You find the following entries in your web log. Each shows attempted access to either root.exe or cmd.exe.
What caused this?
A. The Morris worm
B. The PIF virus
E. Code Red
F. Ping of Death
The Nimda worm modifies all web content files it finds. As a result,any user browsing web content on the system,whether via the file system or via a web server,may download a copy of the worm. Some browsers may automatically execute the downloaded copy,thereby,infecting the browsing system. The high scanning rate of the Nimda worm may also cause bandwidth denial-of-service conditions on networks with infected machines and allow intruders the ability to execute arbitrary commands within the Local System security context on machines running the unpatched versions of IIS.
Which are true statements concerning the BugBear and Pretty Park worms?
Select the best answers.
A. Both programs use email to do their work.
B. Pretty Park propagates via network shares and email
C. BugBear propagates via network shares and email
D. Pretty Park tries to connect to an IRC server to send your personal passwords.
E. Pretty Park can terminate anti-virus applications that might be running to bypass them.
Explanations: Both Pretty Park and BugBear use email to spread. Pretty Park cannot propagate via network shares,only email. BugBear propagates via network shares and email. It also terminates anti-virus applications and acts as a backdoor server for someone to get into the infected machine. Pretty Park tries to connect to an IRC server to send your personal passwords and all sorts of other information it retrieves from your PC. Pretty Park cannot terminate anti-virus applications. However,BugBear can terminate AV software so that it can bypass them.
One of the better features of NetWare is the use of packet signature that includes cryptographic signatures. The packet signature mechanism has four levels from 0 to 3.
In the list below which of the choices represent the level that forces NetWare to sign all packets?
A. 0 (zero)
0Server does not sign packets (regardless of the client level).
1Server signs packets if the client is capable of signing (client level is 2 or higher).
2Server signs packets if the client is capable of signing (client level is 1 or higher).
3Server signs packets and requires all clients to sign packets or logging in will fail.
Which is the Novell Netware Packet signature level used to sign all packets ?
Level 0 is no signature,Level 3 is communication using signature only.
If you receive a RST packet while doing an ACK scan, it indicates that the port is open.(True/False).
When and ACK is sent to an open port,a RST is returned.
If you perform a port scan with a TCP ACK packet, what should an OPEN port return?
B. No Reply
Open ports return RST to an ACK scan.
Pandora is used to attack __________ network operating systems.
E. MAC OS
While there are not lots of tools available to attack Netware,Pandora is one that can be used.
What is the name of the software tool used to crack a single account on Netware Servers using a dictionary attack?
NWPCrack is the software tool used to crack single accounts on Netware servers.
Which of the following is NOT a valid NetWare access level?
A. Not Logged in
B. Logged in
C. Console Access
Administrator is an account not a access level.
Windump is the windows port of the famous TCPDump packet sniffer available on a variety of platforms. In order to use this tool on the Windows platform you must install a packet capture library.
What is the name of this library?
WinPcap is the industry-standard tool for link-layer network access in Windows environments: it allows applications to capture and transmit network packets bypassing the protocol stack,and has additional useful features,including kernel-level packet filtering,a network statistics engine and support for remote packet capture.