Download Ec-council.Examsheets.312-50.v2014-02-04.by.Batista

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Transcript
the server has already been used to perform denial of service attacks on many large commercial websites.
Select the best answer.
A.
B.
C.
D.
E.
Microsoft Corporation is the exploit.
The security "hole" in the product is the exploit.
Windows 2003 Server
The exploit is the hacker that would use this vulnerability.
The documented method of how to use the vulnerability to gain unprivileged access.
Correct Answer: E
Section: (none)
Explanation
Explanation/Reference:
Explanation: Explanations:
Microsoft is not the exploit,but if Microsoft documents how the vulnerability can be used to gain unprivileged
access,they are creating the exploit. If they just say that there is a hole in the product,then it is only a
vulnerability. The security "hole" in the product is called the "vulnerability". It is documented in a way that shows
how to use the vulnerability to gain unprivileged access,and it then becomes an "exploit". In the example
given,Windows 2003 Server is the TOE (Target of Evaluation). A TOE is an IT System,product or component
that requires security evaluation or is being identified. The hacker that would use this vulnerability is exploiting
it,but the hacker is not the exploit. The documented method of how to use the vulnerability to gain unprivileged
access is the correct answer.
QUESTION 665
Assuring two systems that are using IPSec to protect traffic over the internet, what type of general attack could
compromise the data?
A.
B.
C.
D.
E.
Spoof Attack
Smurf Attack
Man inthe Middle Attack
Trojan Horse Attack
Back Orifice Attack
Correct Answer: DE
Section: (none)
Explanation
Explanation/Reference:
Explanation:
To compromise the data,the attack would need to be executed before the encryption takes place at either end
of the tunnel. Trojan Horse and Back Orifice attacks both allow for potential data manipulation on host
computers. In both cases,the data would be compromised either before encryption or after decryption,so IPsec
is not preventing the attack.
QUESTION 666
What is a Trojan Horse?
A.
B.
C.
D.
A malicious program that captures your username and password
Malicious code masquerading as or replacing legitimate code
An unauthorized user who gains access to your user database and adds themselves as a user
A server that is to be sacrificed to all hacking attempts in order to log and monitor the hacking activity
Correct Answer: B
Section: (none)
Document related concepts

Computer and network surveillance wikipedia, lookup

Computer security compromised by hardware failure wikipedia, lookup