Gerald, the Systems Administrator for Hyped Enterprises, has just discovered that his network has been breached by an outside attacker. After performing routine maintenance on his servers, he discovers numerous remote tools were installed that no one claims to have knowledge of in his department. Gerald logs onto the management console for his IDS and discovers an unknown IP address that scanned his network constantly for a week and was able to access his network through a high-level port that was not closed. Gerald traces the IP address he found in the IDS log to a proxy server in Brazil. Gerald calls the company that owns the proxy server and after searching through their logs, they trace the source to another proxy server in Switzerland. Gerald calls the company in Switzerland that owns the proxy server and after scanning through the logs again, they trace the source back to a proxy server in China. What proxy tool has Gerald's attacker used to cover their tracks?

A. ISA proxy

B. IAS proxy

C. TOR proxy

D. Cheops proxy

A corporation hired an ethical hacker to test if it is possible to obtain users' login credentials using methods other than social engineering. Access to offices and to a network node is granted. Results from server scanning indicate all are adequately patched and physical access is denied, thus, administrators have access only through Remote Desktop. Which technique could be used to obtain login credentials?

A. Capture every users' traffic with Ettercap.

B. Capture LANMAN Hashes and crack them with LC6.

C. Guess passwords using Medusa or Hydra against a network service.

D. Capture administrators RDP traffic and decode it with Cain and Abel.

_________ ensures that the enforcement of organizational security policy does not rely on voluntary web application user compliance. It secures information by assigning sensitivity labels on information and comparing this to the level of security a user is operating at.

A. Mandatory Access Control

B. Authorized Access Control

C. Role-based Access Control

D. Discretionary Access Control

Which one of the following attacks will pass through a network layer intrusion detection system undetected?

A. A teardrop attack

B. A SYN flood attack

C. A DNS spoofing attack

D. A test.cgi attack

There are two types of honeypots- high and low interaction. Which of these describes a low interaction honeypot? Select the best answers.

A. Emulators of vulnerable programs

B. More likely to be penetrated

C. Easier to deploy and maintain

D. Tend to be used for production

E. More detectable

F. Tend to be used for research