Laura is operating from her home network. After she accesses a company website, she calls the IT department claiming that she is being presented with a defaced website with suspicious-looking content.

Homework Help: Questions and Answers: Laura is operating from her home network. After she accesses a company website, she calls the IT department claiming that she is being presented with a defaced website with suspicious-looking content. Upon investigation of the website, the IT department sees no issues, and a log review shows that no files have been changed. Which of the following answers might explain the cause?

Laura is operating from her home network. After she accesses a company website, she calls the IT department claiming that she is being presented with a defaced website with suspicious-looking content. Upon investigation of the website, the IT department sees no issues, and a log review shows that no files have been changed.
Which of the following answers might explain the cause?
A) SQL injection
B) ARP poisoning
C) DNS poisoning
D) MAC spoofing

A) SQL injection
B) ARP poisoning
C) DNS poisoning
D) MAC spoofing

Answer:

First, let’s understand the question: The scenario describes Laura seeing a defaced website with suspicious content, while the IT department doesn’t see any problems and logs show no changes to the website. Let’s analyze each given option:

Given Options: Step by Step Answering

a) SQL Injection

  • SQL injection is an attack that involves manipulating a web application’s SQL queries to access or modify the database.
  • This would typically affect the data stored on the website or the database behind it, but it would affect all users, not just one person. In this case, the IT department would likely see issues as well.

b) ARP Poisoning

  • ARP poisoning (Address Resolution Protocol poisoning) is an attack in which an attacker sends fake ARP messages to link their MAC address to the IP address of another device, allowing them to intercept traffic.
  • This attack occurs on the local network, potentially redirecting traffic from one device to the attacker’s device.
  • While this is a local attack, it wouldn’t typically cause only a website to appear defaced. 

c) DNS Poisoning (DNS Spoofing)

  • DNS poisoning is when an attacker corrupts the DNS cache, causing a user to be redirected to a malicious website even when entering the correct URL.
  • This could explain why Laura is seeing a defaced or malicious website while the IT department does not, as only her DNS settings might be affected.
  • This is the most likely cause, as it would explain why only Laura is affected and why the website appears fine to the IT department.

d) MAC Spoofing

  • MAC spoofing involves changing the MAC address of a network device to impersonate another device.
  • While this might cause network disruption, it wouldn’t typically cause a defaced website.

Final Answer:

Based on the above analysis, the correct answer is:

C) DNS poisoning.

DNS poisoning could cause Laura’s device to resolve the company website’s domain name to a different IP address, leading her to a malicious site that appears defaced. Meanwhile, the IT department, using the correct DNS information, would still access the legitimate site. This also explains why there are no changes in the server logs, as the actual company website hasn’t been altered.

Learn More: Homework Help

Q. During which of the following incident-handling processes would the assistance of NIST Special Publication 800-61 be invaluable?

Q. You are assembling a forensics kit to ensure proper incident response. Which of the following would NOT be included in it?

Q. You have recently installed an enterprise-level SOAR solution for incident response. The response team is determining the processes that need to be manually followed when an incident occurs. Which of the following documentation is the team developing?

Q. You have recently installed an enterprise-level SOAR solution for incident response. The response team is determining the processes that need to be manually followed when an incident occurs. Which of the following documentation is the team developing?

Q. Your company implements an industrial control system (ICS) that will connect to two networks: the company network and the control system network. The ICS should transmit only invoicing and billing information on the company network, while the control system network should handle all ICS-related communication. When constructing such a system, which of the following design concepts would best protect the business and its operations?

Leave a Comment

Comments

No comments yet. Why don’t you start the discussion?

    Comments