CS3550 Final Exam

1. Identify True or False for the following statements: (10*1 = 10)
(a) A TCP header has source and destination port address. ___
(b) OSI model has 5 layers. ___
(c) In a TCP/IP model, an application can communicate with the underneath transport layer through a port number. ____
(d) PDU header has the control information. ____
(e) UDP is an example of TCP protocol. _____
(f) HTTP is an example of TCP protocol. _____
(g) UDP provides a reliable connection for transferring data between applications. ___
(h) A TCP header is minimum 160 bits. _____
(i) TCP header does not contain sequence and acknowledge number. ____
(j) A UDP header has source and destination IP address. ____

2. For TCP protocol, show the sequence of packet exchange for the following: (a) 3-way handshake, and (b) Connection closing or teardown. (3+3=6)
Ans:



3. Briefly discuss three characteristics of TCP that ensure reliable communication. (2*3= 6)
Ans:


4. Consider the following TCP header:
Explain the meaning of the following fields: (5*2= 10)
(a) SYN flag:


(b) ACK flag:


(c) FIN flag:


(d) RST flag:



(e) Sequence number:


5. With appropriate diagram explain the steps of TCP SYN attack. (4)




6. What is a land attack? (3)



7. Explain the following types of port scanning attack with the possible outcome or response by the remote host under attack: (4*3 = 12)
(i) X-mas attack:




(ii) ICMP scan:




(iii) SYN scanning:

(iv) FIN scanning:

8. Describe any three types of active attacks on network. (3*3 = 9)
Ans:


9. Find the asset type (Hardware/Software/Data/Communication line) and security properties (Confidentiality/Integrity/Availability) affected for the following statements: (6*2 = 12)
Threat description
Asset
Security property affected
Some DLL Files are deleted from a computer that resulted in denial of access the computer by others.


You are an email recipient, but your email was being read by an unauthorized user when you left your computer desk for a brief period.


A virus modified an executable file causing it to throw an error when launching next time


NSA snooped your phone call record without your knowledge


You cannot reach the destination network through your personal computer due to a massive storm in the region.


Your computer hard disk got into flood water which had important personal files stored.



10. Explain what is a (i) parasitic malware, and (ii) independent malware? (2+2 =4)
Ans:



11. Discuss two differences between Trojan horse and mobile code? (4)
Ans:



12. What is a (i) boot sector virus and (ii) macro virus? (iii) Which of the virus is less harmful? (3)
Ans:




13. Consider the following example of data collection for an IDS. Please specify which category of IDS may collect the data (Network-based IDS or Host-based IDS) (5*1=5)
(i) Source IP address __________
(ii) TTL value ____________
(iii) Operating system name and version __________
(iv) Port number _______
(v) Session identification number ________

14. Consider the following Snort rule used for examining TCP/IP packet.
            alert 10.2.3.1 25 -> 192.168.1.0 111
            (content:"|00 ff 86 a5|"; msg: "ls -l";)
Answer true or false for the following statements:  (4)

(i)                 The rule will be triggered when the destination IP address is 10.2.3.1  ____
(ii)               The rule will match if the source port is 25 _________
(iii)             The rule will be triggered if the packet’s has the directory listing command (ls –l). __
(iv)             The rule cannot check if any “mountd” command is present in a packet. ____




15. Answer True/False for the following statements related to IDS and Firewall: (8)
(i) Some stateful firewalls keep track of TCP sequence numbers. ____
(ii) A packet filter firewall creates a directory for each of the connections. ____
(iii) TCP SYN attack can be detected by anomaly detection approach. ____
(iv) The unusual combination of TCP flags can be detected by anomaly detection approach ____
(v) A TCP packet having an acknowledgement value set to a non-zero number, but keeping the acknowledgment flag as zero is an example of an attack that should be detected by host-based IDS. ____
(vi) Snort is an example of anomaly-based IDS. ____
(vii) An active IDS can proactively stops ongoing malicious activities if configured. ____
(viii) Excessive usage of network bandwidth usage is a symptom that can be detected by Firewall. ____





Comments

Post a Comment

Popular posts from this blog

CS3150 Assignment 1

CS3150 Assignment 1 3.)Rewrite the BNF of Example 3.4 to give + precedence over * and force + to be right associative. <assign> → <id> = <expr> <id> → A | B | C <expr> → <expr> * <term> | <term> <term> → <factor> + <term>| <factor> <factor> → (<expr>) | <id> 5.) Write a BNF description of the Boolean expressions of Java, including the three operators &&, ||, and ! and the relational expressions. Write a BNF description of the Boolean expressions of Java, including the three operators &&, ||, and ! and the relational expressions. <Boolean_expr> → <Boolean_expression> || <Boolean_term> | <Boolean_term> <Boolean_term> → <Boolean_term> && <Boolean_factor> | <Boolean_factor> <Boolean_factor> → id | ! <Boolean_factor> | (<Boolean_expr>) | <relation_expr> <rel...
Read more

CS4150 Assignment 2

Name: Dalibor Labudovic Course: CS 4150 Professor: Dr.Gayler Assignment: #2 The purpose of this assignment is to reinforce scope concepts. Specifically, the assignment is to do problem 12 on page 240 of the text. 12. Consider the following program, written in JavaScript-like syntax: // main program var x, y, z; function sub1() { var a, y, z; . . . } function sub2() { var a, b, z; . . . } function sub3() { var a, x, w; . . . } Given the following calling sequences and assuming that dynamic scop- ing is used, what variables are visible during execution of the last subpro- gram activated? Include with each visible variable the name of the unit where it is declared. a. main calls sub1; sub1 calls sub2; sub2 calls sub3. Answer: a x w in sub3, sub1 calls sub2, sub2 calls sub3 b. main calls sub1; sub1 calls sub3. Answer: a x q in sub3, y z in sub1 c. main calls sub2; sub2 calls sub3; sub...
Read more

CS4500 Test 4 Study Guide

CS4500  Test 4 Study Guide Note: This is a study guide, answers may be incorrect, double check and best of luck. A ________ network is totally isolated from the global Internet. Private On a network that uses NAT, the router can use ______ global address(es). A pool of In the sending computer, UDP sends a data unit from the _____ layer. Application TCP uses ____ for error detection. Checksum, Acknowledge and time-out _____ is an IP layer security protocol that only provides integrity and authentication. AH The ______ timer keeps track of the time between the sending of a segment and the receipt of an acknowledgement. Retransmission The definition of reliable delivery includes ______. Error-Free Delivery Which of the following is not part of the UDP user datagram header? Length of Header The _____ defines the server program. Well-Known Port Number If the incoming queue of a UDP client overflows, _____ The user datagrams are discarded and a port unrea...
Read more