ECSS Online Practice Questions and Answers

In which of the following DoS attacks does an attacker send an ICMP packet larger than 65,536 bytes to the target system?

A. Fraggle

B. Jolt

C. Teardrop

D. Ping of death

In which of the following techniques does an attacker take network traffic coming towards a host at one port and forward it from that host to another host?

A. Firewalking

B. Snooping

C. Port redirection

D. UDP port scanning

Which of the following tools is used to clear the event log?

A. Elsave

B. Auditpol

C. John the Ripper

D. AirSnort

Which of the following algorithms produces a digital signature which is used to authenticate the bit- stream images?

A. BOINIC

B. HashClash

C. MD5

D. MD6

Which of the following statements are true about firewalking?

Each correct answer represents a complete solution. Choose all that apply.

A. Firewalking works on the UDP packets.

B. A malicious attacker can use firewalking to determine the types of ports/protocols that can bypass the firewall.

C. To use firewalking, the attacker needs the IP address of the last known gateway before the firewall and the IP address of a host located behind the firewall.

D. In this technique, an attacker sends a crafted packet with a TTL value that is set to expire one hop past the firewall.

In which of the following access control models can a user not grant permissions to other users to see a copy of an object marked as secret that he has received, unless they have the appropriate permissions?

A. Role Based Access Control (RBAC)

B. Mandatory Access Control (MAC)

C. Access Control List (ACL)

D. Discretionary Access Control (DAC)

You work as a Network Administrator for Tech Perfect Inc. The company has a Windows Active Directory-based single domain single forest network. The functional level of the forest is Windows Server 2003. The company has recently provided fifty laptops to its sales team members. You are required to configure an 802.11 wireless network for the laptops. The sales team members must be able to use their data placed at a server in a cabled network. The planned network should be able to handle the threat of unauthorized access and data interception by an unauthorized user.

You are also required to prevent the sales team members from communicating directly to one another. Which of the following actions will you take to accomplish the task?

Each correct answer represents a complete solution. Choose all that apply.

A. Configure the wireless network to use WEP encryption for the data transmitted over a wireless network.

B. Using group policies, configure the network to allow the wireless computers to connect to the ad hoc networks only.

C. Implement the open system authentication for the wireless network.

D. Using group policies, configure the network to allow the wireless computers to connect to the infrastructure networks only.

E. Implement the IEEE 802.1X authentication for the wireless network.

Burp Suite is a Java application for attacking web applications. This tool includes a proxy server, a spider, an intruder, and a repeater. Which of the following can be used to perform stress testing?

A. Repeater

B. Spider

C. Intruder

D. Proxy Server

Peter, a malicious hacker, obtains e-mail addresses by harvesting them from postings, blogs, DNS listings, and Web pages. He then sends large number of unsolicited commercial e-mail (UCE) messages on these addresses. Which of the following e-mail crimes is Peter committing?

A. E-mail Spam

B. E-mail spoofing

C. E-mail bombing

D. E-mail Storm

An attacker wants to launch an attack on a wired Ethernet. He wants to accomplish the following tasks:

· Sniff data frames on a local area network.

· Modify the network traffic.

· Stop the network traffic frequently.

Which of the following techniques will the attacker use to accomplish the task?

A. ARP spoofing

B. IP spoofing

C. Eavesdropping

D. Session hijacking