Simon is security analyst writing signatures for a Snort node he placed internally that captures all mirrored traffic from his border firewall. From the following signature, what will Snort look for in the payload of the suspected packets?
alert tcp $EXTERNAL_NET any -> $HOME_NET 27374 (msG. “BACKDOOR SIG – SubSseven 22”;flags: A+; content: “|0d0a5b52504c5d3030320d0a|”; reference:arachnids, 485;) alert
A. The payload of 485 is what this Snort signature will look for.
B. Snort will look for 0d0a5b52504c5d3030320d0a in the payload.
C. Packets that contain the payload of BACKDOOR SIG – SubSseven 22 will be flagged.
D. From this snort signature,packets with HOME_NET 27374 in the payload will be flagged.
You are trying to package a RAT Trojan so that Anti-Virus software will not detect it. Which of the listed technique will NOT be effective in evading Anti-Virus scanner?
A. Convert the Trojan.exe file extension to Trojan.txt disguising as text file
B. Break the Trojan into multiple smaller files and zip the individual pieces
C. Change the content of the Trojan using hex editor and modify the checksum
D. Encrypt the Trojan using multiple hashing algorithms like MD5 and SHA-1
What will the following command produce on a website’s login page if executed successfully? SELECT email, passwd, login_id, full_name FROM members WHERE email = ‘email@example.com’; DROP TABLE members; –’
A. This code will insert the firstname.lastname@example.org email address into the members table.
B. This command will delete the entire members table.
C. It retrieves the password for the first user in the members table.
D. This command will not produce anything since the syntax is incorrect.
Oregon Corp is fighting a litigation suit with Scamster Inc. Oregon has assigned a private investigative agency to go through garbage, recycled paper, and other rubbish at Scamster’s office site in order to find relevant information. What would you call this kind of activity?
A. CI Gathering
C. Dumpster Diving
D. Garbage Scooping
What type of port scan is represented here.
A. Stealth Scan
B. Full Scan
C. XMAS Scan
D. FIN Scan
One way to defeat a multi-level security solution is to leak data via
A. a bypass regulator.
C. a covert channel.
D. asymmetric routing.
On a Linux device, which of the following commands will start the Nessus client in the background so that the Nessus server can be configured?
A. nessus +
B. nessus *s
C. nessus &
D. nessus -d
Least privilege is a security concept that requires that a user is
A. limited to those functions required to do the job.
B. given root or administrative privileges.
C. trusted to keep all data and access to that data under their sole control.
D. given privileges equal to everyone else in the department.
A covert channel is a channel that
A. transfers information over,within a computer system,or network that is outside of the security policy.
B. transfers information over,within a computer system,or network that is within the security policy.
C. transfers information via a communication path within a computer system,or network for transfer of data.
D. transfers information over,within a computer system,or network that is encrypted.
SOAP services use which technology to format information?