CS6262 Final Exam Questions with Correct
Answers | Latest Update Verified by
Experts
1. Which scanning technique involves each compromised computer probing
random IP addresses? - correct answer---- Random Scanning
Rationale:-Random scanning uses a random number generator to select
targets, causing each infected machine to probe addresses independently
without coordination.
2. Which scanning method uses a common pseudo-random permutation of
the IP address space shared among all compromised computers? - correct
answer---- Permutation Scanning
Rationale:-Permutation scanning ensures all infected machines traverse
the same pseudo-random sequence, avoiding overlap and reducing
duplicate probes.
3. What scanning technique leverages the existing communication patterns of
a compromised computer to discover new targets? - correct answer---
- Signpost Scanning
Rationale:-Signpost scanning examines network traffic, browser history, or
stored connections to find trusted or frequently contacted hosts.
4. In which scanning approach does the attacker supply a portion of a pre-
generated target list to each compromised machine? - correct answer---
- Hit List Scanning
Rationale:-Hit list scanning distributes a subset of vulnerable targets from
an initial reconnaissance list, speeding up propagation.
5. What spoofing technique generates random addresses within a specific
address range (e.g., a /24 subnet)? - correct answer---- Subnet Spoofing
Rationale:-Subnet spoofing restricts random address generation to a given
network prefix, often to evade filtering or target local networks.
,6. Which spoofing method generates completely random 32-bit numbers and
stamps packets with them? - correct answer---- Random Spoofing
Rationale:-Random spoofing selects source IPs uniformly from the entire
IPv4 space, making traceback difficult.
7. Fixed spoofing refers to which practice? - correct answer---- The spoofed
address is the address of the target
Rationale:-Fixed spoofing sets the source IP to the target's own address,
often causing the target to attack itself (reflection).
8. A DoS attack that targets a specific application on a server (e.g., Apache,
MySQL) is classified as: - correct answer---- Server Application
Rationale:-Application-layer DoS focuses on exhausting resources of a
particular service rather than network bandwidth.
9. An attack designed to overload or crash the communication mechanism of
a network (e.g., switch, router) is called: - correct answer---- Network
Access
Rationale:-Network access attacks target infrastructure components like
switches or firewalls using techniques such as MAC flooding.
10.An attack motivated by disrupting a crucial service of global internet
operation, such as a core router, is labeled: - correct answer---
- Infrastructure
Rationale:-Infrastructure attacks aim at critical nodes (DNS root servers,
backbone routers) to cause widespread damage.
11.A design flaw that allows one machine to disrupt a service (e.g., sending a
small packet that triggers a huge response) is a: - correct answer---- DoS
Bug (Amplification Attack)
Rationale:-DoS bugs exploit protocol vulnerabilities where a small request
generates a disproportionately large response.
12.Commanding botnets to generate a flood of requests toward a target is
known as: - correct answer---- DoS Flood (Amplification Attack)
Rationale:-DoS floods use many compromised machines to overwhelm a
target with traffic volume.
, 13.Why is UDP-based NTP particularly vulnerable to amplification attacks? -
correct answer---- Small command can generate a large response;
vulnerable to source IP spoofing; difficult to ensure legitimate
communication
Rationale:-NTP’s monlist request (small) yields a large response, and lack of
handshake allows spoofed source IPs.
14.Which of the following describes the IP header format characteristics? -
correct answer---- Connectionless, unreliable, no authentication
Rationale:-IP is a best-effort, connectionless protocol without built-in
authentication or reliability.
15.A SYN flood attack works by: - correct answer---- Sending a large amount
of SYN request packets to a server to exhaust its half-open connection
queue
Rationale:-The server allocates resources for each SYN, waiting for ACK that
never comes, depleting memory.
16.One mitigation for SYN floods is SYN cookies. How do they work? - correct
answer---- Remove state from server, encode connection info in the SYN-
ACK sequence number, incur performance overhead
Rationale:-SYN cookies avoid storing half-open connections; server
reconstructs state only if client returns valid ACK.
17.Crowdturfers are individuals who: - correct answer---- Crowdsource to
create, verify, and manage fake accounts; solve CAPTCHAs
Rationale:-Crowdturfing outsources account creation and CAPTCHA solving
to low-cost human workers.
18.The seven phases of penetration testing in order are: - correct answer---
- Footprinting, Scanning, Enumeration, Gaining Access, Escalating
Privileges, Pilfering, Covering Tracks, Creating Backdoors
Rationale:-Standard methodology: reconnaissance, vulnerability
identification, user extraction, exploitation, privilege escalation, data theft,
cleanup, persistence.
Answers | Latest Update Verified by
Experts
1. Which scanning technique involves each compromised computer probing
random IP addresses? - correct answer---- Random Scanning
Rationale:-Random scanning uses a random number generator to select
targets, causing each infected machine to probe addresses independently
without coordination.
2. Which scanning method uses a common pseudo-random permutation of
the IP address space shared among all compromised computers? - correct
answer---- Permutation Scanning
Rationale:-Permutation scanning ensures all infected machines traverse
the same pseudo-random sequence, avoiding overlap and reducing
duplicate probes.
3. What scanning technique leverages the existing communication patterns of
a compromised computer to discover new targets? - correct answer---
- Signpost Scanning
Rationale:-Signpost scanning examines network traffic, browser history, or
stored connections to find trusted or frequently contacted hosts.
4. In which scanning approach does the attacker supply a portion of a pre-
generated target list to each compromised machine? - correct answer---
- Hit List Scanning
Rationale:-Hit list scanning distributes a subset of vulnerable targets from
an initial reconnaissance list, speeding up propagation.
5. What spoofing technique generates random addresses within a specific
address range (e.g., a /24 subnet)? - correct answer---- Subnet Spoofing
Rationale:-Subnet spoofing restricts random address generation to a given
network prefix, often to evade filtering or target local networks.
,6. Which spoofing method generates completely random 32-bit numbers and
stamps packets with them? - correct answer---- Random Spoofing
Rationale:-Random spoofing selects source IPs uniformly from the entire
IPv4 space, making traceback difficult.
7. Fixed spoofing refers to which practice? - correct answer---- The spoofed
address is the address of the target
Rationale:-Fixed spoofing sets the source IP to the target's own address,
often causing the target to attack itself (reflection).
8. A DoS attack that targets a specific application on a server (e.g., Apache,
MySQL) is classified as: - correct answer---- Server Application
Rationale:-Application-layer DoS focuses on exhausting resources of a
particular service rather than network bandwidth.
9. An attack designed to overload or crash the communication mechanism of
a network (e.g., switch, router) is called: - correct answer---- Network
Access
Rationale:-Network access attacks target infrastructure components like
switches or firewalls using techniques such as MAC flooding.
10.An attack motivated by disrupting a crucial service of global internet
operation, such as a core router, is labeled: - correct answer---
- Infrastructure
Rationale:-Infrastructure attacks aim at critical nodes (DNS root servers,
backbone routers) to cause widespread damage.
11.A design flaw that allows one machine to disrupt a service (e.g., sending a
small packet that triggers a huge response) is a: - correct answer---- DoS
Bug (Amplification Attack)
Rationale:-DoS bugs exploit protocol vulnerabilities where a small request
generates a disproportionately large response.
12.Commanding botnets to generate a flood of requests toward a target is
known as: - correct answer---- DoS Flood (Amplification Attack)
Rationale:-DoS floods use many compromised machines to overwhelm a
target with traffic volume.
, 13.Why is UDP-based NTP particularly vulnerable to amplification attacks? -
correct answer---- Small command can generate a large response;
vulnerable to source IP spoofing; difficult to ensure legitimate
communication
Rationale:-NTP’s monlist request (small) yields a large response, and lack of
handshake allows spoofed source IPs.
14.Which of the following describes the IP header format characteristics? -
correct answer---- Connectionless, unreliable, no authentication
Rationale:-IP is a best-effort, connectionless protocol without built-in
authentication or reliability.
15.A SYN flood attack works by: - correct answer---- Sending a large amount
of SYN request packets to a server to exhaust its half-open connection
queue
Rationale:-The server allocates resources for each SYN, waiting for ACK that
never comes, depleting memory.
16.One mitigation for SYN floods is SYN cookies. How do they work? - correct
answer---- Remove state from server, encode connection info in the SYN-
ACK sequence number, incur performance overhead
Rationale:-SYN cookies avoid storing half-open connections; server
reconstructs state only if client returns valid ACK.
17.Crowdturfers are individuals who: - correct answer---- Crowdsource to
create, verify, and manage fake accounts; solve CAPTCHAs
Rationale:-Crowdturfing outsources account creation and CAPTCHA solving
to low-cost human workers.
18.The seven phases of penetration testing in order are: - correct answer---
- Footprinting, Scanning, Enumeration, Gaining Access, Escalating
Privileges, Pilfering, Covering Tracks, Creating Backdoors
Rationale:-Standard methodology: reconnaissance, vulnerability
identification, user extraction, exploitation, privilege escalation, data theft,
cleanup, persistence.
