FiltersDone

Question type

Essay

Multiple Choice

Short Answer

True False

Matching

Exam 3: Malicious Code

Show Answer

Share

---

All types

Filters

Study Flashcards

Question 21

Multiple Choice

Review LaterAdd Note

Review Later

A host is bombarded with packets intended to exploit stateful network protocols. Every time it gets a packet, it allocates memory for the expected connection. The connection is never fully established by the sender. What form of attack is this?

A) SYN Flood
B) Smurf
C) Ping of Death
D) Stachledraught

E) All of the above
F) B) and C)

Correct Answer

verified

Show Answer

Question 22

Multiple Choice

Review LaterAdd Note

Review Later

In terms of information security and malware classification, a RAT is a:

A) Remote Authentication Terminal
B) Someone that reports the activities of a coworker to management
C) Remote Access Tool
D) The Reveal - Access - Target, model of malicious activity

E) None of the above
F) B) and D)

Correct Answer

verified

Show Answer

Question 23

Multiple Choice

Review LaterAdd Note

Mary notices her machine has internet access for about 10 minutes then it seems to slow down. She reboots, everything is fine for ten minutes again. What is the most likely problem?

If you have the following pseudo code, what is the most accurate natural language description? If (i >= 300) then exit

Melissa receives an email that comes from a random email address. She has many friends that use their online "handles" like zebranuts321@yahoo.com for instance so she isn't really surprised by that. There is an attachment on the email called "Iloveyou.txt" which looks intriguing even if she doesn't remember knowing this person. What is about to happen?

Willard wants to use the tool "Qfecheck" to scan his network to see if the latest updates are yet installed. In order to make sure it runs correctly permission on what reqistry will have to be set properly?

You just attacked a IIS server and managed to exploit a buffer overflow in the .printer ISAPI. Turns out there are serveral tools to choose from. Which of the following tools does not perform this attack?

Which of the following languages is less vulnerable to buffer overflow attacks?

Tony wants to clear his afternoon to play a video game. He needs to manufacture an emergency and tell his boss that the servers are vulnerable to an "Evil Bit" attack, and it will take all afternoon to fix them. This sounds bad, so the boss tells him to get right on it. What is Tony really talking about?

Chandler is having a conversation with Benjamin, the present IT administrator. Benjamin is convinced his network is rock solid secure and impenetrable. He has each and every technology based countermeasure installed. Chandler mentions there is always a weak link, and that somehow, someway A weakness will be present somewhere. What principle of defense is Chandler talking about?

What are the three phases of a viral outbreak?

Kelly sent an email out to the entire staff warning of a new vulnerability in Outlook that would expose the entire contact list. She explains that several versions of the email have been found, but they all contain the words "Sales Lead" or "Service Request" in the subject line. These emails must be deleted without being opened for the next 72 hours while a patch is released. What statement below is not true?

Applications that clean viruses from systems are sometimes called "Virus Scrubbers". One drawback is that they are only as good as their last signature update, and even at that, many types of malware could be undetectable if there is no signature. Another approach is to detect corrupt files, or at the very least, files that have been modified that shouldn't be. What type of tool performs this technique?

A tool that is part of the "sysinternals" collection can scan the Windows registry and help detect unusual events. What is the name of this tool?

Which of the following registers will be over written in a buffer overflow exploit?

It is hard to be precise with the offset value that gets placed into the return register when an overflow is deliberate, as in during an attack. A NOOP sled cane be placed at the beginning of the shell code to create some margin for error. Which of the following looks like a sled?

Which of these types of Virus primarily attack Windows systems?

What are the six steps of the virus lifecycle?

Larry notices in his log file that a lot of TCP traffic with the UPF flags set are targeting various internal hosts on port 31337. He suspects this traffic is unusual but does not quite know what to make of it. Knowing you just passed your CEH exam, Larry decides to ask what you think. What would be a possible conclusion?

Gary assembles an ACL for his Cisco router that looks something like this: Access-list 111 deny ip 10.0.0.0 0.255.255.255 any Access-list 111 deny ip 172.16.0.0 0.15.255.255 any Access-list 111 deny ip 192.168.0.0 0.0.255.255 any Access-list 111 deny ip 127.0.0.1 0.255.255.255 any Access-list 111 deny ip 224.0.0.0 31.255.255.255 any Access-list 111 deny ip host 0.0.0.0 any The list is applied to an outside interface. What is this list trying to accomplish?