Denial of Service

1. What is the hexadecimal value of a NOP instruction in an Intel system?

• A) 0x99
• B) 0x90
• C) 0x80
• D) 99x0

---

2. Which pointer in a program stack gets shifted or overwritten during a successful overflow attack?

• A) ESP
• B) ECP
• C) EIP
• D) EBP

---

3. Groups and individuals who hack systems based on principle or personal beliefs are known as ___________.

• A) White hats
• B) Black hats
• C) Script kiddies
• D) Hacktivists

---

4. Jason is the local network administrator who has been tasked with securing the network from possible DoS attacks. Within the last few weeks, some traffic logs appear to have internal clients making requests from outside the internal LAN. Based on the traffic Jason has been seeing, what action should he take?

• A) Throttle network traffic.
• B) Update antivirus definitions.
• C) Implement egress filtering.
• D) Implement ingress filtering.

---

5. Which DoS attack sends traffic to the target with a spoofed IP of the target itself?

• A) Land
• B) Smurf
• C) Teardrop
• D) SYN flood

---

6. Adding to and removing from a program stack are known as what?

• A) Pop and lock
• B) Push and pop
• C) Stack and pull
• D) Plus and minus

---

7. Zombies Inc. is looking for ways to better protect their web servers from potential DoS attacks. Their web admin proposes the use of a network appliance that receives all incoming web requests and forwards them to the web server. He says it will prevent direct customer contact with the server and reduce the risk of DoS attacks. What appliance is he proposing?

• A) Web proxy
• B) IDS
• C) Reverse proxy
• D) Firewall

---

8. In a DDoS attack, what communications channel is commonly used to orchestrate the attack?

• A) Internet Relay Chat (IRC)
• B) MSN Messenger
• C) ICMP
• D) Google Talk

---

9. What is the name for the dynamic memory space that, unlike the stack, doesn’t rely on sequential ordering or organization?

• A) Pointer
• B) Heap
• C) Pile
• D) Load

---

10. Which function(s) are considered dangerous because they don’t check memory bounds? (Choose all that apply.)

• A) gets()
• B) strcpy()
• C) scanf()
• D) strcat()

---

11. The stack operates on _______ a basis.

• A) FIFO
• B) LIFO
• C) FILO
• D) LILO

---

12. While monitoring traffic on the network, Jason captures the following traffic. What is he seeing occur?

• A) ICMP flood
• B) SYN flood
• C) Teardrop
• D) Land

---

13. What is a single-button DDoS tool suspected to be used by groups such as Anonymous?

• A) Trinoo
• B) Crazy Pinger
• C) LOIC
• D) DoSHTTP

---

14. What is an eight-in-one DoS tool that can launch such attacks as land and teardrop?

• A) Jolt
• B) Targa
• C) TFN2K
• D) Trinoo

---

15. What command-line utility can you use to craft custom packets with specific flags set?

• A) Nmap
• B) Zenmap
• C) Ping
• D) hping3

---

16. What protocol is used to carry out a fraggle attack?

• A) IPX
• B) TCP
• C) UDP
• D) ICMP

---

17. What is the key difference between a smurf and a fraggle attack?

• A) TCP vs. UDP
• B) TCP vs. ICP
• C) UDP vs. ICMP
• D) TCP vs. ICMP

---

18. What is the main difference between DoS and DDoS?

• A) Scale of attack
• B) Number of attackers
• C) Goal of the attack
• D) Protocols in use

---

19. What is the most common sign of a DoS attack?

• A) Weird messages
• B) Rebooting of a system
• C) Slow performance
• D) Stolen credentials

---

20. What response is missing in a SYN flood attack?

• A) ACK
• B) SYN
• C) SYN-ACK
• D) URG