nerdexam
ExamsGCIHQuestions#137
GIAC

GCIH · Question #137

GCIH Question #137: Real Exam Question with Answer & Explanation

The correct answer is B: IP address spoofing. This question tests knowledge of attack taxonomy, distinguishing direct hacker attacks (IP spoofing, password cracking) from network-based denial-of-service attacks (Smurf, Teardrop).

Question

Which of the following types of attacks come under the category of hacker attacks? Each correct answer represents a complete solution. Choose all that apply.

Options

  • ASmurf
  • BIP address spoofing
  • CTeardrop
  • DPassword cracking

Explanation

This question tests knowledge of attack taxonomy, distinguishing direct hacker attacks (IP spoofing, password cracking) from network-based denial-of-service attacks (Smurf, Teardrop).

Common mistakes.

  • A. Smurf is a DDoS amplification attack that floods a victim with ICMP echo replies by broadcasting spoofed packets to a network - it is classified as a DoS/network flood attack, not a direct hacker attack in standard EC-Council taxonomy.
  • C. Teardrop is a DoS fragmentation attack that sends malformed, overlapping IP fragments designed to crash vulnerable TCP/IP stacks - it is categorized as a network-level DoS attack, not a hacker attack.

Concept tested. Classification of hacker attacks vs denial-of-service attacks

Reference. https://csrc.nist.gov/publications/detail/sp/800-61/rev-2/final

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCIH Practice