A majority of attacks come from insiders, people who have direct access to a company’s computer system as part of their job function or a business relationship. Who is considered an insider?
A. A competitor to the company because they can directly benefit from the publicity generated by making such an attack
B. Disgruntled employee,customers,suppliers,vendors,business partners,contractors,temps,and consultants
C. The CEO of the company because he has access to all of the computer systems
D. A government agency since they know the company’s computer system strengths and weaknesses
Jeremy is web security consultant for Information Securitas. Jeremy has just been hired to perform contract work for a large state agency in Michigan. Jeremy’s first task is to scan all the company’s external websites. Jeremy comes upon a login page which appears to allow employees access to sensitive areas on the website. James types in the following statement in the username field:
SELECT * from Users where username=’admin’ ?AND password=” AND email like ‘%@testers.com%’
What will the SQL statement accomplish?
A. If the page is susceptible to SQL injection,it will look in the Users table for usernames of admin
B. This statement will look for users with the name of admin,blank passwords,and email addresses that end in @testers.com
C. This Select SQL statement will log James in if there are any users with NULL passwords
D. James will be able to see if there are any default user accounts in the SQL database
An attacker is attempting to telnet into a corporation’s system in the DMZ. The attacker doesn’t want to get caught and is spoofing his IP address. After numerous tries he remains unsuccessful in connecting to the system. The attacker rechecks that the target system is actually listening on Port 23 and he verifies it with both nmap and hping2. He is still unable to connect to the target system. What could be the reason?
A. The firewall is blocking port 23 to that system
B. He needs to use an automated tool to telnet in
C. He cannot spoof his IP and successfully use TCP
D. He is attacking an operating system that does not reply to telnet even when open
If an attacker’s computer sends an IPID of 31400 to a zombie (Idle Scanning) computer on an open port, what will be the response?
C. The zombie will not send a response
Trojan horse attacks pose one of the most serious threats to computer security. The image below shows different ways a Trojan can get into a system. Which are the easiest and most convincing ways to infect a computer?
A. IRC (Internet Relay Chat)
B. Legitimate “shrink-wrapped” software packaged by a disgruntled employee
C. NetBIOS (File Sharing)
D. Downloading files,games and screensavers from Internet sites
SSL has been seen as the solution to a lot of common security problems. Administrator will often time make use of SSL to encrypt communications from points A to point B. Why do you think this could be a bad idea if there is an Intrusion Detection System deployed to monitor the traffic between point A and B?
A. SSL is redundant if you already have IDS’s in place
B. SSL will trigger rules at regular interval and force the administrator to turn them off
C. SSL will slow down the IDS while it is breaking the encryption to see the packet content
D. SSL will blind the content of the packet and Intrusion Detection Systems will not be able to detect them
Jake is a network administrator who needs to get reports from all the computer and network devices on his network. Jake wants to use SNMP but is afraid that won’t be secure since passwords and messages are in clear text. How can Jake gather network information in a secure manner?
A. He can use SNMPv3
B. Jake can use SNMPrev5
C. He can use SecWMI
D. Jake can use SecSNMP
June, a security analyst, understands that a polymorphic virus has the ability to mutate and can change its known viral signature and hide from signature-based antivirus programs. Can June use an antivirus program in this case and would it be effective against a polymorphic virus?
A. Yes. June can use an antivirus program since it compares the parity bit of executable files to the database of known check sum counts and it is effective on a polymorphic virus
B. Yes. June can use an antivirus program since it compares the signatures of executable files to the database of known viral signatures and it is very effective against a polymorphic virus
C. No. June can’t use an antivirus program since it compares the signatures of executable files to the database of known viral signatures and in the case the polymorphic viruses cannot be detected by a signature-based anti-virus program
D. No. June can’t use an antivirus program since it compares the size of executable files to the database of known viral signatures and it is effective on a polymorphic virus
Which of the following Exclusive OR transforms bits is NOT correct?
A. 0 xor 0 = 0
B. 1 xor 0 = 1
C. 1 xor 1 = 1
D. 0 xor 1 = 1
The traditional traceroute sends out ICMP ECHO packets with a TTL of one, and increments the TTL until the destination has been reached. By printing the gateways that generate ICMP time exceeded messages along the way, it is able to determine the path packets take to reach the destination.
The problem is that with the widespread use of firewalls on the Internet today, many of the packets that traceroute sends out end up being filtered, making it impossible to completely trace the path to the destination.
How would you overcome the Firewall restriction on ICMP ECHO packets?
A. Firewalls will permit inbound TCP packets to specific ports that hosts sitting behind the firewall are listening for connections. By sending out TCP SYN packets instead of ICMP ECHO packets,traceroute can bypass the most common firewall filters.
B. Firewalls will permit inbound UDP packets to specific ports that hosts sitting behind the firewall are listening for connections. By sending out TCP SYN packets instead of ICMP ECHO packets,traceroute can bypass the most common firewall filters.
C. Firewalls will permit inbound UDP packets to specific ports that hosts sitting behind the firewall are listening for connections. By sending out TCP SYN packets instead of ICMP ECHO packets,traceroute can bypass the most common firewall filters.
D. Do not use traceroute command to determine the path packets take to reach the destination instead use the custom hacking tool JOHNTHETRACER and run with the command
E. > JOHNTHETRACER http://www.eccouncil.org -F -evade