1) Some common characteristics of network-based attacks are:
a. They rely on powerful server machines.
b. They exploit some weaknesses in some network protocols.
c. They exploit some weaknesses in system configurations.
d. All of these.
Answer: b, c
Solution: Network-based attacks do not necessarily require powerful machines, and hence option (a) is not true. These attacks try to exploit some weakness(es) in some of the networking protocols or some of the applications running on the hosts or incomplete system configurations. The correct options are (b) and (c).
2) Which of the following is true for SYN flooding attack?
a. It exploits the accumulation of TCP half-open connections.
b. It floods a large number of ICMP echo packets in a synchronous way.
c. It exhausts resources on the victim machine, and prevents genuine requests
from being processed.
d. All of these.
Answer: a, c
Solution: The SYN flooding attack tries to exploit a weakness in the TCP connection establishment phase. The attacker floods the victim machine with a large number of TCP connection requests, each of which is left as half-open (i.e. the third packet in 3-way handshake is not sent). Each connection request will take up some resources on the victim machine (e.g. port number, buffer space, etc.), and ultimately genuine requests will not get processed. Thus, the correct options are (a) and (c).
3) What is a Botnet in the context of a DDoS attack?
a. A host connected to the Internet, which runs one or more bots.
b. It is a subnet through which the DDoS attack is mounted.
c. It is a subnet that prevents DDoS attacks from taking place.
d. None of these.
Answer: a
Solution: Many of the network-based attacks (DoS and DDoS in particular) are based on
so-called Botnets. A Botnet refers to a host connected to the Internet that is under the control
of the attacker. The Botnet host runs a number of โbotsโ that are repetitive code segments
with some malicious intent, typically used to mount an attack. Thus, the correct option is (a).
4) Which of the following is/are true for DNS name resolution?
a. For iterative name resolution, the host may have to send multiple DNS requests to several DNS servers.
b. For recursive name resolution, the host sends a single DNS request to its immediate root DNS server.
c. Host aliasing and load distribution are used for better performance.
d. All of these.
Answer: d
Solution: The DNS server receives a DNS request from a host containing a domain name, and it returns the corresponding IP address. In iterative name resolution, in response to a DNS request, the DNS server sends back a response specifying the next DNS server to send the query. In this way, the host may have to send a number of DNS requests before it gets resolved. Thus, option (a) is true. In recursive name resolution, the host sends a DNS request to the next higher level DNS server. The DNS server in turn recursively forwards the request to its next higher-level DNS server, and so on, until the request gets resolved. The final reply gets back to the host. Here, the host sends a single DNS request. Thus, option (b) is also true. For better performance, multiple DNS servers are used with host aliasing in various levels. This distributes the total load among several DNS servers. Thus, option (c) is also true.
5) How does PGP provide security in email transmission?
a. It provides authentication.
b. It provides confidentiality.
c. It ensures availability.
d. All of these.
Answer: a, b
Solution: PGP provides a set of services for secure email transmission. It provides services like authentication and confidentiality, using a combination of hash functions and encryption techniques. However, it does not address availability issues of the mail server. Hence, the correct options are (a) and (b).
