Chat with AIExam 3: Network Traffic Signatures
Exam 1: Network Security Fundamentals50 Questions
Exam 2: TCP-IP50 Questions
Exam 3: Network Traffic Signatures49 Questions
Exam 4: Routing Fundamentals50 Questions
Exam 5: Cryptography50 Questions
Exam 6: Wireless Network Fundamentals50 Questions
Exam 7: Understanding Wireless Security50 Questions
Exam 8: Intrusion Detection and Prevention Systems50 Questions
Exam 9: Firewalls50 Questions
Exam 10: Firewall Design and Management50 Questions
Exam 11: VPN Concepts50 Questions
Exam 12: Internet and World Wide Web Security50 Questions
Exam 13: Security Policy Design and Implementation50 Questions
Exam 14: On-Going Security Management50 Questions
Select questions type
What is the result of packets that are created which exceed the MTU of the network? How can this process be exploited?
Free
(Essay)
4.7/5 
(29)
(29) Correct Answer:
Verified
VerifiedPackets that are larger than the MTU must be fragmented,or broken into multiple segments that are small enough for the network to handle.
After a packet is broken into fragments,each fragment receives its own IP header.However,in IPv4,only the initial packet in a set includes a header for higher-level protocols.Most filters need the information in the higher-level protocol header to make the decision to allow or deny the packet.Accordingly,attackers send only secondary fragments,which are any fragments other than the initial one.These packets are often allowed past the IDPS because filter rules are applied to first fragments only.
Which TCP flag can be the default response to a probe on a closed port?
Free
(Multiple Choice)
4.9/5 (34)
(34) Correct Answer:Verified
VerifiedA
What can an IDPS check to try to determine whether a packet has been tampered with or damaged in transit?
Free
(Multiple Choice)
4.7/5 (35)
(35) Correct Answer:Verified
VerifiedC
MATCHING
-used by attackers to delay the progression of a scan
(Multiple Choice)
4.7/5 (29)
(29) Under which attack category does a UNIX Sendmail exploitation fall?
(Multiple Choice)
4.9/5 (32)
(32) MATCHING
-a series of ICMP echo request packets in a range of IP addresses
(Multiple Choice)
4.9/5 (42)
(42) A ______________ is made up of IP numbers and options,TCP flags,and port number that define a type of network activity.
(Short Answer)
4.9/5 (33)
(33) Which element of an ICMP header would indicate that the packet is an ICMP echo request message.
(Multiple Choice)
5.0/5 (36)
(36) In an RPC _________,a targeted host receives an RPC set request from a source IP address of 127.0.0.1.
(Short Answer)
4.9/5 (34)
(34) What is a selective acknowledgement and how does it affect transmissions?
(Essay)
4.8/5 (32)
(32) MATCHING
-a standard set of communications rules that allows one computer to request a service from another computer
(Multiple Choice)
4.8/5 (33)
(33) Which of the following correctly represents the port used by FTP control traffic and FTP file transfer traffic respectively?
(Multiple Choice)
4.8/5 (41)
(41) What are the signatures of malformed packets that misuse the SYN and FIN flags? Briefly describe each.
(Essay)
4.8/5 (41)
(41) What is the packet called where a Web browser sends a request to the Web server for Web page data?
(Multiple Choice)
4.8/5 (38)
(38) The _______________ part of a packet is the actual data sent from an application on one computer to an application on another.
(Short Answer)
4.8/5 (35)
(35) Which of the following is an accurate set of characteristics you would find in an attack signature?
(Multiple Choice)
4.8/5 (36)
(36) In the three-way handshake,the first packet in the sequence has the ________ flag set.
(Short Answer)
4.9/5 (33)
(33) Which of the following is NOT among the items of information that a CVE reference reports?
(Multiple Choice)
4.8/5 (39)
(39) What is the difference between a vanilla port scan and a strobe port scan?
(Essay)
4.8/5 (31)
(31) 
Filters
- Essay(0)
- Multiple Choice(0)
- Short Answer(0)
- True False(0)
- Matching(0)