PrepAway - Latest Free Exam Questions & Answers

A packet containing a long string of NOP’s followed by a command…?

A packet containing a long string of NOP’s followed by a command is usually indicative of what?

PrepAway - Latest Free Exam Questions & Answers

A.
A syn scan.

B.
A half-port scan.

C.
A buffer overflow attack.

D.
A packet destined for the network’s broadcast address.

Explanation:
In a carefully crafted buffer overflow attack, the stack is filled properly so the return pointer can be overwritten
and control is given to the malicious instructions that have been loaded onto the stack instead of back to the
requesting application. This allows the malicious instructions to be executed in the security context of the
requesting application. In this example the buffer is filled with NOP’s (No Operation) commands followed by the
instruction that the attacker wants to be executed.
Incorrect Answers:
A: Syn scanning is not done by sending a packet with a long string of instructions. Syn scanning s is done by
sending a SYN (synchronization) packet, as if to initiate a three-way handshake, to every port on the server.
B: A port scan is not done by sending a single packet with long string of instructions. A port scan, such as a
half-port scan, is a series of messages sent by someone attempting to break into a computer to learn which
computer network services, each associated with a “well-known” port number, the computer provides.
D: The purpose of sending this packet filled of instructions is likely to be a buffer-overflow attack, not that the
packet is destined for the network’s broadcast address.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 335


Leave a Reply