1. What is the primary goal of a Denial of Service (DoS) attack?
A) To gain unauthorized access to a system
B) To disrupt the availability of services to legitimate users
C) To exfiltrate sensitive data
D) To manipulate network traffic for financial gain
β
Answer: B) To disrupt the availability of services to legitimate users.
π Explanation: A DoS attack aims to overwhelm system resources, making services inaccessible to legitimate users.
2. Which of the following best describes a Distributed Denial of Service (DDoS) attack?
A) A single attacker using multiple techniques to compromise a target
B) Multiple compromised systems attacking a target simultaneously
C) An attack where data is encrypted to prevent access
D) A phishing attack to steal credentials
β
Answer: B) Multiple compromised systems attacking a target simultaneously.
π Explanation: A DDoS attack uses multiple sources (often botnets) to flood the target with traffic, overwhelming it.
3. What is a botnet in the context of a DDoS attack?
A) A security tool to prevent network attacks
B) A network of compromised devices controlled by an attacker
C) A firewall rule that blocks malicious IP addresses
D) A software vulnerability exploited during an attack
β
Answer: B) A network of compromised devices controlled by an attacker.
π Explanation: A botnet consists of infected devices (bots) under the control of an attacker, commonly used for launching DDoS attacks.
4. What is a common method used in volumetric DDoS attacks?
A) SQL Injection
B) HTTP Request Flooding
C) Slowloris Attack
D) UDP Flood
β
Answer: D) UDP Flood.
π Explanation: Volumetric attacks aim to exhaust bandwidth, and UDP floods send a high number of packets to overwhelm the target.
5. The Slowloris attack primarily targets which type of server?
A) DNS Servers
B) Web Servers
C) Database Servers
D) File Servers
β
Answer: B) Web Servers.
π Explanation: Slowloris keeps HTTP connections open for an extended time, exhausting server resources without sending complete requests.
6. What is the main difference between a DoS and a DDoS attack?
A) DDoS attacks involve multiple attack sources, while DoS is from a single source
B) DoS attacks are more powerful than DDoS attacks
C) DoS attacks always exploit a vulnerability, while DDoS does not
D) DDoS attacks only target cloud-based systems
β
Answer: A) DDoS attacks involve multiple attack sources, while DoS is from a single source.
π Explanation: DoS attacks originate from a single system, while DDoS attacks use multiple compromised systems (botnets).
7. Which layer of the OSI model do SYN Flood attacks target?
A) Application Layer
B) Transport Layer
C) Network Layer
D) Data Link Layer
β
Answer: B) Transport Layer.
π Explanation: SYN Floods exploit the TCP handshake process (part of the Transport Layer) by sending repeated connection requests.
8. What is the primary defense mechanism against SYN Flood attacks?
A) Rate Limiting
B) Captcha verification
C) HTTPS Encryption
D) DNS Sinkhole
β
Answer: A) Rate Limiting.
π Explanation: Rate limiting controls the number of requests from a single source, preventing excessive SYN requests from exhausting resources.
9. Which of the following is a reflection-based DDoS attack?
A) Ping of Death
B) HTTP Flood
C) DNS Amplification
D) Slowloris
β
Answer: C) DNS Amplification.
π Explanation: DNS Amplification reflects large responses to a spoofed victimβs IP, amplifying attack traffic significantly.
10. What protocol is commonly exploited in an NTP amplification attack?
A) HTTP
B) ICMP
C) NTP
D) FTP
β
Answer: C) NTP.
π Explanation: NTP (Network Time Protocol) Amplification uses vulnerable NTP servers to send large responses to a victim.
11. What type of attack involves overwhelming a system with fragmented packets?
A) UDP Flood
B) Smurf Attack
C) Teardrop Attack
D) ICMP Flood
β
Answer: C) Teardrop Attack.
π Explanation: Teardrop attacks send malformed packet fragments that the system cannot reassemble, causing crashes.
12. What is the primary impact of a Smurf attack?
A) Data theft
B) Increased CPU usage
C) Bandwidth exhaustion
D) Unauthorized access
β
Answer: C) Bandwidth exhaustion.
π Explanation: A Smurf attack floods the victim with ICMP Echo requests using spoofed source IPs, overwhelming the network.
13. What is the best way to mitigate a DNS Amplification attack?
A) Blocking all DNS traffic
B) Rate limiting and DNS response filtering
C) Using HTTP/3 protocol
D) Implementing SQL Injection protection
β
Answer: B) Rate limiting and DNS response filtering.
π Explanation: Rate limiting reduces excessive requests, while response filtering blocks unnecessary DNS responses.
14. How does a Ping of Death attack work?
A) It sends an oversized ICMP packet that crashes the target system
B) It floods a target with UDP packets
C) It exploits a zero-day vulnerability in TCP
D) It injects malware via phishing emails
β
Answer: A) It sends an oversized ICMP packet that crashes the target system.
π Explanation: A Ping of Death attack exploits older systems that cannot handle oversized ICMP packets, causing crashes.
15. What tool is commonly used to simulate a DDoS attack for testing?
A) Nmap
B) Metasploit
C) LOIC
D) Nessus
β
Answer: C) LOIC.
π Explanation: Low Orbit Ion Cannon (LOIC) is a tool often used to simulate DDoS attacks.
16. What does the term βzombieβ refer to in a botnet?
A) A non-functional device
B) A compromised machine controlled by an attacker
C) A honeypot system
D) A defensive security mechanism
β
Answer: B) A compromised machine controlled by an attacker.
π Explanation: A zombie is an infected system in a botnet, used in DDoS attacks without the owner’s knowledge.
17. What security mechanism helps detect DDoS attacks in real-time?
A) WAF (Web Application Firewall)
B) Load Balancer
C) IDS/IPS
D) VPN
β
Answer: C) IDS/IPS.
π Explanation: Intrusion Detection/Prevention Systems (IDS/IPS) monitor traffic and can detect DDoS patterns in real-time.
18. Which cloud-based security service helps mitigate DDoS attacks?
A) Cloudflare
B) Tor
C) Wireshark
D) Aircrack-ng
β
Answer: A) Cloudflare.
π Explanation: Cloudflare provides DDoS mitigation, rate limiting, and WAF to protect against attacks.
19. Which attack type is known for sending multiple incomplete HTTP headers to exhaust server resources?
A) SYN Flood
B) HTTP Request Smuggling
C) Slowloris
D) UDP Reflection
β
Answer: C) Slowloris.
π Explanation: The Slowloris attack keeps multiple HTTP connections open without completing them, causing server resource exhaustion.
20. What is the primary purpose of a Web Application Firewall (WAF) in preventing DoS/DDoS attacks?
A) Encrypting data
B) Blocking malicious traffic patterns
C) Monitoring CPU utilization
D) Logging HTTP requests
β
Answer: B) Blocking malicious traffic patterns.
π Explanation: A WAF filters and blocks malicious traffic, including DDoS attacks, based on predefined security rules.
21. What is a common symptom of a DoS attack?
A) Unusual error messages in logs
B) A sudden drop in legitimate traffic
C) Excessive CPU and memory usage
D) All of the above
β
Answer: D) All of the above.
π Explanation: DoS attacks overwhelm system resources, leading to high CPU/memory usage, log anomalies, and service disruptions.
22. Which of the following is NOT a type of DDoS attack?
A) Smurf Attack
B) SYN Flood
C) Cross-Site Scripting (XSS)
D) HTTP Flood
β
Answer: C) Cross-Site Scripting (XSS).
π Explanation: XSS is a web security vulnerability, not a DDoS attack. DDoS focuses on service disruption.
23. How does an attacker execute a Smurf attack?
A) By spoofing an IP and sending ICMP Echo requests to a broadcast address
B) By injecting malicious JavaScript into a website
C) By exploiting an unpatched database vulnerability
D) By using an ARP poisoning technique
β
Answer: A) By spoofing an IP and sending ICMP Echo requests to a broadcast address.
π Explanation: In a Smurf attack, attackers send ICMP Echo requests with a spoofed victim’s IP, leading to an amplified flood of responses.
24. How do attackers exploit DNS resolvers in a DNS Amplification attack?
A) They use recursive queries to retrieve confidential data
B) They send small queries with spoofed IPs to generate large response traffic to the victim
C) They perform SQL Injection attacks on DNS servers
D) They exploit default credentials in DNS servers
β
Answer: B) They send small queries with spoofed IPs to generate large response traffic to the victim.
π Explanation: DNS Amplification involves sending small DNS queries that generate large responses directed at a spoofed target.
25. What tool is commonly used to simulate a DoS attack?
A) Nessus
B) Hping3
C) Wireshark
D) Aircrack-ng
β
Answer: B) Hping3.
π Explanation: Hping3 can generate TCP, UDP, and ICMP traffic to simulate DoS attacks.
26. What is a primary method to protect against volumetric DDoS attacks?
A) Using CAPTCHA on login pages
B) Implementing IP-based rate limiting
C) Encrypting all incoming traffic
D) Redirecting traffic to another website
β
Answer: B) Implementing IP-based rate limiting.
π Explanation: Rate limiting prevents excessive traffic from a single IP, helping to mitigate DDoS attacks.
27. What is an LOIC attack?
A) A type of malware
B) A DDoS attack tool that floods the target with HTTP, TCP, or UDP requests
C) An advanced firewall rule
D) A phishing technique
β
Answer: B) A DDoS attack tool that floods the target with HTTP, TCP, or UDP requests.
π Explanation: Low Orbit Ion Cannon (LOIC) is an open-source tool used for DDoS attack simulations.
28. Which cloud-based mitigation strategy is effective against DDoS attacks?
A) VPN tunneling
B) Content Delivery Networks (CDN)
C) SQL Injection filters
D) SSL Certificate Pinning
β
Answer: B) Content Delivery Networks (CDN).
π Explanation: CDNs distribute traffic across multiple servers, reducing the impact of DDoS attacks.
29. What is a Pulse Wave DDoS attack?
A) A type of ransomware attack
B) A high-volume DDoS attack delivered in short, intense bursts
C) A phishing campaign disguised as an attack
D) A slow-paced attack that gradually increases traffic
β
Answer: B) A high-volume DDoS attack delivered in short, intense bursts.
π Explanation: Pulse Wave attacks send short bursts of high-traffic floods, making mitigation harder.
30. What is a SYN-ACK Flood attack?
A) An attack that floods a target with SYN-ACK responses
B) A DNS spoofing attack
C) An attack that manipulates SSL certificates
D) A phishing technique
β
Answer: A) An attack that floods a target with SYN-ACK responses.
π Explanation: SYN-ACK Floods send fake SYN-ACK packets to exhaust server resources.
31. What is the role of an “anomaly-based IDS” in detecting DoS attacks?
A) It blocks all network traffic
B) It identifies unusual traffic patterns and detects potential attacks
C) It scans for vulnerabilities
D) It encrypts network packets
β
Answer: B) It identifies unusual traffic patterns and detects potential attacks.
π Explanation: Anomaly-based IDS detects deviations from normal traffic, helping in DoS attack detection.
32. Which of the following best describes a Layer 7 DDoS attack?
A) An attack targeting network infrastructure
B) An attack flooding application-layer services
C) An attack on the power supply of data centers
D) An attack using quantum cryptography
β
Answer: B) An attack flooding application-layer services.
π Explanation: Layer 7 (Application Layer) DDoS attacks overwhelm web applications by sending excessive HTTP requests.
33. How does a DDoS attack using IoT devices work?
A) IoT devices act as botnets, flooding targets with malicious traffic
B) IoT devices encrypt network packets
C) IoT devices perform SQL Injection attacks
D) IoT devices serve as honeypots to track attackers
β
Answer: A) IoT devices act as botnets, flooding targets with malicious traffic.
π Explanation: IoT-based botnets like Mirai infect IoT devices to perform DDoS attacks.
34. Which protocol is commonly abused in a Fraggle attack?
A) ICMP
B) UDP
C) TCP
D) HTTP
β
Answer: B) UDP.
π Explanation: Fraggle attacks use UDP Echo requests sent to broadcast addresses, similar to Smurf attacks.
35. Which attack technique is used in an HTTP Flood DDoS attack?
A) Sending massive amounts of HTTP GET/POST requests to exhaust server resources
B) Spoofing IP addresses to bypass authentication
C) Injecting malicious JavaScript into a web application
D) Manipulating DNS records to redirect traffic
β
Answer: A) Sending massive amounts of HTTP GET/POST requests to exhaust server resources.
π Explanation: HTTP Flood attacks target web applications by sending excessive HTTP GET/POST requests, causing resource exhaustion.
36. How does a RUDY (R-U-Dead-Yet) attack work?
A) It sends slow, long HTTP POST requests to exhaust server connections
B) It manipulates TCP sequence numbers
C) It sends malformed ICMP packets
D) It exploits memory corruption vulnerabilities
β
Answer: A) It sends slow, long HTTP POST requests to exhaust server connections.
π Explanation: RUDY attacks send very slow HTTP POST requests with large payloads, exhausting available server connections.
37. Which of the following best describes a Layer 3 DDoS attack?
A) An attack targeting network infrastructure, such as routers and firewalls
B) An attack exploiting SQL Injection vulnerabilities
C) A phishing attack designed to steal credentials
D) An attack that manipulates JavaScript execution
β
Answer: A) An attack targeting network infrastructure, such as routers and firewalls.
π Explanation: Layer 3 (Network Layer) DDoS attacks aim to flood network devices with excessive packets, disrupting connectivity.
38. What is the key feature of a Low and Slow DoS attack?
A) It targets application-layer services with minimal traffic to evade detection
B) It rapidly floods the target with a high volume of packets
C) It exploits vulnerabilities in SSL/TLS encryption
D) It uses DNS cache poisoning
β
Answer: A) It targets application-layer services with minimal traffic to evade detection.
π Explanation: Low and Slow DoS attacks send minimal traffic but hold server resources open, causing unavailability over time.
39. How does a Blackhole Routing technique help in mitigating DDoS attacks?
A) It drops all incoming traffic to the targeted IP
B) It redirects traffic to a honeypot for analysis
C) It encrypts all network communications
D) It uses AI-based filtering mechanisms
β
Answer: A) It drops all incoming traffic to the targeted IP.
π Explanation: Blackhole routing discards all traffic to an overwhelmed server, preventing further disruption but also blocking legitimate users.
40. What is the purpose of a Scrubbing Center in DDoS mitigation?
A) To filter out malicious traffic while allowing legitimate requests
B) To perform forensic analysis on network packets
C) To encrypt network traffic to prevent sniffing
D) To temporarily take the server offline
β
Answer: A) To filter out malicious traffic while allowing legitimate requests.
π Explanation: Scrubbing Centers analyze and filter traffic, allowing only legitimate requests to reach the target server.
41. What is the main characteristic of an Application Layer (Layer 7) DDoS attack?
A) It directly targets network hardware like routers
B) It bypasses traditional firewalls by mimicking legitimate requests
C) It only affects IoT devices
D) It is caused by malware infections
β
Answer: B) It bypasses traditional firewalls by mimicking legitimate requests.
π Explanation: Layer 7 DDoS attacks are difficult to detect because they mimic normal user behavior, overloading web applications.
42. How does an attacker conduct an ACK Flood attack?
A) By sending a massive number of TCP ACK packets to exhaust resources
B) By injecting malicious JavaScript into a website
C) By corrupting database entries
D) By redirecting network traffic to malicious servers
β
Answer: A) By sending a massive number of TCP ACK packets to exhaust resources.
π Explanation: ACK Floods send a large number of TCP ACK packets, consuming CPU and memory resources of the target.
43. Which protocol is commonly abused in a CHARGEN-based DDoS attack?
A) DNS
B) NTP
C) CHARGEN
D) RDP
β
Answer: C) CHARGEN.
π Explanation: CHARGEN-based DDoS attacks exploit the Character Generator Protocol, flooding targets with excessive responses.
44. Which attack abuses TCP window size adjustments to degrade network performance?
A) TCP Fragmentation Attack
B) Ping of Death
C) ARP Spoofing
D) SYN Flood
β
Answer: A) TCP Fragmentation Attack.
π Explanation: TCP Fragmentation attacks manipulate packet sizes to consume resources, slowing down the targetβs response.
45. What is a Water Torture attack in the context of DDoS?
A) A slow, persistent attack against DNS servers
B) A rapid flooding attack targeting cloud servers
C) An exploit targeting SSL certificates
D) A malware-based phishing technique
β
Answer: A) A slow, persistent attack against DNS servers.
π Explanation: Water Torture attacks slowly overload DNS servers with low-rate queries, eventually disrupting resolution services.
46. How does an ICMP Fragmentation Attack work?
A) By sending large ICMP packets that require excessive reassembly
B) By injecting rogue ARP packets into the network
C) By spoofing DNS responses
D) By modifying HTTP headers to corrupt web traffic
β
Answer: A) By sending large ICMP packets that require excessive reassembly.
π Explanation: ICMP Fragmentation attacks break large ICMP packets into fragments, overwhelming processing capabilities.
47. What does “Anycast Routing” help mitigate in DDoS attacks?
A) It distributes traffic to multiple servers, reducing attack impact
B) It encrypts incoming connections
C) It filters out suspicious DNS queries
D) It isolates malicious IPs using blockchain technology
β
Answer: A) It distributes traffic to multiple servers, reducing attack impact.
π Explanation: Anycast routing spreads network traffic across multiple locations, preventing single-point failures during DDoS attacks.
48. What is an example of a protocol-based DDoS attack?
A) HTTP Flood
B) Slowloris
C) SYN Flood
D) SQL Injection
β
Answer: C) SYN Flood.
π Explanation: SYN Floods exploit the TCP handshake process, making them protocol-based DDoS attacks.
49. Which type of attack manipulates TCP window sizes to exhaust server resources?
A) TCP Zero Window Attack
B) UDP Reflection Attack
C) SQL Injection
D) Clickjacking
β
Answer: A) TCP Zero Window Attack.
π Explanation: TCP Zero Window attacks manipulate TCP window sizes, forcing servers to pause connections and consume excessive resources.
50. What is the best proactive method to prevent a DDoS attack?
A) Keeping all ports open
B) Implementing rate limiting and traffic filtering
C) Using outdated software to avoid detection
D) Enabling all UDP services on a server
β
Answer: B) Implementing rate limiting and traffic filtering.
π Explanation: Rate limiting, traffic filtering, and anomaly detection are the best strategies to proactively mitigate DDoS attacks.
51. What is the primary objective of a DNS Water Torture attack?
A) To slowly exhaust DNS server resources by sending low-rate queries
B) To corrupt DNS records and redirect traffic
C) To inject malicious SQL queries into DNS records
D) To perform brute-force attacks on DNS zone files
β
Answer: A) To slowly exhaust DNS server resources by sending low-rate queries.
π Explanation: DNS Water Torture attacks involve sending a large number of low-volume, recursive DNS queries, gradually overwhelming the server.
52. How does a PDoS (Permanent Denial of Service) attack differ from a typical DDoS attack?
A) It aims to permanently damage hardware or firmware
B) It only lasts for a few seconds
C) It targets only IoT devices
D) It focuses on exhausting memory resources
β
Answer: A) It aims to permanently damage hardware or firmware.
π Explanation: Permanent Denial of Service (PDoS) attacks attempt to brick devices by flashing malicious firmware or overloading components.
53. What is the primary function of rate limiting in preventing DDoS attacks?
A) It blocks all incoming traffic from unknown IPs
B) It restricts the number of requests an IP can make within a set time frame
C) It encrypts all network packets
D) It prevents malware from infecting systems
β
Answer: B) It restricts the number of requests an IP can make within a set time frame.
π Explanation: Rate limiting controls the number of requests an IP can send in a given period, reducing the impact of DDoS attacks.
54. What is the primary goal of an NXDOMAIN DDoS attack?
A) To flood the target with invalid DNS queries to exhaust server resources
B) To inject SQL commands into a database
C) To hijack a domain’s MX records
D) To redirect all web traffic to a malicious website
β
Answer: A) To flood the target with invalid DNS queries to exhaust server resources.
π Explanation: NXDOMAIN attacks bombard DNS resolvers with nonexistent domain queries, causing DNS servers to become overwhelmed.
55. What is the best countermeasure against a UDP flood attack?
A) Disabling UDP traffic entirely
B) Implementing connection tracking and rate limiting
C) Increasing TCP buffer size
D) Using outdated firewall rules
β
Answer: B) Implementing connection tracking and rate limiting.
π Explanation: UDP floods can be mitigated by limiting the rate of UDP packets and using stateful firewall rules to drop excessive requests.
56. How does a Land Attack work?
A) It sends TCP SYN packets with the source and destination IP set to the same address
B) It floods the target with large ICMP packets
C) It corrupts DNS cache records
D) It performs a brute-force attack on login pages
β
Answer: A) It sends TCP SYN packets with the source and destination IP set to the same address.
π Explanation: Land attacks cause systems to continuously reply to their own packets, leading to a resource consumption loop.
57. What is the primary impact of a Ping Flood attack?
A) It overwhelms a target by sending an excessive number of ICMP Echo requests
B) It injects malicious payloads into HTTP headers
C) It modifies DNS zone transfers
D) It exploits open FTP connections
β
Answer: A) It overwhelms a target by sending an excessive number of ICMP Echo requests.
π Explanation: Ping floods use ICMP Echo Requests (pings) to exhaust bandwidth and processing power.
58. What security mechanism helps in preventing Layer 7 DDoS attacks?
A) Captcha verification
B) SSL/TLS encryption
C) Open DNS resolvers
D) TCP fragmentation
β
Answer: A) Captcha verification.
π Explanation: CAPTCHA helps mitigate Layer 7 attacks by ensuring traffic comes from a human user, reducing automated bot-based floods.
59. What is the primary goal of an SSL/TLS-based DDoS attack?
A) To exploit vulnerabilities in SSL/TLS handshake mechanisms
B) To redirect web traffic to a malicious server
C) To modify certificate expiration dates
D) To inject malicious payloads into HTTPS requests
β
Answer: A) To exploit vulnerabilities in SSL/TLS handshake mechanisms.
π Explanation: SSL/TLS DDoS attacks abuse expensive handshake processes, exhausting CPU resources on a target server.
60. What attack technique involves sending an excessive number of fragmented TCP packets?
A) Teardrop attack
B) HTTP request smuggling
C) DNS zone poisoning
D) SQL Injection
β
Answer: A) Teardrop attack.
π Explanation: Teardrop attacks send fragmented TCP packets that the target system cannot properly reassemble, causing system crashes.
61. Which of the following is a commonly used open-source DDoS mitigation tool?
A) Fail2Ban
B) Burp Suite
C) John the Ripper
D) Nmap
β
Answer: A) Fail2Ban.
π Explanation: Fail2Ban detects and blocks excessive connections based on failed login attempts and traffic patterns.
62. What does an attacker gain by performing a DNS Reflection attack?
A) They amplify the attack traffic significantly using open DNS resolvers
B) They gain administrative control over a target network
C) They modify database tables to exfiltrate sensitive data
D) They inject malicious JavaScript into DNS records
β
Answer: A) They amplify the attack traffic significantly using open DNS resolvers.
π Explanation: DNS Reflection attacks abuse open resolvers to amplify attack traffic, making the DDoS more powerful.
63. How does a Carpet Bombing attack work?
A) It distributes DDoS traffic across multiple IP addresses in a subnet
B) It floods a targetβs logs with fake error messages
C) It performs an automated SQL Injection attack
D) It corrupts firewall rule sets
β
Answer: A) It distributes DDoS traffic across multiple IP addresses in a subnet.
π Explanation: Carpet Bombing attacks spread DDoS traffic across multiple hosts, making mitigation harder.
64. What is the purpose of an Anycast-based DDoS mitigation strategy?
A) It distributes attack traffic across multiple locations to reduce impact
B) It encrypts network traffic
C) It isolates infected hosts from the network
D) It blocks all incoming UDP traffic
β
Answer: A) It distributes attack traffic across multiple locations to reduce impact.
π Explanation: Anycast routing spreads traffic across multiple data centers, making DDoS attacks less effective.
65. What is a good countermeasure against a Botnet-based DDoS attack?
A) IP reputation filtering and bot detection
B) Enabling all network ports for inspection
C) Allowing unrestricted access to public DNS servers
D) Using plain HTTP instead of HTTPS
β
Answer: A) IP reputation filtering and bot detection.
π Explanation: IP reputation lists help block known botnets, and behavioral analysis detects abnormal traffic patterns.
66. Which tool is used to simulate a large-scale DDoS attack for testing?
A) Hping3
B) John the Ripper
C) OWASP ZAP
D) Nikto
β
Answer: A) Hping3.
π Explanation: Hping3 allows security professionals to simulate DDoS attacks and test network resilience.
67. Which type of DDoS attack specifically targets VoIP systems?
A) SIP Flood
B) SQL Injection
C) Slowloris Attack
D) Smurf Attack
β
Answer: A) SIP Flood.
π Explanation: Session Initiation Protocol (SIP) Flood attacks overwhelm VoIP servers by sending excessive SIP requests, causing service disruptions.
68. What is the main goal of a SYN-ACK Reflection attack?
A) To send fake SYN-ACK packets to amplify attack traffic
B) To exploit weaknesses in SSL/TLS handshakes
C) To modify TCP sequence numbers
D) To manipulate database queries
β
Answer: A) To send fake SYN-ACK packets to amplify attack traffic.
π Explanation: In a SYN-ACK Reflection attack, attackers spoof SYN requests, causing servers to flood a victim with SYN-ACK responses.
69. Which of the following is a characteristic of an NTP-based DDoS attack?
A) Attackers abuse the monlist command to amplify attack traffic
B) It involves injecting malicious SQL queries
C) It encrypts traffic to bypass network filters
D) It only affects IPv6 networks
β
Answer: A) Attackers abuse the monlist command to amplify attack traffic.
π Explanation: NTP Amplification attacks exploit the monlist command to send large amounts of data to a spoofed target, amplifying the attack.
70. What security measure helps protect against DNS-based DDoS attacks?
A) Disabling recursive DNS queries on public-facing resolvers
B) Allowing unrestricted access to all DNS servers
C) Using outdated DNS protocols
D) Redirecting all DNS traffic to a single IP
β
Answer: A) Disabling recursive DNS queries on public-facing resolvers.
π Explanation: Disabling open recursion on DNS servers helps prevent DNS Amplification and NXDOMAIN DDoS attacks.
71. What is the primary effect of a CPU Exhaustion DDoS attack?
A) It forces the victimβs server CPU to run at 100% utilization
B) It targets the DNS resolution process
C) It overloads a systemβs hard drive
D) It injects malicious JavaScript
β
Answer: A) It forces the victimβs server CPU to run at 100% utilization.
π Explanation: CPU Exhaustion attacks generate traffic that consumes excessive CPU resources, slowing or crashing the system.
72. Which mitigation technique helps prevent DNS Flood attacks?
A) Rate limiting and DNS query filtering
B) Increasing bandwidth allocation
C) Using HTTP Load Balancers
D) Encrypting all DNS queries
β
Answer: A) Rate limiting and DNS query filtering.
π Explanation: DNS Flood attacks send a massive number of queries to DNS servers. Rate limiting and filtering prevent excessive traffic from overwhelming the server.
73. How does a Memcached DDoS attack work?
A) It exploits Memcached servers to amplify traffic
B) It injects malicious SQL queries
C) It encrypts traffic to avoid detection
D) It modifies firewall rules
β
Answer: A) It exploits Memcached servers to amplify traffic.
π Explanation: Memcached DDoS attacks exploit vulnerable Memcached servers to amplify attack traffic, overwhelming the victim.
74. What is the primary goal of a SYN Reset attack?
A) To reset active TCP connections and disrupt communication
B) To steal login credentials
C) To encrypt web traffic for malicious purposes
D) To manipulate DNS cache entries
β
Answer: A) To reset active TCP connections and disrupt communication.
π Explanation: SYN Reset attacks send spoofed TCP RST packets, forcing active connections to be abruptly terminated.
75. What is a characteristic of a Ransom DDoS (RDoS) attack?
A) Attackers demand payment to stop an ongoing or future DDoS attack
B) It is a type of SQL Injection attack
C) It encrypts all server files
D) It only affects cloud-based services
β
Answer: A) Attackers demand payment to stop an ongoing or future DDoS attack.
π Explanation: Ransom DDoS (RDoS) attacks involve threatening or executing a DDoS attack unless the victim pays a ransom.
76. What attack exploits the vulnerabilities in HTTP pipelining?
A) HTTP Request Smuggling
B) DNS Amplification
C) Ping of Death
D) ARP Spoofing
β
Answer: A) HTTP Request Smuggling.
π Explanation: HTTP Request Smuggling attacks exploit HTTP pipelining by sending malformed HTTP headers, confusing web servers and proxies.
77. What is an effective countermeasure for preventing Layer 3 DDoS attacks?
A) Using firewalls and rate limiting on network traffic
B) Enabling recursive DNS queries
C) Running outdated network protocols
D) Allowing all inbound UDP traffic
β
Answer: A) Using firewalls and rate limiting on network traffic.
π Explanation: Layer 3 DDoS attacks (such as ICMP and UDP floods) can be mitigated using firewalls and rate-limiting techniques.
78. What is an example of a connectionless DDoS attack?
A) UDP Flood
B) TCP SYN Flood
C) HTTP GET Flood
D) SSL Handshake Attack
β
Answer: A) UDP Flood.
π Explanation: UDP is a connectionless protocol, meaning UDP-based DDoS attacks (e.g., UDP Flood) do not require a handshake, making them faster.
79. What does the term βZombieβ refer to in a botnet-based DDoS attack?
A) A compromised machine that participates in a DDoS attack
B) A honeypot system that detects attackers
C) A security tool for preventing botnets
D) A specialized firewall rule
β
Answer: A) A compromised machine that participates in a DDoS attack.
π Explanation: Zombies are compromised systems in a botnet used to launch DDoS attacks without the ownerβs knowledge.
80. How does a Cloud-based DDoS Mitigation service help defend against attacks?
A) It absorbs and filters attack traffic before reaching the target
B) It encrypts all HTTP requests
C) It redirects all traffic to a backup server
D) It limits CPU usage on the target machine
β
Answer: A) It absorbs and filters attack traffic before reaching the target.
π Explanation: Cloud-based DDoS Mitigation services (e.g., Cloudflare, Akamai, AWS Shield) filter malicious traffic while allowing legitimate users access.
81. Which of the following best describes a DDoS attack using IoT devices?
A) Attackers exploit vulnerable IoT devices to form a botnet and launch a large-scale attack
B) Attackers use IoT devices to encrypt network traffic
C) IoT devices are immune to DDoS attacks
D) IoT-based DDoS attacks only target mobile applications
β
Answer: A) Attackers exploit vulnerable IoT devices to form a botnet and launch a large-scale attack.
π Explanation: IoT devices are often insecure and can be hijacked into botnets (e.g., Mirai botnet) to launch large-scale DDoS attacks.
82. What is an example of a Protocol-based DDoS attack?
A) SYN Flood
B) SQL Injection
C) XSS Attack
D) Brute Force Attack
β
Answer: A) SYN Flood.
π Explanation: Protocol-based DDoS attacks (e.g., SYN Flood) exploit vulnerabilities in TCP/IP protocols to exhaust server resources.
83. What makes IoT devices a popular target for DDoS botnets?
A) Weak security and default credentials
B) High computational power
C) Built-in DDoS protection
D) Encrypted communication
β
Answer: A) Weak security and default credentials.
π Explanation: Many IoT devices use default passwords and lack proper security measures, making them easy targets for DDoS botnets.
84. What type of DDoS attack leverages the STUN protocol?
A) Reflection-based attack
B) SQL Injection attack
C) Credential Stuffing attack
D) Social Engineering attack
β
Answer: A) Reflection-based attack.
π Explanation: The Session Traversal Utilities for NAT (STUN) protocol can be abused in reflection-based DDoS attacks by amplifying traffic.
85. What is the main purpose of a CDN (Content Delivery Network) in DDoS mitigation?
A) To distribute traffic across multiple servers, reducing attack impact
B) To encrypt all outgoing traffic
C) To store login credentials securely
D) To allow attackers to bypass authentication
β
Answer: A) To distribute traffic across multiple servers, reducing attack impact.
π Explanation: CDNs distribute content across multiple data centers, making it harder for attackers to overwhelm a single target.
86. How does an attacker abuse the SSDP protocol in a DDoS attack?
A) By sending spoofed M-SEARCH requests to amplify traffic
B) By exploiting SQL Injection vulnerabilities
C) By manipulating TCP window size
D) By injecting malware into SSDP devices
β
Answer: A) By sending spoofed M-SEARCH requests to amplify traffic.
π Explanation: SSDP (Simple Service Discovery Protocol) amplification attacks send spoofed M-SEARCH queries to reflect large responses onto the target.
87. Which technique is used by attackers to bypass rate-limiting protections in DDoS attacks?
A) Rotating botnet IP addresses
B) Enabling CAPTCHA verification
C) Blocking UDP traffic
D) Using SSL certificates
β
Answer: A) Rotating botnet IP addresses.
π Explanation: Attackers rotate botnet IP addresses (IP Spoofing) to avoid detection and bypass rate-limiting measures.
88. What is the main advantage of using Machine Learning in DDoS mitigation?
A) It detects and blocks abnormal traffic patterns in real-time
B) It encrypts all incoming traffic
C) It prevents all types of cyberattacks automatically
D) It allows attackers to inject malicious traffic
β
Answer: A) It detects and blocks abnormal traffic patterns in real-time.
π Explanation: Machine Learning-based DDoS protection analyzes traffic behavior patterns and automatically detects anomalous activity.
89. What is the main drawback of Blackhole Routing as a DDoS mitigation strategy?
A) It also drops legitimate traffic along with attack traffic
B) It requires massive computing power
C) It makes the website load faster
D) It allows attackers to access admin credentials
β
Answer: A) It also drops legitimate traffic along with attack traffic.
π Explanation: Blackhole Routing drops all traffic (malicious and legitimate) to the attacked server, making it an extreme but temporary solution.
90. What is the purpose of an Intrusion Prevention System (IPS) in DDoS mitigation?
A) To detect and block malicious traffic in real-time
B) To encrypt all outgoing emails
C) To optimize website speed
D) To increase server response times
β
Answer: A) To detect and block malicious traffic in real-time.
π Explanation: Intrusion Prevention Systems (IPS) analyze network traffic and can detect, block, and mitigate DDoS patterns in real-time.
91. Which attack involves sending excessive IPv6 Router Advertisement (RA) packets to overwhelm network devices?
A) IPv6 RA Flood attack
B) SQL Injection attack
C) Brute-force attack
D) Clickjacking attack
β
Answer: A) IPv6 RA Flood attack.
π Explanation: IPv6 Router Advertisement (RA) Flood attacks send a massive number of RA packets, overloading network devices.
92. What is the role of an API Gateway in preventing DDoS attacks?
A) It filters and limits excessive API requests to prevent abuse
B) It encrypts all network traffic
C) It allows attackers to inject code into APIs
D) It redirects all traffic to a secondary server
β
Answer: A) It filters and limits excessive API requests to prevent abuse.
π Explanation: API Gateways enforce rate limits, authentication, and filtering to prevent API-based DDoS attacks.
93. What attack manipulates TCP connection states to exhaust server resources?
A) TCP State-Exhaustion Attack
B) XSS Attack
C) SQL Injection
D) DNS Poisoning
β
Answer: A) TCP State-Exhaustion Attack.
π Explanation: TCP State-Exhaustion attacks overload a server by forcing it to maintain thousands of open connections, consuming memory and CPU.
94. What is the main risk of allowing open recursive DNS resolvers?
A) They can be abused for DNS Amplification attacks
B) They allow encryption bypass
C) They prevent network congestion
D) They block all malicious IPs
β
Answer: A) They can be abused for DNS Amplification attacks.
π Explanation: Open recursive DNS resolvers respond to any public request, making them vulnerable to DNS Amplification attacks.
95. What is the primary impact of an LDAP Amplification DDoS attack?
A) It exploits Lightweight Directory Access Protocol (LDAP) servers to amplify traffic
B) It modifies Active Directory user credentials
C) It encrypts all LDAP queries
D) It exploits authentication vulnerabilities
β
Answer: A) It exploits Lightweight Directory Access Protocol (LDAP) servers to amplify traffic.
π Explanation: LDAP Amplification attacks send small queries to LDAP servers, triggering large responses sent to the target.
96. What type of DDoS attack abuses CoAP (Constrained Application Protocol)?
A) CoAP Amplification Attack
B) HTTP Flood Attack
C) SQL Injection Attack
D) SSL Strip Attack
β
Answer: A) CoAP Amplification Attack.
π Explanation: CoAP (Constrained Application Protocol) Amplification attacks abuse vulnerable CoAP servers to generate massive traffic amplification.
97. How does a QUIC Flood attack work?
A) It floods a target with excessive QUIC (Quick UDP Internet Connections) packets
B) It modifies TCP sequence numbers
C) It encrypts network traffic using a custom key
D) It injects malicious SQL queries into QUIC sessions
β
Answer: A) It floods a target with excessive QUIC (Quick UDP Internet Connections) packets.
π Explanation: QUIC Flood attacks target servers that support QUIC, a UDP-based protocol designed for low-latency connections.
98. Which security mechanism helps mitigate QUIC-based DDoS attacks?
A) Rate-limiting QUIC packets
B) Using SSL certificates
C) Disabling IPv4 traffic
D) Enabling anonymous access
β
Answer: A) Rate-limiting QUIC packets.
π Explanation: Rate limiting prevents excessive QUIC connection requests, reducing the risk of QUIC Flood DDoS attacks.
99. How does an attacker execute an SNMP Amplification Attack?
A) By sending small requests to SNMP servers that generate large responses to the victim
B) By injecting SQL commands into SNMP queries
C) By modifying router configurations remotely
D) By encrypting all SNMP packets
β
Answer: A) By sending small requests to SNMP servers that generate large responses to the victim.
π Explanation: SNMP (Simple Network Management Protocol) Amplification attacks exploit misconfigured SNMP servers to amplify DDoS traffic.
100. What is a key indicator of a GRE (Generic Routing Encapsulation) DDoS attack?
A) High levels of GRE tunnel traffic from multiple sources
B) An increase in SQL errors in server logs
C) Unexpected redirects in web applications
D) Large numbers of failed SSH login attempts
β
Answer: A) High levels of GRE tunnel traffic from multiple sources.
π Explanation: GRE DDoS attacks flood GRE tunnels with excessive traffic, overwhelming the target network.
101. What is the primary target of an IP Fragmentation Attack?
A) The packet reassembly process of the victimβs system
B) DNS zone transfer requests
C) SQL database queries
D) Secure Shell (SSH) authentication
β
Answer: A) The packet reassembly process of the victimβs system.
π Explanation: IP Fragmentation attacks overwhelm the packet reassembly process, causing resource exhaustion and crashes.
102. How does an attacker conduct an IPv6 Router Advertisement Flood attack?
A) By sending excessive IPv6 RA packets to exhaust network resources
B) By exploiting SQL Injection vulnerabilities
C) By performing brute-force attacks on IPv6 authentication systems
D) By injecting fake DNS responses
β
Answer: A) By sending excessive IPv6 RA packets to exhaust network resources.
π Explanation: IPv6 Router Advertisement (RA) Flood attacks send a high number of IPv6 RA packets, overloading network switches and routers.
103. What is a common symptom of a WebSocket Flood attack?
A) A sudden increase in WebSocket connections overwhelming the server
B) Unauthorized modifications to API keys
C) Changes in TLS certificate expiration dates
D) A decrease in CPU utilization on the target server
β
Answer: A) A sudden increase in WebSocket connections overwhelming the server.
π Explanation: WebSocket Flood attacks send large numbers of WebSocket requests to overwhelm real-time communication servers.
104. Which tool is commonly used to simulate a WebSocket-based DDoS attack?
A) LOIC (Low Orbit Ion Cannon)
B) Slowloris
C) HULK (HTTP Unbearable Load King)
D) Hping3
β
Answer: C) HULK (HTTP Unbearable Load King).
π Explanation: HULK is a tool used to generate massive HTTP/WebSocket requests, simulating Layer 7 (Application Layer) attacks.
105. What type of DDoS attack abuses RDP (Remote Desktop Protocol)?
A) RDP Reflection Attack
B) RDP Buffer Overflow Attack
C) Brute-force RDP Authentication Attack
D) RDP Session Hijacking
β
Answer: A) RDP Reflection Attack.
π Explanation: RDP Reflection attacks abuse misconfigured RDP services to reflect attack traffic onto a victim.
106. How does an attacker execute a Plex Media Server Amplification attack?
A) By abusing vulnerable Plex Media servers to amplify attack traffic
B) By injecting malicious scripts into media files
C) By brute-forcing Plex user accounts
D) By modifying video stream metadata
β
Answer: A) By abusing vulnerable Plex Media servers to amplify attack traffic.
π Explanation: Plex Media Server DDoS attacks exploit open UDP ports to generate large traffic responses to victims.
107. How does a Reflection-Based ICMP DDoS attack work?
A) Attackers send spoofed ICMP Echo requests that result in amplified responses to a victim
B) Attackers modify TCP sequence numbers
C) Attackers inject SQL queries into network packets
D) Attackers encrypt all ICMP responses
β
Answer: A) Attackers send spoofed ICMP Echo requests that result in amplified responses to a victim.
π Explanation: Reflection-based ICMP attacks abuse misconfigured ICMP services to generate amplified traffic.
108. How does an attacker abuse Microsoft Remote Desktop Gateway (RD Gateway) for a DDoS attack?
A) By sending excessive authentication requests to overload the server
B) By injecting malicious code into the gateway
C) By modifying TLS certificates in transit
D) By using password spray attacks
β
Answer: A) By sending excessive authentication requests to overload the server.
π Explanation: RD Gateway DDoS attacks send mass authentication requests, overwhelming the serverβs processing capacity.
109. What is a characteristic of a “Low Orbit Ion Cannon (LOIC)” attack?
A) It floods a target with massive amounts of HTTP, TCP, or UDP requests
B) It encrypts all server traffic to bypass firewalls
C) It modifies SSL/TLS handshake processes
D) It only affects cloud-based networks
β
Answer: A) It floods a target with massive amounts of HTTP, TCP, or UDP requests.
π Explanation: LOIC is a widely used DDoS tool that floods targets with high volumes of traffic, causing service disruptions.
110. What is the main impact of an SSL Renegotiation DDoS attack?
A) It forces the target to repeatedly perform costly SSL/TLS handshake operations
B) It steals session cookies from a browser
C) It modifies DNS query responses
D) It injects JavaScript into secure sessions
β
Answer: A) It forces the target to repeatedly perform costly SSL/TLS handshake operations.
π Explanation: SSL Renegotiation attacks abuse the SSL handshake process, exhausting server CPU and memory resources.
111. How does an attacker exploit RIPv1 (Routing Information Protocol version 1) in a DDoS attack?
A) By sending spoofed route updates to overwhelm network devices
B) By injecting SQL commands into router configurations
C) By modifying firewall rules remotely
D) By using brute-force attacks on the admin interface
β
Answer: A) By sending spoofed route updates to overwhelm network devices.
π Explanation: RIPv1 lacks authentication, making it vulnerable to spoofed route updates, which can overload routers and disrupt network traffic.
112. What is a primary indicator of an IPv6 ND (Neighbor Discovery) DDoS attack?
A) A sudden flood of Neighbor Solicitation (NS) and Neighbor Advertisement (NA) packets
B) Unexpected DNS cache poisoning
C) Large numbers of failed SSH login attempts
D) A drop in TCP handshake completion rates
β
Answer: A) A sudden flood of Neighbor Solicitation (NS) and Neighbor Advertisement (NA) packets.
π Explanation: IPv6 ND (Neighbor Discovery) attacks flood the target with NS and NA packets, overloading network devices.
113. What is the impact of a TCP Out-of-Sequence Flood attack?
A) It forces the target to reassemble packets continuously, exhausting resources
B) It encrypts all TCP communication between the attacker and the target
C) It injects malicious JavaScript into HTTP responses
D) It modifies TLS certificate details
β
Answer: A) It forces the target to reassemble packets continuously, exhausting resources.
π Explanation: TCP Out-of-Sequence Flood attacks send randomized TCP segments, making reassembly difficult and causing high CPU usage.
114. How does a CHARGEN Amplification attack work?
A) Attackers send spoofed requests to CHARGEN-enabled servers to generate excessive responses
B) Attackers modify CHARGEN logs to erase evidence of intrusion
C) Attackers use CHARGEN to execute remote code on the target system
D) Attackers inject malicious SQL queries into CHARGEN processes
β
Answer: A) Attackers send spoofed requests to CHARGEN-enabled servers to generate excessive responses.
π Explanation: CHARGEN (Character Generator Protocol) Amplification attacks exploit misconfigured CHARGEN servers to generate large responses, amplifying attack traffic.
115. Which attack involves sending excessive “authentication challenge” requests to an HTTP/2 server?
A) HTTP/2 RST Flood
B) HTTP/2 Ping Flood
C) HTTP/2 Authentication Flood
D) HTTP/2 Connection Exhaustion
β
Answer: C) HTTP/2 Authentication Flood.
π Explanation: HTTP/2 Authentication Flood attacks abuse the authentication challenge mechanism, overloading web servers.
116. What is the primary impact of an IP Spoofing-based DDoS attack?
A) It makes it difficult to trace the attackβs origin
B) It steals sensitive data from the target
C) It injects malware into web applications
D) It manipulates DNS query responses
β
Answer: A) It makes it difficult to trace the attackβs origin.
π Explanation: IP Spoofing allows attackers to fake source IPs, preventing easy identification and blocking of malicious traffic.
117. What is the primary defense mechanism against a TCP Connection Exhaustion attack?
A) Implementing SYN cookies
B) Disabling IPv4 support
C) Allowing unrestricted TCP connections
D) Using outdated firewall rules
β
Answer: A) Implementing SYN cookies.
π Explanation: SYN cookies help mitigate TCP Connection Exhaustion attacks by ensuring only legitimate connections complete the handshake.
118. How does an attacker conduct an RDDoS (Ransom DDoS) attack?
A) By threatening or executing a DDoS attack unless the victim pays a ransom
B) By encrypting all network traffic
C) By modifying firewall configurations remotely
D) By injecting malicious SQL queries into databases
β
Answer: A) By threatening or executing a DDoS attack unless the victim pays a ransom.
π Explanation: Ransom DDoS (RDDoS) attacks demand payment to prevent or stop a DDoS attack.
119. What is a primary countermeasure for an IoT-based DDoS attack?
A) Disabling default credentials and enabling device security patches
B) Allowing all incoming connections from IoT devices
C) Blocking all HTTP traffic
D) Running IoT devices without firewalls
β
Answer: A) Disabling default credentials and enabling device security patches.
π Explanation: IoT-based botnets often exploit default credentials. Changing passwords and updating firmware helps prevent such attacks.
120. What type of DDoS attack exploits cloud-based hosting services?
A) Cloud Exhaustion DDoS Attack
B) SQL Injection DDoS Attack
C) DNS Cache Poisoning Attack
D) Man-in-the-Middle Attack
β
Answer: A) Cloud Exhaustion DDoS Attack.
π Explanation: Cloud Exhaustion DDoS attacks aim to consume cloud resources, leading to service outages and high operational costs.
121. What is a key characteristic of a Botnet-based HTTP Flood attack?
A) The attack traffic closely mimics legitimate user behavior
B) It only affects mobile applications
C) It only targets IPv6 networks
D) It involves encrypting network traffic
β
Answer: A) The attack traffic closely mimics legitimate user behavior.
π Explanation: Botnet-based HTTP Flood attacks use zombie devices to send realistic HTTP requests, making detection harder.
122. How does an attacker perform a SIP INVITE Flood attack?
A) By sending excessive SIP INVITE requests to overwhelm VoIP services
B) By modifying SQL queries in SIP databases
C) By corrupting VoIP encryption keys
D) By injecting malware into VoIP devices
β
Answer: A) By sending excessive SIP INVITE requests to overwhelm VoIP services.
π Explanation: SIP INVITE Flood attacks overwhelm VoIP servers with massive SIP call initiation requests, making them unresponsive.
123. What is the main goal of a Reflection-Based SSDP DDoS attack?
A) To amplify attack traffic by abusing Simple Service Discovery Protocol (SSDP)
B) To inject SQL commands into SSDP devices
C) To encrypt network communications
D) To modify DNS cache records
β
Answer: A) To amplify attack traffic by abusing Simple Service Discovery Protocol (SSDP).
π Explanation: SSDP-based DDoS attacks send spoofed requests to SSDP servers, which then reflect amplified responses to the victim.
124. What security technique is effective in detecting a Low and Slow DoS attack?
A) Behavioral anomaly detection
B) Increasing DNS response time
C) Allowing all UDP traffic
D) Disabling all network encryption
β
Answer: A) Behavioral anomaly detection.
π Explanation: Low and Slow DoS attacks generate subtle but persistent traffic, which can be identified using anomaly-based detection systems.
125. What is the purpose of a “Scrubbing Center” in DDoS mitigation?
A) To filter out malicious traffic while allowing legitimate users through
B) To encrypt all incoming and outgoing traffic
C) To disable IPv6 network protocols
D) To modify firewall configurations remotely
β
Answer: A) To filter out malicious traffic while allowing legitimate users through.
π Explanation: Scrubbing Centers analyze and filter DDoS traffic, ensuring only legitimate requests reach the target server.
126. What is a characteristic of a Carpet Bombing DDoS attack?
A) It distributes attack traffic across multiple IP addresses within a subnet
B) It encrypts all incoming and outgoing traffic
C) It modifies firewall configurations remotely
D) It only targets cloud-based networks
β
Answer: A) It distributes attack traffic across multiple IP addresses within a subnet.
π Explanation: Carpet Bombing attacks spread DDoS traffic across multiple hosts within a subnet, making detection and mitigation more difficult.
127. What makes a Bit-and-Piece DDoS attack different from traditional DDoS attacks?
A) It sends small attack traffic fragments from multiple sources, making it harder to detect
B) It encrypts all packets before sending them
C) It only affects IPv6 networks
D) It manipulates DNS response times
β
Answer: A) It sends small attack traffic fragments from multiple sources, making it harder to detect.
π Explanation: Bit-and-Piece DDoS attacks generate small traffic spikes from many different IPs, allowing them to bypass traditional rate-limiting defenses.
128. How does a Burst DDoS attack work?
A) It sends traffic in short, high-intensity bursts to avoid detection
B) It corrupts database records
C) It modifies HTTP headers
D) It exploits buffer overflow vulnerabilities
β
Answer: A) It sends traffic in short, high-intensity bursts to avoid detection.
π Explanation: Burst DDoS attacks send short, intense bursts of traffic to avoid being detected by anomaly-based monitoring systems.
129. What security measure helps prevent an IoT-based DDoS attack?
A) Regular firmware updates and disabling unnecessary services on IoT devices
B) Blocking all HTTP traffic
C) Enabling unrestricted network access for IoT devices
D) Using default manufacturer credentials
β
Answer: A) Regular firmware updates and disabling unnecessary services on IoT devices.
π Explanation: IoT devices are common DDoS botnet targets. Regular updates and disabling unused services reduce exploitation risks.
130. How does an LDAP Amplification attack work?
A) Attackers send small requests to LDAP servers that generate large responses directed at the victim
B) Attackers modify LDAP user authentication logs
C) Attackers inject SQL queries into LDAP databases
D) Attackers encrypt all LDAP communications
β
Answer: A) Attackers send small requests to LDAP servers that generate large responses directed at the victim.
π Explanation: LDAP Amplification attacks abuse Lightweight Directory Access Protocol (LDAP) servers to amplify attack traffic against a target.
131. How does a DNS SEC DDoS attack exploit the DNSSEC protocol?
A) By sending excessive DNSSEC validation requests to overwhelm the target
B) By injecting malicious scripts into DNSSEC records
C) By modifying SSL/TLS certificates
D) By encrypting DNS queries
β
Answer: A) By sending excessive DNSSEC validation requests to overwhelm the target.
π Explanation: DNSSEC-based DDoS attacks target DNSSEC validation processes, forcing DNS resolvers to perform resource-intensive cryptographic operations.
132. What is the primary goal of a VoIP DDoS attack?
A) To disrupt Voice over IP (VoIP) communication by flooding SIP servers with requests
B) To inject SQL queries into VoIP databases
C) To modify firewall configurations remotely
D) To steal VoIP user credentials
β
Answer: A) To disrupt Voice over IP (VoIP) communication by flooding SIP servers with requests.
π Explanation: VoIP DDoS attacks overload SIP (Session Initiation Protocol) servers, causing call disruptions and poor quality of service.
133. What is a main feature of a Smokescreen DDoS attack?
A) It acts as a distraction while another attack is carried out
B) It encrypts all incoming network traffic
C) It modifies TCP sequence numbers
D) It injects malicious JavaScript into HTTP requests
β
Answer: A) It acts as a distraction while another attack is carried out.
π Explanation: Smokescreen attacks flood the target with fake DDoS traffic to distract security teams while a more serious attack occurs elsewhere.
134. How does a Connection Reset (RST) Flood attack work?
A) It sends excessive TCP RST packets to force premature termination of connections
B) It corrupts database entries
C) It modifies API response headers
D) It injects DNS cache poisoning payloads
β
Answer: A) It sends excessive TCP RST packets to force premature termination of connections.
π Explanation: RST Flood attacks overwhelm a serverβs TCP stack by forcing connections to be reset frequently.
135. What is the purpose of a DDoS Scrubbing Service?
A) To filter and remove malicious traffic before reaching the target network
B) To encrypt all web traffic
C) To allow attackers to bypass authentication
D) To modify firewall rules remotely
β
Answer: A) To filter and remove malicious traffic before reaching the target network.
π Explanation: DDoS Scrubbing services analyze incoming traffic and remove malicious requests, allowing only legitimate traffic to reach the target.
136. What makes a SYN-ACK DDoS attack different from a SYN Flood?
A) A SYN-ACK attack floods a target with spoofed SYN-ACK packets instead of SYN requests
B) A SYN-ACK attack encrypts network communications
C) A SYN-ACK attack only affects cloud-based environments
D) A SYN-ACK attack injects SQL queries into TCP headers
β
Answer: A) A SYN-ACK attack floods a target with spoofed SYN-ACK packets instead of SYN requests.
π Explanation: SYN-ACK Flood attacks flood a target with spoofed SYN-ACK responses, exhausting its resources.
137. What is an effective defense against a Slow HTTP POST DoS attack?
A) Setting a time limit for incomplete HTTP POST requests
B) Allowing all incoming connections
C) Disabling firewall protections
D) Using outdated SSL certificates
β
Answer: A) Setting a time limit for incomplete HTTP POST requests.
π Explanation: Slow HTTP POST attacks exploit servers that wait indefinitely for full POST requests. Time-based limits mitigate the attack.
138. How does an HTTP/2 HEADERS Flood attack work?
A) By sending excessive HTTP/2 header frames to overwhelm the target server
B) By modifying API tokens in HTTP requests
C) By injecting SQL commands into HTTP response headers
D) By bypassing TLS encryption
β
Answer: A) By sending excessive HTTP/2 header frames to overwhelm the target server.
π Explanation: HTTP/2 HEADERS Flood attacks exploit header compression to flood servers with excessive HTTP/2 header frames.
139. What makes a Phantom Flood attack difficult to detect?
A) It mimics legitimate user traffic patterns
B) It encrypts all network packets
C) It modifies firewall rules remotely
D) It only affects cloud-based applications
β
Answer: A) It mimics legitimate user traffic patterns.
π Explanation: Phantom Flood attacks send realistic-looking traffic, making it difficult for traditional DDoS defenses to distinguish between real and malicious requests.
140. How does a SIP Registration Flood attack work?
A) By sending massive SIP REGISTER requests to overwhelm VoIP systems
B) By modifying SIP firewall rules
C) By encrypting VoIP session data
D) By injecting malware into VoIP devices
β
Answer: A) By sending massive SIP REGISTER requests to overwhelm VoIP systems.
π Explanation: SIP Registration Flood attacks target VoIP registration servers, causing service disruptions.
141. What makes a “Pulse Wave” DDoS attack particularly effective?
A) It delivers short bursts of high-intensity traffic to overwhelm defenses
B) It encrypts all attack traffic
C) It modifies firewall rules remotely
D) It exclusively targets cloud environments
β
Answer: A) It delivers short bursts of high-intensity traffic to overwhelm defenses.
π Explanation: Pulse Wave DDoS attacks use high-intensity, short-duration waves of traffic to bypass traditional mitigation strategies.
142. How does a Web Cache Poisoning DoS attack work?
A) By injecting malicious data into a caching server to serve incorrect responses
B) By modifying TCP sequence numbers
C) By encrypting web traffic to make it unreadable
D) By flooding HTTP GET requests to the server
β
Answer: A) By injecting malicious data into a caching server to serve incorrect responses.
π Explanation: Web Cache Poisoning attacks manipulate caching mechanisms to serve incorrect or malicious responses, disrupting website functionality.
143. How does a DNS Query Flood attack differ from a DNS Amplification attack?
A) A DNS Query Flood directly overwhelms the target with excessive queries, while DNS Amplification uses open resolvers to amplify traffic
B) A DNS Query Flood encrypts all DNS responses
C) A DNS Query Flood modifies firewall rules remotely
D) A DNS Query Flood only affects IPv6 networks
β
Answer: A) A DNS Query Flood directly overwhelms the target with excessive queries, while DNS Amplification uses open resolvers to amplify traffic.
π Explanation: DNS Query Floods send large numbers of DNS requests to exhaust the DNS serverβs resources.
144. What is the main goal of a Fragment Overlap Attack?
A) To exploit the way operating systems reassemble fragmented packets
B) To modify TLS encryption keys
C) To inject SQL queries into TCP headers
D) To encrypt all UDP traffic
β
Answer: A) To exploit the way operating systems reassemble fragmented packets.
π Explanation: Fragment Overlap attacks send overlapping fragmented packets, leading to system crashes or resource exhaustion.
145. What mitigation strategy is most effective against an Application Layer (Layer 7) DDoS attack?
A) Using Web Application Firewalls (WAF) and rate limiting
B) Encrypting all network traffic
C) Blocking all HTTP requests
D) Using older versions of network protocols
β
Answer: A) Using Web Application Firewalls (WAF) and rate limiting.
π Explanation: WAFs and rate limiting help detect and filter malicious Layer 7 traffic, preventing web application overload.
146. How does a SIP Call Flood attack impact VoIP services?
A) It floods the target VoIP system with call requests, exhausting resources
B) It modifies call metadata to redirect calls
C) It injects malware into VoIP endpoints
D) It encrypts all SIP messages
β
Answer: A) It floods the target VoIP system with call requests, exhausting resources.
π Explanation: SIP Call Flood attacks send high volumes of call initiation requests, preventing legitimate users from making calls.
147. What is the purpose of “Challenge-Response Authentication” in DDoS mitigation?
A) To verify that requests come from legitimate users and not automated bots
B) To encrypt all web traffic
C) To modify firewall configurations
D) To disable TCP connections
β
Answer: A) To verify that requests come from legitimate users and not automated bots.
π Explanation: Challenge-Response Authentication, such as CAPTCHAs, helps filter out bot-generated attack traffic.
148. What makes a UDP Reflection attack different from a UDP Flood attack?
A) A UDP Reflection attack uses third-party servers to amplify attack traffic, while a UDP Flood directly sends traffic to the target
B) A UDP Reflection attack modifies firewall rules
C) A UDP Reflection attack encrypts all attack traffic
D) A UDP Reflection attack only affects IPv6 networks
β
Answer: A) A UDP Reflection attack uses third-party servers to amplify attack traffic, while a UDP Flood directly sends traffic to the target.
π Explanation: UDP Reflection attacks abuse open UDP services (e.g., DNS, NTP) to amplify attack traffic toward a victim.
149. What is the primary target of an HTTP/2 Ping Flood attack?
A) The target serverβs HTTP/2 session handling process
B) The targetβs DNS records
C) The TCP handshake process
D) The SSH authentication mechanism
β
Answer: A) The target serverβs HTTP/2 session handling process.
π Explanation: HTTP/2 Ping Flood attacks exploit the HTTP/2 keep-alive mechanism, forcing the server to process an excessive number of pings.
150. What is a primary countermeasure for a GRE Tunnel DDoS attack?
A) Implementing traffic filtering and GRE-specific rate limiting
B) Blocking all HTTP requests
C) Encrypting all SSH traffic
D) Modifying TCP sequence numbers
β
Answer: A) Implementing traffic filtering and GRE-specific rate limiting.
π Explanation: GRE Tunnel DDoS attacks exploit Generic Routing Encapsulation (GRE) tunnels. Rate limiting and filtering mitigate these attacks.
151. How does an attacker conduct a BGP Hijacking attack to facilitate a DDoS attack?
A) By announcing fraudulent BGP routes to redirect traffic through malicious networks
B) By modifying API request headers
C) By injecting SQL commands into HTTP packets
D) By encrypting network traffic
β
Answer: A) By announcing fraudulent BGP routes to redirect traffic through malicious networks.
π Explanation: BGP Hijacking attacks involve malicious route announcements, redirecting internet traffic through attacker-controlled networks.
152. What type of attack exploits the OPC UA protocol for DDoS purposes?
A) OPC UA Amplification Attack
B) SQL Injection Attack
C) ARP Spoofing Attack
D) Brute Force Attack
β
Answer: A) OPC UA Amplification Attack.
π Explanation: OPC UA Amplification attacks abuse misconfigured OPC UA (Open Platform Communications Unified Architecture) servers to amplify attack traffic.
153. How does an attacker exploit the MQTT protocol in a DDoS attack?
A) By sending excessive MQTT publish messages to overwhelm IoT devices
B) By modifying firewall configurations remotely
C) By injecting malware into MQTT packets
D) By encrypting all MQTT traffic
β
Answer: A) By sending excessive MQTT publish messages to overwhelm IoT devices.
π Explanation: MQTT-based DDoS attacks flood IoT systems with excessive publish/subscribe messages, causing resource exhaustion.
154. What makes a Phantom TCP Flood attack different from a standard SYN Flood attack?
A) It manipulates TCP flags to make detection more difficult
B) It encrypts all TCP packets
C) It modifies firewall rules
D) It injects SQL queries into TCP connections
β
Answer: A) It manipulates TCP flags to make detection more difficult.
π Explanation: Phantom TCP Flood attacks use various TCP flag combinations to evade traditional SYN Flood detection mechanisms.
155. What is the primary defense against a DNS Water Torture attack?
A) Implementing rate limiting on recursive DNS queries
B) Encrypting all DNS traffic
C) Modifying SSL/TLS certificates
D) Disabling all network encryption
β
Answer: A) Implementing rate limiting on recursive DNS queries.
π Explanation: DNS Water Torture attacks exploit recursive DNS lookups. Rate limiting mitigates their impact.
156. What is a key characteristic of a “Phantom Flood” attack?
A) It mimics legitimate traffic patterns to evade detection
B) It encrypts all attack traffic before sending
C) It only targets DNS servers
D) It modifies TCP sequence numbers
β
Answer: A) It mimics legitimate traffic patterns to evade detection.
π Explanation: Phantom Flood attacks generate realistic-looking traffic, making it difficult for anomaly-based defenses to distinguish between real users and attackers.
157. What is a key feature of a Slow Drop DDoS attack?
A) It slowly drops packets over time to cause network congestion
B) It brute-forces login credentials
C) It encrypts all outbound network traffic
D) It modifies firewall rules remotely
β
Answer: A) It slowly drops packets over time to cause network congestion.
π Explanation: Slow Drop attacks degrade network performance gradually by intentionally delaying or dropping packets, making troubleshooting difficult.
158. How does an attacker execute a SOCKS Proxy DDoS attack?
A) By abusing misconfigured SOCKS proxies to reflect attack traffic
B) By encrypting all HTTP traffic
C) By modifying firewall configurations remotely
D) By injecting malicious JavaScript into proxy logs
β
Answer: A) By abusing misconfigured SOCKS proxies to reflect attack traffic.
π Explanation: SOCKS Proxy DDoS attacks exploit open SOCKS proxies to bounce attack traffic off multiple relay points, making it harder to detect.
159. What makes an “Application Exhaustion DDoS attack” particularly dangerous?
A) It consumes an applicationβs resources without generating excessive network traffic
B) It only affects mobile applications
C) It encrypts all HTTP packets
D) It modifies DNS query results
β
Answer: A) It consumes an applicationβs resources without generating excessive network traffic.
π Explanation: Application Exhaustion attacks focus on depleting server resources (CPU, memory, database connections, etc.) rather than overwhelming bandwidth.
160. What is the main risk of an RIPv2 Spoofing DDoS attack?
A) Attackers can inject fake routing updates to disrupt network traffic
B) It modifies firewall rule sets
C) It encrypts network communications
D) It floods DNS resolvers with queries
β
Answer: A) Attackers can inject fake routing updates to disrupt network traffic.
π Explanation: RIPv2 Spoofing attacks involve sending malicious route advertisements to reroute or disrupt network traffic.
161. How does an attacker exploit the gRPC protocol in a DDoS attack?
A) By sending a massive number of remote procedure calls (RPCs) to overwhelm the target
B) By modifying gRPC encryption settings
C) By injecting SQL commands into gRPC requests
D) By altering HTTP response headers
β
Answer: A) By sending a massive number of remote procedure calls (RPCs) to overwhelm the target.
π Explanation: gRPC-based DDoS attacks exploit the high-performance RPC protocol by flooding the server with excessive remote procedure calls.
162. How does a QUIC-based DDoS attack work?
A) By flooding a target with QUIC connection requests to exhaust resources
B) By modifying TCP sequence numbers
C) By injecting malicious JavaScript into QUIC payloads
D) By encrypting all HTTP requests
β
Answer: A) By flooding a target with QUIC connection requests to exhaust resources.
π Explanation: QUIC Flood attacks target QUIC-based servers (used in Google Chrome, HTTP/3) by sending excessive handshake requests.
163. What is the best way to mitigate an mDNS-based DDoS attack?
A) Disabling mDNS on public-facing devices
B) Encrypting all mDNS queries
C) Allowing unrestricted access to mDNS services
D) Blocking all TCP traffic
β
Answer: A) Disabling mDNS on public-facing devices.
π Explanation: mDNS (Multicast DNS) Amplification attacks exploit misconfigured mDNS servers. Disabling mDNS on internet-facing devices prevents abuse.
164. What is the primary defense mechanism against a TCP ACK Flood attack?
A) Implementing stateful packet filtering to verify connection legitimacy
B) Blocking all TCP traffic
C) Modifying API response headers
D) Using outdated firewall configurations
β
Answer: A) Implementing stateful packet filtering to verify connection legitimacy.
π Explanation: TCP ACK Flood attacks overwhelm a server by sending massive TCP ACK packets. Stateful filtering ensures only valid connections are processed.
165. What is an effective countermeasure against a Connection Exhaustion DoS attack?
A) Enforcing timeouts for idle connections
B) Blocking all HTTP traffic
C) Encrypting all network traffic
D) Modifying firewall rules remotely
β
Answer: A) Enforcing timeouts for idle connections.
π Explanation: Connection Exhaustion DoS attacks keep connections open indefinitely. Enforcing timeouts prevents attackers from exhausting server resources.
166. What makes a “DNS Slow Drip” attack effective?
A) It sends DNS queries at a slow rate to gradually exhaust resources
B) It encrypts all DNS queries
C) It modifies TCP sequence numbers
D) It injects SQL queries into DNS records
β
Answer: A) It sends DNS queries at a slow rate to gradually exhaust resources.
π Explanation: DNS Slow Drip attacks generate low-frequency DNS queries, slowly draining resources without triggering anomaly detection.
167. What is the primary impact of a HTTP/3 Rapid Reset attack?
A) It forces repeated connection resets, consuming server resources
B) It encrypts all HTTP/3 headers
C) It modifies firewall rule sets
D) It injects SQL commands into API requests
β
Answer: A) It forces repeated connection resets, consuming server resources.
π Explanation: HTTP/3 Rapid Reset attacks exploit QUIC’s connection management by forcing repeated session resets, overwhelming the target.
168. How does an attacker conduct an SMB-Based DDoS attack?
A) By sending excessive SMB requests to overload file-sharing services
B) By modifying SMB encryption algorithms
C) By injecting SQL queries into SMB requests
D) By modifying TCP sequence numbers
β
Answer: A) By sending excessive SMB requests to overload file-sharing services.
π Explanation: SMB-based DDoS attacks flood file-sharing services (e.g., Windows file sharing) with excessive Server Message Block (SMB) requests.
169. How does a WebSocket Abuse attack impact a server?
A) It exploits persistent WebSocket connections to overwhelm server resources
B) It encrypts all WebSocket messages
C) It modifies HTTP/2 headers
D) It injects SQL queries into JavaScript files
β
Answer: A) It exploits persistent WebSocket connections to overwhelm server resources.
π Explanation: WebSocket Abuse attacks create thousands of persistent WebSocket connections, exhausting server memory and processing power.
170. What makes an “Unfinished TCP Handshake” attack effective?
A) It leaves a large number of TCP connections in an incomplete state, consuming resources
B) It encrypts all TCP packets
C) It modifies API request headers
D) It injects DNS cache poisoning payloads
β
Answer: A) It leaves a large number of TCP connections in an incomplete state, consuming resources.
π Explanation: Unfinished TCP Handshake attacks (e.g., SYN Flood attacks) leave many half-open TCP connections, preventing new connections from being established.
171. How does a “VoIP Registration Hijacking” attack work in a DDoS scenario?
A) By sending massive VoIP registration requests to deplete server resources
B) By modifying SIP call metadata
C) By injecting malware into VoIP endpoints
D) By encrypting all SIP messages
β
Answer: A) By sending massive VoIP registration requests to deplete server resources.
π Explanation: VoIP Registration Hijacking attacks flood SIP registration servers with fake requests, preventing legitimate users from making calls.
172. What makes a “Randomized Packet Size Flood” attack difficult to detect?
A) It uses varying packet sizes to evade anomaly-based detection systems
B) It encrypts all network traffic
C) It modifies firewall rules remotely
D) It injects SQL commands into HTTP requests
β
Answer: A) It uses varying packet sizes to evade anomaly-based detection systems.
π Explanation: Randomized Packet Size Floods make it harder for firewalls and IDS/IPS systems to identify and block the attack traffic.
173. How does an attacker exploit “Multi-Vector DDoS” techniques?
A) By combining multiple attack vectors (e.g., volumetric, protocol-based, and application-layer) simultaneously
B) By encrypting all network packets
C) By modifying TCP sequence numbers
D) By blocking firewall protections
β
Answer: A) By combining multiple attack vectors (e.g., volumetric, protocol-based, and application-layer) simultaneously.
π Explanation: Multi-Vector DDoS attacks use a combination of attack techniques to bypass multiple layers of defense simultaneously.
174. What is the primary goal of a “Session Table Exhaustion” attack?
A) To deplete available session tracking resources on a target server
B) To encrypt session cookies for security
C) To modify firewall rule sets
D) To inject JavaScript into API responses
β
Answer: A) To deplete available session tracking resources on a target server.
π Explanation: Session Table Exhaustion attacks fill up the targetβs session tracking table, preventing new connections.
175. What is a “Loopback Amplification” attack?
A) An attack that manipulates network protocols to make a system send traffic to itself
B) An attack that modifies HTTP headers
C) An attack that encrypts all UDP traffic
D) An attack that injects DNS cache poisoning payloads
β
Answer: A) An attack that manipulates network protocols to make a system send traffic to itself.
π Explanation: Loopback Amplification attacks exploit misconfigured services to make a target repeatedly respond to its own traffic.
176. How does an HTTP Malformed Header Flood attack work?
A) By sending HTTP requests with malformed headers to crash web servers
B) By modifying TCP sequence numbers
C) By injecting SQL commands into HTTP packets
D) By encrypting all HTTP requests
β
Answer: A) By sending HTTP requests with malformed headers to crash web servers.
π Explanation: Malformed Header Flood attacks exploit web serversβ header processing mechanisms, causing server crashes or resource exhaustion.
177. How does a “Distributed Reflection DoS (DRDoS)” attack differ from a standard DDoS attack?
A) It uses legitimate third-party servers to reflect traffic at the target
B) It encrypts all attack packets
C) It modifies firewall configurations remotely
D) It exclusively targets cloud-based services
β
Answer: A) It uses legitimate third-party servers to reflect traffic at the target.
π Explanation: DRDoS attacks use reflection techniques, making traffic appear to come from legitimate sources.
178. How does a “Fragmented UDP Flood” attack work?
A) By sending UDP packets fragmented into small pieces to bypass detection and overwhelm the target
B) By modifying UDP encryption keys
C) By injecting SQL commands into UDP packets
D) By encrypting all UDP traffic
β
Answer: A) By sending UDP packets fragmented into small pieces to bypass detection and overwhelm the target.
π Explanation: Fragmented UDP Flood attacks break UDP packets into small fragments, making filtering difficult and consuming extra processing power.
179. What makes an “HTTP Multiplexing DoS Attack” particularly effective?
A) It exploits HTTP/2 and HTTP/3 multiplexing features to overwhelm servers with simultaneous requests
B) It encrypts all HTTP packets
C) It modifies firewall rules remotely
D) It injects JavaScript into API responses
β
Answer: A) It exploits HTTP/2 and HTTP/3 multiplexing features to overwhelm servers with simultaneous requests.
π Explanation: HTTP Multiplexing DoS attacks take advantage of HTTP/2 and HTTP/3’s ability to send multiple requests at once, consuming excessive server resources.
180. How does an attacker conduct an “IoT Firmware Update Flood” attack?
A) By triggering repeated firmware update requests on IoT devices, overloading the network
B) By encrypting all firmware files
C) By modifying TCP sequence numbers
D) By injecting malware into API responses
β
Answer: A) By triggering repeated firmware update requests on IoT devices, overloading the network.
π Explanation: IoT Firmware Update Flood attacks repeatedly request firmware updates, consuming network bandwidth and device processing power.
181. What is the primary defense mechanism against “Unsolicited SYN-ACK Flood” attacks?
A) Implementing SYN cookies to verify connection legitimacy
B) Blocking all TCP traffic
C) Encrypting all TCP headers
D) Disabling firewall protections
β
Answer: A) Implementing SYN cookies to verify connection legitimacy.
π Explanation: SYN-ACK Flood attacks send spoofed SYN-ACK responses, causing resource exhaustion. SYN cookies mitigate this risk.
182. What is a key characteristic of an “SSL Renegotiation Flood” attack?
A) It forces repeated SSL/TLS renegotiation requests to consume server resources
B) It encrypts all network traffic
C) It modifies firewall rules remotely
D) It injects SQL commands into SSL headers
β
Answer: A) It forces repeated SSL/TLS renegotiation requests to consume server resources.
π Explanation: SSL Renegotiation Flood attacks exploit SSL/TLS handshake mechanisms, draining CPU and memory resources.
183. How does an attacker perform a “Shadow Server Attack”?
A) By redirecting legitimate traffic to a malicious duplicate of the target server
B) By modifying API response headers
C) By encrypting all HTTP requests
D) By injecting JavaScript into network packets
β
Answer: A) By redirecting legitimate traffic to a malicious duplicate of the target server.
π Explanation: Shadow Server attacks involve setting up a replica of a legitimate service, stealing or manipulating user requests.
184. What is a key characteristic of a “Zero-Day DDoS attack”?
A) It exploits previously unknown vulnerabilities to execute a DDoS attack
B) It encrypts all network packets to evade detection
C) It modifies API response headers
D) It injects JavaScript into DNS records
β
Answer: A) It exploits previously unknown vulnerabilities to execute a DDoS attack.
π Explanation: Zero-Day DDoS attacks take advantage of undiscovered vulnerabilities, making them difficult to defend against until a patch is available.
185. How does an “IPv6 Router Solicitation Flood” attack work?
A) By sending excessive Router Solicitation messages to overload IPv6-enabled routers
B) By modifying IPv6 encryption keys
C) By injecting SQL commands into IPv6 packets
D) By blocking all ICMPv6 traffic
β
Answer: A) By sending excessive Router Solicitation messages to overload IPv6-enabled routers.
π Explanation: IPv6 Router Solicitation Flood attacks target IPv6 networks by overloading routers with solicitation messages, preventing normal operations.
186. What is an effective countermeasure against a “SYN-ACK Reflection” attack?
A) Deploying SYN cookies to verify TCP handshake legitimacy
B) Blocking all TCP traffic
C) Modifying DNS response headers
D) Encrypting all outgoing packets
β
Answer: A) Deploying SYN cookies to verify TCP handshake legitimacy.
π Explanation: SYN-ACK Reflection attacks abuse TCP handshakes by sending forged SYN-ACK packets to victims. SYN cookies help detect and block fake requests.
187. What is the primary objective of a “Connection Hoarding” attack?
A) To maintain persistent, idle connections and exhaust server resources
B) To encrypt all TCP packets
C) To modify firewall rule sets
D) To inject malware into API requests
β
Answer: A) To maintain persistent, idle connections and exhaust server resources.
π Explanation: Connection Hoarding attacks hold multiple open but inactive connections, consuming server resources without actual traffic.
188. How does an “SMTP Mail Bombing” attack work?
A) By sending an excessive number of emails to a target mail server, overwhelming its resources
B) By modifying SMTP authentication protocols
C) By injecting JavaScript into email headers
D) By encrypting all outgoing mail
β
Answer: A) By sending an excessive number of emails to a target mail server, overwhelming its resources.
π Explanation: SMTP Mail Bombing attacks overload email servers by flooding them with large numbers of emails, causing service disruption.
189. How does a “Recursive HTTP Request Flood” attack work?
A) By repeatedly triggering multiple HTTP requests using recursion loops
B) By modifying HTTP response headers
C) By encrypting all HTTP traffic
D) By injecting SQL commands into HTTP responses
β
Answer: A) By repeatedly triggering multiple HTTP requests using recursion loops.
π Explanation: Recursive HTTP Request Flood attacks exploit recursive server processing, generating excessive requests and overloading the target.
190. What is the impact of a “DNS ANY Query Flood” attack?
A) It overwhelms DNS servers by requesting all available DNS records for a domain
B) It modifies DNS cache records
C) It encrypts all DNS responses
D) It injects malware into DNS packets
β
Answer: A) It overwhelms DNS servers by requesting all available DNS records for a domain.
π Explanation: DNS ANY Query Flood attacks send excessive ANY record queries, forcing DNS servers to provide large responses, consuming resources.
191. How does a “TLS Negotiation Delay” attack impact web servers?
A) It forces excessive TLS handshake negotiations to exhaust CPU resources
B) It modifies SSL certificates in transit
C) It encrypts all TCP packets
D) It injects SQL commands into HTTPS traffic
β
Answer: A) It forces excessive TLS handshake negotiations to exhaust CPU resources.
π Explanation: TLS Negotiation Delay attacks abuse TLS handshake mechanisms, overloading CPU usage on web servers.
192. What makes a “Randomized URL Parameter DDoS” attack difficult to mitigate?
A) It sends varying URL parameters, preventing caching and increasing server load
B) It encrypts all network traffic
C) It modifies TCP sequence numbers
D) It injects JavaScript into API requests
β
Answer: A) It sends varying URL parameters, preventing caching and increasing server load.
π Explanation: Randomized URL Parameter DDoS attacks create unique HTTP requests, forcing web servers to process each request separately, bypassing caching mechanisms.
193. What is a “Hash Collision DDoS” attack?
A) It overwhelms a serverβs hash function by forcing collisions, leading to excessive computation
B) It encrypts all TCP packets
C) It modifies SSL certificates remotely
D) It injects malware into DNS requests
β
Answer: A) It overwhelms a serverβs hash function by forcing collisions, leading to excessive computation.
π Explanation: Hash Collision DDoS attacks exploit weak hash functions by generating multiple hash collisions, overloading the server.
194. What is the primary target of a “WebSockets DDoS” attack?
A) The persistent WebSocket connections established between the client and server
B) The DNS resolution process
C) The TCP handshake mechanism
D) The SMTP mail server
β
Answer: A) The persistent WebSocket connections established between the client and server.
π Explanation: WebSockets DDoS attacks create thousands of persistent WebSocket connections, overwhelming the target serverβs resources.
195. How does an “HTTP Dynamic Content Flood” attack work?
A) By forcing web servers to generate dynamic content repeatedly, consuming CPU and memory
B) By encrypting all HTTP packets
C) By modifying API response headers
D) By injecting SQL commands into HTTP responses
β
Answer: A) By forcing web servers to generate dynamic content repeatedly, consuming CPU and memory.
π Explanation: HTTP Dynamic Content Flood attacks bypass caching mechanisms by requesting dynamically generated pages repeatedly, overloading the backend server.
196. What makes an “IoT Command Injection DDoS” attack dangerous?
A) It exploits IoT devices to execute remote commands, forming a botnet
B) It encrypts all IoT communications
C) It modifies firewall rule sets
D) It injects JavaScript into HTTP packets
β
Answer: A) It exploits IoT devices to execute remote commands, forming a botnet.
π Explanation: IoT Command Injection attacks use vulnerabilities in IoT firmware to execute malicious remote commands, creating large-scale botnets.
197. What is a key characteristic of a “UDP Packet Fragmentation Attack”?
A) It sends fragmented UDP packets to evade detection and overwhelm resources
B) It encrypts all UDP traffic
C) It modifies firewall rule sets
D) It injects SQL queries into UDP headers
β
Answer: A) It sends fragmented UDP packets to evade detection and overwhelm resources.
π Explanation: UDP Packet Fragmentation attacks send deliberately fragmented UDP packets, forcing systems to reassemble them and consuming resources.
198. How does a “TCP Window Size Manipulation” attack impact a server?
A) It forces the target to allocate excessive buffer space for TCP connections
B) It modifies DNS resolution settings
C) It encrypts all TCP packets
D) It injects JavaScript into HTTP responses
β
Answer: A) It forces the target to allocate excessive buffer space for TCP connections.
π Explanation: TCP Window Size Manipulation attacks involve setting the TCP window size to zero or very small values, forcing the target to allocate unnecessary resources for stalled connections.
199. What is the primary purpose of an “IPv6 Header Manipulation” DDoS attack?
A) To exploit the complex structure of IPv6 headers to evade detection and exhaust processing resources
B) To modify DNS cache entries
C) To inject SQL queries into IPv6 packets
D) To encrypt all IPv6 traffic
β
Answer: A) To exploit the complex structure of IPv6 headers to evade detection and exhaust processing resources.
π Explanation: IPv6 Header Manipulation attacks abuse the multiple extension headers in IPv6 to confuse packet filtering systems and increase processing overhead.
200. How does an “HTTP Range Header DoS” attack work?
A) By requesting multiple overlapping byte ranges in an HTTP request to overload the server
B) By modifying API response headers
C) By encrypting all HTTP traffic
D) By injecting malicious JavaScript into HTML responses
β
Answer: A) By requesting multiple overlapping byte ranges in an HTTP request to overload the server.
π Explanation: HTTP Range Header DoS attacks send requests for multiple overlapping byte ranges, forcing the server to allocate excessive memory to process the request.
201. What is a characteristic of a “Malicious Webhook DDoS” attack?
A) It floods a target with fake webhook event notifications, overwhelming the processing system
B) It modifies firewall rule sets
C) It encrypts all webhook responses
D) It injects malware into webhook endpoints
β
Answer: A) It floods a target with fake webhook event notifications, overwhelming the processing system.
π Explanation: Malicious Webhook DDoS attacks abuse webhooks (automatic callbacks used in APIs) to trigger thousands of fake event notifications, consuming server resources.
202. How does a “Cloud API Request Flood” attack work?
A) By sending excessive API requests to deplete cloud computing resources and drive up costs
B) By modifying API authentication headers
C) By encrypting all API traffic
D) By injecting SQL commands into API responses
β
Answer: A) By sending excessive API requests to deplete cloud computing resources and drive up costs.
π Explanation: Cloud API Request Flood attacks overwhelm cloud-based APIs with excessive requests, causing performance degradation and financial losses due to increased resource consumption.
203. What makes an “Encrypted Payload DoS” attack challenging to mitigate?
A) The attack encrypts malicious payloads, preventing deep packet inspection
B) It modifies SSL certificate expiration dates
C) It injects malware into TCP packets
D) It manipulates DNS query responses
β
Answer: A) The attack encrypts malicious payloads, preventing deep packet inspection.
π Explanation: Encrypted Payload DoS attacks use TLS/SSL encryption to conceal attack traffic, bypassing deep packet inspection (DPI) and security filtering.
204. How does a “Remote Desktop Protocol (RDP) Exhaustion” attack work?
A) By opening numerous RDP connections to a server without completing authentication, consuming server resources
B) By modifying RDP encryption settings
C) By injecting malware into RDP sessions
D) By blocking all incoming RDP connections
β
Answer: A) By opening numerous RDP connections to a server without completing authentication, consuming server resources.
π Explanation: RDP Exhaustion attacks overload Remote Desktop Protocol (RDP) servers by initiating thousands of half-open RDP connections, exhausting system resources.
205. What is a primary characteristic of a “Data Exfiltration Through DoS” attack?
A) Attackers use a DoS attack as a distraction while extracting sensitive data from the target system
B) The attack encrypts all network traffic
C) The attack modifies firewall rule sets
D) The attack injects SQL commands into HTTP responses
β
Answer: A) Attackers use a DoS attack as a distraction while extracting sensitive data from the target system.
π Explanation: Data Exfiltration Through DoS attacks involve launching a DDoS attack as a diversion while stealing sensitive data unnoticed.