A user is sending a large number of protocol packets to a network in order to saturate its resources
and to disrupt connections to prevent communications between services. Which type of attack is
this?
A.
Denial-of-Service attack
B.
Vulnerability attack
C.
Social Engineering attack
D.
Impersonation attack
Explanation:
A Denial-of-Service (DoS) attack is mounted with the objective of causing a negative
impact on the performance of a computer or network. It is
also known as network saturation attack or bandwidth consumption attack. Attackers make Denialof-Service attacks by sending a large
number of protocol packets to a network. A DoS attack can cause the following to occur:
Saturate network resources.
Disrupt connections between two computers, thereby preventing communications between
services.
Disrupt services to a specific computer.
A SYN attack is a common DoS technique in which an attacker sends multiple SYN packets to a target
computer. For each SYN packet received,the target computer allocates resources and sends an acknowledgement (SYN-ACK) to the source IP
address. Since the target computer does
not receive a response from the attacking computer, it attempts to resend the SYN-ACK. This leaves
TCP ports in the half-open state. When
an attacker sends TCP SYNs repeatedly before the half-open connections are timed out, the target
computer eventually runs out of resources
and is unable to handle any more connections, thereby denying service to legitimate users.
Answer option D is incorrect. An impersonation attack attempts to access the system by using a
valid user password.
Answer option B is incorrect. A vulnerability attack takes advantage of the vulnerabilities in an
operating system or software service to enter
into the operating system and disrupt its working.
Answer option C is incorrect. Social engineering is the art of convincing people and making them
disclose useful information such as account
names and passwords. This information is further exploited by hackers to gain access to a user’s
computer or network. This method involves
mental ability of the people to trick someone rather than their technical skills. A user should always
distrust people who ask him for his
account name or password, computer name, IP address, employee ID, or other information that can
be misused.