Chapter 03- Practice Questions

How does the CVE standard make network security devices and tools more effective?

Which of the following is an element of the TCP header that can indicate that a connection has been established?

Which of the following is an accurate set of characteristics you would find in an attack signature?

Packet fragmentation is not normal, and can only occur if an attack has been initiated. True/False?

Newer Trojans listen at a predetermined port on the target computer so that detection is more difficult. True/False?

crafted packets that are inserted into network traffic

lets the other computer know it is finished sending data

an undocumented hidden opening through which an attacker can access a computer

a set of characteristics that define a type of network activity

used by attackers to delay the progression of a scan

a standard set of communications rules that allows one computer to request a service from another computer

sent when one computer want to stop and restart the connection

the maximum packet size that can be transmitted

all ports from 0 to 65,535 are probed one after another

a series of ICMP echo request packets in a range of IP addresses

A ______________ is made up of IP numbers and options, TCP flags, and port number that define a type of network activity.

Which of the following is the description of a land attack?

What is the term used when an IDPS doesn't recognize that an attack is underway?

A TCP packet with no flags set is referred to as a _________ packet.

Which of the following correctly represents the port used by FTP control traffic and FTP file transfer traffic respectively?

Which of the following is NOT among the items of information that a CVE reference reports?

In an RPC _________, a targeted host receives an RPC set request from a source IP address of 127.0.0.1.

Which element of an ICMP header would indicate that the packet is an ICMP echo request message.

What is the typical packet sequence for closing a TCP session?

What can an IDPS check to try to determine whether a packet has been tampered with or damaged in transit?

Under which attack category does a UNIX Sendmail exploitation fall?

What is the packet called where a Web browser sends a request to the Web server for Web page data?

What is the sequence of packets for a successful threeway handshake?

Under which suspicious traffic signature category would a port scan fall?

Which of the following is NOT a category of suspicious TCP/IP packet?

The _______________ part of a packet is the actual data sent from an application on one computer to an application on another.

What type of attack does a remoteaccess Trojan attempt to perpetrate?

Which TCP flag can be the default response to a probe on a closed port?

The signature of a normal FTP connection includes a threeway handshake. True/False?

What is signature analysis?

What is a multiplepacket attack and what is needed by an IDPS to detect one? Provide an example.

Describe the purpose of the CVE and how it works.