PrepAway - Latest Free Exam Questions & Answers

Which of the following has happened on the workstation?

The security administrator is observing unusual network behavior from a workstation. The workstation is
communicating with a known malicious destination over an encrypted tunnel. A full antivirus scan, with
an updated antivirus definition file, does not show any signs of infection.
Which of the following has happened on the workstation?

PrepAway - Latest Free Exam Questions & Answers

A.
Zero-day attack

B.
Known malware infection

C.
Session hijacking

D.
Cookie stealing

Explanation:
The vulnerability was unknown in that the full antivirus scan did not detect it. This is zero day
vulnerability.
A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is
then exploited by hackers before the vendor becomes aware and hurries to fix it—this exploit is called a
zero day attack. Uses of zero day attacks can include infiltrating malware, spyware or allowing unwanted
access to user information. The term “zero day” refers to the unknown nature of the hole to those
outside of the hackers, specifically, the developers. Once the vulnerability becomes known, a race begins
for the developer, who must protect users.
Incorrect Answers:
B: This is not a known malware infection. The vulnerability was unknown because the full antivirus scan
did not detect it.
C: In computer science, session hijacking, sometimes also known as cookie hijacking is the exploitation of
a valid computer session—sometimes also called a session key—to gain unauthorized access to
information or services in a computer system. In particular, it is used to refer to the theft of a magic
cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as
the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker usingan intermediary computer or with access to the saved cookies on the victim’s computer. This is not what
is described in this question.
D: Cookie stealing is another name for session hijacking.
In computer science, session hijacking, sometimes also known as cookie hijacking is the exploitation of a
valid computer session—sometimes also called a session key—to gain unauthorized access to information
or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to
authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies
used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary
computer or with access to the saved cookies on the victim’s computer. This is not what is described in
this question.

http://www.pctools.com/security-news/zero-day-vulnerability/
http://en.wikipedia.org/wiki/Session_hijacking


Leave a Reply