A server administrator needs to administer a server remotely using RDP, but the specified port is closed on the outbound firewall on the network. The access the server using RDP on a port other than the typical registered port for the RDP protocol?
A server administrator discovers the web farm is using weak ciphers and wants to ensure that only stronger ciphers are accepted. Which of the following ciphers should the administrator implement in the load balancer? (Select Two)
An assessment too reports that the company’s web server may be susceptible to remote buffer overflow. The web server administrator insists that the finding is a false positive. Which of the following should the administrator do to verify if this is indeed a false positive?
A. Use a banner grabbing tool B. Run a vulnerability scan C. Enforce company policies D. Perform a penetration test
A server administrator notes that a fully patched application often stops running due to a memory error. When reviewing the debugging logs they notice code being run calling an internal process to exploit the machine. Which of the following attacks does this describes?
A. Malicious add-on B. SQL injection C. Cross site scripting D. Zero-day
A server administrator notes that a legacy application often stops running due to a memory error. When reviewing the debugging logs, they notice code being run calling an internal process to exploit the machine. Which of the following attacks does this describe?
A. Zero-day B. Buffer overflow C. Cross site scripting D. Malicious add-on
Correct Answer: B Section: Threats and Vulnerabilities
This question describes a buffer overflow attack.
A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information – which has to go somewhere – can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user’s files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability.
A: A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it — this exploit is called a zero day attack. Uses of zero day attacks can include infiltrating malware, spyware or allowing unwanted access to user information. The term “zero day” refers to the unknown nature of the hole to those outside of the hackers, specifically, the developers. Once the vulnerability becomes known, a race begins for the developer, who must protect users. Zero-day attacks are generally not used to attack legacy applications. Memory errors are indicative of a buffer overflow attack.
C: Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users.
Cross-site scripting uses known vulnerabilities in web-based applications, their servers, or plug-in systems on which they rely. Exploiting one of these, attackers fold malicious content into the content being delivered from the compromised site. When the resulting combined content arrives at the client-side web browser, it has all been delivered from the trusted source, and thus operates under the permissions granted to that system. By finding ways of injecting malicious scripts into web pages, an attacker can gain elevated access-privileges to sensitive page content, session cookies, and a variety of other information maintained by the browser on behalf of the user. XSS attacks are not used to attack legacy applications. Memory errors are indicative of a buffer overflow attack.
D: The application is a legacy application. It is therefore unlikely to have an add-on. The question states that the application often stops running due to a memory error. Memory errors are indicative of a buffer overflow attack.
The server administrator has noted that most servers have a lot of free disk space and low memory utilization. Which of the following statements will be correct if the server administrator migrates to a virtual server environment?
A. The administrator will need to deploy load balancing and clustering. B. The administrator may spend more on licensing but less on hardware and equipment. C. The administrator will not be able to add a test virtual environment in the data center. D. Servers will encounter latency and lowered throughput issues.
Correct Answer: B Section: Network Security
Migrating to a virtual server environment reduces cost by eliminating the need to purchase, manage, maintain and power physical machines. The fewer physical machines you have, the less money it costs.
A, C, D: Virtualization allows you to manage and maintain servers as discrete software components, rapidly create new servers from pre-defined and configured images, and reallocate
resources to optimize performance and stability. Virtual servers are contained entirely as a software object, so you can easily and seamlessly migrate them to other physical hardware