1 Answers

What information will you be able to gather?

Asked by: 135 views , ,
EC0-479

As a security analyst you setup a false survey website that will require users to create a username and a strong password. You send the link to all the employees of the company.

What information will you be able to gather?

A.
The employees network usernames and passwords

B.
The MAC address of the employees’ computers

C.
The IP address of the employees computers

D.
Bank account numbers and the corresponding routing numbers

1 Answers



  1. lotmin on Oct 08, 2012 Reply

    Answers: C
    _ The IP address of the employees computers

    Explanation:
    Answer A is not correct. In order for this to actually work, since you are asking the employee to CREATE an account, is the assumption that the user will create an account using the same Username and Password that is used as their network username and password. [it is very likely that some or a lot of users will actually create their account on the survey site using their current network credentials ' one less password to remember]
    Answer B is not correct. In order for this to work, there cannot be a router between the user and the survey site. If there is a router, then the MAC address that will be captured will be the last hop prior to reaching the survey site.
    Answer C is the best answer. Assuming that spoofing is not used, for example the use of a proxy server, the web server logs should show all the IP addresses. This requires assumptions, i.e. the survey web site is within the corporate intranet. If the traffic has to leave the firewall, and if NATing is in effect, then the addresses will be changed and the collected IP addresses can not be traced back to the user.
    Answer D is incorrect. Not unless the survey web site collects that information. The composition of the survey is not provided.

    Whether answer A (the original answer) or answer C are the best really depends on the underlying assumptions for this question. Answer A relies on human behavior, Answer C relies on network topology. Both are not specified and both rely on speculation.

    0 Votes Thumb up 0 Votes Thumb down 0 Votes