You work for a medium sized ISP and there have been several attacks of the DNS configuration
recently.
You are particularly concerned with DNS Spoofing and other DNS attacks. If an attacker is able to
take advantage of a BIND vulnerability to gain root access, this is which type of DNS Attack?

In your organization, the majority of employees use Microsoft Outlook Express as their email
client. You are configuring these systems so that applications on the employee systems cannot
send email, posing as the user of the system. Under the Security tab, which option will you select
to achieve this goal?

The Root-Level DNS servers have come under many attacks over the years. Due to attacks, such
as the DDoS attack on the Root-Level DNS servers in October of 2002, which of the following
systems was implemented to increase the security of the DNS servers for the Internet?

Most companies that do business via the Web offer a shopping cart so you can specify all the
items you want before placing the order. Poor shopping cart design, however, can allow a different
kind of hack. Take a look at the HTML code sample presented here and determine the line that
presents the vulnerability:
<code>
<FORM ACTION=”http://10.0.10.236/cgi-bin/orders.pl” method=”post”>
<input type=hidden name=”price” value=”39.95″>
<input type=hidden name=”item_no” value=”WIDGET9″>
QUANTITY: <input type=text name=”quantity” size=2 maxlength=2 value=1>
</FORM>
</code>

You have been hired to work in the security division of a global Tier One ISP. You have been
given a staff of 25 people all new to network security. You wish to bring them all up to speed on
the components of the Internet and how they interact. Which one of the following is not a major

component of the Internet?

You are discussing the design and infrastructure of the Internet with several colleagues when a
disagreement begins over the actual function of the Tier System in the Internets design. What is
the function of the Tier System in the physical structure of the Internet?

After a year as a senior network administrator, you have been promoted to work in the security
department of a large global Tier One ISP. You are to spend one month in training on security
issues, concepts, and procedures. The third day in your new position, the ISP is hit with a DDoS
attack from over 100,000 computers on the Internet. While the department works to manage the
attack, you monitor the impact on the network. What is the impact to the ISP when hit with a DDoS
such as this?

During a routine security inspection of the clients in your network, you find a program called
cgiscan.c on one of the computers. You investigate the file, reading part of the contents. Using the
portion of the program shown below, identify the function of the program.
<code>
Temp[1] = “GET /cgi-bin/phf HTTP/1.0\n\n”;
Temp[2] = “GET /cgi-bin/Count.cgi HTTP/1.0\n\n”;
Temp[3] = “GET /cgi-bin/test-cgi HTTP/1.0\n\n”;
Temp[4] = “GET /cgi-bin/php.cgi HTTP/1.0\n\n”;
Temp[5] = “GET /cgi-bin/handler HTTP/1.0\n\n”;
Temp[6] = “GET /cgi-bin/webgais HTTP/1.0\n\n”;
Temp[7] = “GET /cgi-bin/websendmail HTTP/1.0\n\n”;
</code>

You are monitoring the DNS traffic on your network to see what kind of zone transfer data is
currently being exchanged. You wish to monitor the incremental zone transfers. You run a packet
capture to gather network traffic for this project. Which kind of transfer traffic are you looking for?

You work for a medium sized ISP and there have been several attacks of the DNS configuration
recently. You are particularly concerned with DNS Spoofing attacks. You have a few older
machines that define the storage of Resource Records (RR) based on the TTL of name mapping
information. If an attacker sends fake mapping information to the DNS Server, with a high TTL,
which type of DNS Spoofing is this?