User Account

All Pages

Describe two important defensive steps or mechanisms

Assignment Help Computer Networking
Reference no: EM13314365

1. Which of the following is NOT one of the recognized virus or malware phases?

a) Triggering
b) Execution
c) Dormant
d) Stealth

2. Briefly describe what "blended attack" means with regard to malware.

3. Match the following with the words that best describe them.

Rootkit; Social engineering; Spyware; Worm; Malicious mobile code;

Backdoor; Bot/Zombie; Cross-site scripting; Zero-day exploits

a) An injection of malicious code/script into a vulnerable website so that a visitor's browser will execute it ____________________
b) Replicating program that propagates over a network ____________________
c) Lightweight program that is downloaded from a remote system and executed locally with minimal or no user intervention ____________________
d) An attack/activity that takes advantage of a previously unknown vulnerability ____________________
e) Mechanism that bypasses normal security to allow unauthorized access ____________________
f) Program taking over network attached computers to launch hard to trace attacks ____________________

4. Identify and briefly describe the key characteristic of any one of the primary anti-virus software approaches/generations/forms.

5. Which of the following is the advanced characteristic of malware which indicates it uses multiple infection vectors?

a) Polymorphic
b) Multipartite
c) Stealth
d) Metamorphic

6. TRUE / FALSE The graph that a typical worm propagation model creates is a straight, nearly 45o diagonal line similar to this:

7. What are two categories of "resources" that could be attacked/exhausted as the result of a denial of service attack?

8. What type of packets could be used for flooding DoS attacks?

a) ICMP
b) TCP SYN
c) UDP
d) All of the above

9. Identify and briefly describe an important architectural element/feature that is typically used to make a denial of service attack "Distributed."

10. Which of the following most correctly explains the difference between a reflection attack and an amplification attack?

a) A reflection attack is a sub-category of amplification attacks that differs in that it sends packets to hosts instead of servers.
b) Amplification attacks are distributed, and reflection attacks are not.
c) An amplification attack is a variation of a reflection attack that differs in that it generates multiple response packets for each original packet sent.
d) They are essentially the same thing.

11. Identify and briefly describe two important defensive steps or mechanisms that can be used against DDoS attacks.

12. Which of the following is most important in the success of DoS attacks?

a) Stealth
b) Control
c) Message content
d) Volume

13. Briefly define what is meant by an "insider" or "inside threat" AND identify two things an insider might do on your network or system.

14. Which of the following is the best definition of the scanning phase of an attack?

a) Detecting vulnerabilities
b) Finding systems
c) Maintaining access
d) Exploiting vulnerabilities

15. Briefly describe the difference between a "white hat hacker" and a "black hat hacker" in today's environment.

16. Which of the following is NOT a typical IDS component?

a) Analyzers
b) Logger
c) User interface
d) Sensors

17. Match the following terms with the words that best describe them Anomaly Detection; Network based IDS; Host based IDS; Signature Detection

a) Monitors characteristics and events on a single host for suspicious activity ____________________
b) Observation of events on a system and applying a set of rules to decide if intruder activity is involved ____________________
c) Monitors network traffic for suspicious activity ____________________
d) Collection and analysis of data relating to the behavior of legitimate users over a period of time ____________________

18. Identify any of the "measures that may be used for intrusion detection" (things/events that IDS look for) AND discuss how monitoring this measure might lead to a "false alarm" by your IDS. (2 parts)

19. TRUE / FALSE A honeypot or honeynet is a defensive "sticky" area of your network meant to slow the attacker down by filtering their traffic.

20. List three design goals (desired characteristics) for a firewall.

21. Which of the following is NOT true with regard to Packet Filtering firewalls?

a) Monitors the status of TCP connections
b) Examines information in packet headers
c) Can discard or forward inspected packets
d) Examines source and destination addresses

22. Which of the following is TRUE with regard to Stateful Inspection firewalls?

a) Only reviews header information
b) Evaluates the data/content of a packet for legality
c) Does not consider port numbers
d) Tracks TCP sequence numbers in decision making

23. How does Unified Threat Management (UTM) differ from a firewall? (3 pts)

24. Match the following with the words that best describe them.

Bastion Host; Application gateway; Circuit-level gateway;

Personal firewall; UTM; DMZ; SNORT; Sandbox;

a) Network area which provides a protective barrier between external/untrusted sources of traffic and an internal network ____________________
b) An isolated system area used to quarantine code ____________________
c) Middle man for TCP connections between an inside user and an outside host
____________________
d) Controls traffic flow to/from a PC/workstation ____________________
e) Critical strongpoint in network ____________________
f) Acts as a relay of application-level traffic ____________________

25. TRUE / FALSE The ordering of firewall rules does not impact the proper operation of a firewall.

26. In your own layman's words, explain what a buffer overflow is AND identify one (1) possible immediate impact a buffer overflow can result in (in other words, identify something bad that could happen next).

27. Which of the following best describes a key thing that must be identified to successfully implement a buffer overflow attack?

a) Must understand how a program has been fuzzed
b) Must identify exactly how many characters of input are expected
c) Must understand how/where the buffer is stored
d) Must identify the exact sequence of calls to libraries in a program

28. Name three (3) areas of computer memory that overflow attacks can typically target.

29. Which of the following best describes why some high-level programming languages are less vulnerable to buffer overflows?

a) Mandatory use of guard bands in memory
b) Strong notion of type for variables and valid operations
c) The mixing of assembly language and graphical interfaces
d) No buffers are used

30. Which of the following is NOT true with regard to the use of Shellcode in overflow attacks?

a) Can be saved in buffer being overflowed
b) Requires only rudimentary knowledge of scripting
c) Specific to processor and operating system
d) Used to transfer control to a command line/shell

31. Name and very briefly describe two approaches or mechanisms used to defend against buffer overflow attacks.

Reference no: EM13314365

Questions Cloud

Is factory farming morally justifiable : Are corporations obliged to help combat social problems and is factory farming morally justifiable?
Determine the increase in internal energy of the system : The only work interaction between the system and the surroundings is via the paddle wheel. The work done on the system via the paddle wheel is 220 ft*Ibf and the heat interaction can be assumed negligible.
Write a module case study regarding the nextgen air : Write a module case study regarding the NextGen Air Transportation System:
What is the work done on the box : A rope is used to pull a block a horizontal distance of 50 metres. If the rope tension is 120 N, What is the work done on the box
Describe two important defensive steps or mechanisms : Identify any of the "measures that may be used for intrusion detection" (things/events that IDS look for) AND discuss how monitoring this measure might lead to a "false alarm" by your IDS.
Enthalpy of formation data to compute the number of moles : Use enthalpy of formation data to calculate the number of moles of CO2(g) produced per megajoule of heat released from the combustion of each fuel under standard conditions
Determine what is the minimum pipe diameter in the tube : Helium(15 degrees celsius, 1atm) will be transported in a straight horizontal copper tube over a distance of 150 m at a rate of 0.1 m^3/s. If the pressure drop in the tube should exceed 6 in h20, what is the minimum pipe diameter
Analyse and evaluate the major unique human factors : Analyze and evaluate the major unique human factors
Explain the relative molar amounts of the species : Identify the relative molar amounts of the species in 0.10 M NaBr(aq). If equal, place the species in the same box. H2O OH- H30+ Br- Na+ NaBr

Reviews

Write a Review

Computer Networking Questions & Answers

  Diagram of simplest connection between two computers

Using Ethernet Network Interface Cards or NICs, diagram simplest connection between two computers which will allow for communications and resource sharing.

  Describe original classful address scheme

In original classful address scheme, was it possible to find out the class of the address from address itself? Describe.

  Determine total end-to-end delay to send packet of length l

Suppose that switches user store-and forward packet switching, determine the total end-to-end delay to send packet of length L?

  Kind of media use to connect corporate wan to the internet

What type of media would you recommend using to connect the buildings and why? What kind of media should the company request from its ISP for connecting the corporate WAN to the Internet?

  Provide network design-transferring of videos and music file

Provide a network design, a drawing of a solution to address the following: Transferring of videos and music files between computers, Sharing Internet connection, one laser printer, and one photo printer

  Producing list of mac addresses and ip addresses

You have been asked in order to produce a list of the MAC addresses and the corresponding IP addresses and computer names within your network. Suggest at least two methods in order to complete this task.

  How many bits delivered to network-layer ptotocol

The destination network has a maximum packet size of 1240 bits. How many bits,including headers,are delivered to the network-layer ptotocol at the destination?

  Explain role of it consultant to new nonprofit organization

Suppose the role of IT consultant to new nonprofit organization, Free Flu, that gives flu shots to elderly. The organization requires domain name.

  Explaining dns resolver queries

When a DNS resolver queries the name server, does case of the domain name affect response?

  Specify protocol by listing the different messages

Specify your protocol by listing the different messages that will be used by your application layer protocol. You must clearly specify the contents of each message by providing the message structure.

  What are differences between lans and wireless lans

The latest member of the 802.11 family is 802.11n. What are some immediately noticeable differences between LANs and Wireless LANs?

  The analog to digital converter

The Analog to Digital converter has V(t) as its input, and it outputs a binary word B(t) with a fixed length of k bits, which is its best approximation to V(t). Suppose that V(t) can vary continuously between zero and 5 volts

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd