As a security analyst you setup a false survey website that will require users to create a username and a strong password. You send the link to all the employees of the company. What information will you be able to gather?
A.
The employees network usernames and passwords
B.
The MAC address of theemployees?computers
C.
The IP address of the employees computers
D.
Bank account numbers and the corresponding routing numbers
Answer conflicts with the Actual tests study guide. Which indicates C is the best answer. Thoughts? Copied text is below:
Answer A is not correct. In order for this to actually work, since you are asking the employee to CREATE an account, is the assumption that the user will create an account using the same Username and Password that is used as their network username and password. [it is very likely that some or a lot of users will actually create their account on the survey site using their current network credentials – one less password to remember]
Answer B is not correct. In order for this to work, there cannot be a router between the user and the survey site. If there is a router, then the MAC address that will be captured will be the last hop prior to reaching the survey site.
Answer C is the best answer. Assuming that spoofing is not used, for example the use of a proxy server, the web server logs should show all the IP addresses. This requires assumptions, i.e. the survey web site is within the corporate intranet. If the traffic has to leave the firewall, and if NATing
is in effect, then the addresses will be changed and the collected IP addresses can not be traced back to the user.
Answer D is incorrect. Not unless the survey web site collects that information. The composition of the survey is not provided.