Which component of the IT Security Model is attacked with masquerade?
Answer(s): D
A masquerade attack involves an attacker pretending to be an authorized user of a system, thus compromising the authentication component of the IT security model. Authentication ensures that the individuals accessing the system are who they claim to be. By masquerading as a legitimate user, an attacker can bypass this security measure and gain unauthorized access to the system.
William Stallings, "Security in Computing".
Which component of the IT Security Model is attacked with modification?
Answer(s): C
Modification attacks directly impact the integrity of data within the IT Security Model. Integrity ensures that information is accurate and unchanged from its original form unless altered by authorized means. An attack that involves modification manipulates data in unauthorized ways, thereby compromising its accuracy and reliability.
Shon Harris, "CISSP Certification: All-in-One Exam Guide".
Which of the following is required to determine the correct Security Association?
To determine the correct Security Association (SA) in the context of IPsec, several elements are required:SPI (Security Parameter Index): Uniquely identifies the SA. Partner IP address: The address of the endpoint with which the SA is established. Protocol: Specifies the type of security protocol used (e.g., AH or ESP). All these components collectively define and identify a specific SA for secure communication between parties.
RFC 4301, "Security Architecture for the Internet Protocol".
What share does the WannaCry ransomware use to connect with the target?
Answer(s): A
The WannaCry ransomware utilizes the $IPC (Inter-Process Communication) share to connect with and infect target machines. This hidden network share supports the operation of named pipes, which facilitates the communication necessary for WannaCry to execute its payload across networks.
CISA Analysis Report, "WannaCry Ransomware".WannaCry ransomware uses the SMB (Server Message Block) protocol to propagate through networks and connect to target systems. Specifically, it exploits a vulnerability in SMBv1, known as EternalBlue (MS17-010).IPC Share: The $IPC (Inter-Process Communication) share is a hidden administrative share used for inter-process communication. WannaCry uses this share to gain access to other machines on the network.SMB Exploitation: By exploiting the SMB vulnerability, WannaCry can establish a connection to the $IPC share, allowing it to execute the payload on the target machine. Propagation: Once connected, it deploys the DoublePulsar backdoor and then spreads the ransomware payload.Given these details, the correct answer is $IPC.Reference"WannaCry Ransomware Attack," Wikipedia, WannaCry."MS17-010: Security Update for Windows SMB Server," Microsoft, MS17-010.
Post your Comments and Discuss EC-Council ICS-SCADA exam with other Community members:
Mostafa commented on August 23, 2024 This is a decent resource for preparing. But the free version is not enough and you need to buy the full PDF and the free test engine that comes with it is good. Anonymous upvote
John commented on July 30, 2024 How many total questions are available in dumps and that are sufficient to pass the exam? Anonymous upvote
Our website is free, but we have to fight against bots and content theft. We're sorry for the inconvenience caused by these security measures. You can access the rest of the ICS-SCADA content, but please register or login to continue.