Which attack type exhausts a target's maximum concurrent connections by using incomplete HTTP requests?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which attack type exhausts a target's maximum concurrent connections by using incomplete HTTP requests?

Explanation:
This attacks type exploits a web server’s limited pool of concurrent connections by holding connections open with incomplete HTTP requests. The attacker opens many connections to the target and begins sending a partial request, then keeps sending just enough header data to keep the connection alive without ever finishing the request. The server must keep each open connection waiting for the rest of the request, tying up resources (threads or workers) and preventing new legitimate connections from being established. Because each connection uses minimal bandwidth but substantial server resources, the target can be overwhelmed even with modest traffic. This is why it best fits the prompt: the goal is to exhaust the maximum number of concurrent connections, not to saturate bandwidth or rely on amplification. Other attack types described generally rely on flooding with complete requests, amplification, or different resource targets, and thus don’t align with the mechanism of keeping connections open via incomplete requests.

This attacks type exploits a web server’s limited pool of concurrent connections by holding connections open with incomplete HTTP requests. The attacker opens many connections to the target and begins sending a partial request, then keeps sending just enough header data to keep the connection alive without ever finishing the request. The server must keep each open connection waiting for the rest of the request, tying up resources (threads or workers) and preventing new legitimate connections from being established. Because each connection uses minimal bandwidth but substantial server resources, the target can be overwhelmed even with modest traffic.

This is why it best fits the prompt: the goal is to exhaust the maximum number of concurrent connections, not to saturate bandwidth or rely on amplification. Other attack types described generally rely on flooding with complete requests, amplification, or different resource targets, and thus don’t align with the mechanism of keeping connections open via incomplete requests.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy