PrepAway - Latest Free Exam Questions & Answers

Category: 312-50 (CEH v6)

Exam 312-50: Ethical Hacking and Countermeasures (CEH v6)

What kind of Denial of Service attack was best illustrated in the scenario above?

Leave a comment

Bob was frustrated with his competitor, Brownies Inc., and decided to launch an attack that would result in serious financial losses. He planned the attack carefully and carried out the attack at the appropriate moment. Meanwhile, Trent, an administrator at Brownies Inc., realized that their main financial transaction server had been attacked. As a result of the attack, the server crashed and Trent needed to reboot the system, as no one was able to access the resources of the company. This process involves human interaction to fix it. What kind of Denial of Service attack was best illustrated in the scenario above?

How would you prevent such attacks from occurring in the future at Spears Technology?

Leave a comment

Spears Technology, Inc is a software development company located in Los Angeles, California. They reported a breach in security, stating that its “security defenses has been breached and exploited for 2 weeks by hackers.” The hackers had accessed and downloaded 90,000 addresses containing customer credit cards and passwords. Spears Technology found this attack to be so severe that they reported the attack to the FBI for a full investigation. Spears Technology was looking to law enforcement officials to protect their intellectual property.
How did this attack occur? The intruder entered through an employee’s home machine, which was connected to Spears Technology’s corporate VPN network. The application called BEAST Trojan was used in the attack to open a “back door” allowing the hackers undetected access. The security breach was discovered when customers complained about the usage of their credit cards without their knowledge.
The hackers were traced back to Beijing, China through e-mail address evidence. The credit card information was sent to that same e-mail address. The passwords allowed the hackers to access Spears Technology’s network from a remote location, posing as employees. The intent of the attack was to steal the source code for their VOIP system and “hold it hostage” from Spears Technology, in exchange for ransom.
The hackers had intended on selling the stolen VOIP software source code to competitors.
How would you prevent such attacks from occurring in the future at Spears Technology?

Data is sent over the network as clear text (unencrypted) when Basic Authentication is configured on Web Serve

Leave a comment

Data is sent over the network as clear text (unencrypted) when Basic Authentication is configured on Web Servers.

What are the means that Bob can use to get password from his client hosts and servers?

Leave a comment

Bob is conducting a password assessment for one of his clients. Bob suspects that password policies are not in place and weak passwords are probably the norm throughout the company he is evaluating. Bob is familiar with password weaknesses and key loggers. What are the means that Bob can use to get password from his client hosts and servers?

Why will this not be possible?

One comment

Bob has set up three web servers on Windows Server 2003 IIS 6.0. Bob has followed all the recommendations for securing the operating system and IIS. These servers are going to run numerous e-commerce websites that are projected to bring in thousands of dollars a day. Bob is still concerned about the security of these servers because of the potential for financial loss. Bob has asked his company’s firewall administrator to set the firewall to inspect all incoming traffic on ports 80 and 443 to ensure that no malicious data is getting into the network.
Why will this not be possible?


Page 49 of 125« First...102030...4748495051...607080...Last »