PrepAway - Latest Free Exam Questions & Answers

Which of the following is NOT a technique used to perfo…

Which of the following is NOT a technique used to perform a penetration test?

PrepAway - Latest Free Exam Questions & Answers

A.
traffic padding

B.
scanning and probing

C.
war dialing

D.
sniffing

Explanation:
Traffic padding is a countermeasure to traffic analysis.
Even if perfect cryptographic routines are used, the attacker can gain knowledge of the amount of traffic that
was generated. The attacker might not know what Alice and Bob were talking about, but can know that they
were talking and how much they talked. In certain circumstances this can be very bad. Consider for example
when a military is organizing a secret attack against another nation: it may suffice to alert the other nation for
them to know merely that there is a lot of secret activity going on.
Padding messages is a way to make it harder to do traffic analysis. Normally, a number of random bits are
appended to the end of the message with an indication at the end how much this random data is. The
randomness should have a minimum value of 0, a maximum number of N and an even distribution between the
two extremes. Note, that increasing 0 does not help, only increasing N helps, though that also means that a
lower percentage of the channel will be used to transmit real data. Also note, that since the cryptographic
routine is assumed to be uncrackable (otherwise the padding length itself is crackable), it does not help to put
the padding anywhere else, e.g. at the beginning, in the middle, or in a sporadic manner.
Incorrect Answers:
B: Scanning and probing is a technique used in Penetration Testing. Various scanners, like a port scanner, can
reveal information about a network’s infrastructure and enable an intruder to access the network’s unsecured
ports.
C: War dialing is a technique used in Penetration Testing. War dialing is a technique of using a modem to
automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for
computers to hack in to.
D: Sniffing (packet sniffing) is a technique used in Penetration Testing. Packet sniffing is the process of
intercepting data as it is transmitted over a network.

Krutz, Ronald L. and Russel Dean Vines, The CISSP Prep Guide: Mastering the Ten Domains of Computer
Security, John Wiley & Sons, New York, 2001, pp. 233, 238.
https://secure.wikimedia.org/wikipedia/en/wiki/Padding_%28cryptography%29#Traffic_analysis


Leave a Reply