EC COUNCIL-Ethical Hacking and Countermeasures V7 Set 3

Most cases of insider abuse can be traced to individuals who are introverted, incapable of dealing with stress or conflict, and frustrated with their job, office politics, and lack of respect or promotion. Disgruntled employees may pass company secrets and intellectual property to competitors for monitory benefits. Here are some of the symptoms of a disgruntled employee: a. Frequently leaves work early, arrive late or call in sick b. Spends time surfing the Internet or on the phone c. Responds in a confrontational, angry, or overly aggressive way to simple requests or comments d. Always negative; finds fault with everything These disgruntled employees are the biggest threat to enterprise security. How do you deal with these threats? (Select 2 answers)

Fake Anti-Virus, is one of the most frequently encountered and persistent threats on the web. This malware uses social engineering to lure users into infected websites with a technique called Search Engine Optimization. Once the Fake AV is downloaded into the user's computer, the software will scare them into believing their system is infected with threats that do not really exist, and then push users to purchase services to clean up the non-existent threats. The Fake AntiVirus will continue to send these annoying and intrusive alerts until a payment is made. What is the risk of installing Fake AntiVirus?

How would you describe an attack where an attacker attempts to deliver the payload over multiple packets over long periods of time with the purpose of defeating simple pattern matching in IDS systems without session reconstruction? A characteristic of this attack would be a continuous stream of small packets.

Jake works as a system administrator at Acme Corp. Jason, an accountant of the firm befriends him at the canteen and tags along with him on the pretext of appraising him about potential tax benefits. Jason waits for Jake to swipe his access card and follows him through the open door into the secure systems area. How would you describe Jason's behavior within a security context?

While performing a ping sweep of a local subnet you receive an ICMP reply of Code 3/Type 13 for all the pings you have sent out. What is the most likely cause of this?

Consider the following code: URL:http://www.certified.com/search.pl?text= If an attacker can trick a victim user to click a link like this, and the Web application does not validate input, then the victim's browser will pop up an alert showing the users current set of cookies. An attacker can do much more damage, including stealing passwords, resetting your home page, or redirecting the user to another Web site. What is the countermeasure against XSS scripting?

What type of Trojan is this?

Maintaining a secure Web server requires constant effort, resources, and vigilance from an organization. Securely administering a Web server on a daily basis is an essential aspect of Web server security. Maintaining the security of a Web server will usually involve the following steps: 1. Configuring, protecting, and analyzing log files 2. Backing up critical information frequently 3. Maintaining a protected authoritative copy of the organization's Web content 4. Establishing and following procedures for recovering from compromise 5. Testing and applying patches in a timely manner 6. Testing security periodically. In which step would you engage a forensic investigator?

In Buffer Overflow exploit, which of the following registers gets overwritten with return address of the exploit code?

Web servers often contain directories that do not need to be indexed. You create a text file with search engine indexing restrictions and place it on the root directory of the Web Server. User-agent: * Disallow: /images/ Disallow: /banners/ Disallow: /Forms/ Disallow: /Dictionary/ Disallow: /_borders/ Disallow: /_fpclass/ Disallow: /_overlay/ Disallow: /_private/ Disallow: /_themes/ What is the name of this file?