* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project
Explanation/Reference: Explanation: The easiest programs to trojan and the smartest ones to trojan are ones commonly run by administrators and users,in this case netstat,ps,and top,for a complete list of commonly trojaned and rootkited software please reference this URL: http://www.usenix.org/publications/login/1999- 9/features/rootkits.html QUESTION 672 John wishes to install a new application onto his Windows 2000 server. He wants to ensure that any application he uses has not been Trojaned. What can he do to help ensure this? A. B. C. D. Compare the file's MD5 signature with the one published on the distribution media Obtain the application via SSL Compare the file's virus signature with the one published on the distribution media Obtain the application from a CD-ROM disc Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: MD5 was developed by Professor Ronald L. Rivest of MIT. What it does,to quote the executive summary of rfc1321,is: [The MD5 algorithm] takes as input a message of arbitrary length and produces as output a 128- bit "fingerprint" or "message digest" of the input. It is conjectured that it is computationally infeasible to produce two messages having the same message digest,or to produce any message having a given prespecified target message digest. The MD5 algorithm is intended for digital signature applications,where a large file must be "compressed" in a secure manner before being encrypted with a private (secret) key under a public-key cryptosystem such as RSA. In essence,MD5 is a way to verify data integrity,and is much more reliable than checksum and many other commonly used methods. QUESTION 673 Jason's Web server was attacked by a trojan virus. He runs protocol analyzer and notices that the trojan communicates to a remote server on the Internet. Shown below is the standard "hexdump" representation of the network packet, before being decoded. Jason wants to identify the trojan by looking at the destination port number and mapping to a trojan-port number database on the Internet. Identify the remote server's port number by decoding the packet? A. B. C. D. Port 1890 (Net-Devil Trojan) Port 1786 (Net-Devil Trojan) Port 1909 (Net-Devil Trojan) Port 6667 (Net-Devil Trojan) Correct Answer: D Section: (none) Explanation Explanation/Reference: Explanation: From trace,0x1A0B is 6667,IRC Relay Chat,which is one port used. Other ports are in the 900's.