Course Hero Logo

To publish the victims data or perpetually block

Course Hero uses AI to attempt to automatically extract content from documents to surface to you and others so you can study better, e.g., in search results, to enrich docs, and more. This preview shows page 87 - 90 out of 501 pages.

to publish the victim's data or perpetually block access to it unless a ransom ispaid. Keyloggers are a type of monitoring software designed to recordkeystrokes made by a user. These keyloggers can record the information youtype into a website or application and send to back to an attacker. A rootkit is aclass of malware that modifies system files, often at the kernel level, to concealits presence.Question 18:SkippedWhat method might a system administrator use to replicate the DNSinformation from one DNS server to another, but could also be usedmaliciously by an attacker?CNAMEDNS registrationDNSSECZone transfers(Correct)ExplanationOBJ-2.3: Zone transfers provide an easy way to send all the DNS informationfrom one DNS server to another, but an attacker could also use it forreconnaissance against your organization. For this reason, most administratorsdisable zone transfers from untrusted servers. DNSSEC strengthens
authentication in DNS using digital signatures based on public-key cryptography.CNAME is a Canonical Name Record or Alias Record. A type of resource record inthe Domain Name System (DNS) that specifies that one domain name is an aliasof another canonical domain name. DNS registration is a service, which allowsthe owner of a domain name to use their name servers, which can match thedomain name in question.Question 19:SkippedWhich term defines the collection of all points from which an adversarycould interact with a system and cause it to function in a way otherthan how it was designed?Adversary capability setThreat modelAttack surface(Correct)Attack vectorExplanationOBJ-1.2: The collection of all points from which an adversary may attack isconsidered the attack surface. The attack vector represents the specific pointsan adversary has chosen for a particular attack. The threat model defines thebehavior of the adversary. An adversary capability set is the list of items anadversary can use to conduct their attack.Question 20:SkippedA cybersecurity analyst is reviewing the logs of a Citrix NetScalerGateway running on a FreeBSD 8.4 server and saw the followingoutput:-=-=-=-=--=-=-=-=--=-=-=-=--=-=-=-=--=-=-=-=--=-=-=-=--=-=-=-=-10.1.1.1 - - [10/Jan/2020:13:23:51 +0000] "POST
/vpn/../vpns/portal/scripts/newbm.pl HTTP/1.1" 200 143"" "USERAGENT "10.1.1.1 - - [10/Jan/2020:13:23:53 +0000] "GET/vpn/../vpns/portal/backdoor.xml HTTP/1.1" 200 941 "-" "USERAGENT"10.1.1.1 - - [10/Jan/2020:16:12:31 +0000] "POST/vpns/portal/scripts/newbm.pl HTTP/1.1" 200 143 """USERAGENT"-=-=-=-=--=-=-=-=--=-=-=-=--=-=-=-=--=-=-=-=--=-=-=-=--=-=-=-=-What type of attack was most likely being attempted by the attacker?SQL injectionPassword sprayingDirectory traversal(Correct)XML injectionExplanationOBJ-1.7: A directory traversal attack aims to access files and directories that arestored outside the webroot folder. By manipulating variables or URLs thatreference files with “dot-dot-slash (../)” sequences and its variations or by usingabsolute file paths, it may be possible to access arbitrary files and directoriesstored on file system including application source code or configuration andcritical system files. The example output provided comes from a remote code

Upload your study docs or become a

Course Hero member to access this document

Upload your study docs or become a

Course Hero member to access this document

End of preview. Want to read all 501 pages?

Upload your study docs or become a

Course Hero member to access this document

Term
Spring
Professor
Ghaedi
Tags
Computer Security, IP address, Domain Name System, analyst, The Next Time,

Newly uploaded documents

Show More

Newly uploaded documents

Show More

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture