How can a rootkit bypass Windows 7 operating system’s kernel mode, code signing policy?
How can a rootkit bypass Windows 7 operating system’s kernel mode, code signing policy?
How can she restrict this type of abuse by limiting access to only specific IP addresses that are trusted by u
Rebecca has noted multiple entries in her logs about users attempting to connect on ports that are
either not opened or ports that are not for public usage. How can she restrict this type of abuse by
limiting access to only specific IP addresses that are trusted by using one of the built-in Linux
Operating System tools?
What is the first step that the bank should take before enabling the audit feature?
A bank stores and processes sensitive privacy information related to home loans. However,
auditing has never been enabled on the system. What is the first step that the bank should take
before enabling the audit feature?
What does this mean in the context of Linux Security?
John is discussing security with Jane. Jane had mentioned to John earlier that she suspects an
LKM has been installed on her server. She believes this is the reason that the server has been
acting erratically lately. LKM stands for Loadable Kernel Module.
What does this mean in the context of Linux Security?
What is the consultant’s obligation to the financial organization?
A consultant has been hired by the V.P. of a large financial organization to assess the company’s
security posture. During the security testing, the consultant comes across child pornography on
the V.P.’s computer. What is the consultant’s obligation to the financial organization?
Which of the following snort rules look for FTP root login attempts?
Which of the following snort rules look for FTP root login attempts?
How is sniffing broadly categorized?
How is sniffing broadly categorized?
how many user IDs can you identify that the attacker has tampered with?
After studying the following log entries, how many user IDs can you identify that the attacker has
tampered with?
1. mkdir -p /etc/X11/applnk/Internet/.etc
2. mkdir -p /etc/X11/applnk/Internet/.etcpasswd
3. touch -acmr /etc/passwd /etc/X11/applnk/Internet/.etcpasswd
4. touch -acmr /etc /etc/X11/applnk/Internet/.etc
5. passwd nobody -d
6. /usr/sbin/adduser dns -d/bin -u 0 -g 0 -s/bin/bash
7. passwd dns -d
8. touch -acmr /etc/X11/applnk/Internet/.etcpasswd /etc/passwd
9. touch -acmr /etc/X11/applnk/Internet/.etc /etc
Which command would the engineer use to accomplish this?
An engineer is learning to write exploits in C++ and is using the exploit tool Backtrack. The
engineer wants to compile the newest C++ exploit and name it calc.exe. Which command would
the engineer use to accomplish this?
What is the correct action to be taken by Rebecca in this situation as a recommendation to management?
Rebecca is a security analyst and knows of a local root exploit that has the ability to enable local
users to use available exploits to gain root privileges. This vulnerability exploits a condition in the
Linux kernel within the execve() system call. There is no known workaround that exists for this
vulnerability. What is the correct action to be taken by Rebecca in this situation as a
recommendation to management?