6.4.9 Perimeter Attacks 2

Which of the following is the best countermeasure against man-in-the-middle
attacks?
IPSec
What is modified in the most common form of spoofing on a typical IP packet?
Source address
Which type of Denial of Service (DoS) attack occurs when a name server receives malicious or
misleading data that incorrectly maps host names and IP addresses?
DNS poisoning
Which of the following describes a man-in-the-middle
attack?
A false server intercepts communications from a client by impersonating the intended
server.
Capturing packets as they travel from one host to another with the intent of altering the contents
of the packets is a form of which security concern?
Man-in-the-middle attack
When the TCP/IP session state is manipulated so that a third party is able to insert alternate
packets into the communication stream, what type of attack has occurred?
Hijacking
What is the goal of a TCP/IP hijacking attack?
Executing commands or accessing resources on a system the attacker does not
otherwise have authorization to access
Which of the following is not a protection against session hijacking?
DHCP reservations
Which of the following is the most effective protection against IP packet spoofing on a private
network?
Ingress and egress filters
While using the Internet, you type the URL of one of your favorite sites in the browser. Instead
of going to the correct site, however, the browser displays a completely different website. When
you use the IP address of the Web server, the correct site is displayed.
Which type of attack has likely occurred?
DNS poisoning.
Which of the following attacks tries to associate an incorrect MAC address with a known IP
address?
ARP poisoning
What are the most common network traffic packets captured and used in a replay attack?
Authentication
When a malicious user captures authentication traffic and replays it against the network later,
what is the security problem you are most concerned about?
An unauthorized user gaining access to sensitive resources
A router on the border of your network detects a packet with a source address that is from an
internal client but the packet was received on the Internetfacing
interface. This is an example of
what form of attack?
Spoofing
An attacker uses an exploit to push a modified hosts file to client systems. This hosts file
redirects traffic from legitimate tax preparation sites to malicious sites to gather personal and
financial information.
What kind of exploit has been used in this scenario? (Choose two. Both responses are different
names for the same exploit.)
Pharming
DNS poisoning