How would you proceed?

You are trying to break into a highly classified top-secret mainframe computer with highest security
system in place at Merclyn Barley Bank located in Los Angeles. You know that conventional
hacking doesn’t work in this case, because organizations such as banks are generally tight and
secure when it comes to protecting their systems. In other words you are trying to penetrate an
otherwise impenetrable system. How would you proceed?

You are trying to break into a highly classified top-secret mainframe computer with highest security
system in place at Merclyn Barley Bank located in Los Angeles. You know that conventional
hacking doesn’t work in this case, because organizations such as banks are generally tight and
secure when it comes to protecting their systems. In other words you are trying to penetrate an
otherwise impenetrable system. How would you proceed?

A.
Look for “zero-day” exploits at various underground hacker websites in Russia and China and
buy the necessary exploits from these hackers and target the bank’s network

B.
Try to hang around the local pubs or restaurants near the bank,get talking to a poorly-paid or
disgruntled employee,and offer them money if they’ll abuse their access privileges by providing
you with sensitive information

C.
Launch DDOS attacks against Merclyn Barley Bank’s routers and firewall systems using
100,000 or more “zombies” and “bots”

D.
Try to conduct Man-in-the-Middle (MiTM) attack and divert the network traffic going to the
Merclyn Barley Bank’s Webserver to that of your machine using DNS Cache Poisoning techniques



Leave a Reply 7

Your email address will not be published. Required fields are marked *


m0

m0

This is ridiculous 😀
-Hello, are you a poorly-paid or disgruntled employee?
-Oh, yes, i am! At last someone asked, i`m hanging around this restaurant for the 5th year, waiting for someone to bribe me!

Seriously, what are the odds? How often do you have to “hang around” a place to find someone like that?

m0

m0

AND,
Why isn`t a zero day a possibility?

bluecat

bluecat

I agree….it’s odd…..why not 0 day exploit,any impenetrable system can’t fight against 0 day exploit.

nash

nash

I agree with all of you above….I guess the intent of the question was leading the test taker to resort to “Social Engineering Attacks”. None the less, very poorly worded.

KM

KM

Well I guess the answer is B, because in the questions “Hacking doesn’t work in this case”

So i guess, Sosial eng is the right one..

Regards
Km

Bill

Bill

Zero day isnt the correct answer because it says “In other words you are trying to penetrate an otherwise impenetrable system” and “You know that conventional hacking doesn’t work in this case”.

Yes, in the real world a zero-day would be a good way to go but for this exam, you need to read the question and base your answer off of the question and the training material.

-jKr

-jKr

The Social Engineering approach is the “lowest hanging fruit” from the options provided.
Start with the easiest first.
0-day for sure is the next option though.