The SYN flood attack sends TCP connections requests faster than a machine can process them.
Attacker creates a random source address for each packet
SYN flag set in each packet is a request to open a new connection to the server from the spoofed IP address Victim responds to spoofed IP address, then waits for confirmation that never arrives (timeout wait is about 3 minutes) Victim's connection table fills up waiting for replies and ignores new connections Legitimate users are ignored and will not be able to access the server How do you protect your network against SYN Flood attacks?
A. RST cookies - The server sends a wrong SYN/ACK back to the client. The client should then generate a RST packet telling the server that something is wrong. At this point, the server knows the client is valid and will now accept incoming connections from that client normally
B. Stack Tweaking. TCP stacks can be tweaked in order to reduce the effect of SYN floods. Reduce the timeout before a stack frees up the memory allocated for a connection
C. SYN cookies. Instead of allocating a record, send a SYN-ACK with a carefully constructed sequence number generated as a hash of the clients IP address, port number, and other information. When the client responds with a normal ACK, that special sequence number will be included, which the server then verifies. Thus, the server first allocates memory on the third packet of the handshake, not the first.
D. Micro Blocks. Instead of allocating a complete connection, simply allocate a micro record of 16-bytes for the incoming SYN object
E. Check the incoming packet's IP address with the SPAM database on the Internet and enable the filter using ACLs at the Firewall
正解:A,B,C,D
質問 2:
You are trying to package a RAT Trojan so that Anti-Virus software will not detect it. Which of the listed technique will NOT be effective in evading Anti-Virus scanner?
A. Break the Trojan into multiple smaller files and zip the individual pieces
B. Encrypt the Trojan using multiple hashing algorithms like MD5 and SHA-1
C. Convert the Trojan.exe file extension to Trojan.txt disguising as text file
D. Change the content of the Trojan using hex editor and modify the checksum
正解:C
質問 3:
Peter is a Linux network admin. As a knowledgeable security consultant, he turns to you to look for help on a firewall. He wants to use Linux as his firewall and use the latest freely available version that is offered. What do you recommend?
Select the best answer.
A. Iptables
B. Ipfwadm
C. Checkpoint FW for Linux
D. Ipchains
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
Liza has forgotten her password to an online bookstore. The web application asks her to key in her email so that they can send her the password. Liza enters her email [email protected]'. The application displays server error. What is wrong with the web application?
A. The ISP connection is not reliable
B. User input is not sanitized
C. The web server may be down
D. The email is not valid
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
Lauren is performing a network audit for her entire company. The entire network is comprised of around 500 computers. Lauren starts an ICMP ping sweep by sending one IP packet to the broadcast address of the network, but only receives responses from around five hosts. Why did this ping sweep only produce a few responses?
A. Only Linux and Unix-like (Non-Windows) systems will reply to this scan.
B. Only servers will reply to this scan.
C. A switched network will not respond to packets sent to the broadcast address.
D. Only Windows systems will reply to this scan.
正解:A
質問 6:
Which of the following is a symmetric cryptographic standard?
A. DSA
B. RSA
C. PKI
D. 3DES
正解:D
Taki -
大のPass4Testすすめです。ここに問題集を買うのは三度目になります。またお世話になりました。EC0-350に合格しましたのでここで報告と感謝差し上げます