Why is it a good idea to perform a penetration test from the inside?
Why is it a good idea to perform a penetration test from the inside?
what changes should the client company make?
Refer to the Exhibit
Paulette works for an IT security consulting company that is currently performing an audit for the
firm ACE Unlimited. Paulette’s duties include logging on to all the company’s network equipment to
ensure IOS versions are up-to-date and all the other security settings are as stringent as possible.
Paulette presents the following screenshot to her boss so he can inform the client about necessary
changes need to be made. From the screenshot, what changes should the client company make?
Exhibit: 
An “idle” system is also referred to as what?
An “idle” system is also referred to as what?
What have you found?
You are working on a thesis for your doctorate degree in Computer Science. Your thesis is based
on HTML, DHTML, and other web-based languages and how they have evolved over the years.
You navigate to archive.org and view the HTML code of news.com. You then navigate to the
current news.com website and copy over the source code. While searching through the code, you
come across something abnormal:
<img src=http://coolwebsearch.com/ads/pixel.news.com width=1 height=1 border=0>
What have you found?
What are you trying to accomplish here?
You have compromised a lower-level administrator account on an Active Directory network of a
small company in Dallas, Texas. You discover Domain Controllers through enumeration. You
connect to one of the Domain Controllers on port 389 using ldp.exe. What are you trying to
accomplish here?
What search string will you use to locate them?
You are trying to locate Microsoft Outlook Web Access Default Portal using Google search on the
Internet. What search string will you use to locate them?
What countermeasures could he take to prevent DDoS attacks?
After undergoing an external IT audit, George realizes his network is vulnerable to DDoS attacks.
What countermeasures could he take to prevent DDoS attacks?
What have you discovered?
You are a security analyst performing a penetration tests for a company in the Midwest. After
some initial reconnaissance, you discover the IP addresses of some Cisco routers used by the
company. You type in the following URL that includes the IP address of one of the routers:
http://172.168.4.131/level/99/exec/show/config
After typing in this URL, you are presented with the entire configuration file for that router. What
have you discovered?
What is he testing at this point?
Kyle is performing the final testing of an application he developed for the accounting department.
His last round of testing is to ensure that the program is as secure as possible. Kyle runs the
following command. What is he testing at this point?
#include <stdio.h>
#include <string.h>
int main(int argc, char *argv[])
{
char buffer[10];
if (argc < 2)
{
fprintf(stderr, “USAGE: %s string\n”, argv[0]);
return 1;
}
strcpy(buffer, argv[1]);
return 0;
}
What organization should Frank submit the log to find out if it is a new vulnerability or not?
Frank is working on a vulnerability assessment for a company on the West coast. The company
hired Frank to assess its network security through scanning, pen tests, and vulnerability
assessments. After discovering numerous known vulnerabilities detected by a temporary IDS he
set up, he notices a number of items that show up as unknown but questionable in the logs. He
looks up the behavior on the Internet, but cannot find anything related. What organization should
Frank submit the log to find out if it is a new vulnerability or not?