1. Determining Vulnerabilities for a Database Server

You have interviewed Ms. Erin Roye, an IT staff member, after conducting your initial security testing of the Alexander Rocco Corporation. She informs you that the company is running an older version of Oracles database, Oracle 10g, for its personnel database. You decide to research whether Oracle 10g has any known vulnerabilities that you can include in your report to Ms. Roye. You dont know whether Ms. Roye has installed any patches or software fixes; you simply want to create a report with general information.

Quiz Question

a. Based on this information, write a short memo to Ms. Roye describing any CVEs (common vulnerabilities and exposures) or CAN (candidate) documents you found related to Oracle 10g. (Hint: A search of the CVE Web site sponsored by US-CERT, https://cve.mitre.org/, can save you a lot of time.) If you do find vulnerabilities, your memo should include recommendations and be written in a way that doesnt generate fear or uncertainty but encourages prudent decision-making.

2. Same scenario - Except the server is Microsoft IIS 6.0.

3. An exploit that attacks computer systems by inserting executable code in areas of memory because of poorly written code is called? Name one example of this.

4. What is an example of a macro programming language?

5. The Ping of Death is an exploit that sends multiple ICMP packets to a host faster than the host can handle. True or False?

6. What can be used to reduce the risk of a Trojan program or rootkit sending information from an attacked computer to a remote host?

7. Which of the following describes an attack where attackers inject themselves between two parties or systems communicating with one another in order to manipulate messages being passed back and forth?

8. What type of network attack relies on multiple servers participating in an attack on one host system?