A security analyst is reviewing the following packet capture of communication between a host and a company’s router:
Which of the following actions should the security analyst take to remove this vulnerability?
A. Update the router code
B. Implement a router ACL
C. Disconnect the host from the network
D. Install the latest antivirus definitions
E. Deploy a network-based IPS
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
 |
Isn’t this a kind of ping of death (malformated ICMP request triggering a kind of buffer overflow) performed by 192.168.1.10?
This is a network attack and I would go for “E. Deploy a network-based IPS” (this assumes the IPS is able to detect this attack).
“A” would be only if the constructor is aware of the vulnerability, why not.
“B” would be either isolate the malicious host (do not fix the vuln), either deny all ICMP (removed ICMP feature totally)
“C” would isolate the malicious host (do not fix the vuln on router side)
“D” Network attacks are not file based.
B
Limited info here… I’d grab the mac and find its source first to see where the heck it’s coming from. I went with ACL, because it’s a suspicious IP on the network. Any private IP space outside of my own 10 net doesn’t belong on my home network. On the enterprise.. well that’s different – and it would become a question of whether or not I wanted those two VLANs to be able to share routes. That being the case, – grab the mac, find the source, and then its an ACL (or route map, i suppose).
I believe it’s C.
Being that the host has a 192.168 address. That’s a private IP indicating it is on the network and not coming in from the wild.
Not sure what an ACL would accomplish in this case.