CEH v13 Domain 4.3 Practice Test 002

Question 1

Kevin deploys a botnet of 50,000 compromised devices to send a massive volume of UDP packets toward a target organization's DNS servers, consuming all available upstream bandwidth and rendering legitimate queries impossible. The sheer flood of traffic saturates the victim's ISP link without targeting any specific protocol vulnerability. Which type of DDoS attack technique has Kevin executed?

A. Application Layer (Layer 7) Attack B. Volumetric Attack C. Protocol Attack D. Slow Rate Attack

Question 2

During a penetration test of an enterprise network, a tester uses hping3 to simulate a SYN flood by sending thousands of TCP SYN packets with randomized spoofed source IP addresses to a target web server. The server's TCP connection table fills with half-open connections, preventing it from accepting legitimate client requests. Which countermeasure would BEST mitigate this specific attack vector?

A. Deploying a Web Application Firewall (WAF) B. Enabling TCP SYN cookies on the target server C. Installing a signature-based intrusion detection system (IDS) D. Increasing the server's physical RAM capacity

Question 3

Select all that apply

Jane is investigating a web server outage at a financial institution where attackers kept hundreds of HTTP connections open by sending partial HTTP request headers at an extremely slow rate, never completing the requests and preventing legitimate users from obtaining connections. The attack required minimal bandwidth and bypassed volumetric traffic thresholds in the perimeter firewall. Which TWO tools are most commonly associated with this type of slow HTTP connection-exhaustion attack? (Choose two)

A. Slowloris B. LOIC (Low Orbit Ion Cannon) C. R.U.D.Y. (R-U-Dead-Yet) D. hping3 E. Nmap

Question 4

Elijah discovers that a threat actor has been quietly compromising thousands of internet-connected home routers and IP cameras by exploiting default factory credentials, enrolling each device into a centralized command-and-control (C&C) infrastructure. Each compromised device awaits instructions from the controller and can be directed to flood targets with traffic on command. What term best describes this coordinated network of compromised devices?

A. Botnet B. Advanced Persistent Threat (APT) C. Honeynet D. Peer-to-Peer Overlay Network

Question 5

A security analyst reviewing firewall logs identifies that a target e-commerce server was flooded with thousands of HTTP GET requests per second generated by a large group of volunteers using a freely available GUI-based tool that includes a 'FIRED' button and supports a boosted 'high-orbit' variant specifically designed to increase attack effectiveness over the original version. The tool allows the operator to configure target URL, port, and attack method through a simple graphical interface. Which tool was most likely used in this coordinated attack?

A. Metasploit Framework B. HOIC (High Orbit Ion Cannon) C. Wireshark D. Burp Suite

Question 6

Clark configures a botnet to send small DNS query packets to hundreds of open DNS resolvers, spoofing the source IP address in each packet to match the IP address of the intended victim, causing all resolvers to return large DNS response packets directly to the victim's server. The amplification factor multiplies attack traffic by as much as 28 to 54 times the original query volume. Which DDoS attack technique is Clark executing?

A. SYN Flood Attack B. DNS Amplification Attack C. HTTP Flood Attack D. Ping of Death Attack

Question 7

An enterprise security team detects an inbound volumetric DDoS attack exceeding 600 Gbps directed at their perimeter infrastructure, completely overwhelming their on-premise scrubbing appliances and upstream firewall capacity. The team contacts their ISP and requests that all traffic destined for the targeted IP block be routed to a null interface, effectively dropping the attack traffic before it reaches the organization's network. Which DDoS countermeasure technique did the security team employ?

A. Rate Limiting B. Blackhole Routing (IP Null Routing) C. Traffic Scrubbing Center Redirect D. Anycast Network Diffusion

Question 8

Select all that apply

A cloud-hosted financial services company has experienced three separate DDoS attacks in the past quarter targeting both their network bandwidth and web application endpoints, and the security team must select dedicated DDoS mitigation platforms for deployment. The team narrows their evaluation to tools specifically designed for DDoS detection, scrubbing, and traffic normalization at scale. Which TWO of the following are recognized dedicated DDoS protection and mitigation platforms? (Choose two)

A. Cloudflare DDoS Protection B. John the Ripper C. Arbor DDoS (NETSCOUT) D. Aircrack-ng E. Nikto

Question 9

During a vulnerability assessment of legacy OT and ICS infrastructure at a water treatment facility, Jane discovers that several embedded programmable logic controllers (PLCs) running decade-old firmware crash and reboot when they receive ICMP packets crafted to exceed the legal maximum IP packet size of 65,535 bytes after reassembly. The controllers cannot safely handle the buffer overflow that results from attempting to reassemble fragmented oversized packets. Which DoS attack technique directly exploits this vulnerability?

A. Smurf Attack B. Teardrop Attack C. Ping of Death D. Land Attack

Question 10

Elijah analyzes a DDoS incident report describing an attack where the threat actor sent spoofed ICMP echo request packets to the broadcast address of several large intermediary networks, setting the source IP to the victim's address, which caused every host on those networks to simultaneously send an ICMP echo reply to the victim. The amplification leveraged the number of active hosts on each intermediary network to multiply traffic directed at the victim. Which attack technique is described in this incident?

A. Fraggle Attack B. Smurf Attack C. Direct UDP Flood D. NTP Amplification Attack

ByThe Test Master

Related Post

CEH v13 Domain 4.5 Practice Test 002

CEH v13 Domain 4.4 Practice Test 002

CEH v13 Domain 4.1 Practice Test 002