What will this code do on the employee’s computer once the email is opened?
Leonard is the senior security analyst for his company, Meyerson Incorporated. Leonard has recently finished writing security policies for the company thathave just been signed off by management. Every employee has had to sign off onthe policies, agreeing to abide by them or face disciplinary action. One policy in particular is being enforced; employees are not allowed to use web-based email clients such as Hotmail, Yahoo, and Gmail. This has been put in place because of virus infections that started with web-based email. While walking throughthe office one day, Leonard notices an employee using Hotmail. To prove a point, Leonard sends an email to this users Hotmail account with the following code.
What will this code do on the employee’s computer once the email is opened?
What registry key permission should Theresa check to ensure that Qfecheck runs properly?
Theresa is the chief information security officer for her company, a large shipping company based out of New York City. In the past, Theresa and her IT employees manually checked the status of client computers on the network to see ifthey had the most recent Microsoft updates. Now that the company has added over100 more clients to accommodate new departments, Theresa must find some kind of tool to see whether the clients are up-to-date or not. Theresa decides to useQfecheck to monitor all client computers. When Theresa runs the tool, she is repeatedly told that the software does not have the proper permissions to scan. Theresa is worried that the operating system hardening that she performs on all clients is keeping the software from scanning the necessary registry keys on theclient computers. What registry key permission should Theresa check to ensure that Qfecheck runs properly?
What type of session attack is Gerald employing here?
Gerald is a certified ethical hacker working for a large financial institution in Oklahoma City. Gerald is currently performing an annual security audit ofthe company’s network. One of the company’s primary concerns is how the corporate data is transferred back and forth from the banks all over the city to the data warehouse at the company’s home office. To see what type of traffic is being passed back and forth and to see how secure that data really is, Gerald uses asession hijacking tool to intercept traffic between a server and a client. Gerald hijacks an HTML session between a client running a web application which connects to a SQL database at the home office. Gerald does not kill the client’s session; he simply monitors the traffic that passes between it and the server. What type of session attack is Gerald employing here?
What measures can Bill take to help prevent future reflective DoS attacks against the ISP’s network?
Bill is an IT security consultant who has been hired on by an ISP that has recently been plagued by numerous DoS attacks. The ISP did not have the internalresources to prevent future attacks, so they hired Bill for his expertise. Bill looks through the company’s firewall logs and can see from the patterns that the attackers were using reflected DoS attacks. What measures can Bill take to help prevent future reflective DoS attacks against the ISP’s network? (Select 2)
What type of attack are yougoing to attempt on the company’s network?
You are an IT security consultant working on a six month contract with a large energy company based in Kansas City. The energy company has asked you to perform DoS attacks against its branch offices to see if their configurations and network hardening can handle the load. To perform this attack, you craft UDP packets that you know are too large for the routers and switches to handle. You also put confusing offset values in the second and later fragments to confuse thenetwork if it tries to break up the large packets. What type of attack are yougoing to attempt on the company’s network?
What aspect of email clients does this exploit take advantage of?
Javier is a network security consultant working on contract for a state agency in Texas. Javier has been asked to test the agency’s network security from every possible aspect. Javier decides to use the Reaper Exploit virus to see ifhe can exploit any weaknesses in the company’s email. He infects a couple of computers with the virus and waits for the users of those machines to use their email client. After a short amount of time, he receives numerous emails that were copied from those clients; this proving that the client computers are susceptible to the Reaper Exploit virus exploiting their email clients. What aspect of email clients does this exploit take advantage of?
What issue is Xavier seeing here on the client computer?
Xavier is a network security specialist working for a federal agency in Washington DC. Xavier is responsible for maintaining agency security policies, teaching security awareness classes, and monitoring the overall health of the network. One of Xavier’s coworkers receives a help desk call from a user who is having issues navigating to certain sites on the Internet. Xavier’s coworker cannotfigure out the issue so he hands it off to Xavier. He logs on to the user’s computer and goes to a couple of websites the user said were having issues. When Xavier types in www.Google.com, it takes him to Boogle.com instead. When Xaviertypes in Yahoo.com, it takes him to Yahooo.com instead. Xavier checks all the IP settings on the computer which are static and they appear to be correct. Xavier checks the local DNS settings as well as the DNS settings on the server and they are correct. Xavier opens a command window and types in: ipconfig /flushdns. When he navigates to the previous sites, he is still directed to the wrong ones. What issue is Xavier seeing here on the client computer?
What type of social engineering attack has Neil employed here?
Neil is an IT security consultant working on contract for Davidson Avionics. Neil has been hired to audit the network of Davidson Avionics. He has been given permission to perform any tests necessary. Neil has created a fake company ID badge and uniform. Neil waits by one of the company’s entrance doors and follows an employee into the office after they use their valid access card to gain entrance. What type of social engineering attack has Neil employed here?
What is Miles going to accomplish by running this command?
Miles is a network administrator working for the University of Central Oklahoma. Miles’ responsibilities include monitoring all network traffic inside thenetwork and traffic coming into the network. On the university’s IDS, Miles notices some odd traffic originating from some client computers inside the network. Miles decides to use Tcpdump to take a further look.
What is Miles going to accomplish by running this command?
What type of virus has Lyle found on this computer?
Lyle is a systems security analyst for Gusteffson & Sons, a large law firm in Beverly Hills. Lyle’s responsibilities include network vulnerability scans, Antivirus monitoring, and IDS monitoring. Lyle receives a help desk call from a user in the Accounting department. This user reports that his computer is running very slow all day long and it sometimes gives him an error message that the hard drive is almost full. Lyle runs a scan on the computer with the company antivirus software and finds nothing. Lyle downloads another free antivirus application and scans the computer again. This time a virus is found on the computer.The infected files appear to be Microsoft Office files since they are in the same directory as that software. Lyle does some research and finds that this virus disguises itself as a genuine application on a computer to hide from antivirus software. What type of virus has Lyle found on this computer?