M19 Practice Quiz

#attacks

Question 1

  1. Which type of DDoS attack is best described by the following statement: "The attacker sends a small packet of information that appears to originate from the victim's IP address to a vulnerable UDP server, which in turn sends a significantly larger packet of information back to the victim's IP address"?

    Options:

    • On-Path Attack
    • Amplified DDoS Attack
    • Single-source DDoS Attack
    • Reflected DDoS Attack

    Overall explanation:

    • In an Amplified DDoS attack, the attacker exploits the connectionless nature of the User Datagram Protocol (UDP). They send a small packet of information that appears to originate from the victim's IP address to a vulnerable UDP server. The server then sends a significantly larger packet of information back to the victim's IP address, effectively amplifying the size of the data packet and the impact of the attack.

    Tags: Distributed Denial of Service

Question 2

  1. Which type of DNS attack is best described by the attacker trying to get a copy of the entire DNS zone data by pretending to be an authorized system?

    Options:

    • DNS Zone Transfer
    • DNS Amplification
    • DNS Hijacking
    • DNS Cache Poisoning

    Overall explanation:

    • In a DNS Zone Transfer Attack, the attacker attempts to get a copy of the entire DNS zone data, which includes all the DNS records for a domain, by pretending to be an authorized system. This can expose sensitive information about the network infrastructure of a domain.

    Tags: Domain Name System (DNS) Attacks

Question 3

  1. Which of the following scenarios best describes a replay attack?

    Options:

    • An attacker physically steals a user's device to gain access to information.
    • An attacker modifies the information being sent and received in real time.
    • An attacker uses a virus to corrupt a user's data.
    • An attacker captures a user's login session and reuses it later to gain unauthorized access.

    Overall explanation:

    • In a replay attack, the attacker intercepts valid data transmissions (like a login session) and fraudulently or maliciously re-broadcasts, repeats, or delays them. For instance, if an attacker captures the session that occurs when you log into your bank with your username and password, they could then replay that session to the bank at a later time in an attempt to log in as you. This is the basic premise of a replay attack.

    Tags: Replay Attacks

Question 4

  1. Which of the following attacks involves an attacker intercepting the communication between two parties, altering it, and relaying it to the original recipient?

    Options:

    • Sidejacking
    • Cross-Site Scripting (XSS)
    • On-Path
    • SQL Injection

    Overall explanation:

    • On-Path is a form of eavesdropping where the attacker intercepts the communication between two parties, modifies it, and then relays it to the original recipient. The two parties believe they are communicating directly with each other, but in reality, the attacker controls the entire conversation. This type of attack can be used to steal login credentials, personal information, or to alter the content of the communication for malicious purposes.
    • Sidejacking is a method of session hijacking where the attacker uses packet sniffing to read network traffic between two parties to steal the session cookie. However, it doesn't involve altering and relaying communication.
    • Cross-Site Scripting (XSS) is a type of attack where the attacker injects malicious scripts into trusted websites. When the victim visits the site, the script runs and steals their session information. It doesn't involve intercepting communication between two parties.
    • SQL Injection is a code injection technique that attackers use to insert malicious SQL statements into input fields for execution. This can allow the attacker to view, modify, and delete data in a database. It doesn't involve intercepting and altering communication between two parties.

    Tags: On-path Attacks

Question 5

  1. Which of the following attacks occurs when a threat actor executes arbitrary shell commands on a host via a vulnerable web application?

    Options:

    • Process Injection
    • SQL Injection
    • LDAP Injection
    • Command Injection

    Overall explanation:

    • A Command Injection attack occurs when a threat actor is able to execute arbitrary shell commands on a host via a vulnerable web application. This is typically achieved by manipulating input fields or parameters to include additional commands that the system will execute. In the context of the provided text, an example of this would be a web application that allows a user to test connectivity with a remote website or server by entering an IP address or hostname. If the application simply appends this input to a system command like 'ping', an attacker could append additional commands to their input, causing the system to execute them.
    • An LDAP Injection is an attack that targets web-based applications by fabricating LDAP statements, typically created by user input. LDAP is often used for authentication and storing user information.
    • Process Injection is a method of executing arbitrary code in the address space of a separate live process, which may allow access to the process's memory, system/network resources, and possibly even elevated privileges.
    • SQL Injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution.

    Tags: Injection Attacks