You have just received an assignment for an assessment at a company site. Company’s management is concerned about external threat and wants to take appropriate steps to insure security is in place. Anyway the management is also worried about possible threats coming from inside the site, specifically from employees belonging to different Departments. What kind of assessment will you be performing ?

Jim is having no luck performing a penetration test in company’s network. He is running the tests from home and has downloaded every security scanner that he could lay his hands on. Despite knowing the IP range of all the systems, and the exact network configuration, Jim is unable to get any useful results.

Why is Jim having these problems?

Scanning for services is an easy job for Bob as there are so many tools available from the Internet. In order for him to check the vulnerability of company, he went through a few scanners that are currently available. Here are the scanners that he uses:

– Axent’s NetRecon (http://www.axent.com)
– SARA, by Advanced Research Organization (http://www-arc.com/sara)
– VLAD the Scanner, by Razor (http://razor.bindview.com/tools/)

However, there are many other alternative ways to make sure that the services that have been scanned will be more accurate and detailed for Bob.

What would be the best method to accurately identify the services running on a victim host?

Clive has been hired to perform a Black-Box test by one of his clients.

How much information will Clive obtain from the client before commencing his test?

Bob is a very security conscious computer user. He plans to test a site that is known to have malicious applets, code, and more. Bob always make use of a basic Web Browser to perform such testing.

Which of the following web browser can adequately fill this purpose?

Which of the following statements best describes the term Vulnerability?

Barney is looking for a Windows NT/2000/XP command-line tool that can be used to assign display or modify ACLs (Access Control Lists) to files or folders and that could also be used within batch files. Which of the following tools could be used for this purpose?

Bill successfully executed a buffer overflow against a Windows IIS web server. He has been able to spawn in interactive shell and plans to deface the main web page. He fist attempts to use the "Echo" command to simply overwrite index.html and remains unsuccessful. He then attempts to delete the page and achieves no progress. Finally, he tires to overwrite it with another page in which also he remains unsuccessful. What is the probable cause of Bill’s problem?

Bill has successfully executed a buffer overflow against a Windows IIS web server. He has been able to spawn an interactive shell and plans to deface the main web page. He first attempts to use the "echo" command to simply overwrite index.html and remains unsuccessful. He then attempts to delete the page and achieves no progress. Finally, he tries to overwrite it with another page in which also he remains unsuccessful. What is the probable cause of Bill’s problem?

Kevin sends an email invite to Chris to visit a forum for security professionals. Chris clicks on the link in the email message and is taken to a web based bulletin board. Unknown to Chris, certain functions are executed on his local system under his privileges, which allow Kevin access to information used on the BBS. However, no executables are downloaded and run on the local system. What would you term this attack?