What is the risk of installing Fake AntiVirus?
Fake Anti-Virus, is one of the most frequently encountered and persistent threats on the web. This
malware uses social engineering to lure users into infected websites with a technique called
Search Engine Optimization.
Once the Fake AV is downloaded into the user’s computer, the software will scare them into
believing their system is infected with threats that do not really exist, and then push users to
purchase services to clean up the non-existent threats.
The Fake AntiVirus will continue to send these annoying and intrusive alerts until a payment is made.
What is the risk of installing Fake AntiVirus?
How would you describe an attack where an attacker attempts to deliver the payload over multiple packets…
How would you describe an attack where an attacker attempts to deliver the payload over multiple
packets over long periods of time with the purpose of defeating simple pattern matching in IDS
systems without session reconstruction? A characteristic of this attack would be a continuous
stream of small packets.
How would you describe Jason’s behavior within a security context?
Jake works as a system administrator at Acme Corp. Jason, an accountant of the firm befriends
him at the canteen and tags along with him on the pretext of appraising him about potential tax
benefits. Jason waits for Jake to swipe his access card and follows him through the open door into
the secure systems area. How would you describe Jason’s behavior within a security context?
What is the most likely cause of this?
While performing a ping sweep of a local subnet you receive an ICMP reply of Code 3/Type 13 for
all the pings you have sent out. What is the most likely cause of this?
What is the countermeasure against XSS scripting?
Consider the following code:
URL:http://www.certified.com/search.pl?
text=<script>alert(document.cookie)</script>
If an attacker can trick a victim user to click a link like this, and the Web application does not
validate input, then the victim’s browser will pop up an alert showing the users current set of
cookies. An attacker can do much more damage, including stealing passwords, resetting your
home page, or redirecting the user to another Web site.
What is the countermeasure against XSS scripting?
What are the alternatives to defending against possible brute-force password attacks on his site?
Samuel is the network administrator of DataX Communications, Inc. He is trying to configure his
firewall to block password brute force attempts on his network. He enables blocking the intruder’s
IP address for a period of 24 hours’ time after more than three unsuccessful attempts. He is
confident that this rule will secure his network from hackers on the Internet.
But he still receives hundreds of thousands brute-force attempts generated from various IP
addresses around the world. After some investigation he realizes that the intruders are using a
proxy somewhere else on the Internet which has been scripted to enable the random usage of
various proxies on each request so as not to get caught by the firewall rule.
Later he adds another rule to his firewall and enables small sleep on the password attempt so that
if the password is incorrect, it would take 45 seconds to return to the user to begin another
attempt. Since an intruder may use multiple machines to brute force the password, he also
throttles the number of connections that will be prepared to accept from a particular IP address.
This action will slow the intruder’s attempts.
Samuel wants to completely block hackers brute force attempts on his network.
What are the alternatives to defending against possible brute-force password attacks on his site?
What type of Trojan is this?
which step would you engage a forensic investigator?
Maintaining a secure Web server requires constant effort, resources, and vigilance from an
organization. Securely administering a Web server on a daily basis is an essential aspect of Web
server security.
Maintaining the security of a Web server will usually involve the following steps:
1. Configuring, protecting, and analyzing log files
2. Backing up critical information frequently
3. Maintaining a protected authoritative copy of the organization’s Web content
4. Establishing and following procedures for recovering from compromise
5. Testing and applying patches in a timely manner
6. Testing security periodically.
In which step would you engage a forensic investigator?
which of the following registers gets overwritten with return address of the exploit code?
In Buffer Overflow exploit, which of the following registers gets overwritten with return address of
the exploit code?
What is the name of this file?
Web servers often contain directories that do not need to be indexed. You create a text file with
search engine indexing restrictions and place it on the root directory of the Web Server.
User-agent: *
Disallow: /images/
Disallow: /banners/
Disallow: /Forms/
Disallow: /Dictionary/
Disallow: /_borders/
Disallow: /_fpclass/
Disallow: /_overlay/
Disallow: /_private/
Disallow: /_themes/
What is the name of this file?