining unauthorized access or stealing information.Rate this question:
-
- ACA Quizzes
- ACCA Quizzes
- ACE Quizzes
- BCBA Quizzes
- CCP Quizzes
- CDC Quizzes
- CDCs Quizzes
- CEH Quizzes
- CISA Quizzes
- CISCO Quizzes
- CISSP Quizzes
- CPA Quizzes
- CPAT Quizzes
- CPFA Quizzes
- CPP Quizzes
- CPS Quizzes
- CPT Quizzes
- CSA Quizzes
- CSET Quizzes
- CST Quizzes
- CSWIP Quizzes
- FTCE Quizzes
- HIPAA Quizzes
- IAHCSMM Quizzes
- ISTQB Quizzes
- LEED Ga Quizzes
- MBLEx Quizzes
- NCIDQ Quizzes
- PMP Quizzes
- PRAXIS Quizzes
- PTCB Quizzes
- Six Sigma Quizzes
- TEAS Quizzes
Back to top