What type of attack changes its signature and/or payload to avoid detection by antivirus programs?
C. Boot sector
D. File infecting
In computer terminology,polymorphic code is code that mutates while keeping the original algorithm intact. This technique is sometimes used by computer viruses,shellcodes and computer worms to hide their presence.
You may be able to identify the IP addresses and machine names for the firewall, and the names of internal mail servers by:
A. Sending a mail message to a valid address on the target network,and examining the header information generated by the IMAP servers
B. Examining the SMTP header information generated by using the Ƀmx command parameter of DIG
C. Examining the SMTP header information generated in response to an e-mail message sent to an invalid address
D. Sending a mail message to an invalid address on the target network,and examining the header information generated by the POP servers
Which of the following is not an effective countermeasure against replay attacks?
A. Digital signatures
B. Time Stamps
C. System identification
D. Sequence numbers
A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. Effective countermeasures should be anything that makes it hard to delay or replay the packet (time stamps and sequence numbers) or anything that prove the package is received as it was sent from the original sender (digital signature)
To scan a host downstream from a security gateway, Firewalking:
A. Sends a UDP-based packet that it knows will be blocked by the firewall to determine how specifically the firewall responds to such packets
B. Uses the TTL function to send packets with a TTL value set to expire one hop past the identified security gateway
C. Sends an ICMP ”administratively prohibited” packet to determine if the gateway will drop the packet without comment.
D. Assesses the security rules that relate to the target system before it sends packets to any hops on the route to the gateway
Firewalking uses a traceroute-like IP packet analysis to determine whether or not a particular packet can pass from the attackeros host to a destination host through a packet-filtering device. This technique can be used to map nopeno or npass througho ports on a gateway. More over,it can determine whether packets with various control information can pass through a given gateway.
ETHER: Destination address : 0000BA5EBA11 ETHER: Source address :
An employee wants to defeat detection by a network-based IDS application. He does not want to attack the system containing the IDS application. Which of the following strategies can be used to defeat detection by a network-based IDS application?
A. Create a SYN flood
B. Create a network tunnel
C. Create multiple false positives
D. Create a ping flood
Certain types of encryption presents challenges to network-based intrusion detection and may leave the IDS blind to certain attacks,where a host-based IDS analyzes the data after it has been decrypted.
You perform the above traceroute and notice that hops 19 and 20 both show the same IP address.
This probably indicates what?
A. A host based IDS
B. A Honeypot
C. A stateful inspection firewall
D. An application proxying firewall
Which of the following are potential attacks on cryptography? (Select 3)
A. One-Time-Pad Attack
B. Chosen-Ciphertext Attack
C. Man-in-the-Middle Attack
D. Known-Ciphertext Attack
E. Replay Attack
A chosen-ciphertext attack (CCA) is an attack model for cryptanalysis in which the cryptanalyst chooses a ciphertext and causes it to be decrypted with an unknown key. Specific forms of this attack are sometimes termed “lunchtime” or “midnight” attacks,referring to a scenario in which an attacker gains access to an unattended decryption machine. In cryptography,a man-in-the-middle attack (MITM) is an attack in which an attacker is able to read,insert and modify at will,messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept messages going between the two victims. A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it,possibly as part of a masquerade attack by IP packet substitution (such as stream cipher attack).
What is a primary advantage a hacker gains by using encryption or programs such as Loki?
A. It allows an easy way to gain administrator rights
B. It is effective against Windows computers
C. It slows down the effective response of an IDS
D. IDS systems are unable to decrypt it
E. Traffic will not be modified in transit
Because the traffic is encrypted,an IDS cannot understand it or evaluate the payload.
What is the tool Firewalk used for?
A. To test the IDS for proper operation
B. To test a firewall for proper operation
C. To determine what rules are in place for a firewall
D. To test the webserver configuration
E. Firewalk is a firewall auto configuration tool
Firewalk is an active reconnaissance network security tool that attempts to determine what layer 4 protocols a given IP forwarding device “firewall” will pass. Firewalk works by sending out TCP or UDP packets with a TTL one greater than the targeted gateway. If the gateway allows the traffic,it will forward the packets to the next hop where they will expire and elicit an ICMP_TIME_EXCEEDED message. If the gateway host does not allow the traffic,it will likely drop the packets and no response will be returned.
You have performed the traceroute below and notice that hops 19 and 20 both show the same IP address.
What can be inferred from this output?
A. An application proxy firewall
B. A stateful inspection firewall
C. A host based IDS
D. A Honeypot