CNSP Exam Dumps : Certified Network Security Practitioner (CNSP)

ICMP (Internet Control Message Protocol), per RFC 792, handles diagnostics (e.g., ping) and errors in IP networks. It’s exploitable in:

A. Ping of Death:

Method: Sends oversized ICMP Echo Request packets (>65,535 bytes) via fragmentation. Reassembly overflows buffers, crashing older systems (e.g., Windows 95).

Fix: Modern OSes cap packet size (e.g., ping -s 65500).

B. Smurf Attack:

Method: Spoofs ICMP Echo Requests to a network’s broadcast address (e.g., 192.168.255.255). All hosts reply, flooding the victim.

Amplification: 100 hosts = 100x traffic.

C. ICMP Flooding:

Method: Overwhelms a target with ICMP Echo Requests (e.g., ping -f), consuming bandwidth/CPU.

Variant: BlackNurse attack targets firewalls.

Technical Details:

ICMP Type 8 (Echo Request), Type 0 (Echo Reply) are key.

Mitigation: Rate-limit ICMP, disable broadcasts (e.g., no ip directed-broadcast).

Security Implications:ICMP attacks are DoS vectors. CNSP likely teaches filtering (e.g., iptables -p icmp -j DROP) balanced with diagnostics need.

Why other options are incorrect:

A, B, C individually:All are ICMP-based; D is comprehensive.

Real-World Context:Smurf attacks peaked in the 1990s; modern routers block them by default.References:CNSP Official Study Guide (Network Attacks); RFC 792 (ICMP).

Protocols are defined by their transport layer usage (TCP or UDP), impacting their security and performance characteristics.

Why D is correct:SSH (Secure Shell) uses TCP (port 22) for reliable, connection-oriented communication, unlike the UDP-based options. CNSP contrasts TCP and UDP protocol security.

Why other options are incorrect:

A:SNMP uses UDP (ports 161, 162) for lightweight network management.

B:NTP uses UDP (port 123) for time synchronization.

C:IKE (IPsec key exchange) uses UDP (ports 500, 4500).

References:CNSP "Network Protocols" (Section on Transport Layer) identifies SSH as TCP-based, others as UDP.

In Linux, password hashes are stored in a secure file to protect user authentication data. The evolution of Linux security practices moved password storage from plaintext or weakly protected files to a more secure location.

Why C is correct:The /etc/shadow file is the standard location for storing password hashes in modern Linux systems. This file is readable only by the root user, enhancing security by restricting access. It contains encrypted password hashes (typically using algorithms like SHA-512), along with user details such as password expiration policies. CNSP documentation on Linux security emphasizes /etc/shadow as the authoritative source for password hashes, replacing older methods.

Why other options are incorrect:

A. /etc/passwd:Historically, /etc/passwd stored passwords in plaintext or weakly hashed forms (e.g., using DES), but modern systems use it only for user account information (e.g., UID, GID, home directory) and reference /etc/shadow for hashes.

B. /etc/password:This is not a valid file in the Linux file system; it appears to be a typographical error or misunderstanding, with no recognized role in password storage.

D. /usr/bin/shadow:/usr/bin contains executable binaries, not configuration or data files like password hashes. /etc/shadow is the correct path.

References:CNSP "Linux Authentication Mechanisms" (Section on Password Storage) details the transition to /etc/shadow for enhanced security and contrasts it with /etc/passwd.