Peter is a Network Admin. He is concerned that his network is vulnerable to a smurf attack. What should Peter do to prevent a smurf attack?
Select the best answer.
A. He should disable unicast on all routers
B. Disable multicast on the router
C. Turn off fragmentation on his router
D. Make sure all anti-virus protection is updated on all systems
E. Make sure his router won’t take a directed broadcast
Explanations: Unicasts are one-to-one IP transmissions,by disabling this he would disable most network transmissions but still not prevent the smurf attack. Turning of multicast or fragmentation on the router has nothing to do with Peteros concerns as a smurf attack uses broadcast,not multicast and has nothing to do with fragmentation. Anti-virus protection will not help prevent a smurf attack. A smurf attack is a broadcast from a spoofed source. If directed broadcasts are enabled on the destination all the computers at the destination will respond to the spoofed source,which is really the victim. Disabling directed broadcasts on a router can prevent the attack.
John is using tokens for the purpose of strong authentication. He is not confident that his security is considerably strong.
In the context of Session hijacking why would you consider this as a false sense of security?
A. The token based security cannot be easily defeated.
B. The connection can be taken over after authentication.
C. A token is not considered strong authentication.
D. Token security is not widely used in the industry.
A token will give you a more secure authentication,but the tokens will not help against attacks that are directed against you after you have been authenticated.
What is the key advantage of Session Hijacking?
A. It can be easily done and does not require sophisticated skills.
B. You can take advantage of an authenticated connection.
C. You can successfully predict the sequence number generation.
D. You cannot be traced in case the hijack is detected.
As an attacker you donot have to steal an account and password in order to take advantage of an authenticated connection.
What type of cookies can be generated while visiting different web sites on the Internet?
A. Permanent and long term cookies.
B. Session and permanent cookies.
C. Session and external cookies.
D. Cookies are all the same,there is no such thing as different type of cookies.
There are two types of cookies: a permanent cookie that remains on a visitor’s computer for a given time and a session cookie the is temporarily saved in the visitor’s computer memory during the time that the visitor is using the Web site. Session cookies disappear when you close your Web browser.
Which is the right sequence of packets sent during the initial TCP three way handshake?
A TCP connection always starts with a request for synchronization,a SYN,the reply to that would be another SYN together with a ACK to acknowledge that the last package was delivered successfully and the last part of the three way handshake should be only an ACK to acknowledge that the SYN reply was recived.
What is Hunt used for?
A. Hunt is used to footprint networks
B. Hunt is used to sniff traffic
C. Hunt is used to hack web servers
D. Hunt is used to intercept traffic i.e. man-in-the-middle traffic
E. Hunt is used for password cracking
Hunt can be used to intercept traffic. It is useful with telnet,ftp,and others to grab traffic between two computers or to hijack sessions.
You want to carry out session hijacking on a remote server. The server and the client are communicating via TCP after a successful TCP three way handshake. The server has just received packet #120 from the client. The client has a receive window of 200 and the server has a receive window of 250.
Within what range of sequence numbers should a packet, sent by the client fall in order to be accepted by the server?
Package number 120 have already been received by the server and the window is 250 packets,so any package number from 121 (next in sequence) to 371 (121+250).
How would you prevent session hijacking attacks?
A. Using biometrics access tokens secures sessions against hijacking
B. Using non-Internet protocols like http secures sessions against hijacking
C. Using hardware-based authentication secures sessions against hijacking
D. Using unpredictable sequence numbers secures sessions against hijacking
Protection of a session needs to focus on the unique session identifier because it is the only thing that distinguishes users. If the session ID is compromised,attackers canimpersonate other users on the system. The first thing is to ensure that the sequence of identification numbers issued by the session management system is unpredictable; otherwise,it’s trivial to hijack another user’s session. Having a large number of possible session IDs (meaning that they should be very long) means that there are a lot more permutations for an attacker to try.
Which of the following attacks takes best advantage of an existing authenticated connection?
B. Session Hijacking
C. Password Sniffing
D. Password Guessing
Session hijacking is the act of taking control of a user session after successfully obtaining or generating an authentication session ID. Session hijacking involves an attacker using captured,brute forced or reverse-engineered session IDs to seize control of a legitimate user’s Web application session while that session is still in progress.
Tess King is making use of Digest Authentication for her Web site. Why is this considered to be more secure than Basic authentication?
A. Basic authentication is broken
B. The password is never sent in clear text over the network
C. The password sent in clear text over the network is never reused.
D. It is based on Kerberos authentication protocol
Digest access authentication is one of the agreed methods a web page can use to negotiate credentials with a web user (using the HTTP protocol). This method builds upon (and obsoletes) the basic authentication scheme,allowing user identity to be established without having to send a password in plaintext over the network.
Download Latest ECCouncil 312-50v8 Real Free Tests , help you to pass exam 100%.