How would John protect his network from these types of attacks?
John runs a Web server, IDS and firewall on his network. Recently his Web server has been under
constant hacking attacks. He looks up the IDS log files and sees no intrusion attempts but the
Web server constantly locks up and needs rebooting due to various brute force and buffer
overflow attacks but still the IDS alerts no intrusion whatsoever. John becomes suspicious and
views the Firewall logs and he notices huge SSL connections constantly hitting his Web server.
Hackers have been using the encrypted HTTPS protocol to send exploits to the Web server and
that was the reason the IDS did not detect the intrusions. How would John protect his network
from these types of attacks?
A Buffer Overflow attack involves:
A Buffer Overflow attack involves:
Which of the following tools can she use to protect the link?
Jane wishes to forward X-Windows traffic to a remote host as well as POP3 traffic. She is worried
that adversaries might be monitoring the communication link and could inspect captured traffic.
She would like to tunnel the information to the remote end but does not have VPN capabilities to
do so. Which of the following tools can she use to protect the link?
what is the RID of the true administrator account?
When working with Windows systems, what is the RID of the true administrator account?
What port number you should enable in Wireshark display filter to view NTP packets?
NTP allows you to set the clocks on your systems very accurately, to within 100ms and
sometimes-even 10ms. Knowing the exact time is extremely important for enterprise security.
Various security protocols depend on an accurate source of time information in order to prevent
“playback” attacks. These protocols tag their communications with the current time, to prevent
attackers from replaying the same communications, e.g., a login/password interaction or even an
entire communication, at a later date. One can circumvent this tagging, if the clock can be set back
to the time the communication was recorded. An attacker attempts to try corrupting the clocks on
devices on your network. You run Wireshark to detect the NTP traffic to see if there are any
irregularities on the network. What port number you should enable in Wireshark display filter to
view NTP packets?
what is the correct response?
If you send a SYN to an open port, what is the correct response?(Choose all correct answers.
How can Bill accomplish this?
Bill is a security analyst for his company. All the switches used in the company’s office are Cisco
switches. Bill wants to make sure all switches are safe from ARP poisoning. How can Bill
accomplish this?
what is the RID of the true administrator account?
When working with Windows systems, what is the RID of the true administrator account?
What is the length of the MD5 hash?
You generate MD5 128-bit hash on all files and folders on your computer to keep a baseline check
for security reasons?
What is the length of the MD5 hash?
What do you think was the most likely cause behind this sudden increase in traffic?
You have been called to investigate a sudden increase in network traffic at XYZ. It seems that the
traffic generated was too heavy that normal business functions could no longer be rendered to
external employees and clients. After a quick investigation, you find that the computer has
services running attached to TFN2k and Trinoo software. What do you think was the most likely
cause behind this sudden increase in traffic?