2017上半年信息安全工程师上午真题试题解析第71-75题
分享到微信
2017上半年信息安全工程师上午真题试题解析第71-75题
71-75、There are different ways to perform IP based DoS Attacks. The most common IP based DoS attack is that an attacker sends an extensive amount of connection establishment (1)(e.g. TCP SYN requests) to establish hanging connections with the controller or a DPS. Such a way, the attacker can consume the network resources which should be available for legitimate users. In other (2), the attacker inserts a large amount of (3)packets to the data plane by spoofing all or part of the header fields with random values. These incoming packets will trigger table-misses and send lots of packet-in flow request messages to the network controller to saturate the controller resources. In some cases, an (4)who gains access to DPS can artificially generate lots of random packet-in flow request messages to saturate the control channel and the controller resources. Moreover, the lack of diversity among DPSs fuels fuels the fast propagation of such attacks.
Legacy mobile backhaul devices are inherently protected against the propagation of attacks due to complex and vendor specific equipment. Moreover, legacy backhaul devices do not require frequent communication with core control devices in a manner similar to DPSs communicating with the centralized controller. These features minimize both the impact and propagation of DoS attacks. Moreover, the legacy backhaul devices are controlled as a joint effort of multiple network element. For instance, a single Long Term Evilution(LTE)eNodeB is connected up to 32 MMEs. Therefore, DoS/DDoS attack on a single core element will not terminate the entire operation of a backhaul device(5)the net work.
(1)A.message B、information C、requests D、data
(2)A.methods B、cases C、hands D、sections
(3)A.bad B、real C、fake D、new
(4)A.user B、administrator C、editor D、attacker
(5)A.or B、of C、in D、to
信管网解析:
译文:
有许多种方法去执行基于IP的DoS攻击。最常见的基于IP的DoS攻击的一种方式是攻击者发送广泛数量的连接请求(例如TCP SYN请求)用控制器或者数据从处理系统去建立悬挂连接。攻击者能毁灭可以被合法用户利用的网络资源。在其他情况下,攻击者添加了大量的伪装数据包,这些传入信息包将触发,并向网络控制器发送大量的packein流请求消息这些进入的工作包会引发table-misses 和发送许多packet-in 请求信息到网络控制器使控制器资源饱和。在有些情况中,攻击者获得进入DPS可以获得许多工作包请求信息去渗透控制渠道和控制器资源。此外,DPS多样性的缺乏会激起最快的攻击扩散。
移动回程设备是固有的可以阻止由于复杂和特定供应商设备攻击的传播。此外,遗留的回程设备不需要频繁地与核心控制设备进行通信,类似于DPS与集中式控制器通信的方式。这些特性最小化了DoS攻击的影响和传播。此外,移动回程设备被控制为多个网络元素的共同努力。例如,一个单一的长时间的清除(LTE)eNodeB连接到32个MMEs。因此,DoS / DDoS攻击一个单一的核心元素不会终止网络工作的一个回程装置的整个操作。
拒绝服务攻击概述:http://www.cnitpm.com/pm1/62286.html
信管网参考答案:C、B、C、D、B
点击查看:2017上半年信息安全工程师上午综合知识真题
71-75、There are different ways to perform IP based DoS Attacks. The most common IP based DoS attack is that an attacker sends an extensive amount of connection establishment (1)(e.g. TCP SYN requests) to establish hanging connections with the controller or a DPS. Such a way, the attacker can consume the network resources which should be available for legitimate users. In other (2), the attacker inserts a large amount of (3)packets to the data plane by spoofing all or part of the header fields with random values. These incoming packets will trigger table-misses and send lots of packet-in flow request messages to the network controller to saturate the controller resources. In some cases, an (4)who gains access to DPS can artificially generate lots of random packet-in flow request messages to saturate the control channel and the controller resources. Moreover, the lack of diversity among DPSs fuels fuels the fast propagation of such attacks.
Legacy mobile backhaul devices are inherently protected against the propagation of attacks due to complex and vendor specific equipment. Moreover, legacy backhaul devices do not require frequent communication with core control devices in a manner similar to DPSs communicating with the centralized controller. These features minimize both the impact and propagation of DoS attacks. Moreover, the legacy backhaul devices are controlled as a joint effort of multiple network element. For instance, a single Long Term Evilution(LTE)eNodeB is connected up to 32 MMEs. Therefore, DoS/DDoS attack on a single core element will not terminate the entire operation of a backhaul device(5)the net work.
(1)A.message B、information C、requests D、data
(2)A.methods B、cases C、hands D、sections
(3)A.bad B、real C、fake D、new
(4)A.user B、administrator C、editor D、attacker
(5)A.or B、of C、in D、to
信管网解析:
译文:
有许多种方法去执行基于IP的DoS攻击。最常见的基于IP的DoS攻击的一种方式是攻击者发送广泛数量的连接请求(例如TCP SYN请求)用控制器或者数据从处理系统去建立悬挂连接。攻击者能毁灭可以被合法用户利用的网络资源。在其他情况下,攻击者添加了大量的伪装数据包,这些传入信息包将触发,并向网络控制器发送大量的packein流请求消息这些进入的工作包会引发table-misses 和发送许多packet-in 请求信息到网络控制器使控制器资源饱和。在有些情况中,攻击者获得进入DPS可以获得许多工作包请求信息去渗透控制渠道和控制器资源。此外,DPS多样性的缺乏会激起最快的攻击扩散。
移动回程设备是固有的可以阻止由于复杂和特定供应商设备攻击的传播。此外,遗留的回程设备不需要频繁地与核心控制设备进行通信,类似于DPS与集中式控制器通信的方式。这些特性最小化了DoS攻击的影响和传播。此外,移动回程设备被控制为多个网络元素的共同努力。例如,一个单一的长时间的清除(LTE)eNodeB连接到32个MMEs。因此,DoS / DDoS攻击一个单一的核心元素不会终止网络工作的一个回程装置的整个操作。
拒绝服务攻击概述:http://www.cnitpm.com/pm1/62286.html
信管网参考答案:C、B、C、D、B
点击查看:2017上半年信息安全工程师上午综合知识真题
扫码关注公众号
温馨提示:因考试政策、内容不断变化与调整,信管网网站提供的以上信息仅供参考,如有异议,请以权威部门公布的内容为准!
信管网致力于为广大信管从业人员、爱好者、大学生提供专业、高质量的课程和服务,解决其考试证书、技能提升和就业的需求。
信管网软考课程由信管网依托10年专业软考教研倾力打造,官方教材参编作者和资深讲师坐镇,通过深研历年考试出题规律与考试大纲,深挖核心知识与高频考点,为学员考试保驾护航。面授、直播&录播,多种班型灵活学习,满足不同学员考证需求,降低课程学习难度,使学习效果事半功倍。
相关内容
| 发表评论 查看完整评论 | |
考试新手指南
学习计划攻略
精华备考资料
案例论文干货
章节模拟试题
免费试听课程
推荐文章
各省市软考报名简章
信管网APP下载
考试信息推送