A newly joined employee, Janet, has been allocated an existing system used by a previous employee. Before issuing the system to Janet, it was assessed by Martin, the administrator. Martin found that there were possibilities of compromise through user directories, registries, and other system parameters. He also identified vulnerabilities such as native configuration tables, incorrect registry or file permissions, and software configuration errors.
What is the type of vulnerability assessment performed by Martin?

• A.Credentialed assessment
• B.Distributed assessment
• C.Host-based assessment
• D.Database assessment

Comment: *

Name: *

Email: *

Verification: *

Which of the following statements is FALSE with respect to Intrusion Detection Systems?

• A.Intrusion Detection Systems require constant update of the signature library
• B.Intrusion Detection Systems can examine the contents of the data n context of the network protocol
• C.Intrusion Detection Systems can easily distinguish a malicious payload in an encrypted traffic
• D.Intrusion Detection Systems can be configured to distinguish specific content in network packets

Comment: *

Name: *

Email: *

Verification: *

Robin, a professional hacker, targeted an organization's network to sniff all the traffic. During this process.
Robin plugged in a rogue switch to an unused port in the LAN with a priority lower than any other switch in the network so that he could make it a root bridge that will later allow him to sniff all the traffic in the network.
What is the attack performed by Robin in the above scenario?

• A.ARP spoofing attack
• B.VLAN hopping attack
• C.DNS poisoning attack
• D.STP attack

Correct Answer: D

STP prevents bridging loops in a redundant switched network environment. By avoiding loops, you can ensure that broadcast traffic does not become a traffic storm.
STP is a hierarchical tree-like topology with a "root" switch at the top. A switch is elected as root based on the lowest configured priority of any switch (0 through 65,535). When a switch boots up, it begins a process of identifying other switches and determining the root bridge. After a root bridge is elected, the topology is established from its perspective of the connectivity. The switches determine the path to the root bridge, and all redundant paths are blocked. STP sends configuration and topology change notifications and acknowledgments (TCN/TCA) using bridge protocol data units (BPDU).
An STP attack involves an attacker spoofing the root bridge in the topology. The attacker broadcasts out an STP configuration/topology change BPDU in an attempt to force an STP recalculation. The BPDU sent out announces that the attacker's system has a lower bridge priority. The attacker can then see a variety of frames forwarded from other switches to it. STP recalculation may also cause a denial-of-service (DoS) condition on the network by causing an interruption of 30 to 45 seconds each time the root bridge changes. An attacker using STP network topology changes to force its host to be elected as the root bridge.

Comment: *

Name: *

Email: *

Verification: *

Within the context of Computer Security, which of the following statements describes Social Engineering best?

• A.Social Engineering is the means put in place by human resource to perform time accounting
• B.Social Engineering is a training program within sociology studies
• C.Social Engineering is the act of publicly disclosing information
• D.Social Engineering is the act of getting needed information from a person rather than breaking into a system

Comment: *

Name: *

Email: *

Verification: *

John, a professional hacker, performs a network attack on a renowned organization and gains unauthorized access to the target network. He remains in the network without being detected for a long time and obtains sensitive information without sabotaging the organization. Which of the following attack techniques is used by John?

• A.Advanced persistent
• B.threat Diversion theft
• C.Spear-phishing sites
• D.insider threat

Comment: *

Name: *

Email: *

Verification: *