Second Flashcards
What is the purpose of a demilitarized zone on a network?
To only provide direct access to the nodes within the DMZ and to protect the network behind it
You need to deploy a new web-based software package for your organization. The package requires three separate servers and needs to be available on the Internet. What is the recommended architecture in terms of server placement?
A web server facing the Internet, an application server on the internal network, a server on the internal network.
The security administrator of ABC need to permit Internet traffic in the host 10.0.0.2 and UDP traffic in the host 10.0.0.3. He also needs permit all FTP traffic to the rest of the network and deny all other traffic. After he applied his ACL configuration in the router, nobody can access to the ftp, and the permitted hosts cannot access the Internet. According to the next configuration, what is happening in the network?
access-list 102 deny tcp any any
access-list 104 permit udp host 10.0.0.3 any
access-list 110 permit tcp host 10.0.0.2 eq www any
access-list 108 pemit tcp any eq ftp any
The first ACL is denying all TCP traffic and the other ACLs are being ignored by the router
When conducting a penetration test, it is crucial to use all means to get all available information about the target network. One of the ways to do that is by sniffing the network. Which of the following cannot be perform by the passive network sniffing?
Modifying and replaying captured network traffic.
A company’s web development team has become aware of a certain type of security vulnerability in their web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the software requirements to disallow users from entering HTML as input into their web application. What kind of web application vulnerability likely exists in their software?
Cross-site scripting vulnerability
Insecure direct object reference is a type of vulnerability where the application does not verify if the user is authorized to access the internal object via its name or key. Suppose a malicious user Rob tries to get access to the account of a benign user Ned.
Which of the following requests best illustrates an attempt to exploit an insecure direct object reference vulnerability?
“GET/restricted/accounts/?name=Ned HTTP/1.1 Host: westbank.com”
Which tool allow analysts and pen testers to examine links between data using graphs and link analysis?
Maltego
Which of these is capable of searching for and locating rogue access points?
WIPS
A hacker is an intelligent individual with excellent computer skills and the ability to explore a computer’s software and hardware without the owner’s permission. Their intention can either be to simply gain knowledge or to illegally make changes. Which of the following class of hacker refers to an individual who works both offensively and defensively at various times?
Gray hat
Websites and web portals that provide web services commonly use the Simple Object Access Protocol (SOAP). Which of the following is an incorrect definition or characteristics of the protocol?
Only compatible with the application protocol HTTP
You have gained physical access to a Windows 2008 R2 server which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password. In your toolkit, you have an Ubuntu 9.10 Linux LiveCD. Which Linux-based tool can change any user’s password or activate disabled Windows accounts?
CHNTPW
What type of vulnerability/attack is it when the malicious person forces the user’s browser to send an authenticated request to server?
Cross-site request forgery
From the following table, identify the wrong answer in terms of Range (ft). Standard Range (ft) 802.11a 150-150 802.11b 150-150 802.11g 150-150 802.16(WiMax) 30 miles
802.11a
What would you enter, if you wanted to perform a stealth scan using Nmap?
nmap -sS
You are doing an internal security audit and intend to find out what ports are open on all the servers. What is the best way to find out?
Scan servers with nmap