Network mapping provides a security testing team with a blueprint of the organization. Which of the following steps is NOT a part of manual network mapping?
Correct Answer: B
Network mapping involves identifying and documenting the devices and pathways in a network. This typically includes gathering private and public IP addresses, banner grabbing, and performing tracerouting to understand the network's structure and communication routes. Collecting employee information is not part of manual network mapping as it does not directly relate to the physical or logical layout of the network.
John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He finds that the We-are- secure server is vulnerable to attacks. As a countermeasure, he suggests that the Network Administrator should remove the IPP printing capability from the server. He is suggesting this as a countermeasure against __________.
Correct Answer: C
The Internet Printing Protocol (IPP) is related to printers and can be associated with SNMP (Simple Network Management Protocol), which is used for managing devices on IP networks including printers. If John suggests removing IPP printing capability as a countermeasure, it is likely to prevent SNMP enumeration. SNMP enumeration involves querying the SNMP service for information about network devices, and removing IPP printing can help mitigate this risk.
Which of the following applications is an example of a data-sending Trojan?
Correct Answer: D
eBlaster is specifically known for capturing user activity and sending this information to a remote location. It is designed to monitor and collect data, thus fitting the definition of a data-sending Trojan.
Which of the following are the primary goals of the incident handling team?
Each correct answer represents a complete solution. (Choose all that apply.)
Correct Answer: ACD
The primary goals of the incident handling team are to freeze the scene to preserve evidence, prevent any further damage to the systems and data, and inform higher authorities so that the incident is properly escalated and managed. Repairing any damage caused by an incident generally falls under recovery and mitigation responsibilities, which might be handled by a different team, such as system administrators or network administrators, rather than the incident handling team itself.
Adam works as a Security Administrator for Umbrella Inc. A project has been assigned to him to test the network security of the company. He created a webpage to discuss the progress of the tests with employees who were interested in following the test. Visitors were allowed to click on a company's icon to mark the progress of the test. Adam successfully embeds a keylogger. He also added some statistics on the webpage. The firewall protects the network well and allows strict Internet access.
How was security compromised and how did the firewall respond?
Correct Answer: D
The security was compromised because a keylogger was embedded into the webpage, and keyloggers typically operate without being detected by firewalls. Firewalls mainly operate by examining incoming and outgoing network traffic for suspicious activity, but a keylogger can capture keystrokes locally on the machine and then send the captured data in a way that appears to be normal traffic or within an encrypted channel, thus avoiding detection by a firewall. Therefore, the firewall would not have been able to respond to the embedded keylogger effectively.