CS6250 Module 9 Practice Exam Guide 2026, Exams of Computer Networks

CS6250 Computer Networks CS6250 Module 9 Practice Exam Guide 2026

Typology: Exams

2025/2026

Available from 04/05/2026

Fortis-In-Re
Fortis-In-Re 🇺🇸

4.2

(5)

5.4K documents

1 / 6

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CS6250 Module 9 Practice Exam Guide
2026
1
/
6
1.
What are the
properties of se-
cure communica-
tion?
Confidentiality
Integrity
Authentication
Availability
2.
Round Robin DNS
Each time the DNS server is queried, it sends the IP address to which it most
recently responded with to the back of the queue, operating on a loop.
Used by large websites to distribute the load of incoming requests
(larger
TTL)
3.
DNS-based con-
tent delivery
4.
Fast-Flux Service
Networks
5.
What are the
main data
sources to iden-
tify hosts that
likely belong to
rogue networks,
used by FIRE
(FInding Rogue
When accessing the name of the service using DNS, the CDN computes the 'nearest
edge server' and returns its IP address to the DNS client. It determines the nearest
server, which results in the content being moved 'closer' to the DNS client which
increases responsiveness and availability.
(lower
TTL)
Based on a rapid change in DNS answers, in order to prevent spammers for
injecting bad IP addresses into the DNS resolution lifecycle
(lowest
TTL)
1.
Botnet
command
and
control
providers:
2.
Drive-by-download hosting providers: is a method of malware installation user
interaction. Occurs when the victim visits a web page that contains an exploit for
the browser
3.
Phish housing providers: This data source contains URLs of servers that host
phishing pages
pf3
pf4
pf5

Partial preview of the text

Download CS6250 Module 9 Practice Exam Guide 2026 and more Exams Computer Networks in PDF only on Docsity!

  1. What are the properties of se- cure communica- tion?

Confidentiality Integrity Authentication Availability

  1. Round Robin DNS Each time the DNS server is queried, it sends the IP address to which it most recently responded with to the back of the queue, operating on a loop.

Used by large websites to distribute the load of incoming requests

(larger TTL)

  1. DNS-based con- tent delivery
  2. Fast-Flux Service Networks
  3. What are the main data sources to iden- tify hosts that likely belong to rogue networks, used by FIRE (FInding Rogue

When accessing the name of the service using DNS, the CDN computes the 'nearest edge server' and returns its IP address to the DNS client. It determines the nearest server, which results in the content being moved 'closer' to the DNS client which increases responsiveness and availability.

(lower TTL)

Based on a rapid change in DNS answers, in order to prevent spammers for injecting bad IP addresses into the DNS resolution lifecycle

(lowest TTL)

  1. Botnet command and control providers:
  2. Drive-by-download hosting providers: is a method of malware installation user interaction. Occurs when the victim visits a web page that contains an exploit for the browser
  3. Phish housing providers: This data source contains URLs of servers that host phishing pages

nEtworks sys- tem)?

  1. Key difference between rogue and legitimate networks

Legitimate networks are usually able to remove the malicious content within a few days whereas rogue networks may let the content be up for weeks to more than a year!

  1. ASWatch uses information exclusively from the control plane (ie. routing behavior) to identify malicious networks. Based on monitoring global BGP routing activity to learn the control plane behavior of a network.
  2. Phase 1 of ASWatch: Train- ing phase
  3. Phase 2 of ASWatch: Opera- tional Phase
  4. What are 3 class- es of features used to deter- mine the likeli-

ASwatch learns the control-plane behavior of a normal AS and a malicious one and learns to ditterentiate between them

ASwatch takes an unknown AS and calculates the features for it, assigning it a reputation score.

  1. Rewiring activity - changes in the AS connecting activity, multiple changes in providers / customers looks suspicious

  2. IP Space Fragmentation and Churn - inspects advertised prefixes of an au- hood of a security tonomous system. Malicious ASes are likely to use small BGP prefixes to partition breach within an organization?

  1. How to infer net- work reputation (Random Forest)

their IP address space and only exposes a small section of them

  1. BGP Routing Dynamics - tracks announcements and withdrawals, which usually follow ditterent patterns for malicious ASes
  1. Mismanagement Symptoms -
  2. Malicious Activities

2C. Type-U hijack- In this attack the hijacking AS does not modify the AS-PATH but may change the ing

    1. Classification by Data-Plane traffic manipula- tion
  1. 3A. Dropped (blackholing)
  2. 3B.

Man-in-the-mid- dle

  1. 3C. Imperson- ation
  2. What are the causes or motiva- tions behind BGP attacks?
  3. Explain the sce- nario of prefix hi- jacking
  4. Explain the sce- nario of hijacking a path.

prefix.

In this classification of attacks, the attacker attempts to hijack the network traflc and manipulate the redirected network traflc on its way to the receiving AS

The traflc intercepted by the hijacker can be Dropped, so that it never reaches the intended destination

The traflc intercepted by the hijacker can be Eavesdropped or manipulated before it reaches the receiving AS

The traflc intercepted by the hijacker can be Impersonated, e.g. In this case the network traflc of the victim AS is impersonated and the response to this network traflc is sent back to the sender.

  1. Human error - misconfiguration / accidents

  2. Targeted attack - intentional interception of network traflc (man-in-the-middle) (stealthy)

  3. High impact attack - obvious attempt to cause widespread disruption

Malicious autonomous system router advertises a prefix that it doesn't own, taking advantage of its shorter distance to have peer / customer routers change their path for the prefix to the malicious autonomous system.

Malicious autonomous system receives a path and alters it, placing itself as the best path to reach a specific autonomous system / prefix. This path will likely be shorter than the original, causing other ASes to use the new hijacked path.

  1. ARTEMIS a system that is run locally by network operators to safeguard its own prefixes against malicious BGP hijacking attempts.
  2. 2 key ideas be- hind Artemis
  3. What are the two automated tech- niques used by ARTEMIS to pro- tect against BGP hijacking?
  4. What are two findings from ARTEMIS?
  5. Explain the struc-

A configuration file where all prefixes owned by the network are listed for refer- ence.

A mechanism for receiving BGP updates, allows the system to receive updates from local routers and monitoring services

  1. Prefix deaggregation - announcing more specific prefixes in order to mitigate prefix hijacking

  2. Mitigation with multiple origin AS (MOAS) - third party organizations and service providers do BGP announcements for a given network

  1. Outsource the task of BGP announcements to third parties
  2. Filtering of prefixes is less optimal when compared against BGP announcements

An attempt to compromise a server or network resources with a flood of traflc ture of a DDoS at- Attack compromises and deploys flooding servers that send high volumes of traflc tack.

  1. What is spoofing, and how is relat- ed to DDoS at- tack?

to a victim

Impersonating a legitimate server with a spoofed IP address. One method causes a server to flood a target with unsolicited responses to spoofed requests. The other uses the spoofed IP address in the both the source and destination IP, causing the server to send responses / requests to itself.

  1. Describe a Reflec- A reflective attack is sending a bunch of spoofed requests to a server which will

tion and Amplifi- cation attack.

then DDoS the target on behalf of the attacker.