What is Jacob recommending the offices install for added security?
Jacob is the IT manager for Thompson & Sons, a bail bondsman company in Minneapolis. Jacob has been told by the company’s president to perform a logical and physical security audit for all the offices around the city. Jacob finds thata number of offices need more physical security. Jacob recommends that these offices add a cage that customers must pass through before entering the main office. This cage will allow employees in the office to verify the customer’s information before allowing them access into the building. What is Jacob recommending the offices install for added security?
What will the following SQL statement accomplish?
Jeremy is web security consultant for Information Securitas. Jeremy has just been hired to perform contract work for a large state agency in Michigan. Jeremy’s first task is to scan all the company’s external websites. Jeremy comes upon a login page which appears to allow employees access to sensitive areas on the website. James types in the following statement in the username field:
SELECT * from Users where username=’admin’ — AND password=’’ AND email like ‘%@testers.com%’
What will the following SQL statement accomplish?
What is Kevin attempting here to gain access to Katy’s mailbox?
Kevin is an IT security analyst working for Emerson Time Makers, a watch manufacturing company in Miami. Kevin and his girlfriend Katy recently broke up after a big fight. Kevin believes that she was seeing another person. Kevin, whohas an online email account that he uses for most of his mail, knows that Katyhas an account with that same company. Kevin logs into his email account online and gets the following URL after successfully logged in:
http://www.youremailhere.com/mail.asp?mailbox=Kevin&Smith=121%22
Kevin changes the URL to:
http://www.youremailhere.com/mail.asp?mailbox=Katy&Sanchez=121%22
Kevin is trying to access her email account to see if he can find out any information.
What is Kevin attempting here to gain access to Katy’s mailbox?
What tool is Cheryl using to monitor the company’s external websites?
Cheryl is a security analyst working for Shintel Enterprises, a publishing company in Boston. As well as monitoring the security state of the company’s network, she must ensure that the company’s external websites are up and running all the time. Cheryl performs some quick searches online and finds a utility thatwill display a window on her desktop showing the current uptime statistics of the websites she needs to watch. This tool works by periodically pinging the websites; showing the ping time as well as a small graph that allows Cheryl to viewthe recent monitoring history. What tool is Cheryl using to monitor the company’s external websites?
What registry key permission should Theresa check to ensure that Qfecheck runs properly?
Theresa is the chief information security officer for her company, a large shipping company based out of New York City. In the past, Theresa and her IT employees manually checked the status of client computers on the network to see ifthey had the most recent Microsoft updates. Now that the company has added over100 more clients to accommodate new departments, Theresa must find some kind of tool to see whether the clients are up-to-date or not. Theresa decides to useQfecheck to monitor all client computers. When Theresa runs the tool, she is repeatedly told that the software does not have the proper permissions to scan. Theresa is worried that the operating system hardening that she performs on all clients is keeping the software from scanning the necessary registry keys on theclient computers. What registry key permission should Theresa check to ensure that Qfecheck runs properly?
What type of attack are yougoing to attempt on the company’s network?
You are an IT security consultant working on a six month contract with a large energy company based in Kansas City. The energy company has asked you to perform DoS attacks against its branch offices to see if their configurations and network hardening can handle the load. To perform this attack, you craft UDP packets that you know are too large for the routers and switches to handle. You also put confusing offset values in the second and later fragments to confuse thenetwork if it tries to break up the large packets. What type of attack are yougoing to attempt on the company’s network?
What type of social engineering attack has Neil employed here?
Neil is an IT security consultant working on contract for Davidson Avionics. Neil has been hired to audit the network of Davidson Avionics. He has been given permission to perform any tests necessary. Neil has created a fake company ID badge and uniform. Neil waits by one of the company’s entrance doors and follows an employee into the office after they use their valid access card to gain entrance. What type of social engineering attack has Neil employed here?
From one of the client computers running Linux, you open a command shell and type in the following command:Wha
You are the chief security information analyst for our company Utilize Incorporated. You are currently preparing for a future security audit that will be performed by a consulting company. This security audit is required by company policy. To prepare, you are performing vulnerability analysis, scanning, brute force, and many other techniques. Your network is comprised of Windows as well as Linux servers. From one of the client computers running Linux, you open a command shell and type in the following command:
What are you trying to accomplish?
What type of scan is Hayden attempting here?
Hayden iis the network security administrator for her company, a large marking firm based in Miami. Hayden just got back from a security conference in Las Vegas where they talked about all kinds of old and new security threats; many of which she did not know of. Hayden is worried about the current security threats; many of which she did not know of. Hayden is worried about the current security state of her company’s network so she decides to start scanning the network from an external IP address. To see how some of the hosts on her network react, she sends out SYN packets to an IP range. A number of IPs responds with a SYN/ACK response.Before the connection is established she sends RST packets to those hosts to stop the session. She has done this to see how her intrusion detection system will log the traffic. What type of scan is Hayden attempting here?
This external auditor types in the folloing Google search attempting to glean information from the web server:
George is the senior security analyst for Tyler Manufacturing, a motorcycle manufacturing company in Seattle. George has been tasked by the president of the company to perform a complete network security audit. The president is most concerned about crackers breaking in through the company’s web server. This web server is vital to the company’s business since over one million dollars of product is sold online every year. The company’s web address is at www.customchoppers.com. George decides to hire an external security auditor to try and break into the network through the web server. This external auditor types in the folloing Google search attempting to glean information from the web server:
What is the auditor trying to accomplish here?