nerdexam
EC-Council

EC0-350 · Question #789

EC0-350 Question #789: Real Exam Question with Answer & Explanation

The correct answer is D. He can use polymorphic shell code-with a tool such as ADMmutate - to change the signature of his. See the full explanation below for the reasoning.

Question

Basically, there are two approaches to network intrusion detection: signature detection, and anomaly detection. The signature detection approach utilizes well-known signatures for network traffic to identify potentially malicious traffic. The anomaly detection approach utilizes a previous history of network traffic to search for patterns that are abnormal, which would indicate an intrusion. How can an attacker disguise his buffer overflow attack signature such that there is a greater probability of his attack going undetected by the IDS?

Options

  • AHe can use a shellcode that will perform a reverse telnet back to his machine
  • BHe can use a dynamic return address to overwrite the correct value in the target machine computer memory
  • CHe can chain NOOP instructions into a NOOP "sled" that advances the processor's instruction pointer
  • DHe can use polymorphic shell code-with a tool such as ADMmutate - to change the signature of his

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full EC0-350 Practice