GAQM CPEH-001 Exam - Topic 7 Question 33 Discussion

Actual exam question for GAQM's CPEH-001 exam

Question #: 33
Topic #: 7

Bob, an Administrator at XYZ was furious when he discovered that his buddy Trent, has launched a session hijack attack against his network, and sniffed on his communication, including administrative tasks suck as configuring routers, firewalls, IDS, via Telnet. Bob, being an unhappy administrator, seeks your help to assist him in ensuring that attackers such as Trent will not be able to launch a session hijack in XYZ. Based on the above scenario, please choose which would be your corrective measurement actions. (Choose two)

AUse encrypted protocols, like those found in the OpenSSH suite.

BImplement FAT32 filesystem for faster indexing and improved performance.

CConfigure the appropriate spoof rules on gateways (internal and external).

DMonitor for CRP caches, by using IDS products.

Show Suggested Answer

Suggested Answer: A, C

First you should encrypt the data passed between the parties; in particular the session key. This technique is widely relied-upon by web-based banks and other e-commerce services, because it completely prevents sniffing-style attacks. However, it could still be possible to perform some other kind of session hijack. By configuring the appropriate spoof rules you prevent the attacker from using the same IP address as the victim as thus you can implement secondary check to see that the IP does not change in the middle of the session.

by Ryan at May 07, 2022, 10:26 PM

Limited Time Offer

25%

Off

Get Premium CPEH-001 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Jonell

4 months ago

D sounds good, but is it really enough to catch everything?

upvoted 0 times

...

Clorinda

4 months ago

100% agree with A, can't believe Trent did that!

upvoted 0 times

...

Quentin

4 months ago

Wait, FAT32 for performance? That doesn't seem right...

upvoted 0 times

...

Regenia

4 months ago

C is also important, gotta have those spoof rules in place.

upvoted 0 times

...

Bethanie

5 months ago

Definitely go with A, encrypted protocols are a must!

upvoted 0 times

...

Reena

5 months ago

Monitoring for CRP caches sounds familiar, but I’m not confident if it’s the best approach here. I feel like we focused more on encryption methods in our last review.

upvoted 0 times

...

Callie

5 months ago

I think configuring spoof rules could help, but I’m not clear on how that directly ties into preventing session hijacks. We had a practice question on that, right?

upvoted 0 times

...

Lanie

5 months ago

I'm not entirely sure about the FAT32 option. It doesn't seem relevant to security, but I guess it could improve performance somehow?

upvoted 0 times

...

Rolland

5 months ago

I remember we discussed using encrypted protocols like OpenSSH in class. That seems like a solid choice to prevent session hijacking.

upvoted 0 times

...

Casie

5 months ago

Okay, let me think this through step-by-step. The key seems to be ensuring the organization hires ethical individuals with substantial discretion. I'll need to carefully consider the implications of that.

upvoted 0 times

...

Elvera

5 months ago

Hmm, this looks like a tricky one. I'll need to think through the different components of the NGFW and how they handle those security functions.

upvoted 0 times

...

Marlon

5 months ago

I'm pretty sure the answer is A. Dynamic Pool is the recommended desktop cloud mode for network card scenarios.

upvoted 0 times

...

Santos

5 months ago

I think IT Accounting includes calculating costs, so I might lean towards that option D for what isn't part of it.

upvoted 0 times

...

Enola

5 months ago

I definitely practiced similar questions, and I believe the strong government intervention is one of the main approaches. I just can't shake off the uncertainty about voluntary changes.

upvoted 0 times

...