- (Topic 8)
Bill has successfully executed a buffer overflow against a Windows IIS web server. He has been able to spawn an interactive shell and plans to deface the main web page. He first attempts to use the "echo" command to simply overwrite index.html and remains unsuccessful. He then attempts to delete the page and achieves no progress. Finally, he tries to overwrite it with another page in which also he remains unsuccessful. What is the probable cause of Bill's problem?

Correct Answer:C

- (Topic 7)
What is the term 8 to describe an attack that falsifies a broadcast ICMP echo request and includes a primary and secondary victim?

Correct Answer:D
Trojan and Back orifice are Trojan horse attacks.Man in the middle spoofs the Ip and redirects the victems packets to the cracker The infamous Smurf attack. preys on ICMP's
capability to send traffic to the broadcast address. Many hosts can listen and respond to a single ICMP echo request sent to a broadcast address.
Network Intrusion Detection third Edition by Stephen Northcutt and Judy Novak pg 70 The "smurf" attack's cousin is called "fraggle", which uses UDP echo packets in the same fashion as the ICMP echo packets; it was a simple re-write of "smurf".

- (Topic 7)
Sniffing is considered an active attack.

Correct Answer:B
Sniffing is considered a passive attack.

- (Topic 8)
You perform the above traceroute and notice that hops 19 and 20 both show the same IP address.

This probably indicates what?

Correct Answer:C

- (Topic 6)
While performing a ping sweep of a subnet you receive an ICMP reply of Code 3/Type 13 for all the pings sent out.
What is the most likely cause behind this response?

Correct Answer:C
Type 3 message = Destination Unreachable [RFC792], Code 13 (cause) = Communication Administratively Prohibited [RFC1812]

- (Topic 3)
Which vital role does the U.S. Computer Security Incident Response Team (CSIRT) provide?

Correct Answer:A