Page 436 - StudyBook.pdf
P. 436
420 Chapter 6 • Infrastructure Security: Devices and Media
2. You have recently installed an IDS on your corporate network.While config-
uring the NIDS, you decide to enable the monitoring of network traffic for a
new exploit focused on attacking workstations that go to a malformed URL
causing the browser to experience a stack dump.To configure the NIDS to
watch for this, what must it be capable of monitoring?
A. HTTP Headers
B. TCP Headers
C. XML Content
D. HTTPS Content
3. You are performing a routine penetration test for the company you work for.
As part of this test, you wardial all company extensions searching for modems.
The test results indicate that one of the company extensions has a modem
answering when it shouldn’t be.You track this down and find that a user has
installed their own modem so they can connect to an online service.What
should you do?
A. Nothing, this is not a threat.
B. Remove the modem.
C. Disconnect the extension.
D. Notify the user’s supervisor.
4. Your company has a mobile sales force which uses PDAs for entering orders
while on the road.The application used for these orders requires an ID and
password to log in.What else should be done to ensure that these orders are
kept confidential when being sent to the host server?
A. Encrypt the data stored on the mobile device.
B. Encrypt the communication channel between the mobile device and the
host server.
C. Require an x.509 certificate in addition to the ID and password required to
authenticate.
D. Encrypt the data stored on the host server.
www.syngress.com
