QUESTION 132 How would you describe a simple yet very effective mechanism for

Question 132 how would you describe a simple yet very

This preview shows page 55 - 58 out of 293 pages.

QUESTION 132 How would you describe a simple yet very effective mechanism for sending and receiving unauthorized information or data between machines without alerting any firewalls and IDS's on a network? A. Covert Channel B. Crafted Channel C. Bounce Channel D. Deceptive Channel Correct Answer: A Section: Sniffers Explanation Explanation/Reference: A covert channel is described as: "any communication channel that can be exploited by a process to transfer information in a manner that violates the systems security policy." Essentially, it is a method of communication that is not part of an actual computer system design, but can be used to transfer information to users or system processes that normally would not be allowed access to the information. QUESTION 133 Exhibit:
Image of page 55
You have captured some packets in Ethereal. You want to view only packets sent from 10.0.0.22. What filter will you apply? A. ip = 10.0.0.22 B. ip.src == 10.0.0.22 C. ip.equals 10.0.0.22 D. ip.address = 10.0.0.22 Correct Answer: B Section: Sniffers Explanation Explanation/Reference: Explanation: ip.src tells the filter to only show packets with 10.0.0.22 as the source. QUESTION 134 Real 161 ECCouncil 312-50 Exam You are sniffing as unprotected WiFi network located in a JonDonalds Cybercafe with Ethereal to capture hotmail e-mail traffic. You see lots of people using their laptops browsing the web while snipping brewed coffee from JonDonalds. You want to sniff their email message traversing the unprotected WiFi network. Which of the following ethereal filters will you configure to display only the packets with the hotmail messages? A. (http contains "hotmail") && ( http contains "Reply-To") B. (http contains "e-mail" ) && (http contains "hotmail") C. (http = "login.passport.com" ) && (http contains "SMTP") D. (http = "login.passport.com" ) && (http contains "POP3") Correct Answer: A
Image of page 56
Section: Sniffers Explanation Explanation/Reference: Explanation: Each Hotmail message contains the tag Reply-To:<sender address> and "xxxx-xxx- xxx.xxxx.hotmail.com" in the received tag. QUESTION 135 Daryl is a network administrator working for Dayton Technologies. Since Daryl's background is in web application development, many of the programs and applications his company uses are web-based. Daryl sets up a simple forms-based logon screen for all the applications he creates so they are secure. The problem Daryl is having is that his users are forgetting their passwords quite often and sometimes he does not have the time to get into his applications and change the passwords for them. Daryl wants a tool or program that can monitor web-based passwords and notify him when a password has been changed so he can use that tool whenever a user calls him and he can give them their password right then. What tool would work best for Daryl's needs? A. Password sniffer B. L0phtcrack C. John the Ripper D. WinHttrack Correct Answer: A Section: Sniffers Explanation Explanation/Reference: L0phtCrack is a password auditing and recovery application (now called LC5), originally produced by Mudge from L0pht Heavy Industries. It is used to test password strength and sometimes to recover lost Microsoft Windows passwords.
Image of page 57
Image of page 58

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture