1. Which is a method to prevent denial-of-service attacks?
A. Static routing
B. Traffic filtering
C. Firewall rules
D. Personal firewall
2. What is a zombie?
A. A compromised system used to launch a DDoS attack
B. The hacker’s computer
C. The victim of a DDoS attack
D. A compromised system that is the target of a DDoS attack
3. The Trinoo tool uses what protocol to perform a DoS attack?
A. TCP
B. IP
C. UDP
D. HTTP
4. What is the first phase of a DDoS attack?
A. Intrusion
B. Attack
C. DoS
D. Finding a target system
5. Which tool can run eight different types of DoS attacks?
A. Ping of Death
B. Trinoo
C. Targa
D. TFN2K
6. What is a smurf attack?
A. Sending a large amount of ICMP traffic with a spoofed source address
B. Sending a large amount of TCP traffic with a spoofed source address
C. Sending a large number of TCP connection requests with a spoofed source address
D. Sending a large number of TCP connection requests
7. What is a LAND attack? (Choose all that apply.)
A. Sending oversized ICMP packets
B. Sending packets to a victim with a source address set to the victim’s IP address
C. Sending packets to a victim with a destination address set to the victim’s IP address
D. Sending a packet with the same source and destination address
8. What is the Ping of Death?
A. Sending packets that, when reassembled, are too large for the system to understand
B. Sending very large packets that cause a buffer overflow
C. Sending packets very quickly to fill up the receiving buffer
D. Sending a TCP packet with the fragment offset out of bounds
9. How does a denial-of-service attack work? (Choose all that apply.)
A. Cracks passwords, causing the system to crash
B. Imitates a valid user
C. Prevents a legitimate user from using a system or service
D. Attempts to break the authentication method
10. What is the goal of a DoS attack?
A. To capture files from a remote system
B. To incapacitate a system or network
C. To exploit a weakness in the TCP/IP stack
D. To execute a Trojan using the hidden shares
11. Which of the following tools is only for Sun Solaris systems?
A. Juggernaut
B. T-Sight
C. IP Watcher
D. TTYWatcher
12. What is a sequence number?
A. A number that indicates where a packet falls in the data stream
B. A way of sending information from the sending to the receiving station
C. A number that the hacker randomly chooses in order to hijack a session
D. A number used in reconstructing a UDP session
13. What type of information can be obtained during a session-hijacking attack? (Choose all
that apply.)
A. Passwords
B. Credit card numbers
C. Confidential data
D. Authentication information
14. Which of the following is essential information to a hacker performing a session-hijacking
attack?
A. Session ID
B. Session number
C. Sequence number
D. Source IP address
15. Which of the following is a session-hijacking tool that runs on Linux operating systems?
A. Juggernaut
B. Hunt
C. TTYWatcher
D. TCP Reset Utility
16. Which of the following is the best countermeasure to session hijacking?
A. Port filtering firewall
B. Encryption
C. Session monitoring
D. Strong passwords
17. Which of the following best describes sniffing?
A. Gathering packets to locate IP addresses in order to initiate a session-hijacking attack
B. Analyzing packets in order to locate the sequence number to start a session hijack
C. Monitoring TCP sessions in order to initiate a session-hijacking attack
D. Locating a host susceptible to a session-hijack attack
18. What is session hijacking?
A. Monitoring UDP sessions
B. Monitoring TCP sessions
C. Taking over UDP sessions
D. Taking over TCP sessions
19. What types of packets are sent to the victim of a session-hijacking attack to cause them to
close their end of the connection?
A. FIN and ACK
B. SYN or ACK
C. SYN and ACK
D. FIN or RST
20. What is an ISN?
A. Initiation session number
B. Initial sequence number
C. Initial session number
D. Indication sequence number
Answers to Review Questions
1. B. Traffic filtering is a method to prevent DoS attacks. Static routing will not prevent DoS
attacks as it does not perform any traffic filtering or blocking. Firewall rules and personal
firewalls will not stop traffic associated with a DoS attack but will help detect an attack.
2. A. A zombie is a compromised system used to launch a DDoS attack.
3. C. Trinoo uses UDP to flood the target system with data.
4. A. The intrusion phase compromises and recruits zombie systems to use in the coordinated
attack phase.
5. C. Targa is able to send eight different types of DoS attacks.
6. A. A smurf attack sends a large number of ICMP request frames with a spoofed address of
the victim system.
7. A, B. A LAND attack sends packets to a system with that system as the source address,
causing the system to try to reply to itself.
8. A. The Ping of Death attack sends packets that, when reassembled, are too large and cause
the system to crash or lock up.
9. C. A DoS attack works by preventing legitimate users from accessing the system.
10. B. The goal of a DoS attack is to overload a system and cause it to stop responding.
11. D. TTYWatcher is used to perform session hijacking on Sun Solaris systems.
12. A. A sequence number indicates where the packet is located in the data stream so the
receiving station can reassemble the data.
13. A, B, C. Passwords, credit card numbers, and other confidential data can be gathered in a
session-hijacking attack. Authentication information isn’t accessible because session hijacking
occurs after the user has authenticated.
14. C. In order to perform a session-hijacking attack, the hacker must know the sequence
number to use in the next packet so the server will accept the packet.
15. A. Juggernaut runs on Linux operating systems.
16. B. Encryption makes any information the hacker gathers during a session-hijacking attempt
unreadable.
17. B. Sniffing is usually used to locate the sequence number, which is necessary for a session
hijack.
18. D. The most common form of session hijacking is the process of taking over a TCP session.
19. D. FIN (finish) and RST (reset) packets are sent to the victim to desynchronize their con-
nection and cause them to close the existing connection.
20. B. ISN is the initial sequence number that is sent by the host and is the starting point for
the sequence numbers used in later packets.