You are conducting penetration testing and trying to identify vulnerable user accounts and shared resources on a host located in the perimeter network. Which of the following best describes the action you are taking?
A. Reconnaissance
B. Fingerprinting
C. Enumeration
D. Port scanning
Your organization hired an external security team to conduct penetration testing to assess the security and privacy controls in organizational information systems. Which of the following is the penetration team least concerned in terms of the penetration test?
A. Thoroughly document all activities performed during the test.
B. Produce results indicating the risk exposure for exploited and validated vulnerabilities.
C. Validate existing security and privacy controls.
D. Provide actionable results with information about possible remediation measures.
Amazon, pls give authors from Taiwan wire transfer. I don’t like the check float. 😅
Your organization is planning for penetration testing to assess the security and privacy controls in organizational information systems. Which of the following is not the best timing to conduct penetration testing?
A. Before any newly developed system is authorized for operation
B. When legacy systems were undergoing a major upgrade.
C. After important changes are made to the environment in which the system operates.
D. When a well-known type of attack, rated as high risk, is retained in the risk register.
VMware is a proprietary, closed-source, reduced privilege guest virtual machine emulator. It supports guest-to-host and host-to-guest communication. Since it relies on the underlying hardware for execution of instructions, it must relocate sensitive data structures, such as the Interrupt Descriptor Table and the Global Descriptor Table. VMware also makes use of the Local Descriptor Table which is not otherwise used by Windows. Thus, a simple detection method for VMware is to check for a non-zero Local Descriptor Table (LDT) base on Windows.
RedPill
The more common method for detecting VMware is to check the value of the Interrupt Descriptor Table, using the “RedPill” method. For the “RedPill” method, if the value of the Interrupt Descriptor Table base exceeds a certain value, a virtual machine emulator is assumed to be present. However, as the LDT paper shows, this method is unreliable on machines with multiple CPUs.
Scooby Doo
The “Scooby Doo” method uses the same basic idea as the RedPill method but it compares the Interrupt Descriptor Table base value to specific hard-coded values in order to identify VMware specifically. While the Scooby Doo method is less likely to trigger false positives, compared to the RedPill method, there is still the chance that some false positives will occur.
Source: Peter Ferrie
You are implementing a security kernel that aligns with the reference monitor concept to enforce the access control policy prohibiting unauthorized information disclosure. Which of the following is correct about your implementation?
A. Information as constrained data items is well-formed to prevent conflict of interest.
B. Lipner’s model is a formal model that can support your design and enforce the policy.
C. A subject with a confidential clearance can not write to a file classified as top secret.
D. All information flows from high to low-security level is blocked with no exceptions per the Bell-Lapadula model.
It’s not uncommon we use terms like multiprogramming, multitasking, multithreading, multiprocessing, etc., but often without consistent definitions. This post shares my definitions and perspectives on these terms.
Do you know “Heartbleed” is a bug from the TLS implementation in OpenSSL, coded CVE-2014-0160? The CVE Identifier is not friendly; people love names. However, the bug named by security companies may be too sensational and cause fear, uncertainty, and doubt.
CERT/CC: ‘Sensational’ bug names spark fear, hype – so we’ll give flaws our own labels… like Suggestive Bunny
The Bell-LaPadula (BLP) model is a formal security model based on the state machine and prevents information flow from a higher security level to a lower one. Which of the following is correct about the BLP model?
A. The BLP model provides mandatory protection from unauthorized information alternation.
B. The BLP model doesn’t rely on infinite states to avoid attacks that might predict its behavior.
C. The BLP model prescribes all subjects at a higher security level shall not write to an object at a lower level.
D. The BLP model maintains both secure and insecure states and enforce secure transition between states.