Which attack uses a time-delayed HTTP header to hold an HTTP connection open and exhaust web-server resources without sending the full request?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which attack uses a time-delayed HTTP header to hold an HTTP connection open and exhaust web-server resources without sending the full request?

Explanation:
Holding open HTTP connections by sending time-delayed headers to exhaust server resources is a form of resource exhaustion at the HTTP layer. In this attack, the attacker opens many connections and begins an HTTP request but stalls by sending only partial header data and delaying the remainder of the request. The server must keep each connection alive, allocating a thread or a socket and buffer space, which quickly runs out of resources and prevents legitimate requests from being serviced—even though no full request has been received. This Slowloris-like behavior is best described as an HTTP GET attack, because it relies on the GET request pattern and keeps the connection open by withholding the rest of the request, rather than flooding with full payloads or exploiting the TCP handshake. The other options describe floods at different layers or using different payload patterns, which do not capture the mechanism of stalling with HTTP headers to tie up server resources.

Holding open HTTP connections by sending time-delayed headers to exhaust server resources is a form of resource exhaustion at the HTTP layer. In this attack, the attacker opens many connections and begins an HTTP request but stalls by sending only partial header data and delaying the remainder of the request. The server must keep each connection alive, allocating a thread or a socket and buffer space, which quickly runs out of resources and prevents legitimate requests from being serviced—even though no full request has been received. This Slowloris-like behavior is best described as an HTTP GET attack, because it relies on the GET request pattern and keeps the connection open by withholding the rest of the request, rather than flooding with full payloads or exploiting the TCP handshake. The other options describe floods at different layers or using different payload patterns, which do not capture the mechanism of stalling with HTTP headers to tie up server resources.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy