CEHv9 Chapter 9

Description

CEH Security
Paul Anstall
Quiz by Paul Anstall, updated more than 1 year ago
Paul Anstall
Created by Paul Anstall about 7 years ago
128
0

Resource summary

Question 1

Question
Which of the following doesn’t define a method of transmitting data that violates a security policy?
Answer
  • Backdoor channel
  • Session hijacking
  • Covert channel
  • Overt channel

Question 2

Question
Which virus type is only executed when a specific condition is met?
Answer
  • Sparse infector
  • Multipartite
  • Metamorphic
  • Cavity

Question 3

Question
Which of the following propagates without human interaction?
Answer
  • Trojan
  • Worm
  • Virus
  • MITM

Question 4

Question
Which of the following don’t use ICMP in the attack? (Choose two.)
Answer
  • SYN flood
  • Ping of Death
  • Smurf
  • Peer to peer

Question 5

Question
Which of the following is not a recommended step in recovering from a malware infection?
Answer
  • Delete system restore points.
  • Back up the hard drive.
  • Remove the system from the network.
  • Reinstall from original media.

Question 6

Question
Which of the following is a recommendation to protect against session hijacking? (Choose two.)
Answer
  • Use only nonroutable protocols.
  • Use unpredictable sequence numbers.
  • Use a file verification application, such as Tripwire.
  • Use a good password policy.
  • Implement ICMP throughout the environment.

Question 7

Question
Which of the following attacks an already-authenticated connection?
Answer
  • Smurf
  • Denial of service
  • Session hijacking
  • Phishing

Question 8

Question
How does Tripwire (and programs like it) help against Trojan attacks?
Answer
  • Tripwire is an AV application that quarantines and removes malware immediately.
  • Tripwire is an AV application that quarantines and removes malware after a scan.
  • Tripwire is a file-integrity-checking application that rejects malware packets intended for the kernel.
  • Tripwire is a file-integrity-checking application that notifies you when a system file has been altered, potentially indicating malware.

Question 9

Question
Which of the following DoS categories consume all available bandwidth for the system or service?
Answer
  • Fragmentation attacks
  • Volumetric attacks
  • Application attacks
  • TCP state-exhaustion attacks

Question 10

Question
During a TCP data exchange, the client has offered a sequence number of 100, and the server has offered 500. During acknowledgments, the packet shows 101 and 501, respectively, as the agreed-upon sequence numbers. With a window size of 5, which sequence numbers would the server willingly accept as part of this session?
Answer
  • 102 through 104
  • 102 through 501
  • 102 through 502
  • Anything above 501

Question 11

Question
Which of the following is the proper syntax on Windows systems for spawning a command shell on port 56 using Netcat?
Answer
  • nc -r 56 -c cmd.exe
  • nc -p 56 -o cmd.exe
  • nc -L 56 -t -e cmd.exe
  • nc -port 56 -s -o cmd.exe

Question 12

Question
Which of the following best describes a DRDoS?
Answer
  • Multiple intermediary machines send the attack at the behest of the attacker.
  • The attacker sends thousands upon thousands of SYN packets to the machine with a false source IP address.
  • The attacker sends thousands of SYN packets to the target but never responds to any of the return SYN/ACK packets.
  • The attack involves sending a large number of garbled IP fragments with overlapping, oversized payloads to the target machine.

Question 13

Question
Which of the following best describes a teardrop attack?
Answer
  • The attacker sends a packet with the same source and destination address.
  • The attacker sends several overlapping, extremely large IP fragments.
  • The attacker sends UDP Echo packets with a spoofed address.
  • The attacker uses ICMP broadcast to DoS targets.
Show full summary Hide full summary

Similar

CCNA Security 210-260 IINS - Exam 3
Mike M
Application of technology in learning
Jeff Wall
Innovative Uses of Technology
John Marttila
Ch1 - The nature of IT Projects
mauricio5509
The Internet
Gee_0599
SQL Quiz
R M
CCNA Answers – CCNA Exam
Abdul Demir
Professional, Legal, and Ethical Issues in Information Security
mfundo.falteni
System Analysis
R A
Flash Cards Networks
JJ Pro Wrestler
EDUC260- Multimodal Literacies for a Digital Age
angelwoo2002