Paul Anstall
Quiz by , created more than 1 year ago

CEH Security

128
0
0
Paul Anstall
Created by Paul Anstall about 7 years ago
Close

CEHv9 Chapter 9

Question 1 of 13

1

Which of the following doesn’t define a method of transmitting data that violates a security policy?

Select one of the following:

  • Backdoor channel

  • Session hijacking

  • Covert channel

  • Overt channel

Explanation

Question 2 of 13

1

Which virus type is only executed when a specific condition is met?

Select one of the following:

  • Sparse infector

  • Multipartite

  • Metamorphic

  • Cavity

Explanation

Question 3 of 13

1

Which of the following propagates without human interaction?

Select one of the following:

  • Trojan

  • Worm

  • Virus

  • MITM

Explanation

Question 4 of 13

1

Which of the following don’t use ICMP in the attack? (Choose two.)

Select one or more of the following:

  • SYN flood

  • Ping of Death

  • Smurf

  • Peer to peer

Explanation

Question 5 of 13

1

Which of the following is not a recommended step in recovering from a malware infection?

Select one of the following:

  • Delete system restore points.

  • Back up the hard drive.

  • Remove the system from the network.

  • Reinstall from original media.

Explanation

Question 6 of 13

1

Which of the following is a recommendation to protect against session hijacking? (Choose two.)

Select one or more of the following:

  • Use only nonroutable protocols.

  • Use unpredictable sequence numbers.

  • Use a file verification application, such as Tripwire.

  • Use a good password policy.

  • Implement ICMP throughout the environment.

Explanation

Question 7 of 13

1

Which of the following attacks an already-authenticated connection?

Select one of the following:

  • Smurf

  • Denial of service

  • Session hijacking

  • Phishing

Explanation

Question 8 of 13

1

How does Tripwire (and programs like it) help against Trojan attacks?

Select one of the following:

  • Tripwire is an AV application that quarantines and removes malware immediately.

  • Tripwire is an AV application that quarantines and removes malware after a scan.

  • Tripwire is a file-integrity-checking application that rejects malware packets intended for the kernel.

  • Tripwire is a file-integrity-checking application that notifies you when a system file has been altered, potentially indicating malware.

Explanation

Question 9 of 13

1

Which of the following DoS categories consume all available bandwidth for the system or service?

Select one of the following:

  • Fragmentation attacks

  • Volumetric attacks

  • Application attacks

  • TCP state-exhaustion attacks

Explanation

Question 10 of 13

1

During a TCP data exchange, the client has offered a sequence number of 100, and the server has offered 500. During acknowledgments, the packet shows 101 and 501, respectively, as the agreed-upon sequence numbers. With a window size of 5, which sequence numbers would the server willingly accept as part of this session?

Select one of the following:

  • 102 through 104

  • 102 through 501

  • 102 through 502

  • Anything above 501

Explanation

Question 11 of 13

1

Which of the following is the proper syntax on Windows systems for spawning a command shell on port 56 using Netcat?

Select one of the following:

  • nc -r 56 -c cmd.exe

  • nc -p 56 -o cmd.exe

  • nc -L 56 -t -e cmd.exe

  • nc -port 56 -s -o cmd.exe

Explanation

Question 12 of 13

1

Which of the following best describes a DRDoS?

Select one of the following:

  • Multiple intermediary machines send the attack at the behest of the attacker.

  • The attacker sends thousands upon thousands of SYN packets to the machine with a false source IP address.

  • The attacker sends thousands of SYN packets to the target but never responds to any of the return SYN/ACK packets.

  • The attack involves sending a large number of garbled IP fragments with overlapping, oversized payloads to the target machine.

Explanation

Question 13 of 13

1

Which of the following best describes a teardrop attack?

Select one of the following:

  • The attacker sends a packet with the same source and destination address.

  • The attacker sends several overlapping, extremely large IP fragments.

  • The attacker sends UDP Echo packets with a spoofed address.

  • The attacker uses ICMP broadcast to DoS targets.

Explanation

Previous
Next