1. What is the hexadecimal value of a NOP instruction in an Intel system?
- A) 0x99
- B) 0x90
- C) 0x80
- D) 99x0
Show Answer
2. Which pointer in a program stack gets shifted or overwritten during a successful overflow attack?
- A) ESP
- B) ECP
- C) EIP
- D) EBP
Show Answer
3. Groups and individuals who hack systems based on principle or personal beliefs are known as ___________.
- A) White hats
- B) Black hats
- C) Script kiddies
- D) Hacktivists
Show Answer
4. Jason is the local network administrator who has been tasked with securing the network from possible DoS attacks. Within the last few weeks, some traffic logs appear to have internal clients making requests from outside the internal LAN. Based on the traffic Jason has been seeing, what action should he take?
- A) Throttle network traffic.
- B) Update antivirus definitions.
- C) Implement egress filtering.
- D) Implement ingress filtering.
Show Answer
5. Which DoS attack sends traffic to the target with a spoofed IP of the target itself?
- A) Land
- B) Smurf
- C) Teardrop
- D) SYN flood
Show Answer
6. Adding to and removing from a program stack are known as what?
- A) Pop and lock
- B) Push and pop
- C) Stack and pull
- D) Plus and minus
Show Answer
7. Zombies Inc. is looking for ways to better protect their web servers from potential DoS attacks. Their web admin proposes the use of a network appliance that receives all incoming web requests and forwards them to the web server. He says it will prevent direct customer contact with the server and reduce the risk of DoS attacks. What appliance is he proposing?
- A) Web proxy
- B) IDS
- C) Reverse proxy
- D) Firewall
Show Answer
8. In a DDoS attack, what communications channel is commonly used to orchestrate the attack?
- A) Internet Relay Chat (IRC)
- B) MSN Messenger
- C) ICMP
- D) Google Talk
Show Answer
9. What is the name for the dynamic memory space that, unlike the stack, doesn’t rely on sequential ordering or organization?
- A) Pointer
- B) Heap
- C) Pile
- D) Load
Show Answer
10. Which function(s) are considered dangerous because they don’t check memory bounds? (Choose all that apply.)
- A) gets()
- B) strcpy()
- C) scanf()
- D) strcat()
Show Answer
11. The stack operates on _______ a basis.
- A) FIFO
- B) LIFO
- C) FILO
- D) LILO
Show Answer
12. While monitoring traffic on the network, Jason captures the following traffic. What is he seeing occur?
- A) ICMP flood
- B) SYN flood
- C) Teardrop
- D) Land
Show Answer
13. What is a single-button DDoS tool suspected to be used by groups such as Anonymous?
- A) Trinoo
- B) Crazy Pinger
- C) LOIC
- D) DoSHTTP
Show Answer
14. What is an eight-in-one DoS tool that can launch such attacks as land and teardrop?
- A) Jolt
- B) Targa
- C) TFN2K
- D) Trinoo
Show Answer
15. What command-line utility can you use to craft custom packets with specific flags set?
- A) Nmap
- B) Zenmap
- C) Ping
- D) hping3
Show Answer
16. What protocol is used to carry out a fraggle attack?
- A) IPX
- B) TCP
- C) UDP
- D) ICMP
Show Answer
17. What is the key difference between a smurf and a fraggle attack?
- A) TCP vs. UDP
- B) TCP vs. ICP
- C) UDP vs. ICMP
- D) TCP vs. ICMP
Show Answer
18. What is the main difference between DoS and DDoS?
- A) Scale of attack
- B) Number of attackers
- C) Goal of the attack
- D) Protocols in use
Show Answer
19. What is the most common sign of a DoS attack?
- A) Weird messages
- B) Rebooting of a system
- C) Slow performance
- D) Stolen credentials
Show Answer
20. What response is missing in a SYN flood attack?
- A) ACK
- B) SYN
- C) SYN-ACK
- D) URG