3.4.2 Attacking the Foundation Quiz Answers
1. Which field in an IPv6 packet is used by the router to determine if a packet has expired and should be dropped?
- Hop Limit
- Address Unreachable
- No Route to Destination
2. An attacker is using a laptop as a rogue access point to capture all network traffic from a targeted user. Which type of attack is this?
- trust exploitation
- buffer overflow
- man in the middle
- port redirection
3. Which field in the IPv4 header is used to prevent a packet from traversing a network endlessly?
- Sequence Number
- Acknowledgment Number
- Differentiated Services
4. What is involved in an IP address spoofing attack?
- A legitimate network IP address is hijacked by a rogue node.
- A rogue node replies to an ARP request with its own MAC address indicated for the target IP address.
- A rogue DHCP server provides false IP configuration parameters to legitimate DHCP clients.
- Bogus DHCPDISCOVER messages are sent to consume all the available IP addresses on a DHCP server.
5. Which type of attack involves the unauthorized discovery and mapping of network systems and services?
- trust exploitation
6. In which TCP attack is the cybercriminal attempting to overwhelm a target host with half-open TCP connections?
- reset attack
- port scan attack
- SYN flood attack
- session hijacking attack
7. How is optional network layer information carried by IPv6 packets?
- inside an options field that is part of the IPv6 packet header
- inside the Flow Label field
- inside an extension header attached to the main IPv6 packet header
- inside the payload carried by the IPv6 packet
8. A threat actor wants to interrupt a normal TCP communication between two hosts by sending a spoofed packet to both endpoints. Which TCP option bit would the threat actor set in the spoofed packet?
9. A threat actor uses a program to launch an attack by sending a flood of UDP packets to a server on the network. The program sweeps through all of the known ports trying to find closed ports. It causes the server to reply with an ICMP port unreachable message and is similar to a DoS attack. Which two programs could be used by the threat actor to launch the attack? (Choose two.)
- UDP Unicorn
- Low Orbit Ion Cannon
10. Which term describes a field in the IPv4 packet header used to detect corruption in the IPv4 header?
- header checksum
- source IPv4 address
11. What kind of ICMP message can be used by threat actors to map an internal IP network?
- ICMP echo request
- ICMP router discovery
- ICMP mask reply
- ICMP redirects
12. Users in a company have complained about network performance. After investigation, the IT staff has determined that an attacker has used a specific technique that affects the TCP three-way handshake. Wha is the name of this type of network attack?
- SYN flood
- DNS poisoning
- session hijacking