Computer Security and Penetration Testing 2e Alfred Basta Nadine Basta Mary Brown - Test Bank

Computer Security and Penetration Testing 2e Alfred Basta Nadine Basta Mary Brown – Test Bank

 

Instant Download – Complete Test Bank With Answers

 

 

Sample Questions Are Posted Below

 

Chapter 5: TCP/IP Vulnerabilities

 

TRUE/FALSE

 

1. TCP is responsible for safe and reliable data transfer between host computers.

 

ANS:  T                    PTS:   1                    REF:   101

 

2. The OSI Model and the TCP/IP Model are entirely aligned.

 

ANS:  F                    PTS:   1                    REF:   102

 

3. IP packets often arrive out of sequence because they are not all taking the same route in sequence.

 

ANS:  T                    PTS:   1                    REF:   104

 

4. TCP uses a connectionless design,meaning the participants in a TCP session must initially create a connection.

 

ANS:  F                    PTS:   1                    REF:   105

 

5. During the development of TCP/IP in the 1980s, security was a priority.

 

ANS:  F                    PTS:   1                    REF:   109

 

MULTIPLE CHOICE

 

1. ____ is the common language of networked computers and makes transferring information fast and efficient.

a.	TCP/IP	c.	X.25
b.	IPX	d.	RIP

 

 

ANS:  A                    PTS:   1                    REF:   101

 

2. The ____ is responsible for transmitting data from the source computer to the final destination computer.

a.	Transport Control Protocol (TCP)	c.	Routing Internet Protocol (RIP)
b.	Internet Protocol (IP)	d.	Address Resolution Protocol (ARP)

 

 

ANS:  B                    PTS:   1                    REF:   103

 

3. When a large IP packet is sent over a network, it is broken down. This process is called ____.

a.	separation	c.	breaking
b.	division	d.	fragmentation

 

 

ANS:  D                    PTS:   1                    REF:   104

 

4. The ____ timer waits for FIN packets. Its default value is 10 minutes.

a.	TIME_WAIT	c.	FIN_WAIT
b.	KEEP_ALIVE	d.	Connection establishment

 

 

ANS:  C                    PTS:   1                    REF:   108

 

5. ____ is a collection of Internet Engineering Task Force (IETF) standards that define an architecture at the Internet Protocol (IP) layer that protects IP traffic by using various security services.

a.	RIP	c.	TCP/IP
b.	IPSec	d.	ARP

 

 

ANS:  B                    PTS:   1                    REF:   112

 

COMPLETION

 

1. ____________________ is a suite of protocols that underlie the Internet. The TCP/IP suite comprises many protocols and applications that focus on two main objectives.

 

ANS:  TCP/IP

 

PTS:   1                    REF:   101

 

2. A(n) ____________________ attack is an assault on a network that floods it with so many additional requests that regular traffic is either slowed or completely interrupted.

 

ANS:  denial-of-service

 

PTS:   1                    REF:   101

 

3. ____________________ is the process of enclosing higher-level protocol information in lower-level protocol information.

 

ANS:  Data encapsulation

 

PTS:   1                    REF:   102

 

4. _________________________ is the theoretical time when the number of unallocated IP addresses equals zero.

 

ANS:  IP address exhaustion

 

PTS:   1                    REF:   104

 

5. A(n) ____________________ attack takes advantage of the way that most hosts implement the TCP three-way handshake.

 

ANS:  TCP SYN

 

PTS:   1                    REF:   111

 

SHORT ANSWER

 

1. What are the TCP flags?

 

ANS:

There are six possible TCP packet flags: URG, ACK, PSH, RST, SYN, and FIN. Packets can have more than one flag set, and this is indicated by the flag names being separated by a slash, such as SYN/ACK, or a comma, such as ACK, FIN.SYN/ACK says the packet is attempting to both synchronize with the sender and acknowledge the received packet. Normally a packet will have only one flag sent, except in the case of SYN/ACK or FIN/ACK. You will never see an RST/FIN packet because these flags signal the same result. Packets with three or more flags set are probably attempts to crash your machine. A packet with all six flags set is called a “Christmas Tree Packet,” or a “Nastygram.” Newer implementations of TCP/IP usually drop packets like this.

 

PTS:   1                    REF:   107

 

2. Explain how to setup a TCP connection.

 

ANS:

First, the source computer delivers a SYN packet to the destination computer. This packet has the initial sequence number (ISN) that the destination computer must use in order to send a response (ACK) to the source computer. The ISN is indicated by whether the SYN bit is “set.” For example, if the SYN bit is set to 1, the 32-bit sequence number represents ISN. However, if the SYN bit is not set, meaning the value of the SYN bit is zero (0), the 32-bit number represents the (ongoing) sequence number.

 

Upon receipt of the SYN packet, the receiving computer transmits a SYN with an acknowledgment, ACK. Finally, the source computer sends an ACK to the destination computer as a response with an “in-range” sequence number.

 

PTS:   1                    REF:   107

 

3. Explain how to release a TCP connection.

 

ANS:

When releasing the connection between two computers, the source computer sends a FIN packet to the destination computer. The destination computer then sends a FIN/ACK packet, and the source computer sends an ACK packet. Either computer could send an RST and close the session (reset) immediately.

 

PTS:   1                    REF:   108

 

4. Briefly describe IP spoofing attacks.

 

ANS:

IP spoofing is a technique attackers use in which they send packets to the victim or target computer with a false source address. The victim is unaware that the packet is not from a trusted host, and so it accepts the packet and sends a response “back” to the indicated source computer.

 

Since the attacker sending the spoofed packet cannot see the response, he must guess the proper sequence numbers to send the final ACK packet as if it had come from the “real” source. If this attempt is successful, the hacker may have a connection to the victim’s machine and be able to hold it for as long as the computer remains active. There are two methods for resolving these problems: sequence guessing and source routing.

 

PTS:   1                    REF:   109

 

5. Briefly describe RIP attacks.

 

ANS:

RIP attacks take advantage of RIP, or Routing Information Protocol. This information protocol is an essential component in a TCP/IP network and is responsible for distribution of routing information within networks.

 

A RIP packet is often used without verification. Attacks on RIP change the destination of data. An attacker can change the routing table on routers and specify that the route through the hacker’s designated collection node is the fastest route for packets to or from a sensitive machine. Once the router is modified, it transmits all of the packets to the hacker computer. They can then be modified, read, or responded to.

 

PTS:   1                    REF:   111