← Back to exam page

CEH-001 – Certified Ethical Hacker (CEH)

Loading demo links...

Showing 7–9 of 20 questions

Question 7 (Volume A)

The SYN flood attack sends TCP connections requests faster than a machine can process them.

How do you protect your network against SYN Flood attacks?

Select all that apply, then click Submit answer.

○
SYN cookies. Instead of allocating a record, send a SYN-ACK with a carefully constructed sequence number generated as a hash of the clients IP address, port number, and other information. When the client responds with a normal ACK, that special sequence number will be included, which the server then verifies. Thus, the server first allocates memory on the third packet of the handshake, not the first.
○
RST cookies - The server sends a wrong SYN/ACK back to the client. The client should then generate a RST packet telling the server that something is wrong. At this point, the server knows the client is valid and will now accept incoming connections from that client normally
○
Check the incoming packet's IP address with the SPAM database on the Internet and enable the filter using ACLs at the Firewall
○
Stack Tweaking. TCP stacks can be tweaked in order to reduce the effect of SYN floods. Reduce the timeout before a stack frees up the memory allocated for a connection
○
Micro Blocks. Instead of allocating a complete connection, simply allocate a micro record of 16-bytes for the incoming SYN object

Reference / correct answer:

SYN cookies. Instead of allocating a record, send a SYN-ACK with a carefully constructed sequence number generated as a hash of the clients IP address, port number, and other information. When the client responds with a normal ACK, that special sequence number will be included, which the server then verifies. Thus, the server first allocates memory on the third packet of the handshake, not the first.

RST cookies - The server sends a wrong SYN/ACK back to the client. The client should then generate a RST packet telling the server that something is wrong. At this point, the server knows the client is valid and will now accept incoming connections from that client normally

Stack Tweaking. TCP stacks can be tweaked in order to reduce the effect of SYN floods. Reduce the timeout before a stack frees up the memory allocated for a connection

Micro Blocks. Instead of allocating a complete connection, simply allocate a micro record of 16-bytes for the incoming SYN object

Question 8 (Volume E)

A tester is attempting to capture and analyze the traffic on a given network and realizes that the network has several switches. What could be used to successfully sniff the traffic on this switched network? (Choose three.)

Select all that apply, then click Submit answer.

○
ARP spoofing
○
MAC duplication
○
MAC flooding
○
SYN flood
○
Reverse smurf attack
○
ARP broadcasting

Question 9 (Volume B)

Buffer X in an Accounting application module for Brownies Inc. can contain 200 characters. The programmer makes an assumption that 200 characters are more than enough. Because there were no proper boundary checks being conducted, Bob decided to insert 400 characters into the 200-character buffer. (Overflows the buffer). Below is the code snippet:

How can you protect/fix the problem of your application as shown above?

Select all that apply, then click Submit answer.

○
Because the counter starts with 0, we would stop when the counter is less than 200
○
Because the counter starts with 0, we would stop when the counter is more than 200
○
Add a separate statement to signify that if we have written less than 200 characters to the buffer, the stack should stop because it cannot hold any more data
○
Add a separate statement to signify that if we have written 200 characters to the buffer, the stack should stop because it cannot hold any more data

← Prev 1 2 3 4 5 6 7 Next →

Page 3 of 7

Sale Ends In

2h 0m 0s