GAQM Exam CPEH-001 Topic 7 Question 33 Discussion

Actual exam question for GAQM's CPEH-001 exam

Question #: 33
Topic #: 7

Bob, an Administrator at XYZ was furious when he discovered that his buddy Trent, has launched a session hijack attack against his network, and sniffed on his communication, including administrative tasks suck as configuring routers, firewalls, IDS, via Telnet. Bob, being an unhappy administrator, seeks your help to assist him in ensuring that attackers such as Trent will not be able to launch a session hijack in XYZ. Based on the above scenario, please choose which would be your corrective measurement actions. (Choose two)

AUse encrypted protocols, like those found in the OpenSSH suite.

BImplement FAT32 filesystem for faster indexing and improved performance.

CConfigure the appropriate spoof rules on gateways (internal and external).

DMonitor for CRP caches, by using IDS products.

Show Suggested Answer

Suggested Answer: A, C

First you should encrypt the data passed between the parties; in particular the session key. This technique is widely relied-upon by web-based banks and other e-commerce services, because it completely prevents sniffing-style attacks. However, it could still be possible to perform some other kind of session hijack. By configuring the appropriate spoof rules you prevent the attacker from using the same IP address as the victim as thus you can implement secondary check to see that the IP does not change in the middle of the session.

by Ryan at May 07, 2022, 10:26 PM

Limited Time Offer

25%

Off

Get Premium CPEH-001 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!