1. Which attack exploits the three-way handshake?
- TCP reset attack
- UDP flood attack
- TCP SYN Flood attack
- DoS attack
- TCP session hijacking
Explanation: The TCP SYN flood attack exploits the TCP three-way handshake.
2. Two hosts have established a TCP connection and are exchanging data. A threat actor sends a TCP segment with the RST bit set to both hosts informing them to immediately stop using the TCP connection. Which attack is this?
- TCP reset attack
- UDP flood attack
- TCP SYN Flood attack
- DoS attack
- TCP session hijacking
Explanation: A TCP reset attack can be used to terminate TCP communications between two hosts using a pair of FIN and ACK segments from each endpoint.
3. Which attack is being used when the threat actor spoofs the IP address of one host, predicts the next sequence number, and sends an ACK to the other host?
- TCP reset attack
- UDP flood attack
- TCP SYN Flood attack
- DoS attack
- TCP session hijacking
Explanation: TCP session hijacking is where the threat actor spoofs the IP address of one host, predicts the next sequence number, and sends an ACK to the other host. If successful, the threat actor could send data to, but not receive data from, the target device.
4. A program sends a flood of UDP packets from a spoofed host to a server on the subnet sweeping through all the known UDP ports looking for closed ports. This will cause the server to reply with an ICMP port unreachable message. Which attack is this?
- TCP reset attack
- UDP flood attack
- TCP SYN Flood attack
- DoS attack
- TCP session hijacking
Explanation: A UDP flood attack sends a flood of UDP packets to the target’s closed ports causing the target to reply with ICMP port unreachable messages. Because there are many closed ports on the server, this creates a lot of traffic on the segment, which uses up most of the bandwidth. The result is very similar to a DoS attack.