CS6262 Lecture Quizzes with complete
solutions
Random Scanning ANSWERS Each compromised computer probes random
addresses.
Permutation Scanning ANSWERS All compromised computers shared a common
pseudo-random permutation of the IP address space.
Signpost Scanning ANSWERS Uses the communication patterns of the
compromised computer to find new target.
Hitlist Scanning ANSWERS A portion of a list of targets is supplied to a
compromised computer.
Subnet spoofing ANSWERS Generate random addresses with a given address
space
Random spoofing ANSWERS Generate 32-bit numbers and stamp packets with
them.
Fixed spoofing ANSWERS The spoofed address is the address of the target.
Server Application ANSWERS The attack is targeted to a specific application on a
server.
What is a "network access" attack used for? ANSWERS The attack is used to
overload or crash the communication mechanism of a network.
Infrastructure ANSWERS The motivation of this attack is a crucial service of a
global internet operation, for example a core router.
Why is the UDP-based NTP protocol particularly vulnerable to amplification attacks?
ANSWERS • a small command can generate a large response.
• Vulnerable to source IP spoofing.
• It is difficult to ensure computers communicate only with legitimate NTP servers.
SYN Cookie - True Statement ANSWERS The server must reject all TCP options
because the server discards the SYN queue entry.
,True statements regarding UDP flood attacks ANSWERS • Attackers can spoof
the IP address of their UDP packets.
• Firewalls cannot stop a flood because the firewall is susceptible to flooding.
True statements regarding CAPTCHA puzzles ANSWERS • Client puzzles should
be stateless.
• Puzzle complexity should increase as the strength of the attack increases.
What assumptions can be made about trace backs? ANSWERS Attackers may
work alone or in groups
What assumptions can be made regarding edge sampling? ANSWERS • Multiple
attackers can be identified since edge identifies splits in reverse path.
• Requires space in the IP packet header.
Self defense against reflector attacks should incorporate the following: ANSWERS
• Server redundancy - servers should be located in multiple networks and locations.
• Traffic limiting - traffic from a name server should be limited to reasonable thresholds.
Deep Web ANSWERS It is not indexed by standard search engines
Dark Web ANSWERS Web content that exists on darknets
Surface Web ANSWERS Readily available to the public, and searchable with
standard search engines.
Doorway pages ANSWERS A webpage that lists many keywords, in hopes of
increasing search engine ranking. Scripts on the page redirect to the attackers page.
Crypters ANSWERS A program that hides malicious code from anti-virus
software.
Blackhat Search Engine Optimizer ANSWERS It increases traffic to the attacker's
site by manipulating search engines.
Trojan Download Manager ANSWERS Software that allows an attacker to update
or install malware on a victim's computer.
Name two identifying characteristics of Spam: ANSWERS 1) Inappropriate or
irrelevant
2) Large number of recipients
Name the top three countries where spam directed visitors added items to their
shopping carts: ANSWERS 1) United States
2) Canada
3) Philippines
, Which events should trigger a penetration test?
• Infastructure is added or modified
• Applications are added of modified
• End user policies are changed
• Security patches are installed ANSWERS • Infastructure is added or modified
• Applications are added of modified
• End user policies are changed
• Security patches are installed
Steps attackers used to access RSA's Adobe Flash software: ANSWERS •
Identify employees that are vulnerable
• Craft an email subject line that entices an employee to open it.
• Hide an executable file in the email that will install onto the victim's computer when the
email is opened.
(Describe the social engineering tool) Flash or CD Autoplay ANSWERS A flash is
created that has a program that creates a connection to the exploit server.
(Describe the social engineering tool) Reverse Shell Applet ANSWERS A signed
Java applet is sent to the user, if they accept it, a shell is sent back to the exploit server.
(Describe the social engineering tool) Click Logger ANSWERS used to determine
which users click on links in emails.
(Describe the social engineering tool) Download Connection ANSWERS An email
contains an attachment. When the attachment is downloaded a connection is made to
the exploit server.
Top three industries that were targets of cyber attacks in 2016 ANSWERS 1)
Defense contractor
2) Restaurant
3) Software
(Describe the motivation) Liking ANSWERS A desire to fit and to be more easily
influenced by someone you like.
(Describe the motivation) Scarcity ANSWERS A desire to pursue a limited or
exclusive item or service.
(Describe the motivation) Commitment ANSWERS A desire to act in a consistent
manner
(Describe the motivation) Social Proof ANSWERS Looking to others for clues on
how to behave.
solutions
Random Scanning ANSWERS Each compromised computer probes random
addresses.
Permutation Scanning ANSWERS All compromised computers shared a common
pseudo-random permutation of the IP address space.
Signpost Scanning ANSWERS Uses the communication patterns of the
compromised computer to find new target.
Hitlist Scanning ANSWERS A portion of a list of targets is supplied to a
compromised computer.
Subnet spoofing ANSWERS Generate random addresses with a given address
space
Random spoofing ANSWERS Generate 32-bit numbers and stamp packets with
them.
Fixed spoofing ANSWERS The spoofed address is the address of the target.
Server Application ANSWERS The attack is targeted to a specific application on a
server.
What is a "network access" attack used for? ANSWERS The attack is used to
overload or crash the communication mechanism of a network.
Infrastructure ANSWERS The motivation of this attack is a crucial service of a
global internet operation, for example a core router.
Why is the UDP-based NTP protocol particularly vulnerable to amplification attacks?
ANSWERS • a small command can generate a large response.
• Vulnerable to source IP spoofing.
• It is difficult to ensure computers communicate only with legitimate NTP servers.
SYN Cookie - True Statement ANSWERS The server must reject all TCP options
because the server discards the SYN queue entry.
,True statements regarding UDP flood attacks ANSWERS • Attackers can spoof
the IP address of their UDP packets.
• Firewalls cannot stop a flood because the firewall is susceptible to flooding.
True statements regarding CAPTCHA puzzles ANSWERS • Client puzzles should
be stateless.
• Puzzle complexity should increase as the strength of the attack increases.
What assumptions can be made about trace backs? ANSWERS Attackers may
work alone or in groups
What assumptions can be made regarding edge sampling? ANSWERS • Multiple
attackers can be identified since edge identifies splits in reverse path.
• Requires space in the IP packet header.
Self defense against reflector attacks should incorporate the following: ANSWERS
• Server redundancy - servers should be located in multiple networks and locations.
• Traffic limiting - traffic from a name server should be limited to reasonable thresholds.
Deep Web ANSWERS It is not indexed by standard search engines
Dark Web ANSWERS Web content that exists on darknets
Surface Web ANSWERS Readily available to the public, and searchable with
standard search engines.
Doorway pages ANSWERS A webpage that lists many keywords, in hopes of
increasing search engine ranking. Scripts on the page redirect to the attackers page.
Crypters ANSWERS A program that hides malicious code from anti-virus
software.
Blackhat Search Engine Optimizer ANSWERS It increases traffic to the attacker's
site by manipulating search engines.
Trojan Download Manager ANSWERS Software that allows an attacker to update
or install malware on a victim's computer.
Name two identifying characteristics of Spam: ANSWERS 1) Inappropriate or
irrelevant
2) Large number of recipients
Name the top three countries where spam directed visitors added items to their
shopping carts: ANSWERS 1) United States
2) Canada
3) Philippines
, Which events should trigger a penetration test?
• Infastructure is added or modified
• Applications are added of modified
• End user policies are changed
• Security patches are installed ANSWERS • Infastructure is added or modified
• Applications are added of modified
• End user policies are changed
• Security patches are installed
Steps attackers used to access RSA's Adobe Flash software: ANSWERS •
Identify employees that are vulnerable
• Craft an email subject line that entices an employee to open it.
• Hide an executable file in the email that will install onto the victim's computer when the
email is opened.
(Describe the social engineering tool) Flash or CD Autoplay ANSWERS A flash is
created that has a program that creates a connection to the exploit server.
(Describe the social engineering tool) Reverse Shell Applet ANSWERS A signed
Java applet is sent to the user, if they accept it, a shell is sent back to the exploit server.
(Describe the social engineering tool) Click Logger ANSWERS used to determine
which users click on links in emails.
(Describe the social engineering tool) Download Connection ANSWERS An email
contains an attachment. When the attachment is downloaded a connection is made to
the exploit server.
Top three industries that were targets of cyber attacks in 2016 ANSWERS 1)
Defense contractor
2) Restaurant
3) Software
(Describe the motivation) Liking ANSWERS A desire to fit and to be more easily
influenced by someone you like.
(Describe the motivation) Scarcity ANSWERS A desire to pursue a limited or
exclusive item or service.
(Describe the motivation) Commitment ANSWERS A desire to act in a consistent
manner
(Describe the motivation) Social Proof ANSWERS Looking to others for clues on
how to behave.
