Ethical Hacking 4.2.10

Which of the following information sharing policies addresses the sharing of critical information in press releases, annual reports, product catalogs, and marketing materials? answer An employee social media policy A company social media policy A printed materials policy An internet policy

A printed materials policy A printed material information sharing policy would limit the sharing of critical information in press releases, annual reports, product catalogs, and marketing materials. An internet information sharing policy would require a review of company websites to see what type of information is being shared about sensitive information. A company social media information sharing policy would provide guidelines regarding the types of posts that are made to the company's social media site. An employee social media information sharing policy would restrict the sharing of sensitive company information on an employee's personal social media page. This could include product information, customer or vendor information, employee information, or even pictures of the organization.

Which of the following services is most targeted during the reconnaissance phase of a hacking attack? answer DHCP TLS DNS DoS

DNS

Julie configures two DNS servers, one internal and one external, with authoritative zones for the corpnet.xyz domain. One DNS server directs external clients to an external server. The other DNS server directs internal clients to an internal server. Which of the following DNS countermeasures is she implementing? answer Split DNS Information sharing policy Proxy server DNS propagation

Split DNS A split DNS is implemented with two DNS servers configured to be authoritative for the same domain, one on the external network and one on the internal network. A proxy server is an intermediary server that separates end users from the websites they browse and is not a DNS countermeasure. A DNS propagation is a process used by DNS servers when a DNS record changes and is not a DNS countermeasure. An information sharing policy is a reconnaissance countermeasure but is not a DNS countermeasure.

John, a security specialist, conducted a review of the company's website. He discovered that sensitive company information was publicly available. Which of the following information sharing policies did he discover were being violated? answer A printed materials policy An employee social media policy A company social media policy An internet policy

An internet policy An internet information sharing policy would require a review of company websites to see what type of information is being shared about sensitive information. A company's social media information sharing policy would provide guidelines regarding the types of posts that are made to the company's social media site. An employee's social media information sharing policy would restrict the sharing of sensitive company information on an employee's personal social media page. This could include product information, customer or vendor information, employee information, or even pictures of the organization. A printed material information sharing policy would limit the sharing of critical information in press releases, annual reports, product catalogs, or marketing materials.

Dan wants to implement reconnaissance countermeasures to help protect his DNS service. Which of the following actions should he take? answer Install patches against known vulnerabilities and clean up out-of-date zones, files, users, and groups. Review company websites to see what type of sensitive information is being shared. Limit the sharing of critical information in press releases, annual reports, product catalogs, or marketing materials. Implement policies that restrict the sharing of sensitive company information on employees' personal social media pages.

Install patches against known vulnerabilities and clean up out-of-date zones, files, users, and groups. Installing patches against known vulnerabilities and cleaning up out-of-date zones, files, users, and groups are good DNS reconnaissance countermeasures. Reviewing company websites to see what type of information is being shared about sensitive information is conforming to an internet information sharing policy. Implementing policies that restrict the sharing of sensitive company information on employees' personal social media pages is conforming to an employee social media information sharing policy. Limiting the sharing of critical information in press releases, annual reports, product catalogs, and marketing materials is conforming to a printed materials information sharing policy.