Page 787 - StudyBook.pdf
P. 787
Self Test Appendix • Appendix 771
D. IP spoofing is where attackers pretend to be from trusted networks to enter restricted loca-
tions.A log would show an internal IP in an external interface.
All the other attacks are different than a spoofing attack.
7. Your Chief Executive Officer (CEO) practices complete password security. He changes the
password every 30 days, uses hard-to-guess, complex, 10-character passwords with lowercase,
uppercase, numbers and special symbols, and never writes them down anywhere. Still, you
have discovered a hacker that for the past year has been using the CEO’s passwords to read his
e-mail.What’s the likely culprit behind this attack.
A. A logic bomb
B. A worm
C. A keylogger
D. Social Engineering
C. Most likely a keylogger has been installed that secretly sends the day’s log to the attacker,
who can then easily read the CEO’s passwords.
A. logic bomb typically does not run for a year, and does not collect and send passwords. B. A
worm is more interested with self-replication than a target password attack. D. The CEO obvi-
ously understands password security, so it’s unlikely he would divulge his password on several
occasions to another person.
8. Packet sniffing will help with which of the following? (Select all that apply.)
A. Capturing e-mail to gain classified information
B. Launching a DDoS attack with zombie machines
C. Grabbing passwords sent in the clear
D. Developing a firewall deployment strategy
A and C. Sniffing will show information shown in the clear, like e-mail and unencrypted
passwords.
B. Sniffing is passive, not active as in DDoS. D. Sniffing is not part of a firewall, as a sniffer
bypasses the perimeter protection.
9. Which of the following are sniffers? (Select all that apply.)
A. Wireshark
B. Tcpdump
C. Nessus
D. Snoop
A, B, and D.
C. Nessus is a vulnerability scanner, not a sniffer.
www.syngress.com
