PrepAway - Latest Free Exam Questions & Answers

Tag: 312-50

What is the countermeasure against XSS scripting?

2 comments

Consider the following code:
URL:http://www.xsecurity.com/search.pl?text=alert(document.cookie)
If an attacker can trick a victim user to click a link like this, and the Web application does not validate input, then the victim’s browser will pop up an alert showing the users current set of cookies. An attacker can do much more damage, including stealing passwords, resetting your home page, or redirecting the user to another Web site.
What is the countermeasure against XSS scripting?

What defensive measures will you take to protect your network from these attacks?

One comment

Finding tools to run dictionary and brute forcing attacks against FTP and Web servers is an easy task for hackers. They use tools such as arhontus or brutus to break into remote servers.
CEH# ./rpa
Remote Password Assassin V 1.0
Roses Labs / w00w00
Usage: ./rpa (options)
Options:
-l : Login file to use.
-s : Use the same login.
-c : Password file to use.
-r : Attack FlowPoint Router.
-t : Attack Telnet Port.
-f : Attack FTP Port.
-p : Attack POP Port.
CEH# ./rpa 10.0.0.34 -t -f -c passwords.txt -s linksys
A command such as this, will attack a given 10.0.0.34 FTP and Telnet servers simultaneously with a list of passwords and a single login name: linksys. Many FTP-specific password-guessing tools are also available from major security sites.
What defensive measures will you take to protect your network from these attacks?

What is the hexadecimal value of NOP instruction?

2 comments

You are programming a buffer overflow exploit and you want to create a NOP sled of 200 bytes in the program exploit.c
char shellcode[] =
“x31xc0xb0x46x31xdbx31xc9xcdx80xebx16x5bx31xc0”
“x88x43x07x89x5bx08x89x43x0cxb0x0bx8dx4bx08x8d”
“x53x0cxcdx80xe8xe5xffxffxffx2fx62x69x6ex2fx73”
“x68”;
What is the hexadecimal value of NOP instruction?

Given the following extract from the snort log on a honeypot, what do you infer from the attack?

One comment

Given the following extract from the snort log on a honeypot, what do you infer from the attack?

If the canary word has been altered when the function returns, and the program responds by emitting an intrude

One comment

A simple compiler technique used by programmers is to add a terminator ‘canary word’ containing four letters NULL (0x00), CR (0x0d), LF (0x0a) and EOF (0xff) so that most string operations are terminated. If the canary word has been altered when the function returns, and the program responds by emitting an intruder alert into syslog, and then halts what does it indicate?

How would you protect from these attacks?

3 comments

Take a look at the following attack on a Web Server using obstructed URL:
http://www.example.com/script.ext?template=%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63 %2f%70%61%73%73%77%64
This request is made up of:
.%2e%2e%2f%2e%2e%2f%2e%2e%2f = ../../../
.%65%74%63 = etc
.%2f = /
.%70%61%73%73%77%64 = passwd
How would you protect from these attacks?

How can a remote attacker decipher the name of the administrator account if it has been renamed?

One comment

Jonathan being a keen administrator has followed all of the best practices he could find on securing his Windows Server. He renamed the Administrator account to a new name that cannot be easily guessed but there remain people who attempt to compromise his newly renamed administrator account. How can a remote attacker decipher the name of the administrator account if it has been renamed?

What is the command used to create a binary log file using tcpdump?

2 comments

What is the command used to create a binary log file using tcpdump?


Page 42 of 150« First...102030...4041424344...506070...Last »