PrepAway - Latest Free Exam Questions & Answers

Which of the following is the MOST likely reason for the incident?

A network administrator identifies sensitive files being transferred from a workstation in the LAN to an
unauthorized outside IP address in a foreign country. An investigation determines that the firewall has
not been altered, and antivirus is up-to-date on the workstation. Which of the following is the MOST likely
reason for the incident?

PrepAway - Latest Free Exam Questions & Answers

A.
MAC Spoofing

B.
Session Hijacking

C.
Impersonation

D.
Zero-day

Explanation:
This question states that antivirus is up-to-date on the workstation and the firewall has not been altered.
The antivirus software is up to date with all ‘known’ viruses. A zero day vulnerability is an unknown
vulnerability so a patch or virus definition has not been released yet.A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is
then exploited by hackers before the vendor becomes aware and hurries to fix it—this exploit is called a
zero day attack. Uses of zero day attacks can include infiltrating malware, spyware or allowing unwanted
access to user information. The term “zero day” refers to the unknown nature of the hole to those
outside of the hackers, specifically, the developers. Once the vulnerability becomes known, a race begins
for the developer, who must protect users.
Incorrect Answers:
A: This is not an example of MAC Spoofing. MAC Spoofing can be used to ‘redirect’ traffic to a different
host. However, in this question the data is being sent to another country. The traffic will therefore be
going through several routers. MAC Spoofing only works when the host is on the same broadcast domain
as the intended destination host.
B: Session hijacking, also known as TCP session hijacking, is a method of taking over a Web user session by
surreptitiously obtaining the session ID and masquerading as the authorized user. Once the user’s session
ID has been accessed (through session prediction), the attacker can masquerade as that user and do
anything the user is authorized to do on the network. In this question, the data is being transferred from
a workstation, not a web server so this is not an example of session hijacking.
C: Impersonation is where a person, computer, software application or service pretends to be someone
it’s not. It is unlikely that a person in a foreign country is accessing the data by impersonating someone.

http://www.pctools.com/security-news/zero-day-vulnerability/


Leave a Reply