Denial-of-Service 2023 Practice Questions and Answers
with complete solution
During the penetration testing of the MyBank public website, Marin discovered a
credit/interest calculator running on server side, which calculates a credit return plan.
The application accepts the following parameters:
amount=100000&duration=10&scale=month
Assuming that parameter amount is the amount of credit, the user is calculating the
interest and credit return plan (in this case for 100,000 USD), parameter duration is the
timeframe the credit will be paid off, and scale defines how often the credit rate will be
paid (year, month, day, ...). How can Marin proceed with testing weather this web
application is vulnerable to DoS?
Change the parameter duration to a large number and change scale value to "day" and
resend the packet few times to observe the delay.
Change the parameter duration to a small number and leave scale value on "month"
and resend the packet few times to observe the delay.
Leave the parameter duration as is and change the scale value to "year" and resend the
packet few times to observe the delay.
Change the parameter duration to a small number and change scale value to "day" and
resend the packet few times to observe the delay.
Change the parameter duration to a large number and change scale value to "day" and
resend the packet few times to observe the delay.
When a client's computer is infected with malicious software which connects to the
remote computer to receive commands, the client's computer is called a ___________
Bot
Botnet
Command and Control(C&C)
Client
Bot
Identify the type of a DoS attack where an attacker sends e-mails, Internet relay chats
(IRCs), tweets, and posts videos with fraudulent content for hardware updates to the
victim with the intent of modifying and corrupting the updates with vulnerabilities or
defective firmware.
, SYN flooding attack
Internet control message protocol(ICMP) flood attack
Ping of death attack
Phlashing attack
Phlashing attack
Which of the following is considered to be a smurf attack?
An attacker sends a large amount of ICMP traffic with a spoofed source IPaddress.
An attacker sends a large amount TCP traffic with a spoofed source IPaddress.
An attacker sends a large number of TCP connection requests with spoofed source
IPaddress.
An attacker sends a large number of TCP/user datagram protocol (UDP) connection
requests.
An attacker sends a large amount of ICMP traffic with a spoofed source IPaddress.
The DDoS tool created by anonymous sends junk HTTP GET and POST requests to
flood the target, and its second version of the tool (the first version had different name)
that was used in the so-called Operation Megaupload is called _______.
HOIC
BanglaDOS
Dereil
Pandora DDoS
HOIC
Mike works for a company "Fourth Rose Intl." as the sales manager. He was sent to Las
Vegas on a business trip to meet his clients. After the successful completion of his
meeting, Mike went back to his hotel room, connected to the hotel Wi-Fi network and
attended his other scheduled online client meetings through his laptop. After returning
back to his office headquarters, Mike connects his laptop to the office Wi-Fi network and
continues his work; however, he observes that his laptop starts to behave strangely. It
regularly slows down with blue screening from time-to-time and rebooting without any
apparent reason. He raised the issue with his system administrator. Some days later,
the system administrator in Mike's company observed the same issue in various other
computers in his organization. Meanwhile, he has also observed that large amounts of
unauthorized traffic from various IP addresses of "Fourth Rose Intl." were directed
with complete solution
During the penetration testing of the MyBank public website, Marin discovered a
credit/interest calculator running on server side, which calculates a credit return plan.
The application accepts the following parameters:
amount=100000&duration=10&scale=month
Assuming that parameter amount is the amount of credit, the user is calculating the
interest and credit return plan (in this case for 100,000 USD), parameter duration is the
timeframe the credit will be paid off, and scale defines how often the credit rate will be
paid (year, month, day, ...). How can Marin proceed with testing weather this web
application is vulnerable to DoS?
Change the parameter duration to a large number and change scale value to "day" and
resend the packet few times to observe the delay.
Change the parameter duration to a small number and leave scale value on "month"
and resend the packet few times to observe the delay.
Leave the parameter duration as is and change the scale value to "year" and resend the
packet few times to observe the delay.
Change the parameter duration to a small number and change scale value to "day" and
resend the packet few times to observe the delay.
Change the parameter duration to a large number and change scale value to "day" and
resend the packet few times to observe the delay.
When a client's computer is infected with malicious software which connects to the
remote computer to receive commands, the client's computer is called a ___________
Bot
Botnet
Command and Control(C&C)
Client
Bot
Identify the type of a DoS attack where an attacker sends e-mails, Internet relay chats
(IRCs), tweets, and posts videos with fraudulent content for hardware updates to the
victim with the intent of modifying and corrupting the updates with vulnerabilities or
defective firmware.
, SYN flooding attack
Internet control message protocol(ICMP) flood attack
Ping of death attack
Phlashing attack
Phlashing attack
Which of the following is considered to be a smurf attack?
An attacker sends a large amount of ICMP traffic with a spoofed source IPaddress.
An attacker sends a large amount TCP traffic with a spoofed source IPaddress.
An attacker sends a large number of TCP connection requests with spoofed source
IPaddress.
An attacker sends a large number of TCP/user datagram protocol (UDP) connection
requests.
An attacker sends a large amount of ICMP traffic with a spoofed source IPaddress.
The DDoS tool created by anonymous sends junk HTTP GET and POST requests to
flood the target, and its second version of the tool (the first version had different name)
that was used in the so-called Operation Megaupload is called _______.
HOIC
BanglaDOS
Dereil
Pandora DDoS
HOIC
Mike works for a company "Fourth Rose Intl." as the sales manager. He was sent to Las
Vegas on a business trip to meet his clients. After the successful completion of his
meeting, Mike went back to his hotel room, connected to the hotel Wi-Fi network and
attended his other scheduled online client meetings through his laptop. After returning
back to his office headquarters, Mike connects his laptop to the office Wi-Fi network and
continues his work; however, he observes that his laptop starts to behave strangely. It
regularly slows down with blue screening from time-to-time and rebooting without any
apparent reason. He raised the issue with his system administrator. Some days later,
the system administrator in Mike's company observed the same issue in various other
computers in his organization. Meanwhile, he has also observed that large amounts of
unauthorized traffic from various IP addresses of "Fourth Rose Intl." were directed
