Presentation is loading. Please wait.

Presentation is loading. Please wait.

Review iClickers. Ch 1: The Importance of DNS Security.

Published byYahir Christmas Modified over 10 years ago

Similar presentations

Presentation on theme: "Review iClickers. Ch 1: The Importance of DNS Security."— Presentation transcript:

1 Review iClickers

2 Ch 1: The Importance of DNS Security

3 How many times have attackers brought down the RNS root? A.Never B.1 time C.2 times D.3-10 times E.More than ten times

4 Which technique allows larger DNS packets? A.DoS B.Cache poisoning C.DNSChanger D.Packet amplification E.EDNS

5 Which technique makes DoS attacks more effective? A.DoS B.Cache poisoning C.DNSChanger D.Packet amplification E.EDNS

6 Which technique was used by the Kaminsky attack? A.DoS B.Cache poisoning C.DNSChanger D.Packet amplification E.EDNS

7 Ch 2: DNS Overview: Protocol, Architecture, and Applications

8 Which item contains data for a domain and its subdomains? A./etc/hosts B.FQDN C.TLD D.Zone E.Delegation

9 Which item was used for name resolution before DNS? A./etc/hosts B.FQDN C.TLD D.Zone E.Delegation

10 In a home network, a router is used as a DNS server. What is its role? A.Client B.Caching Server C.Resolver D.Authoritative Server E.None of the above

11 What item should be blocked on an SOA server? A.Iterative query B.Recursive query C.Delegation D.DNSSEC E.TCP

12 Which record contains an email server's name? A.A B.AAAA C.MX D.PTR E.CNAME

13 Which record is used to block spam? A.RRSIG B.DS C.SPF D.NAPTR E.SOA

14 Ch 3: DNS Vulnerabilities

15 Which security problem makes your DNS server a hazard to others? A.Single point of failure B.Exposure of internal information C.Open resolver D.Unprotected zone transfers E.Server running in privileged mode

16 Which security problem is caused by Microsoft products querying blackhole servers? A.Single point of failure B.Exposure of internal information C.Open resolver D.Unprotected zone transfers E.Server running in privileged mode

17 Which security problem can be mitigated with source port randomization? A.Predictable Transaction ID B.CNAME chaining C.Cache poisoning D.MITM E.Packet amplification

18 Which security problem can be mitigated with DNSSEC? A.Predictable Transaction ID B.CNAME chaining C.Single point of failure D.MITM E.Packet amplification

19 Ch 4: Monitoring and Detecting Security Breaches

20 Which monitoring technique requires a SPAN port? A.Log data B.Network flow data C.Packet data D.Application level metadata E.None of the above

21 Which monitoring technique stores one record for each TCP or UDP session? A.Log data B.Network flow data C.Packet data D.Application level metadata E.None of the above

22 Which monitoring technique contains layer 7 data in a convenient form? A.Log data B.Network flow data C.Packet data D.Application level metadata E.None of the above

23 You see a lot of large DNS requests on your network, exceeding 300 bytes. What's going on? A.Transient domains B.Fast flux C.Phantom domains D.DNS Changer E.Tunneling

24 Ch 5: Prevention, Protection and Mitigation of DNS Service Disruption

25 Which technique uses BGP to spread out attacks? A.Geographically distributed B.Network distributed C.Caching acceleration D.Anycast E.Direct Delegation

26 Which technique requires you to trust another company, because if they go down, your site is down? A.Geographically distributed B.Network distributed C.Caching acceleration D.Anycast E.Direct Delegation

27 Which device is used temporarily, only during an attack? A.Failover B.Firewall C.IDS D.IPS E.Scrubber

28 Which entity has a self-signed DNSSEC key? A.. B..org C.ietf.org D.More than one of the above E.None of the above

29 Which protection does DNSSEC provide? A.Confidentiality and integrity B.Confidentiality and availability C.Authenticity and availability D.Authenticity and integrity E.None of the above

30 Ch 6: DNSSEC and Beyond

31 What prevents MITM attacks in DNSSEC? A.Trusted root B.CA C.Shared secret D.Nothing E.None of the above

32 Which item allows authenticated denial of existence, but exposes host names? A.DS B.NSEC C.NSEC3 D.RRSIG E.Glue records

33 Which item conceals host names with hashing? A.DS B.NSEC C.NSEC3 D.RRSIG E.Glue records

34 Which item renders DNS requests confidential? A.DNSCurve B.DNSSEC C.NSEC3 D.DS E.RR

35 Which item makes attacks possible on the target's LAN? A.DS Record B.Lack of Protection Between User Devices and Resolvers C.Lack of Protection of Glue Records D.Key Changes Don't Propagate E.NSEC3 DoS

36 Which attack is possible when a server changes hosting providers? A.Re-Addressing Replay Attack B.NSEC3 Offline Dictionary Attack C.No Protection of DNS or Lower Layer Header Data D.DNSSEC Data Inflate Zone Files and DNS Packet Sizes E.DNSSEC Increases Computational Requirements

Download ppt "Review iClickers. Ch 1: The Importance of DNS Security."

Similar presentations

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.
DNS Security Overview AROC Guatemala July 2010. What’s the Problem? Until July of 2008 the majority of authoritative DNS servers worldwide were completely.

DNS Security Overview AROC Guatemala July What’s the Problem? Until July of 2008 the majority of authoritative DNS servers worldwide were completely.
2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.

2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.
Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.

Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.
1 DNSSEC From a protocol bug to a security advantage Lutz Donnerhacke db089309: 1c1c 6311 ef09 d819 e029 65be bfb6 c9cb.

1 DNSSEC From a protocol bug to a security advantage Lutz Donnerhacke db089309: 1c1c 6311 ef09 d819 e029 65be bfb6 c9cb.
Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.

Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.
DNS Security A.Lioy, F.Maino, M. Marian, D.Mazzocchi Computer and Network Security Group Politecnico di Torino (Italy) presented by: Marius Marian.

DNS Security A.Lioy, F.Maino, M. Marian, D.Mazzocchi Computer and Network Security Group Politecnico di Torino (Italy) presented by: Marius Marian.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)
25.1 Chapter 25 Domain Name System Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

25.1 Chapter 25 Domain Name System Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Domain Name System ( DNS )  DNS is the system that provides name to address mapping for the internet.

Domain Name System ( DNS )  DNS is the system that provides name to address mapping for the internet.
Domain Name System Security Extensions (DNSSEC) Hackers 2.

Domain Name System Security Extensions (DNSSEC) Hackers 2.
Chabot College ELEC 99.08 Name Resolution.

Chabot College ELEC Name Resolution.
Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.

Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.
Tony Kombol ITIS 3110. www.teacherstalk.com Who knows this? Who controls this? DNS!

Tony Kombol ITIS Who knows this? Who controls this? DNS!
Domain Name Service (DNS) at Colorado State University

Domain Name Service (DNS) at Colorado State University
TELE 301 Lecture 11: DNS 1 Overview Last Lecture –Scheduled tasks and log management This Lecture –DNS Next Lecture –Address assignment (DHCP)

TELE 301 Lecture 11: DNS 1 Overview Last Lecture –Scheduled tasks and log management This Lecture –DNS Next Lecture –Address assignment (DHCP)
Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.

Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.
CSUF Chapter 6 1. Computer Networks: Domain Name System 2.

CSUF Chapter 6 1. Computer Networks: Domain Name System 2.
Distributed Systems. Outline  Services: DNSSEC  Architecture Models: Grid  Network Protocols: IPv6  Design Issues: Security  The Future: World Community.

Distributed Systems. Outline  Services: DNSSEC  Architecture Models: Grid  Network Protocols: IPv6  Design Issues: Security  The Future: World Community.

Similar presentations

Ads by Google