Pregunta CISSP
Elegí una fácil para comenzar a conocer preguntas del CISSP.
La pregunta fue extraída de cccure.
.
.
.
.
.
.
.
.
.
.
The correct answer is sniffing. A network sniffer captures a copy every packet that traverses the network segment the sniffer is connect to. Those packets are displayed by the sniffer. Therfore, if the username/password are contained in a packet or packets traversing the segment the sniffer is connected to, it will capture and display that information (and any other information on that segment). Of course, if the information is encrypted via a VPN or similar technology, the information is still captured and displayed, but it is in an unreadable format.
The other answers are not correct because:
- Data diddling involves changing data before, or as it is enterred into a computer.
- Spoofing is forging an address and inserting it into a packet to disguise the origin of the communication - or causing a system to respond to the wrong address.
- Smurfing would refer to the smurg attack, where an attacker broadcasts spoofed packets in order to cause a denial of service.
Reference:
Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, Chapter 4: Protection of Information Assets (page 207).
cfb
La pregunta fue extraída de cccure.
Which of the following could inappropriately capture network user passwords?.
Data diddling
Sniffing
Spoofing
Smurfing
.
.
.
.
.
.
.
.
.
.
The correct answer is sniffing. A network sniffer captures a copy every packet that traverses the network segment the sniffer is connect to. Those packets are displayed by the sniffer. Therfore, if the username/password are contained in a packet or packets traversing the segment the sniffer is connected to, it will capture and display that information (and any other information on that segment). Of course, if the information is encrypted via a VPN or similar technology, the information is still captured and displayed, but it is in an unreadable format.
The other answers are not correct because:
- Data diddling involves changing data before, or as it is enterred into a computer.
- Spoofing is forging an address and inserting it into a packet to disguise the origin of the communication - or causing a system to respond to the wrong address.
- Smurfing would refer to the smurg attack, where an attacker broadcasts spoofed packets in order to cause a denial of service.
Reference:
Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, Chapter 4: Protection of Information Assets (page 207).
cfb
0 Comments:
Publicar un comentario
Gracias por dejar un comentario en Segu-Info.
Gracias por comentar!