what would you call such an attack?
In the context of password security: a simple dictionary attack involves loading a dictionary file (a
text file full of dictionary words) into a cracking application such as L0phtCrack or John the Ripper,
and running it against user accounts located by the application. The larger the word and word
fragment selection, the more effective the dictionary attack is. The brute force method is the most
inclusive – though slow. Usually, it tries every possible letter and number combination in its
automated exploration. If you would use both brute force and dictionary combined together to have
variations of words, what would you call such an attack?
What category of virus is this?
You receive an e-mail with the following text message.
“Microsoft and HP today warned all customers that a new, highly dangerous virus has been
discovered which will erase all your files at midnight. If there’s a file called hidserv.exe on your
computer, you have been infected and your computer is now running a hidden server that allows
hackers to access your computer. Delete the file immediately. Please also pass this message to
all your friends and colleagues as soon as possible.”
You launch your antivirus software and scan the suspicious looking file hidserv.exe located in
c:\windows directory and the AV comes out clean meaning the file is not infected. You view the file
signature and confirm that it is a legitimate Windows system file “Human Interface Device
Service”.
What category of virus is this?
Choose one of the following pseudo codes to describe this statement:
Choose one of the following pseudo codes to describe this statement:
“If we have written 200 characters to the buffer variable, the stack should stop because it cannot
hold any more data.”
Which statement correctly defines this term?
One of the effective DoS/DDoS countermeasures is ‘Throttling’. Which statement correctly defines
this term?
Which of the below Google search string brings up sites with "config.php" files?
Attackers footprint target Websites using Google Hacking techniques. Google hacking is a term
that refers to the art of creating complex search engine queries. It detects websites that are
vulnerable to numerous exploits and vulnerabilities. Google operators are used to locate specific
strings of text within the search results.
The configuration file contains both a username and a password for an SQL database. Most sites
with forums run a PHP message base. This file gives you the keys to that forum, including FULL
ADMIN access to the database. WordPress uses config.php that stores the database Username
and Password.
Which of the below Google search string brings up sites with “config.php” files?
Which of the following tool would be considered as Signature Integrity Verifier (SIV)?
Which of the following tool would be considered as Signature Integrity Verifier (SIV)?
Why will this not be possible?
Bob has set up three web servers on Windows Server 2008 IIS 7.0. Bob has followed all the
recommendations for securing the operating system and IIS. These servers are going to run
numerous e-commerce websites that are projected to bring in thousands of dollars a day. Bob is
still concerned about the security of these servers because of the potential for financial loss. Bob
has asked his company’s firewall administrator to set the firewall to inspect all incoming traffic on
ports 80 and 443 to ensure that no malicious data is getting into the network.
Why will this not be possible?
Which of the following statement correctly defines ICMP Flood Attack?
Which type of scan does NOT open a full TCP connection?
Which type of scan does NOT open a full TCP connection?