- Email support@dumps4free.com
Identify the correct terminology that defines the above statement.
A.
Vulnerability Scanning
B.
Penetration Testing
C.
Security Policy Implementation
D.
Designing Network Security
Penetration Testing
Which regulation defines security and privacy controls for Federal information systems and organizations?
A.
HIPAA
B.
EU Safe Harbor
C.
PCI-DSS
D.
NIST-800-53
NIST-800-53
Samuel, a professional hacker, monitored and Intercepted already established traffic
between Bob and a host machine to predict Bob's ISN. Using this ISN, Samuel sent
spoofed packets with Bob's IP address to the host machine. The host machine responded
with <| packet having an Incremented ISN. Consequently. Bob's connection got hung, and
Samuel was able to communicate with the host machine on behalf of Bob. What is the type
of attack performed by Samuel in the above scenario?
A.
UDP hijacking
B.
Blind hijacking
C.
TCP/IP hacking
D.
Forbidden attack
TCP/IP hacking
Explanation:
A TCP/IP hijack is an attack that spoofs a server into thinking it’s talking with a sound
client, once actually it’s communication with an assaulter that has condemned (or hijacked)
the tcp session. Assume that the client has administrator-level privileges, which the
attacker needs to steal that authority so as to form a brand new account with root-level
access of the server to be used afterward. A tcp Hijacking is sort of a two-phased man-inthe-
middle attack. The man-in-the-middle assaulter lurks within the circuit between a
shopper and a server so as to work out what port and sequence numbers are being
employed for the conversation.
First, the attacker knocks out the client with an attack, like Ping of Death, or ties it up with
some reasonably ICMP storm. This renders the client unable to transmit any packets to the
server. Then, with the client crashed, the attacker assumes the client’s identity so as to talk
with the server. By this suggests, the attacker gains administrator-level access to the
server.
One of the most effective means of preventing a hijack attack is to want a secret, that’s a
shared secret between the shopper and also the server. looking on the strength of security
desired, the key may be used for random exchanges. this is often once a client and server
periodically challenge each other, or it will occur with each exchange, like Kerberos.
You have gained physical access to a Windows 2008 R2 server which has an accessible
disc drive. When you attempt to boot the server and log in, you are unable to guess the
password. In your toolkit, you have an Ubuntu 9.10 Linux LiveCD. Which Linux-based tool
can change any user’s password or activate disabled Windows accounts?
A.
John the Ripper
B.
SET
C.
CHNTPW
D.
Cain & Abel
CHNTPW
What is the role of test automation in security testing?
A.
It is an option but it tends to be very expensive.
B.
It should be used exclusively. Manual testing is outdated because of low speed and possible test setup inconsistencies.
C.
Test automation is not usable in security due to the complexity of the tests.
D.
It can accelerate benchmark tests and repeat them with a consistent test setup. But it cannot replace manual testing completely.
It can accelerate benchmark tests and repeat them with a consistent test setup. But it cannot replace manual testing completely.
| Page 19 out of 104 Pages |
| Previous |