Presentation is loading. Please wait.

Presentation is loading. Please wait.

Review iClickers. Ch 1: The Importance of DNS Security.

Similar presentations


Presentation on theme: "Review iClickers. Ch 1: The Importance of DNS Security."— Presentation transcript:

1 Review iClickers

2 Ch 1: The Importance of DNS Security

3 How many times have attackers brought down the RNS root? A.Never B.1 time C.2 times D.3-10 times E.More than ten times

4 Which technique allows larger DNS packets? A.DoS B.Cache poisoning C.DNSChanger D.Packet amplification E.EDNS

5 Which technique makes DoS attacks more effective? A.DoS B.Cache poisoning C.DNSChanger D.Packet amplification E.EDNS

6 Which technique was used by the Kaminsky attack? A.DoS B.Cache poisoning C.DNSChanger D.Packet amplification E.EDNS

7 Ch 2: DNS Overview: Protocol, Architecture, and Applications

8 Which item contains data for a domain and its subdomains? A./etc/hosts B.FQDN C.TLD D.Zone E.Delegation

9 Which item was used for name resolution before DNS? A./etc/hosts B.FQDN C.TLD D.Zone E.Delegation

10 In a home network, a router is used as a DNS server. What is its role? A.Client B.Caching Server C.Resolver D.Authoritative Server E.None of the above

11 What item should be blocked on an SOA server? A.Iterative query B.Recursive query C.Delegation D.DNSSEC E.TCP

12 Which record contains an email server's name? A.A B.AAAA C.MX D.PTR E.CNAME

13 Which record is used to block spam? A.RRSIG B.DS C.SPF D.NAPTR E.SOA

14 Ch 3: DNS Vulnerabilities

15 Which security problem makes your DNS server a hazard to others? A.Single point of failure B.Exposure of internal information C.Open resolver D.Unprotected zone transfers E.Server running in privileged mode

16 Which security problem is caused by Microsoft products querying blackhole servers? A.Single point of failure B.Exposure of internal information C.Open resolver D.Unprotected zone transfers E.Server running in privileged mode

17 Which security problem can be mitigated with source port randomization? A.Predictable Transaction ID B.CNAME chaining C.Cache poisoning D.MITM E.Packet amplification

18 Which security problem can be mitigated with DNSSEC? A.Predictable Transaction ID B.CNAME chaining C.Single point of failure D.MITM E.Packet amplification

19 Ch 4: Monitoring and Detecting Security Breaches

20 Which monitoring technique requires a SPAN port? A.Log data B.Network flow data C.Packet data D.Application level metadata E.None of the above

21 Which monitoring technique stores one record for each TCP or UDP session? A.Log data B.Network flow data C.Packet data D.Application level metadata E.None of the above

22 Which monitoring technique contains layer 7 data in a convenient form? A.Log data B.Network flow data C.Packet data D.Application level metadata E.None of the above

23 You see a lot of large DNS requests on your network, exceeding 300 bytes. What's going on? A.Transient domains B.Fast flux C.Phantom domains D.DNS Changer E.Tunneling

24 Ch 5: Prevention, Protection and Mitigation of DNS Service Disruption

25 Which technique uses BGP to spread out attacks? A.Geographically distributed B.Network distributed C.Caching acceleration D.Anycast E.Direct Delegation

26 Which technique requires you to trust another company, because if they go down, your site is down? A.Geographically distributed B.Network distributed C.Caching acceleration D.Anycast E.Direct Delegation

27 Which device is used temporarily, only during an attack? A.Failover B.Firewall C.IDS D.IPS E.Scrubber

28 Which entity has a self-signed DNSSEC key? A.. B..org C.ietf.org D.More than one of the above E.None of the above

29 Which protection does DNSSEC provide? A.Confidentiality and integrity B.Confidentiality and availability C.Authenticity and availability D.Authenticity and integrity E.None of the above

30 Ch 6: DNSSEC and Beyond

31 What prevents MITM attacks in DNSSEC? A.Trusted root B.CA C.Shared secret D.Nothing E.None of the above

32 Which item allows authenticated denial of existence, but exposes host names? A.DS B.NSEC C.NSEC3 D.RRSIG E.Glue records

33 Which item conceals host names with hashing? A.DS B.NSEC C.NSEC3 D.RRSIG E.Glue records

34 Which item renders DNS requests confidential? A.DNSCurve B.DNSSEC C.NSEC3 D.DS E.RR

35 Which item makes attacks possible on the target's LAN? A.DS Record B.Lack of Protection Between User Devices and Resolvers C.Lack of Protection of Glue Records D.Key Changes Don't Propagate E.NSEC3 DoS

36 Which attack is possible when a server changes hosting providers? A.Re-Addressing Replay Attack B.NSEC3 Offline Dictionary Attack C.No Protection of DNS or Lower Layer Header Data D.DNSSEC Data Inflate Zone Files and DNS Packet Sizes E.DNSSEC Increases Computational Requirements


Download ppt "Review iClickers. Ch 1: The Importance of DNS Security."

Similar presentations


Ads by Google