What are these sights called that Theresa has been tasked with taking down?
Theresa is an IT security analyst working for the United Kingdom Internet Crimes Bureau in London. Theresa has been assigned to the software piracy division which focuses on taking down individual and organized groups that distribute copyrighted software illegally. Theresa and her division have been responsible for taking down over 2,000 FTP sites hosting copyrighted software. Theresa’s sup ervisor now wants her to focus on finding and taking down websites that host illegal pirated software. What are these sights called that Theresa has been tasked with taking down?
What types of policies has Marshall written for the users working on computers in the publicly-accessible area
Marshall is the information security manager for his company. Marshall wasjust hired on two months ago after the last information security manager retired. Since the last manager did not implement or even write IT policies, Marshallhas begun writing IT security policies to cover every conceivable aspect. Marshall’s supervisor has informed him that while most employees will be under one set of policies, ten other employees will be under another since they work on computers in publicly-accessible areas. Per his supervisor, Marshall has written two sets of policies. For the users working on publicly-accessible computers, their policies state that everything is forbidden. They are not allowed to browsethe Internet or even use email. The only thing they can use is their work related applications like Word and Excel. What types of policies has Marshall written for the users working on computers in the publicly-accessible areas?
What has Tarik set up here to catch employees accessing unauthorized documents?
Tarik is the systems administrator for Qwerty International, a computer parts manufacturing company in San Francisco. Tarik just passed his certified ethical hacker test and now wants to implement many of the things he learned in class. The first project that Tarik completes is to create IT security policies thatcover everything security related from logical to physical. Through managementapproval, all employees must sign and agree to the policies or face disciplinary action. One policy in particular, network file access, is of importance to Tarik and his superiors because of past incidents where employees accessed unauthorized documents. Tarik has fine-tuned the ACL’s to where no one can access information outside of their department’s network folder. To catch anyone that might attempt to access unauthorized files or folders, Tarik creates a folder in theroot of the network file share. Tarik names this folder “HR-Do Not Open”. Inthis folder, Tarik creates many fake HR documents referring to personal information of employees that do not exist. In each document, he places headers and footers that read “Do Not Print or Save”. Then Tarik sets up logging and monitoring to see if anyone accesses the folder and its contents. After only one week, Tarik records two separate employees opening the fake HR files, printing them, and saving them to their personal directories. What has Tarik set up here to catch employees accessing unauthorized documents?
What method is used by PAL PC Tracker to notify administrators of alaptop’s location?
Tommy is the systems administrator for his company, a large law firm based in New York City. Since Tommy’s company employs many telecommuters and mobile users, he has to administer over 100 laptops. Due to laptop theft within the lastcouple of years, Tommy has convinced management to purchase PAL PC Tracker to install on all company laptops. Tommy chose this software because of its abilityto track equipment and its ability to notify administrators if the laptop has been stolen. What method is used by PAL PC Tracker to notify administrators of alaptop’s location?
What has Natalie discovered here in the source code?
Natalie is the IT security administrator for Sheridan Group, an investment company based in Detroit. Natalie has been getting reports from the help desk that users are having issues when they go to a particular vendor’s website; a company that sells paper. They report strange browser behavior such as pop-ups, browser redirection, and so on. These users also state they have been getting SPAM related to paper products, similar to those being provided by the vendor. Natalie scans these computers for viruses, adware, and spyware and turns up nothing.Natalie has one of these users navigate to the vendor’s website and sees the odd browser behavior. Natalie decides to take a look at the source code of thatwebsite to see if she can pull out anything of use. Natalie finds many places in the source code referring to a jpg file that is only one pixel in height and one pixel in width. What has Natalie discovered here in the source code?
What technology allows Steven to disable the RFID tags once they are no longer needed?
Steven is the senior network administrator for Onkton Incorporated, an oil well drilling company in Oklahoma City. Steven and his team of IT technicians are in charge of keeping inventory for the entire company; including computers, software, and oil well equipment. To keep track of everything, Steven has decidedto use RFID tags on their entire inventory so they can be scanned with either awireless scanner or a handheld scanner. These RFID tags hold as much information as possible about the equipment they are attached to. When Steven purchasedthese tags, he made sure they were as state of the art as possible. One featurehe really liked was the ability to disable RFID tags if necessary. This comesin very handy when the company actually sells oil drilling equipment to other companies. All Steven has to do is disable the RFID tag on the sold equipment andit cannot give up any information that was previously stored on it. What technology allows Steven to disable the RFID tags once they are no longer needed?
From these errors, what can Blake deduce about these ports?
Blake is an IT security consultant, specializing in PBX and VoIP implementation testing. Blake has been recently hired on my Thwarting Enterprises, a brokerage firm in New York City. The company heard through contacts that Blake was t he best in the business as far as examining and securing VoIP network implementations. About a year ago, Thwarting Enterprises installed a Cisco VoIP system throughout their office to replace the older PBX system. They have now brought Blake in to test its security, or lack thereof. Blake first begins his testing byfinding network devices on the network that might be used for VoIP. Blake pref ers to use UDP scanning because of its quickness. Blake finds a target on the network that looks promising and begins to perform a scan against it by sending p ackets with empty UDP headers to each port. Almost all of the ports respond with the error of “ICMP port unreachable”. From these errors, what can Blake deduce about these ports?
What type of attack has Cindy used to gain access tothe network through the mobile devices?
Cindy is a certified ethical hacker working on contract as an IT consultantfor Dewdrop Enterprises, a computer manufacturing company based in Dallas. Dewdrop has many sales people that travel all over the state using Blackberry devices and laptops. These mobile devices are the company’s main concern as far as network security. About a year ago, one of the company laptops was stolen from asales person and sensitive company information was stolen from it. Because of this, the company has hired on Cindy to ensure that all mobile devices used by employees are secure. Since many of the employees are now using new laptops withWindows Vista, Cindy has configured Bitlocker on those devices for hard disk encryption. Cindy then uses the BlackBerry Attack Toolkit along with BBProxy to check for vulnerabilities on the blackberry devices. As it turns out, these devices are vulnerable and she is able to gain access to the corporate network throug h the Blackberry devices. What type of attack has Cindy used to gain access tothe network through the mobile devices?
Whathas Giles discovered on Tommy’s computer?
Giles is the network administrator for his company, a graphics design company based in Dallas. Most of the network is comprised of Windows servers and workstations, except for some designers that prefer to use MACs. These MAC users are running on the MAC OS X operating system. These MAC users also utilize iChatto talk between each other. Tommy, one of these MAC users, calls Giles and saysthat his computer is running very slow. Giles then gets more calls from the other MAC users saying they are receiving instant messages from Tommy even when hesays he is not on his computer. Giles immediately unplugs Tommy’s computer fromthe network to take a closer look. He opens iChat on Tommy’s computer and it says that it sent a file called latestpics.tgz to all the other MAC users. Tommy says he never sent those files. Giles also sees that many of the computer’s applications appear to be altered. The path where the files should be has an altered file and the original application is stored in the file’s resource fork. Whathas Giles discovered on Tommy’s computer?
What type of web application testing is Zane primarily focusing on?
Zane is a network security specialist working for Fameton Automotive, a custom car manufacturing company in San Francisco. Zane is responsible for ensuringthat the entire network is as secure as possible. Much of the company’s business is performed online by customers buying parts and entire cars through the company website. To streamline online purchases, the programming department has developed a new web application that will keep track of inventory and check items out online for customers. Since this application will be critical to the company, Zane wants to test it thoroughly for any security vulnerabilities. Zane primarily focuses on checking the time validity of session tokens, length of those tokens, and expiration of session tokens while translating from SSL to non-SSL resources. What type of web application testing is Zane primarily focusing on?