Ethical Hacking 面试题与答案

问题 31. What are the types of DDoS attacks?

DDoS attacks are categorized into three types:

Volume-based Attacks:

These are also known as Layer3 & 4 attacks. In this, the attacker tries to saturate the bandwidth of the target site.

Protocol Attacks:

These attacks include actual server resources and others like load balancers and firewalls, and they are measured in Packets per Second.

Application Layer Attacks:

It includes the zero-day DDoS attacks, Slowloris, etc., that attack the Windows, Apache, or OpenBSD vulnerabilities and more. This is measured in Requests per Second.

问题 32. What is a Pharming attack and how to prevent it?

Pharming attack is one of the various cyber-attacks practiced by the attackers. It is a fraudulent practice in which legitimate website traffic is manipulated to direct users to the fake look-alikes that will steal personal data such as passwords or financial details or install malicious software on the visitor's computer.

Pharming attacks can be prevented by the following methods:

• Install the power antivirus software that will detect and remove the malware that is directed to the malicious sites on your computer.
• Check the URLs on the sites that you visit are trustworthy. 

问题 33. What is a phishing attack?

Phishing is an attempt to steal sensitive information such as user data, credit card numbers, etc. These attacks occur mostly while using personal email accounts or social networking sites, online transactions, and more.

问题 34. What is Spoofing?

Spoofing is a fraudulent practice in which communication is sent from an unauthorized source and disguised as a known source to the receiver. It is used to gain access to targets' personal information and spread malware and redistribute traffic to execute a denial-of-service attack.

The below listed are the most popular spoofing attacks: 

• Email spoofing
• Website spoofing
• Caller ID spoofing
• ARP spoofing
• DNS server spoofing

问题 35. What are the different types of penetration testing?

There are five types of penetration testing:

1. Black Box: In this, the hacker attempts to detect information by their own means.
2. External Penetration Testing: In this case, the ethical hacker attempts to hack using public networks through the Internet. 
3. Internal Penetration Testing: The ethical hacker is inside the network of the company and conducts his tests from there.
4. White Box: In this, an ethical hacker is provided with all the necessary information about the infrastructure and the network of the organization that needs to penetrate.
5. Grey Box: It this, the hacker has partial knowledge of the infrastructure, like its domain name server.