Paul Anstall
Quiz por , criado more than 1 year ago

CEH Security

130
0
0
Paul Anstall
Criado por Paul Anstall quase 8 anos atrás
Fechar

CEHv9 Chapter 9

Questão 1 de 13

1

Which of the following doesn’t define a method of transmitting data that violates a security policy?

Selecione uma das seguintes:

  • Backdoor channel

  • Session hijacking

  • Covert channel

  • Overt channel

Explicação

Questão 2 de 13

1

Which virus type is only executed when a specific condition is met?

Selecione uma das seguintes:

  • Sparse infector

  • Multipartite

  • Metamorphic

  • Cavity

Explicação

Questão 3 de 13

1

Which of the following propagates without human interaction?

Selecione uma das seguintes:

  • Trojan

  • Worm

  • Virus

  • MITM

Explicação

Questão 4 de 13

1

Which of the following don’t use ICMP in the attack? (Choose two.)

Selecione uma ou mais das seguintes:

  • SYN flood

  • Ping of Death

  • Smurf

  • Peer to peer

Explicação

Questão 5 de 13

1

Which of the following is not a recommended step in recovering from a malware infection?

Selecione uma das seguintes:

  • Delete system restore points.

  • Back up the hard drive.

  • Remove the system from the network.

  • Reinstall from original media.

Explicação

Questão 6 de 13

1

Which of the following is a recommendation to protect against session hijacking? (Choose two.)

Selecione uma ou mais das seguintes:

  • Use only nonroutable protocols.

  • Use unpredictable sequence numbers.

  • Use a file verification application, such as Tripwire.

  • Use a good password policy.

  • Implement ICMP throughout the environment.

Explicação

Questão 7 de 13

1

Which of the following attacks an already-authenticated connection?

Selecione uma das seguintes:

  • Smurf

  • Denial of service

  • Session hijacking

  • Phishing

Explicação

Questão 8 de 13

1

How does Tripwire (and programs like it) help against Trojan attacks?

Selecione uma das seguintes:

  • Tripwire is an AV application that quarantines and removes malware immediately.

  • Tripwire is an AV application that quarantines and removes malware after a scan.

  • Tripwire is a file-integrity-checking application that rejects malware packets intended for the kernel.

  • Tripwire is a file-integrity-checking application that notifies you when a system file has been altered, potentially indicating malware.

Explicação

Questão 9 de 13

1

Which of the following DoS categories consume all available bandwidth for the system or service?

Selecione uma das seguintes:

  • Fragmentation attacks

  • Volumetric attacks

  • Application attacks

  • TCP state-exhaustion attacks

Explicação

Questão 10 de 13

1

During a TCP data exchange, the client has offered a sequence number of 100, and the server has offered 500. During acknowledgments, the packet shows 101 and 501, respectively, as the agreed-upon sequence numbers. With a window size of 5, which sequence numbers would the server willingly accept as part of this session?

Selecione uma das seguintes:

  • 102 through 104

  • 102 through 501

  • 102 through 502

  • Anything above 501

Explicação

Questão 11 de 13

1

Which of the following is the proper syntax on Windows systems for spawning a command shell on port 56 using Netcat?

Selecione uma das seguintes:

  • nc -r 56 -c cmd.exe

  • nc -p 56 -o cmd.exe

  • nc -L 56 -t -e cmd.exe

  • nc -port 56 -s -o cmd.exe

Explicação

Questão 12 de 13

1

Which of the following best describes a DRDoS?

Selecione uma das seguintes:

  • Multiple intermediary machines send the attack at the behest of the attacker.

  • The attacker sends thousands upon thousands of SYN packets to the machine with a false source IP address.

  • The attacker sends thousands of SYN packets to the target but never responds to any of the return SYN/ACK packets.

  • The attack involves sending a large number of garbled IP fragments with overlapping, oversized payloads to the target machine.

Explicação

Questão 13 de 13

1

Which of the following best describes a teardrop attack?

Selecione uma das seguintes:

  • The attacker sends a packet with the same source and destination address.

  • The attacker sends several overlapping, extremely large IP fragments.

  • The attacker sends UDP Echo packets with a spoofed address.

  • The attacker uses ICMP broadcast to DoS targets.

Explicação