Attackers can potentially intercept and modify unsigned SMB packets, modify the traffic and forward it so that the server might perform undesirable actions. Alternatively, the attacker could pose as the server or client after a legitimate authentication and gain unauthorized access to data. Which of the following is NOT a means that can be used to minimize or protect against such an attack?
A.
Timestamps
B.
File permissions
C.
SMB Signing
D.
Sequence numbers monitoring
This is wrong. “SMB Signing” is the correct way in order to protect against this type of attack because SMB signing authenticates both the user and the server hosting the data.
C = SMB Signing as a countermeasure against SMB sniffing/interception. I agree with Patricio. The wrong answers were picked.
We can also look and see clearly in Question 129 below where A is the obvious answer.
“Jess the hacker runs L0phtCrack’s built-in sniffer utility that grabs SMB password hashes and stores them for offline cracking. Once cracked, these passwords can provide easy access to whatever network resources the user account has access to. But Jess is not picking up hashes from the network. Why?
A. The network protocol is configured to use SMB Signing
B. The physical network wire is on fibre optic cable
C. The network protocol is configured to use IPSEC
D. L0phtCrack SMB sniffing only works through Switches and not Hubs
Answer: A