What is the impact to the ISP when hit with a DDoS such as this?
After a year as a senior network administrator, you have been promoted to work in the security
department of a large global Tier One ISP. You are to spend one month in training on security
issues, concepts, and procedures. The third day in your new position, the ISP is hit with a DDoS
attack from over 100,000 computers on the Internet. While the department works to manage the
attack, you monitor the impact on the network. What is the impact to the ISP when hit with a DDoS
such as this?
What kind of problems can be introduced by adding file encryption to the computers in your network?
As you increase the layers of security in your organization you watch the network behavior closely.
What kind of problems can be introduced by adding file encryption to the computers in your
network?
What is the reason for this?
Problem Management is responsible for carrying out trend analysis of Incident volumes and types.
What is the reason for this?
Which kind of transfer traffic are you looking for?
You are monitoring the DNS traffic on your network to see what kind of zone transfer data is
currently being exchanged. You wish to monitor the incremental zone transfers. You run a packet
capture to gather network traffic for this project. Which kind of transfer traffic are you looking for?
identify the function of the program.
During a routine security inspection of the clients in your network, you find a program called
cgiscan.c on one of the computers. You investigate the file, reading part of the contents. Using the
portion of the program shown below, identify the function of the program.
<code>
Temp[1] = “GET /cgi-bin/phf HTTP/1.0\n\n”;
Temp[2] = “GET /cgi-bin/Count.cgi HTTP/1.0\n\n”;
Temp[3] = “GET /cgi-bin/test-cgi HTTP/1.0\n\n”;
Temp[4] = “GET /cgi-bin/php.cgi HTTP/1.0\n\n”;
Temp[5] = “GET /cgi-bin/handler HTTP/1.0\n\n”;
Temp[6] = “GET /cgi-bin/webgais HTTP/1.0\n\n”;
Temp[7] = “GET /cgi-bin/websendmail HTTP/1.0\n\n”;
</code>
what combination of IP Protocol and Application Layer Protocol have been captured here?
Network Monitor was run on the Windows Server 2003 during a network session. The exhibit
shows the actual contents of the Network Monitor capture file.
The Hexadecimal value for the IP protocol and source ports have been circled in the exhibit. The
contents of what combination of IP Protocol and Application Layer Protocol have been captured here?
Examine the details as shown for a frame and identify which of the statements that follow best describes it.
The following exhibit is a screen shot of a capture using Network Monitor. Examine the details as
shown for a frame and identify which of the statements that follow best describes it.
Who should ensure that this evidence is available?
During an audit, evidence is required for Service Management policies, plans and procedures.
Who should ensure that this evidence is available?
which type of DNS Spoofing is this?
You work for a medium sized ISP and there have been several attacks of the DNS configuration
recently. You are particularly concerned with DNS Spoofing attacks. You have a few older
machines that define the storage of Resource Records (RR) based on the TTL of name mapping
information. If an attacker sends fake mapping information to the DNS Server, with a high TTL,
which type of DNS Spoofing is this?
what will the responding computer use as an ACK?
During your packet capture of traffic to check if your network is getting hit by a Denial of Service
attack, you analyze TCP headers. You notice there are many headers that seem to have the same
SEQ number, with the responding computer using different SEQ and ACK numbers in response. If
you are analyzing a normal three-way handshake between two Windows Server 2003 nodes, and
the first packet has a SEQ of 0xBD90FBFF, what will the responding computer use as an ACK?