Lab 4 - CIS Control 01 - Vulnerability Scanning and Asset Discovery Tool (Active Scanning)

Discuss the following types of security vulnerabilities that affect code: Buffer Overflow Code Injection. You have an online web store having URL mystore.com. Explain why the following hyperlinks (URL) are not very safe, and how will you make them secure: http://www. com/ distributor/distributor.asp?distID=123 http://www. com/changepassword.php?userID=123

TASK 01 (SHODAN)•For this assignment you will have to do some observation task on some vulnerabilities that can be exploited to attack ICS security.•Remember: ONLY OBSERVE for study purpose. UNITEN will not be responsible for your experimentation beyond the required task.Search for potential location of ICS devices•Use Shodan website•Search for location that is linked to port 102 in Malaysia•Note how many are there in Malaysia1.Find out what all those displayed information mean from the search. Explain it in your report. [5 marks]2.Use the map in SHODAN to actually find out where these location actually is. [2 marks]3.Cross check with google map if the location is actually real. List at least TWO detailed address and information found through SHODAN, [3 marks]4.Extra bonus marks: Find out other port number that might be used by ICS device and perform a search. List them out and perform the same test. Write the same report of your findings. TASK 02 (GOOGLE HACKING)•For this assignment…

ا ترجمة جوجل X -g x Take Test: Midter x Meet - ITD x (no subject) - 201 M x Meeting Link - M M 67 aa https://bb.cas.edu.om/webapps/assessment/take/launch.jsp?course_assessment_id= 17362 1&course_id= 20232 1&content_id= Remaining Time: 1 hour, 21 minutes, 06 seconds. Question Completion Status: Path: p Words:0 QUESTION 15 Briefly define about Computer Aided Software Engineering (CASE). And write any two examples of CASE tools. TTT Arial v 3 (12pt) T Path: p Words:0 Click Save and Submit to save and submit. Click Save All Answers to save all answers, Save All Answers F9 F10 Pause F3 F4 F5 F6 米 F7 F8 & 由 %24

A researcher working on a study has been aware of a problem referred to as "security breakdowns in social media," and they want to look into it more. What are the steps that he has to follow in order to complete his research? Please provide a condensed description of each step.

board bsu - Search 3 Bb Course Materials - ENGL101-009 X 0 https://learn.zybooks.com/zybook/BOWIESTATECOSC112TankehFall2022/chapter/2/section/9?content_resource_id=61938934 CHALLENGE ACTIVITY O False 428064.2870338.qx3zqy7 % The cost to ship a package is a flat fee of 75 cents plus 25 cents per pound. 1. Declare a constant named CENTS_PER_POUND and initialize with 25. 5 6 7 8 9 10 11 12 13 14 15 2. Get the shipping weight from user input storing the weight into shipWeightPounds. 3. Using FLAT_FEE_CENTS and CENTS_PER_POUND constants, assign shipCostCents with the cost of shipping a package weighing shipWeightPounds. 1 import java.util.Scanner; 2 3 public class ShippingCalculator { 2.9.1: Using constants in expressions. Run 16 17 } 18 } 5 Qzybooks - Search public static void main(String[] args) { Scanner scnr = new Scanner(System.in); int shipWeight Pounds; int shipCostCents = 0; final int FLAT FEE CENTS 75; final int CENTS_PER_POUND = 25; int shipWeight Pounds= scnr.nextint();…

 What is Iloveyou Virus all about? How does the Iloveyou virus affect the whole world? If you’ve given a chance to talk to the creator of the Iloveyou Virus, what do you say to him? Elaborate on your answer. Reference: 2. Earth’s Deadliest Computer Virus: Iloveyouhttps://www.youtube.com/watch?v=soZyb6lMx4c&t=6s

Tony, a data analyst for a major casino, is working after normal business hours to finish an important project. He realizes that he is missing data that had been sent to his co-worker Robert. Tony had inadvertently observed Robert typing his password several days ago and decides to log into Robert’s computer and resend the data to himself. Upon doing so, Tony sees an open email regarding gambling bets Robert placed over the last several days with a local sports book. All employees of the casino are forbidden to engage in gambling activities to avoid any hint of conflict of interest. Tony knows he should report this but would have to admit to violating the company’s information technology regulations by logging into Robert’s computer. If he warns Robert to stop his betting,he would also have to reveal the source of his information. What does Tony do in this situation?a) Name some six human acts from the excerpt b) Giving three scenarios from the excerpt, evaluate the morality of acts…

Document1 Saved to this PC O Search ABDUL REHMAN BIN sign Layout References Mailings Review View Help A A Aa A EE-E E E T 11 AaBbCcDc AaBbCcDc AABBC AABBCCC AaB e x, x A eAv I Normal 1 No Spac. Heading 1 Heading 2 Title Font Paragraph Styles Explain how an inside router (e.g. router 36) în an Autonomous System (AS3) in Q4: Figure 2 comes to know about the route to AS2. Explain it through proper procedure. Will the hot potato routing happen in this case? 3a 3b AS3 other 2a networks 2b 1a 16 AS2 AS1 1d Focus 12

Kim is working on a project on the health of young mothers among poor people. Since she had little time, she only collected data from the experts who work with these women. Just before the deadline, Kim found that all her project files were locked and wouldn’t open without an access key. She then received an email from her friend Tom that told her to transfer 500 dollars unless she wanted all the project files deleted forever. She immediately called Tom and was baffled to know that all passwords and data saved inside Tom’s laptop were somehow leaked and he could not access any of his accounts. Apparently both Kim and Tom downloaded some files from a third party website and faced these problems afterwards. Sadly, Kim had to pay 500 dollars to retrieve her project and Tom had to reset his entire laptop and delete all his digital information to get rid of the malware.  a. Compare and contrast among the Observation method and the method used by Kim for information collection.  b. What made…

As part of a website redesign at Sunshine State University, a directory search application was developed. It allows any- one to search for Sunshine State students, staff, and faculty names and email addresses. Before the website is released to the public, you have been asked to work with the team evaluating the security. And you found out this system could possibly be suffering for system misconfiguration. write a paragraph brief (one to two paragraphs) summary of your findings that could be presentedto the administration of Sunshine State University. Make sure to include:a) What vulnerability or vulnerabilities this application suffer from?b) Possible harm that could come from this vulnerability.c) Reasons that you feel this vulnerability is presen

bb.cas.edu.om/webapps/assessment/take/launch.jsp?course_assessment id%3 17343 1&course_id%3D 20233 1&content_id%3D 252109 Remaining Time: 1 hour, 59 minutes, 32 seconds. * Question Completion Status: Create the initial state table, and the complete state table. Write the equations for all the state variables and the output z. S1 S2 S3 S4 Z=0 Z=1 State diagram of 1011 sequehce recognizer Attach File Browse My Computer Click Save and Submit to save and submit. Click Save All Answers to save all answers. 1).pdf a Orgn (1-5).pdf e here to search Ps 81°F Mostly clear Or V53 Insert & 3 r 4 3. 6. 8 A 7. Y] R T. U D F

Smart-Toys-Smart Kids has decided to install a new e-mail package to streamline communications within the company.  Fred would like to have one common calendar for his all 200 employees. The expected features of the new e-mail package are “background processing” that doesn't get a great deal of attention. This includes managing connections, checking for errors in commands and e-mail messages, and reacting accordingly. The e-mail software vendors offered two different e-mail system for solution.  One vendor is offering an SMTP-based two-tier client server architecture.  The second vendor is offering a Web-based e-mail architecture. Fred doesn't understand either one. Outline the pros and cons of the two alternatives

Smart-Toys-Smart Kids has decided to install a new e-mail package to streamline communications within the company.  Fred would like to have one common calendar for his all 200 employees. The expected features of the new e-mail package are “background processing” that doesn't get a great deal of attention. This includes managing connections, checking for errors in commands and e-mail messages, and reacting accordingly. The e-mail software vendors offered two different e-mail system for solution.  One vendor is offering an SMTP-based two-tier client server architecture.  The second vendor is offering a Web-based e-mail architecture. Fred doesn't understand either one. Briefly explain to Fred, in layman's terms, the differences between the two.

What is the language used in the question?  https://www.bartleby.com/questions-and-answers/jeddah-municipality-has-decided-to-build-a-network-of-national-hospitals-to-treat-infectious-disease/96d730fd-145a-4998-974f-bfead68efbd6

Q2  Smart-Toys-Smart Kids CEO (Part 2) Smart-Toys-Smart Kids has decided to install a new e-mail package to streamline communications within the company.  Fred would like to have one common calendar for his all 200 employees. The expected features of the new e-mail package are “background processing” that doesn't get a great deal of attention. This includes managing connections, checking for errors in commands and e-mail messages, and reacting accordingly. The e-mail software vendors offered two different e-mail system for solution.  One vendor is offering an SMTP-based two-tier client server architecture.  The second vendor is offering a Web-based e-mail architecture. Fred doesn't understand either one.   a) Briefly explain to Fred, in layman's terms, the differences between the two. b) Outline the pros and cons of the two alternatives c) Make a recommendation to Fred about which is better for his company   ANSWER Classification   SMTP-based two-tier client server…

Make a distinction between spoofing and session hijacking. In the case that you're a web user, what are some of the countermeasures you use to protect yourself against session hijacking?

Sub:- Cyber security 9 Permissions at the OU level     Right Click OU USA and select delegation control to start the wizard.    In the wizard select the group staff,     select reset user password and force password change at next logon     Note: you are doing this at the OU level thus if you had 1000 users this reset     would make all 1000 users change there passwords at next logon.

How does a firewall protect a network?The packet-filtering program I'm working on right now is still under development. Please tell me the criteria by which I will be judged.

Joe Green, a system administrator for a large corporation, is installing a new software package on Chuck Dennis’ personal computer. The company has not authorized Joe to read the employees’ e-mail, Web logs, or personal files. However, in the course of installing the software, he accidentally comes across directories containing files with suspicious-looking names. He opens a few files and discovers they contain child pornography. Joe believes possessing such images is unethical for their profession. What should he do? Acme Corporation licenses a sophisticated software package to many private and government agencies. Kyla is one of Acme's employees who works in the support organization. She mostly provides phone support but also teaches an on-site class from time to time. In fact, she created many of the instructional materials used in these classes. One day Kyla gets a call from Maria, who works for a government agency that uses Acme's software package. Maria offers to pay Kyla Php…

Home D2L 1-4 zyBooks Lab Activities - IT-14 X zy Section 1.37 - IT 145: Intro to Sof X O Mail - Roque, Jose - Outlook https://learn.zybooks.com/zybook/IT-145-H7604-OL-TRAD-UG.22EW4/chapter/1/section/37 My library > IT 145: Intro to Software Development home > = zyBooks zyBooks catalog ? Help/FAQ Jose Roque 1.37: Basic output with variables (Java) ↑1.36 zyLab training*: One large program Students: This content is controlled by your instructor, and is not zyBooks content. Direct questions or concerns about this content to your instructor. If you have any technical issues with the zyLab submission system, use the Trouble with lab button at the bottom of the lab. 1.37 Basic output with variables (Java) This zyLab activity is intended for students to prepare for a larger programming assignment. Warm up exercises are typically simpler and worth fewer points than a full programming assignment. Warm up exercises are ideally suited for an in-person scheduled lab meeting or as self-practice. The…

Q: Create an activity diagram based on the following narrative: “Microsoft Bing (formerly known as Bing) is a web search engine owned and operated by Microsoft. Bing uses single sign on based on security assertion markup language (SAML) protocol to interrelate with other companies. Bing is like a service provider that provides different services such as yahoo mail of start pages. Partner companies act as identity providers and control user names, passwords, and other information used to identify, authenticate and authorize users for web applications that Bing hosts.  Each partner provides Bing with the uniform resource locator (URL) of its single sign on service as well as the public key that Bing will use to verify SAML responses. When a user attempts to use some hosted Bing application, such as Yahoo, Bing generates a SAML authentication request and sends redirect request back to the user's browser. Redirect points to the specific identity provider. SAMLauthentication request…

The Department of Academic Affairs for a faculty has decided to develop a Web-based student registration system. The system will enable the students to add courses. A drop course option should be enabled. Student may view registered courses either by display or print. Student can send notification to make appointment with the lecturer. Lecturer can view student registration whereby he/she can view only his/her own taught course. Lecturer can have option to print the student registration list. Lecturer can make announcement and have the option to acknowledge appointment to the student. Nevertheless, lecturers neither create nor remove courses. This job is under the responsibility of the administrator who can create a new semester. Administrator should provide option to remove courses. From the system described, a) Draw the UML use case diagram for student registration system described above. b) Perform requirement modelling with a detailed user stories (practices in Extreme Programming…

Complete the firewall configuration found at https://exampremium.com/comptia-security/comptia-security-simulation-8/. Please show the completed design and explain the what is accomplished with the firewall rules. HOTSPOTThe security administrator has installed a new firewall that implements an implicit DENY policy by default Click on the firewall and configure it to allow ONLY the following communication. 1. The Accounting workstation can ONLY access the web server on the public network over the default HTTPS port. The accounting workstation should not access other networks.2. The HR workstation should be restricted to communicating with the Financial server ONLY, over the default SCP port3. The Admin workstation should ONLY be able to access the servers on the secure network over the default TFTP port.

You've just started working as a Security Analyst for a new company. As a security analyst, you're in charge of overseeing your company's Firewall security rules. Your company's firewall policy was already in place when you started working there, thanks to a prior employee. In order to avoid policy breaches or anomalies, what would be your initial step?



You manage an Azure subscription named Sub1. Sub1 is associated to an Azure Active Directory (Azure AD) tenant named contoso.com. You configure Azure Monitor to store and track Azure AD sign-in log data in a Log Analytics workspace named workspace1. You need to create a security dashboard in the Azure portal that will display the summary of sign-in events during the current week based on the Azure AD sign-in log data. What should you do first? Select only one answer. In workspace1, create a query. In workspace1, create a scope configuration. In Azure Monitor, create a collection rule. In Azure Monitor, create a workbook

Kennedy Rogers: Module 7 Computer Concepts Exam - Work - Microsoft Edge https://samcp.cengage.com/Assignment Take/Exam?assignmentld-93029900&resultid=67239973&instld-f1dabeb4-2a2d-4f89-bf90-8b470938d375... y T ss Tips ess Tips R YOU Tools For Microso s and Compu e Feedback Task 42 of 57 65°F Partly sunny 3 OA. MP4 OC. E D H ME C $ C. WAV > Q Search 4 R F V %6 Assignment: Module 7 Computer Co... 5 Which of the following audio formats does not use any compression technique? T G 6 L Y H & 7 B N U * J 8 Attempts Remaining 1 M Save Answer ( K Task: MC516313 Which of the following audio formats does not use an... CLU 9 O OB.MP3 OD. WMA O L alt > kulu A P - ctri ( ? + [ = F se brt sc || < 4 ] pause delete Submit O backspace home 0 enter 3 4 num lock T shift 7 X A and urse A E X 2:32 PM 4/26/2023 O 1 M and A-Z 8 sam A L 13 G 5

You are using the terminal to move through your computer’s folders. You’d like to get into the Cybersecurity folder. You type in pwd and find that your current folder path is ~/Users/student/Documents/Cybersecurity/Images. Which of the following commands will place you inside the Cybersecurity folder? cd .. mv .. cd Cybersecurity mv Cybersecurity

Answer the following questions. Question a. Consider the following scenario: You are working as an IT support specialist and receive a call from a remote user saying they can’t access the company website. After verifying the user as an employee, how would you start trying to solve this problem? 1)Ask questions and gather information to identify the problem. 2)Tell the user it is a virus and ask to run a virus check. 3)Tell the user they need to bring or send the computer to the corporate office for troubleshooting. 4)Ask the user to clear the cache of the web browser. Question b. What does the “isolating the problem” troubleshooting method try to do? 1)Ask the user questions to make them feel part of the solution 2)Expand the area of the problem. 3)Shrink the scope of the potential issue. 4)Recreating the problem

What Punishment for Webcam Spying is Appropriate?   Microphones, digital cameras, and webcams have many practical and harmless uses. These technologies also can leave you open to spying. For example, one school district used software, which was supposed to track the school-distributed laptops in case of theft, to take photos and scree captures of students. In another instance, a person noticed that when she gave a customer service rep access to her computer, he turned on her webcam without asking for her permission.   Cybercriminals can use spy tools take photos, or record video or audio, without turning on a light or other notification that indicates your camera or microphone is in use. The Flame virus is one way for spy tools to infect your computer. Security experts recommend using a sticker to cover your webcam and inserting a dummy plug in the microphone port when you are not using it. These technologies also allow people to take photos or videos in a public setting and share them…

SCENARIO 1: You have just completed a routine security audit on the company’s information systems, and you found several areas of vulnerability. For example, file permissions have not been updated in some time, no comprehensive password policy exists, and network traffic is not fully encrypted. You noted these areas, among others, in a report to your supervisor. The report included specific recommendations to fix the problems. Your supervisor responded by saying that budgets are tight right now, and she could not approve your requests to resolve these issues. As an IT professional, you are very uncomfortable with the risk level, but you have been unable to sway your supervisor. When you discussed the situation with a colleague, he said, “Why worry about it? If it’s good enough for her, it should be good enough for you.” What do you think of your colleague’s advice, and why? Is this an ethical question? If you are still is uncomfortable, what are your options? SCENARIO 2: You work for a…

For the ZeuS malware, please write a short paragraph based on the given background and website info: ZeuS – Trojan ZeuS is a modular banking trojan that uses keystroke logging to compromise credentials when a victim visits certain banking websites. Since the release of the ZeuS source code in 2011, many other malware variants have adopted parts of its codebase, which means that incidents classified as ZeuS may actually be other malware using parts of the original ZeuS code. https://www.cisecurity.org/insights/blog/top-10-malware-december-2022   Zeus malware can give attackers full access to infected machines. While the original Zeus variant primarily utilized man-in-the-browser keyloggers to gain access to an infected computer’s banking credentials and other financial information, many forms of the Zeus virus can also be used to add CryptoLocker ransomware to an operating system or add infected computers to a botnet to perform distributed denial-of-service (DDoS) attacks. The Zeus…

Applications which make use of blockchain technology are knawn as DApps. As developer for Elon's company, you are tasked with creating an easy to use Expense Tracker which saves data to the chain. Your friend wants to keep it as simple as possible to ensure that it's easy to pick up.Required features: User can input an expense Add new users Owner can Block/Unblock users Blocked users cannot post anything If the cost is more than 100 uint then that specific expense is marked as "Too expensive"; if less than 10 uint then it's marked as "Cheap". Mark when the latest expense was made (refer below) The name of  the app can be updated by owner Read data: App name Show a user's most expensive expense Show a user's cheapest expense Total sum of a specific user's latest expense Count of how many expenses does a user have Get data on the most recent expense Show user info DATA: Expenses: id, category, amount, is it cheap, expensive, or not; date it was made User: id, address,  totalExpense,…