What would be the name of this tool?
John is using a special tool on his Linux platform that has a database containing signatures to be
able to detect hundreds of vulnerabilities in UNIX, Windows, and commonly used web CGI/ASPX
scripts. Moreover, the database detects DDoS zombies and Trojans as well. What would be the
name of this tool?
What does this mean?
Fred is scanning his network to ensure it is as secure as possible. Fred sends a TCP probe packet
to a host with a FIN flag and he receives a RST/ACK response. What does this mean?
How would you accomplish this?
Your company has blocked all the ports via external firewall and only allows port 80/443 to
connect to the Internet. You want to use FTP to connect to some remote server on the Internet.
How would you accomplish this?
________ is a type of symmetric-key encryption algorithm that transforms a fixed-length block of plaintextR
_____________ is a type of symmetric-key encryption algorithm that transforms a fixed-length
block of plaintext (unencrypted text) data into a block of ciphertext (encrypted text) data of the
same length.
Which command will you run to disable auditing from the cmd?
You have successfully gained access to a victim’s computer using Windows 2003 Server SMB
Vulnerability. Which command will you run to disable auditing from the cmd?
How do you defend against MAC attacks on a switch?
How do you defend against MAC attacks on a switch?
which location, SAM hash passwords are stored in Windows 7?
In which location, SAM hash passwords are stored in Windows 7?
How would you disable file extensions in Apache servers?
File extensions provide information regarding the underlying server technology. Attackers can use
this information to search vulnerabilities and launch attacks. How would you disable file extensions
in Apache servers?
What is a good example of a programming error that Bob can use to explain to the management how encryption wil
Bob has a good understanding of cryptography, having worked with it for many years.
Cryptography is used to secure data from specific threats, but it does not secure the application
from coding errors. It can provide data privacy; integrity and enable strong authentication but it
cannot mitigate programming errors. What is a good example of a programming error that Bob can
use to explain to the management how encryption will not address all their security concerns?
What defensive measures will you take to protect your network from these attacks?
Finding tools to run dictionary and brute forcing attacks against FTP and Web servers is an easy
task for hackers. They use tools such as arhontus or brutus to break into remote servers.
A command such as this, will attack a given 10.0.0.34 FTP and Telnet servers simultaneously with
a list of passwords and a single login namE. linksys. Many FTP-specific password-guessing tools
are also available from major security sites.
What defensive measures will you take to protect your network from these attacks?