What countermeasures could he take to prevent DDoS attacks?
After undergoing an external IT audit, George realizes his network is vulnerable to DDoS attacks.
What countermeasures could he take to prevent DDoS attacks?
What have you discovered?
You are a security analyst performing a penetration tests for a company in the Midwest. After
some initial reconnaissance, you discover the IP addresses of some Cisco routers used by the
company. You type in the following URL that includes the IP address of one of the routers:
http://172.168.4.131/level/99/exec/show/config
After typing in this URL, you are presented with the entire configuration file for that router. What
have you discovered?
What is he testing at this point?
Kyle is performing the final testing of an application he developed for the accounting department.
His last round of testing is to ensure that the program is as secure as possible. Kyle runs the
following command. What is he testing at this point?
#include <stdio.h>
#include <string.h>
int main(int argc, char *argv[])
{
char buffer[10];
if (argc < 2)
{
fprintf(stderr, “USAGE: %s string\n”, argv[0]);
return 1;
}
strcpy(buffer, argv[1]);
return 0;
}
What organization should Frank submit the log to find out if it is a new vulnerability or not?
Frank is working on a vulnerability assessment for a company on the West coast. The company
hired Frank to assess its network security through scanning, pen tests, and vulnerability
assessments. After discovering numerous known vulnerabilities detected by a temporary IDS he
set up, he notices a number of items that show up as unknown but questionable in the logs. He
looks up the behavior on the Internet, but cannot find anything related. What organization should
Frank submit the log to find out if it is a new vulnerability or not?
What IDS feature must George implement to meet this requirement?
George is a senior security analyst working for a state agency in Florida. His state’s congress just
passed a bill mandating every state agency to undergo a security audit annually. After learning
what will be required, George needs to implement an IDS as soon as possible before the first audit
occurs. The state bill requires that an IDS with a “time-based induction machine” be used. What
IDS feature must George implement to meet this requirement?
which layer of the OSI model?
Software firewalls work at which layer of the OSI model?
The objective of this act was to protect consumers personal financial information held by financial institutio
The objective of this act was to protect consumers personal financial information held by financial
institutions and their service providers.
What does ICMP Type 3/Code 13 mean?
What does ICMP Type 3/Code 13 mean?
Why did this ping sweep only produce a few responses?
After passively scanning the network of Department of Defense (DoD), you switch over to active
scanning to identify live hosts on their network. DoD is a lage organization and should respond to
any number of scans. You start an ICMP ping sweep by sending an IP packet to the broadcast
address. Only five hosts responds to your ICMP pings; definitely not the number of hosts you were
expecting. Why did this ping sweep only produce a few responses?
What could have prevented this information from being stolen from the laptops?
Meyer Electronics Systems just recently had a number of laptops stolen out of their office. On
these laptops contained sensitive corporate information regarding patents and company
strategies. A month after the laptops were stolen, a competing company was found to have just
developed products that almost exactly duplicated products that Meyer produces. What could
have prevented this information from being stolen from the laptops?