Computer Networks CS 6250 Actual Exam Questions With Reviewed 100%
Correct Detailed Answers
Guaranteed Pass!!
1. What are the - ANSWER : Confidentiality
properties of se- Integrity
cure communica- Authentication
tion? (4) Availability
2. How does Round - ANSWER : Method used by large websites to distribute the load of incoming
Robin DNS work? requests to several servers at a single physical location.
Responds to a DNS request with a list of DNS A records, which it then cycles
through in a round robin manner. The DNS Client then chooses a record using
ditterence strategies.
3. How does - ANSWER : Use DNS-based techniques to distribute content but using more
DNS-based con- complex strats.
tent delivery
work? CDNs distribute the load amongst multiple servers at a single location, but also
distribute these servers across the world. When accessing the name of the service
using DNS, the CDN computes the 'nearest edge server' and returns its IP address
to the DNS client
CDNs can react quickly to changes in link characteristics as their TTL is lower than
that in RRDNS
4. How do Fast-Flux - ANSWER : After a TTL expires, it returns a ditterent set of A records from a larger
Service Networks set of compromised machines. These compromised machines act as proxies
work? between the incoming request and control node/mothership, forming a resilient,
robust, one-hop overlay network
5. What are the - ANSWER : 1. Botnet command and control providers
main data
sources to iden- 2. Drive-by-download hosting providers
tify hosts that
likely belong to 3. Phish housing providers
, Computer Networks CS 6250 Actual Exam Questions With Reviewed 100%
Correct Detailed Answers
Guaranteed Pass!!
rogue networks,
used by FIRE
(FInding Rogue
nEtworks sys-
tem)? 3
6. The design of - ANSWER : 1. Training Phase - The system learns control-plane behavior typical
ASwatch is based of both types of ASes. The system is given a list of known malicious and legitimate
on monitoring ASes. It then tracks the behavior of these ASers over time.
global BGP rout- a. Rewiring activity, frequent changes in providers connecting with less popular
ing activity to providers is suspicious
learn the control b. IP Space Fragmentation and Churn, malicious ASes are likely to use small BGP
plane behavior of prefixes.
a network. De- c. BGP Routing Dynamics - The BGP announcements and withdrawals for mali-
scribe 2 phases cious ASes follow ditterent patterns.
of this system.
2. Operational Phase - Given an unkown AS, it then calculates the features for this
ASes. It uses the model to assign a reputation score to the AS, if it gets a low score
for multiple days then it is identified as malicious.
7. What are 3 class- - ANSWER : 1. Mismanagement symptoms such as:
es of features misconfigured DNS resolvers
used to deter- DNS source port randomization not implemented
mine the likeli- BGP misconfiguration
hood of a securi- untrusted HTTPS Certificates
ty breach within Open SMTP Mail Relays
an organization?
2. Malicious Activities
Capturing info on spam, phising, malware, scanning activity
3. Security Incident Reports
Data based on actual incidents give us truth on which to train the machinelearning
model on
, 8. (BGP hijacking) - ANSWER : Concerns IP prefixes that are advertised by BGP
What is the classi-
fication by affect- 1. Exact Prefix Hijacking - When two AS announce a path for the same prefix.
ed prefix?
2. Sub-prefix Hijacking: Bad AS works with a sub-prefix of the genuine prefix of a
genuine AS.
AS1: Advertises 10.10.0.0/16
AS2(Evil): Advertises 10.10.0.0/24
3. Squatting
The Hijacking AS announces a prefix that has not yet been announced by the
owner AS.
9. (BGP hijack- - ANSWER : An illegitimate AS announces the AS-path for a prefix for which it
ing) What is doesn't have ownership rights.
the classification
by AS-Path an- 1. Type-0 hijacking: This is simply an AS announc a prefix not owned by itself.
nouncement?
2. Type-N hijacking: This is an attack where the counterfeit AS announces an
illegitimate path for a prefix that it does not own to create a fake path between
ditterent ASes
3. Type-U hijacking: In this attack the hijacking AS does not modify the AS-PATH
but may change the prefix
10. (BGP hijacking) - ANSWER : The intention of the attack is to hijack the network traflc and manip-
What is the clas- ulate the redirected network traflc on its way to the receiving AS. Traflc can be:
sification by data
plane traffic ma- a. Dropped, never reaches. Blackholing attack.
nipulation?
b. Eavesdropped or manipulated before it receives the AS, also called a
man-in-the-middle-attack
Correct Detailed Answers
Guaranteed Pass!!
1. What are the - ANSWER : Confidentiality
properties of se- Integrity
cure communica- Authentication
tion? (4) Availability
2. How does Round - ANSWER : Method used by large websites to distribute the load of incoming
Robin DNS work? requests to several servers at a single physical location.
Responds to a DNS request with a list of DNS A records, which it then cycles
through in a round robin manner. The DNS Client then chooses a record using
ditterence strategies.
3. How does - ANSWER : Use DNS-based techniques to distribute content but using more
DNS-based con- complex strats.
tent delivery
work? CDNs distribute the load amongst multiple servers at a single location, but also
distribute these servers across the world. When accessing the name of the service
using DNS, the CDN computes the 'nearest edge server' and returns its IP address
to the DNS client
CDNs can react quickly to changes in link characteristics as their TTL is lower than
that in RRDNS
4. How do Fast-Flux - ANSWER : After a TTL expires, it returns a ditterent set of A records from a larger
Service Networks set of compromised machines. These compromised machines act as proxies
work? between the incoming request and control node/mothership, forming a resilient,
robust, one-hop overlay network
5. What are the - ANSWER : 1. Botnet command and control providers
main data
sources to iden- 2. Drive-by-download hosting providers
tify hosts that
likely belong to 3. Phish housing providers
, Computer Networks CS 6250 Actual Exam Questions With Reviewed 100%
Correct Detailed Answers
Guaranteed Pass!!
rogue networks,
used by FIRE
(FInding Rogue
nEtworks sys-
tem)? 3
6. The design of - ANSWER : 1. Training Phase - The system learns control-plane behavior typical
ASwatch is based of both types of ASes. The system is given a list of known malicious and legitimate
on monitoring ASes. It then tracks the behavior of these ASers over time.
global BGP rout- a. Rewiring activity, frequent changes in providers connecting with less popular
ing activity to providers is suspicious
learn the control b. IP Space Fragmentation and Churn, malicious ASes are likely to use small BGP
plane behavior of prefixes.
a network. De- c. BGP Routing Dynamics - The BGP announcements and withdrawals for mali-
scribe 2 phases cious ASes follow ditterent patterns.
of this system.
2. Operational Phase - Given an unkown AS, it then calculates the features for this
ASes. It uses the model to assign a reputation score to the AS, if it gets a low score
for multiple days then it is identified as malicious.
7. What are 3 class- - ANSWER : 1. Mismanagement symptoms such as:
es of features misconfigured DNS resolvers
used to deter- DNS source port randomization not implemented
mine the likeli- BGP misconfiguration
hood of a securi- untrusted HTTPS Certificates
ty breach within Open SMTP Mail Relays
an organization?
2. Malicious Activities
Capturing info on spam, phising, malware, scanning activity
3. Security Incident Reports
Data based on actual incidents give us truth on which to train the machinelearning
model on
, 8. (BGP hijacking) - ANSWER : Concerns IP prefixes that are advertised by BGP
What is the classi-
fication by affect- 1. Exact Prefix Hijacking - When two AS announce a path for the same prefix.
ed prefix?
2. Sub-prefix Hijacking: Bad AS works with a sub-prefix of the genuine prefix of a
genuine AS.
AS1: Advertises 10.10.0.0/16
AS2(Evil): Advertises 10.10.0.0/24
3. Squatting
The Hijacking AS announces a prefix that has not yet been announced by the
owner AS.
9. (BGP hijack- - ANSWER : An illegitimate AS announces the AS-path for a prefix for which it
ing) What is doesn't have ownership rights.
the classification
by AS-Path an- 1. Type-0 hijacking: This is simply an AS announc a prefix not owned by itself.
nouncement?
2. Type-N hijacking: This is an attack where the counterfeit AS announces an
illegitimate path for a prefix that it does not own to create a fake path between
ditterent ASes
3. Type-U hijacking: In this attack the hijacking AS does not modify the AS-PATH
but may change the prefix
10. (BGP hijacking) - ANSWER : The intention of the attack is to hijack the network traflc and manip-
What is the clas- ulate the redirected network traflc on its way to the receiving AS. Traflc can be:
sification by data
plane traffic ma- a. Dropped, never reaches. Blackholing attack.
nipulation?
b. Eavesdropped or manipulated before it receives the AS, also called a
man-in-the-middle-attack
