This action might not be possible to undo. Are you sure you want to continue?
Michael has been given permission to perform any tests necessary against the agency’s network. The agency’s network has come under many DoS attacks in recent months, so the agency’s IT team has tried to take precautions to prevent any future DoS attacks. To test this, Michael attempts to gain unauthorized access or even overload one of the agency’s Cisco routers that is at IP address 192.168.254.97. Michael first creates a telnet session over port 23 to the router. He uses a random username and tries to input a very large password to see if that freezes up the router. This seems to have no affect on the router yet. What other command could Michael use to attempt to freeze up the router? A. Ping -l 254 192.168.254.97 would make the router freeze B. Michael could use the command: ping -l 56550 192.168.254.97 -t C. If Michael used the command: ping -r 999 192.168.254.97 -t , he could freeze up the router and then attempt to gain access D. The command: finger -l 9999 192.168.254.97 -m would force the router to freeze
2. Heather is the network administrator for her company, a small medical billing company in Billings. Since the company handles personal information for thousands of clients, they must comply with HIPAA rules and regulations. Heather downloads all the HIPAA requirements for information security and begins an audit of the company. Heather finds out that many of the billing technicians have been sending sensitive information in PDF documents to outside companies. To protect this information, they have been password protecting the PDF documents. Heather has informed all the technicians that this method of protecting the data is not safe enough. Why is using passwords to protect PDF documents not enough to safeguard against information leakage? A. The technicians should not only rely on PDF passwords because the passwords are sent as an attached text file went sent through email B. Since PDF password protection alone does not comply with SOX; they should not solely rely on them for protection C. This is not enough protection because PDF passwords can easily be cracked by many different software applications D. PDF passwords are not reliable because they are completely stripped off from the documents once they are passed through email
3. Stephanie, a security analyst, has just returned from a Black Hat conference in Las Vegas where she learned of many powerful tools used by hackers and security professionals alike. Stephanie is primarily worried about her Windows network because of all the legacy computers and servers that she must use, due to lack of funding. Stephanie wrote down many of the tools she learned of in her notes and was particularly interested in one tool that could scan her network for vulnerabilities and return reports on her network’s weak spots called SAINT. She remembered from her notes that SAINT is very flexible and can accomplish a number of tasks. Stephanie asks her supervisor, the
You are going to attempt a teardrop attack to see if their network can handle the packets D. this would be considered a low-level incident 5. By changing the characteristics of the UDP packets in this manner. This situation would be classified as a mid-level incident C. You also put confusing offset values in the second and later fragments to confuse the network if it tries to break up the large packets. Darren is the network administrator for Greyson & Associates. What incident level would this situation be classified as? A.CIO. you craft UDP packets that you know are too large for the routers and switches to handle. He traces the activity target to one of the firm’s internal file servers and finds that many documents on that server were destroyed. SAINT is too expensive and is not cost effective 4. Why did Stephanie’s boss say that SAINT would not work? A. if she can download and run SAINT on the network. SAINT only works on Macintosh-based machines C. This attack is called a SYN attack since the UDP packets are manipulated C. Darren is responsible for all network functions as well as any digital forensics work that is needed. Darren decides that this incident should be handled and resolved within the same day of its discovery. To perform this attack. a large law firm in Houston.000 worth of loss. This type of attack is referred to as a Ping of Death attack since the packets use confusing offset values . Because Darren has determined that this issue needs to be addressed in the same day it was discovered. this would be considered a high-level incident D. Since there was over $50.000 worth of lost data. SAINT only works on LINUX and UNIX machines D. After performing some calculations. Darren is examining the firewall logs one morning and notices some unusual activity. Darren finds the damage to be around $75. The energy company has asked you to perform DoS attacks against its branch offices to see if their configurations and network hardening can handle the load. You are an IT security consultant working on a six month contract with a large energy company based in Kansas City. you are trying to use a Smurf attack against the company’s network B. Her boss said to not bother with it since it will not work for her at all. This specific incident would be labeled as an immediate-level incident B. What type of attack are you going to attempt on the company’s network? A. SAINT is too network bandwidth intensive B.
They have been able to compromise the firewall. Steven and his team of IT technicians are in charge of keeping inventory for the entire company. The technology used to disable an RFIP chip after it is no longer needed.6. To keep track of everything. This comes in very handy when the company actually sells oil drilling equipment to other companies. The company’s RFID tags can be disabled by Steven using Replaceable ROM technology B. turns on MX callbacks. he hopes that SPAMMERS will see this and move on to easier and faster targets. or possibly stolen. and give themselves proper access D. an oil well drilling company in Oklahoma City. Neil is closely monitoring his firewall rules and logs on a regular basis. When Steven purchased these tags. Steven has decided to use RFID tags on their entire inventory so they can be scanned with either a wireless scanner or a handheld scanner. All Steven has to do is disable the RFID tag on the sold equipment and it cannot give up any information that was previously stored on it. and uses heuristics to stop the incoming SPAM. software. they do not prevent much of the SPAM from coming in. including computers. What technology allows Steven to disable the RFID tags once they are no longer needed? A. Newer RFID tags can be disabled by using Terminator Switches built into the chips 7. They are using UDP that is always authorized at the firewall B. While these techniques help some. white list. They are using tunneling software that allows them to communicate with protocols in a way it was not intended 8. He then builds a black list. Steven is the senior network administrator for Onkton Incorporated. Neil knows that he has an up-to-date content filtering system and such access should not be authorized. Leonard decides to use a technique where his mail server responds very slowly to outside connected mail servers by using multi-line SMTP responses. RFID Kill Switches built into the chips enable Steven to disable them D. What type of technique might be used by these offenders to access the Internet without restriction? A. Leonard is a systems administrator who has been tasked by his supervisor to slow down or lessen the amount of SPAM their company receives on a regular basis. Some of the users have complained to Neil that there are a few employees who are visiting offensive web site during work hours. One feature he really liked was the ability to disable RFID tags if necessary. By responding slowly to SMTP connections. and oil well equipment. What technique is Leonard trying to employ here to stop SPAM? . modify the rules. These RFID tags hold as much information as possible about the equipment they are attached to. is called RSA Blocking C. he made sure they were as state of the art as possible. They are using an older version of Internet Explorer that allow them to bypass the proxy server C. without any consideration for others. SPAM being sent to company email addresses has become a large problem within the last year for them. Leonard starts by adding SPAM prevention software at the perimeter of the network.
the effective speed of the wireless networks can be up to 5. This specific error means that the ports are currently in stealth mode D. Leonard is using the technique called Bayesian Content Filtering B. the airports’ wireless networks will function at up to 11 mbps . Blake finds a target on the network that looks promising and begins to perform a scan against it by sending packets with empty UDP headers to each port. Blake first begins his testing by finding network devices on the network that might be used for VoIP. The company heard through contacts that Blake was the best in the business as far as examining and securing VoIP network implementations. With this error checking.11b. or lack thereof. Blake has been recently hired on my Thwarting Enterprises. Leonard is trying to use the Transparent SMTP Proxy technique to stop incoming SPAM C. David is the wireless security administrator for Simpson Audio Visual. what can Blake deduce about these ports? A. About a year ago. Blake can deduce that the ports that respond with this error are open and listening C. From this error.11b with TCP error checking. Thwarting Enterprises installed a Cisco VoIP system throughout their office to replace the older PBX system. Blake is an IT security consultant. The resulting speed of the wireless networks for the airports will be up to 248 mbps D. This technique that Leonard is trying is referred to as using a Sender Policy Framework to aid in SPAM prevention D. Since these networks will be used by both internal airport employees and visitors to the airports. The resulting speed of the wireless networks will be up to 7. specializing in PBX and VoIP implementation testing. Every airport wants to use 802. Since TCP error checking will be utilized. even though David has said this will slow down the wireless network connection speeds. He is using the technique called teergrubing to delay SMTP responses and hopefully stop SPAM 9.A. Because TCP error checking has no effect on the actual speed.1 mbps since error checking slows down the actual speed C. a brokerage firm in New York City. David was hired on after the company was awarded a contract with 100 airports to install wireless networks. what will be the resulting speed of the wireless networks? A. From these errors. They have now brought Blake in to test its security. Blake can tell that these ports are not being used 10. He can tell that these specific ports are in hybrid mode B. To stop SPAM. David decided to go with the de facto standard of 802. Almost all of the ports respond with the error of “ICMP port unreachable”. Blake prefers to use UDP scanning because of its quickness.9 mbps B.
11. A White Hat test B. Loadable Kernel Modules are a mechanism for adding functionality to an operatingsystem kernel after it has been recompiled and the system rebooted 12. Loadable Kernel Modules are a mechanism for adding auditing to an operating-system kernel without requiring a kernel recompilation C. their main concern is the possibility of an employee elevating his/her privileges and gaining access to information outside of their department. and have invested considerable resources in protecting their Internet exposure. They are concerned with the possibility of external threat. what does it mean in the context of Linux Security? A. Loadable Kernel Modules are a mechanism for adding functionality to an operatingsystem kernel without requiring a kernel recompilation B. A client has approached you with a penetration test requirement. A Black Hat test E. However. What kind of penetration test would you recommend that would best address the client’s concern? A. A Black Box test F. A Grey Hat test D. Loadable Kernel Modules are a mechanism for adding functionality to a filesystem without requiring a kernel recompilation D. LKM stands for Loadable Kernel Module. she mentioned a few times to John that she suspects an LKM was installed on her server and this is why it has been acting so erratically lately. A White Box test C. John is discussing security with Jane. A Grey Box test .
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue reading from where you left off, or restart the preview.