March Sale Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

ECCouncil EC0-350 Ethical Hacking and Countermeasures V8 Exam Practice Test

Page: 1 / 88
Total 878 questions

Ethical Hacking and Countermeasures V8 Questions and Answers

Question 1

What technique is used to perform a Connection Stream Parameter Pollution (CSPP) attack?

Options:

A.

Injecting parameters into a connection string using semicolons as a separator

B.

Inserting malicious Javascript code into input parameters

C.

Setting a user's session identifier (SID) to an explicit known value

D.

Adding multiple parameters with the same name in HTTP requests

Question 2

A hacker is attempting to see which IP addresses are currently active on a network. Which NMAP switch would the hacker use?

Options:

A.

-sO

B.

-sP

C.

-sS

D.

-sU

Question 3

While performing data validation of web content, a security technician is required to restrict malicious input. Which of the following processes is an efficient way of restricting malicious input?

Options:

A.

Validate web content input for query strings.

B.

Validate web content input with scanning tools.

C.

Validate web content input for type, length, and range.

D.

Validate web content input for extraneous queries.

Question 4

Which of the following defines the role of a root Certificate Authority (CA) in a Public Key Infrastructure (PKI)?

Options:

A.

The root CA is the recovery agent used to encrypt data when a user's certificate is lost.

B.

The root CA stores the user's hash value for safekeeping.

C.

The CA is the trusted root that issues certificates.

D.

The root CA is used to encrypt email messages to prevent unintended disclosure of data.

Question 5

A tester has been using the msadc.pl attack script to execute arbitrary commands on a Windows NT4 web server. While it is effective, the tester finds it tedious to perform extended functions.

On further research, the tester come across a perl script that runs the following msadc functions:system("perl msadc.pl -h $host -C \"echo open $your >testfile\""); 

Question # 5

Which exploit is indicated by this script?

Options:

A.

A buffer overflow exploit

B.

A chained exploit

C.

A SQL injection exploit

D.

A denial of service exploit

Question 6

Which of the following examples best represents a logical or technical control?

Options:

A.

Security tokens

B.

Heating and air conditioning

C.

Smoke and fire alarms

D.

Corporate security policy

Question 7

Which of the following network attacks relies on sending an abnormally large packet size that exceeds TCP/IP specifications?

Options:

A.

Ping of death

B.

SYN flooding

C.

TCP hijacking

D.

Smurf attack

Question 8

If an e-commerce site was put into a live environment and the programmers failed to remove the secret entry point that was used during the application development, what is this secret entry point known as?

Options:

A.

SDLC process

B.

Honey pot

C.

SQL injection

D.

Trap door

Question 9

Which of the following business challenges could be solved by using a vulnerability scanner?

Options:

A.

Auditors want to discover if all systems are following a standard naming convention.

B.

A web server was compromised and management needs to know if any further systems were compromised.

C.

There is an emergency need to remove administrator access from multiple machines for an employee that quit.

D.

There is a monthly requirement to test corporate compliance with host application usage and security policies.

Question 10

Which security control role does encryption meet?

Options:

A.

Preventative

B.

Detective

C.

Offensive

D.

Defensive

Question 11

What are common signs that a system has been compromised or hacked? (Choose three.)

Options:

A.

Increased amount of failed logon events

B.

Patterns in time gaps in system and/or event logs

C.

New user accounts created

D.

Consistency in usage baselines

E.

Partitions are encrypted

F.

Server hard drives become fragmented

Question 12

What information should an IT system analysis provide to the risk assessor?

Options:

A.

Management buy-in

B.

Threat statement

C.

Security architecture

D.

Impact analysis

Question 13

A Certificate Authority (CA) generates a key pair that will be used for encryption and decryption of email. The integrity of the encrypted email is dependent on the security of which of the following?

Options:

A.

Public key

B.

Private key

C.

Modulus length

D.

Email server certificate

Question 14

Fingerprinting VPN firewalls is possible with which of the following tools?

Options:

A.

Angry IP

B.

Nikto

C.

Ike-scan

D.

Arp-scan

Question 15

A technician is resolving an issue where a computer is unable to connect to the Internet using a wireless access point. The computer is able to transfer files locally to other machines, but cannot successfully reach the Internet. When the technician examines the IP address and default gateway they are both on the 192.168.1.0/24. Which of the following has occurred?

Options:

A.

The gateway is not routing to a public IP address.

B.

The computer is using an invalid IP address.

C.

The gateway and the computer are not on the same network.

D.

The computer is not using a private IP address.

Question 16

Advanced encryption standard is an algorithm used for which of the following?

Options:

A.

Data integrity

B.

Key discovery

C.

Bulk data encryption

D.

Key recovery

Question 17

Company A and Company B have just merged and each has its own Public Key Infrastructure (PKI). What must the Certificate Authorities (CAs) establish so that the private PKIs for Company A and Company B trust one another and each private PKI can validate digital certificates from the other company?

Options:

A.

Poly key exchange

B.

Cross certification

C.

Poly key reference

D.

Cross-site exchange

Question 18

Joseph was the Web site administrator for the Mason Insurance in New York, who's main Web site was located at www.masonins.com. Joseph uses his laptop computer regularly to administer the Web site.

One night, Joseph received an urgent phone call from his friend, Smith. According to Smith, the main Mason Insurance web site had been vandalized! All of its normal content was removed and replaced with an attacker's message ''Hacker Message: You are dead! Freaks!

From his office, which was directly connected to Mason Insurance's internal network, Joseph surfed to the Web site using his laptop. In his browser, the Web site looked completely intact. No changes were apparent. Joseph called a friend of his at his home to help troubleshoot the problem. The Web site appeared defaced when his friend visited using his DSL connection. So, while Smith and his friend could see the defaced page, Joseph saw the intact Mason Insurance web site. To help make sense of this problem, Joseph decided to access the Web site using his dial-up ISP. He disconnected his laptop from the corporate internal network and used his modem to dial up the same ISP used by Smith.

After his modem connected, he quickly typed www.masonins.com in his browser to reveal the following web page:

H@cker Mess@ge:

Y0u @re De@d! Fre@ks!

After seeing the defaced Web site, he disconnected his dial-up line, reconnected to the internal network, and used Secure Shell (SSH) to log in directly to the Web server. He ran Tripwire against the entire Web site, and determined that every system file and all the Web content on the server were intact.

How did the attacker accomplish this hack?

Options:

A.

ARP spoofing

B.

SQL injection

C.

DNS poisoning

D.

Routing table injection

Question 19

How would you describe a simple yet very effective mechanism for sending and receiving unauthorized information or data between machines without alerting any firewalls and IDS's on a network?

Options:

A.

Covert Channel

B.

Crafted Channel

C.

Bounce Channel

D.

Deceptive Channel

Question 20

Samantha was hired to perform an internal security test of XYZ. She quickly realized that all networks are making use of switches instead of traditional hubs. This greatly limits her ability to gather information through network sniffing.

Which of the following techniques can she use to gather information from the switched network or to disable some of the traffic isolation features of the switch? (Choose two)

Options:

A.

Ethernet Zapping

B.

MAC Flooding

C.

Sniffing in promiscuous mode

D.

ARP Spoofing

Question 21

Which of the following statements about a zone transfer correct?(Choose three.

Options:

A.

A zone transfer is accomplished with the DNS

B.

A zone transfer is accomplished with the nslookup service

C.

A zone transfer passes all zone information that a DNS server maintains

D.

A zone transfer passes all zone information that a nslookup server maintains

E.

A zone transfer can be prevented by blocking all inbound TCP port 53 connections

F.

Zone transfers cannot occur on the Internet

Question 22

When discussing passwords, what is considered a brute force attack?

Options:

A.

You attempt every single possibility until you exhaust all possible combinations or discover the password

B.

You threaten to use the rubber hose on someone unless they reveal their password

C.

You load a dictionary of words into your cracking program

D.

You create hashes of a large number of words and compare it with the encrypted passwords

E.

You wait until the password expires

Question 23

What do Trinoo, TFN2k, WinTrinoo, T-Sight, and Stracheldraht have in common?

Options:

A.

All are hacking tools developed by the legion of doom

B.

All are tools that can be used not only by hackers, but also security personnel

C.

All are DDOS tools

D.

All are tools that are only effective against Windows

E.

All are tools that are only effective against Linux

Question 24

Exhibit:

Question # 24

You have captured some packets in Ethereal. You want to view only packets sent from 10.0.0.22. What filter will you apply?

Options:

A.

ip = 10.0.0.22

B.

ip.src == 10.0.0.22

C.

ip.equals 10.0.0.22

D.

ip.address = 10.0.0.22

Question 25

What file system vulnerability does the following command take advantage of?

type c:\anyfile.exe > c:\winnt\system32\calc.exe:anyfile.exe

Options:

A.

HFS

B.

ADS

C.

NTFS

D.

Backdoor access

Question 26

ARP poisoning is achieved in _____ steps

Options:

A.

1

B.

2

C.

3

D.

4

Question 27

An attacker runs netcat tool to transfer a secret file between two hosts.

Machine A: netcat -l -p 1234 < secretfile

Machine B: netcat 192.168.3.4 > 1234

He is worried about information being sniffed on the network. How would the attacker use netcat to encrypt the information before transmitting onto the wire?

Options:

A.

Machine A: netcat -l -p -s password 1234 < testfile

Machine B: netcat 1234

B.

Machine A: netcat -l -e magickey -p 1234 < testfile

Machine B: netcat 1234

C.

Machine A: netcat -l -p 1234 < testfile -pw password

Machine B: netcat 1234 -pw password

D.

Use cryptcat instead of netcat

Question 28

You are attempting to crack LM Manager hashed from Windows 2000 SAM file. You will be using LM Brute force hacking tool for decryption.

What encryption algorithm will you be decrypting?

Options:

A.

MD4

B.

DES

C.

SHA

D.

SSL

Question 29

If a token and 4-digit personal identification number (PIN) are used to access a computer system and the token performs off-line checking for the correct PIN, what type of attack is possible?

Options:

A.

Birthday

B.

Brute force

C.

Man-in-the-middle

D.

Smurf

Question 30

When Jason moves a file via NFS over the company's network, you want to grab a copy of it by sniffing. Which of the following tool accomplishes this?

Options:

A.

macof

B.

webspy

C.

filesnarf

D.

nfscopy

Question 31

A remote user tries to login to a secure network using Telnet, but accidently types in an invalid user name or password. Which responses would NOT be preferred by an experienced Security Manager? (multiple answer)

Options:

A.

Invalid Username

B.

Invalid Password

C.

Authentication Failure

D.

Login Attempt Failed

E.

Access Denied

Question 32

You suspect that your Windows machine has been compromised with a Trojan virus. When you run anti-virus software it does not pick of the Trojan. Next you run netstat command to look for open ports and you notice a strange port 6666 open.

What is the next step you would do?

Options:

A.

Re-install the operating system.

B.

Re-run anti-virus software.

C.

Install and run Trojan removal software.

D.

Run utility fport and look for the application executable that listens on port 6666.

Question 33

John wishes to install a new application onto his Windows 2000 server.

He wants to ensure that any application he uses has not been Trojaned.

What can he do to help ensure this?

Options:

A.

Compare the file's MD5 signature with the one published on the distribution media

B.

Obtain the application via SSL

C.

Compare the file's virus signature with the one published on the distribution media

D.

Obtain the application from a CD-ROM disc

Question 34

How can you determine if an LM hash you extracted contains a password that is less than 8 characters long?

Options:

A.

There is no way to tell because a hash cannot be reversed

B.

The right most portion of the hash is always the same

C.

The hash always starts with AB923D

D.

The left most portion of the hash is always the same

E.

A portion of the hash will be all 0's

Question 35

You went to great lengths to install all the necessary technologies to prevent hacking attacks, such as expensive firewalls, antivirus software, anti-spam systems and intrusion detection/prevention tools in your company's network. You have configured the most secure policies and tightened every device on your network. You are confident that hackers will never be able to gain access to your network with complex security system in place. Your peer, Peter Smith who works at the same department disagrees with you. He says even the best network security technologies cannot prevent hackers gaining access to the network because of presence of "weakest link" in the security chain. What is Peter Smith talking about?

Options:

A.

Untrained staff or ignorant computer users who inadvertently become the weakest link in your security chain

B.

"zero-day" exploits are the weakest link in the security chain since the IDS will not be able to detect these attacks

C.

"Polymorphic viruses" are the weakest link in the security chain since the Anti-Virus scanners will not be able to detect these attacks

D.

Continuous Spam e-mails cannot be blocked by your security system since spammers use different techniques to bypass the filters in your gateway

Question 36

Switches maintain a CAM Table that maps individual MAC addresses on the network to physical ports on the switch.

Question # 36

In MAC flooding attack, a switch is fed with many Ethernet frames, each containing different source MAC addresses, by the attacker. Switches have a limited memory for mapping various MAC addresses to physical ports. What happens when the CAM table becomes full?

Options:

A.

Switch then acts as hub by broadcasting packets to all machines on the network

B.

The CAM overflow table will cause the switch to crash causing Denial of Service

C.

The switch replaces outgoing frame switch factory default MAC address of FF:FF:FF:FF:FF:FF

D.

Every packet is dropped and the switch sends out SNMP alerts to the IDS port

Question 37

The network administrator at Spears Technology, Inc has configured the default gateway Cisco router's access-list as below:

Question # 37

You are hired to conduct security testing on their network. You successfully brute-force the SNMP community string using a SNMP crack tool. The access-list configured at the router prevents you from establishing a successful connection. You want to retrieve the Cisco configuration from the router. How would you proceed?

Options:

A.

Use the Cisco's TFTP default password to connect and download the configuration file

B.

Run a network sniffer and capture the returned traffic with the configuration file from the router

C.

Run Generic Routing Encapsulation (GRE) tunneling protocol from your computer to the router masking your IP address

D.

Send a customized SNMP set request with a spoofed source IP address in the range - 192.168.1.0

Question 38

An Attacker creates a zuckerjournals.com website by copying and mirroring HACKERJOURNALS.COM site to spread the news that Hollywood actor Jason Jenkins died in a car accident. The attacker then submits his fake site for indexing in major search engines. When users search for "Jason Jenkins", attacker's fake site shows up and dupes victims by the fake news.

Question # 38

This is another great example that some people do not know what URL's are. Real website:

Fake website: http://www.zuckerjournals.com

Question # 38

The website is clearly not WWW.HACKERJOURNALS.COM. It is obvious for many, but unfortunately some people still do not know what an URL is. It's the address that you enter into the address bar at the top your browser and this is clearly not legit site, its www.zuckerjournals.com

How would you verify if a website is authentic or not?

Options:

A.

Visit the site using secure HTTPS protocol and check the SSL certificate for authenticity

B.

Navigate to the site by visiting various blogs and forums for authentic links

C.

Enable Cache on your browser and lookout for error message warning on the screen

D.

Visit the site by clicking on a link from Google search engine

Question 39

Bob has a good understanding of cryptography, having worked with it for many years. Cryptography is used to secure data from specific threats, but it does not secure the application from coding errors. It can provide data privacy; integrity and enable strong authentication but it cannot mitigate programming errors. What is a good example of a programming error that Bob can use to explain to the management how encryption will not address all their security concerns?

Options:

A.

Bob can explain that using a weak key management technique is a form of programming error

B.

Bob can explain that using passwords to derive cryptographic keys is a form of a programming error

C.

Bob can explain that a buffer overflow is an example of programming error and it is a common mistake associated with poor programming technique

D.

Bob can explain that a random number generator can be used to derive cryptographic keys but it uses a weak seed value and this is a form of a programming error

Question 40

Fred is the network administrator for his company. Fred is testing an internal switch. From an external IP address, Fred wants to try and trick this switch into thinking it already has established a session with his computer. How can Fred accomplish this?

Options:

A.

Fred can accomplish this by sending an IP packet with the RST/SIN bit and the source address of his computer.

B.

He can send an IP packet with the SYN bit and the source address of his computer.

C.

Fred can send an IP packet with the ACK bit set to zero and the source address of the switch.

D.

Fred can send an IP packet to the switch with the ACK bit and the source address of his machine.

Question 41

You establish a new Web browser connection to Google. Since a 3-way handshake is required for any TCP connection, the following actions will take place.

Question # 41

  • DNS query is sent to the DNS server to resolve www.google.com
  • DNS server replies with the IP address for Google?
  • SYN packet is sent to Google.
  • Google sends back a SYN/ACK packet
  • Your computer completes the handshake by sending an ACK
  • The connection is established and the transfer of data commences

Which of the following packets represent completion of the 3-way handshake?

Options:

A.

4th packet

B.

3rdpacket

C.

6th packet

D.

5th packet

Question 42

You are footprinting an organization and gathering competitive intelligence. You visit the company's website for contact information and telephone numbers but do not find them listed there. You know they had the entire staff directory listed on their website 12 months ago but now it is not there. Is there any way you can retrieve information from a website that is outdated?

Options:

A.

Visit Google's search engine and view the cached copy

B.

Crawl the entire website and store them into your computer

C.

Visit Archive.org web site to retrieve the Internet archive of the company's website

D.

Visit the company's partners and customers website for this information

Question 43

TCP packets transmitted in either direction after the initial three-way handshake will have which of the following bit set?

Options:

A.

SYN flag

B.

ACK flag

C.

FIN flag

D.

XMAS flag

Question 44

John is using a special tool on his Linux platform that has a database containing signatures to be able to detect hundreds of vulnerabilities in UNIX, Windows, and commonly used web CGI/ASPX scripts. Moreover, the database detects DDoS zombies and Trojans as well. What would be the name of this tool?

Options:

A.

hping2

B.

nessus

C.

nmap

D.

make

Question 45

"Testing the network using the same methodologies and tools employed by attackers" Identify the correct terminology that defines the above statement.

Options:

A.

Vulnerability Scanning

B.

Penetration Testing

C.

Security Policy Implementation

D.

Designing Network Security

Question 46

You are gathering competitive intelligence on an organization. You notice that they have jobs listed on a few Internet job-hunting sites. There are two jobs for network and system administrators. How can this help you in foot printing the organization?

Options:

A.

To learn about the IP range used by the target network

B.

To identify the number of employees working for the company

C.

To test the limits of the corporate security policy enforced in the company

D.

To learn about the operating systems, services and applications used on the network

Question 47

_____________ is a type of symmetric-key encryption algorithm that transforms a fixed-length block of plaintext (unencrypted text) data into a block of ciphertext (encrypted text) data of the same length.

Options:

A.

Stream Cipher

B.

Block Cipher

C.

Bit Cipher

D.

Hash Cipher

Question 48

One of the ways to map a targeted network for live hosts is by sending an ICMP ECHO request to the broadcast or the network address. The request would be broadcasted to all hosts on the targeted network. The live hosts will send an ICMP ECHO Reply to the attacker's source IP address.

You send a ping request to the broadcast address 192.168.5.255.

Question # 48

There are 40 computers up and running on the target network. Only 13 hosts send a reply while others do not. Why?

Options:

A.

Windows machines will not generate an answer (ICMP ECHO Reply) to an ICMP ECHO request aimed at the broadcast address or at the network address.

B.

Linux machines will not generate an answer (ICMP ECHO Reply) to an ICMP ECHO request aimed at the broadcast address or at the network address.

C.

You should send a ping request with this command ping ? 192.168.5.0-255

D.

You cannot ping a broadcast address. The above scenario is wrong.

Question 49

Charlie is the network administrator for his company. Charlie just received a new Cisco router and wants to test its capabilities out and to see if it might be susceptible to a DoS attack resulting in its locking up. The IP address of the Cisco switch is 172.16.0.45. What command can Charlie use to attempt this task?

Options:

A.

Charlie can use the commanD. ping -l 56550 172.16.0.45 -t.

B.

Charlie can try using the commanD. ping 56550 172.16.0.45.

C.

By using the command ping 172.16.0.45 Charlie would be able to lockup the router

D.

He could use the commanD. ping -4 56550 172.16.0.45.

Question 50

You are trying to break into a highly classified top-secret mainframe computer with highest security system in place at Merclyn Barley Bank located in Los Angeles. You know that conventional hacking doesn't work in this case, because organizations such as banks are generally tight and secure when it comes to protecting their systems. In other words you are trying to penetrate an otherwise impenetrable system. How would you proceed?

Options:

A.

Look for "zero-day" exploits at various underground hacker websites in Russia and China and buy the necessary exploits from these hackers and target the bank's network

B.

Try to hang around the local pubs or restaurants near the bank, get talking to a poorly-paid or disgruntled employee, and offer them money if they'll abuse their access privileges by providing you with sensitive information

C.

Launch DDOS attacks against Merclyn Barley Bank's routers and firewall systems using 100, 000 or more "zombies" and "bots"

D.

Try to conduct Man-in-the-Middle (MiTM) attack and divert the network traffic going to the Merclyn Barley Bank's Webserver to that of your machine using DNS Cache Poisoning techniques

Question 51

Frederickson Security Consultants is currently conducting a security audit on the networks of Hawthorn Enterprises, a contractor for the Department of Defense. Since Hawthorn Enterprises conducts business daily with the federal government, they must abide by very stringent security policies. Frederickson is testing all of Hawthorn's physical and logical security measures including biometrics, passwords, and permissions. The federal government requires that all users must utilize random, non-dictionary passwords that must take at least 30 days to crack. Frederickson has confirmed that all Hawthorn employees use a random password generator for their network passwords. The Frederickson consultants have saved off numerous SAM files from Hawthorn's servers using Pwdump6 and are going to try and crack the network passwords. What method of attack is best suited to crack these passwords in the shortest amount of time?

Options:

A.

Brute force attack

B.

Birthday attack

C.

Dictionary attack

D.

Brute service attack

Question 52

Which Type of scan sends a packets with no flags set? Select the Answer

Options:

A.

Open Scan

B.

Null Scan

C.

Xmas Scan

D.

Half-Open Scan

Question 53

What are the default passwords used by SNMP? (Choose two.)

Options:

A.

Password

B.

SA

C.

Private

D.

Administrator

E.

Public

F.

Blank

Question 54

The following excerpt is taken from a honeyput log. The log captures activities across three days. There are several intrusion attempts; however, a few are successful. Study the log given below and answer the following question:

(Note: The objective of this questions is to test whether the student has learnt about passive OS fingerprinting (which should tell them the OS from log captures): can they tell a SQL injection attack signature; can they infer if a user ID has been created by an attacker and whether they can read plain source – destination entries from log entries.)

Question # 54

What can you infer from the above log?

Options:

A.

The system is a windows system which is being scanned unsuccessfully.

B.

The system is a web application server compromised through SQL injection.

C.

The system has been compromised and backdoored by the attacker.

D.

The actual IP of the successful attacker is 24.9.255.53.

Question 55

Which address translation scheme would allow a single public IP address to always correspond to a single machine on an internal network, allowing "server publishing"?

Options:

A.

Overloading Port Address Translation

B.

Dynamic Port Address Translation

C.

Dynamic Network Address Translation

D.

Static Network Address Translation

Question 56

When Nmap performs a ping sweep, which of the following sets of requests does it send to the target device?

Options:

A.

ICMP ECHO_REQUEST & TCP SYN

B.

ICMP ECHO_REQUEST & TCP ACK

C.

ICMP ECHO_REPLY & TFP RST

D.

ICMP ECHO_REPLY & TCP FIN

Question 57

What are the two basic types of attacks? (Choose two.

Options:

A.

DoS

B.

Passive

C.

Sniffing

D.

Active

E.

Cracking

Question 58

Sandra is the security administrator of XYZ.com. One day she notices that the XYZ.com Oracle database server has been compromised and customer information along with financial data has been stolen. The financial loss will be estimated in millions of dollars if the database gets into the hands of competitors. Sandra wants to report this crime to the law enforcement agencies immediately.

Which organization coordinates computer crime investigations throughout the United States?

Options:

A.

NDCA

B.

NICP

C.

CIRP

D.

NPC

E.

CIA

Question 59

While performing ping scans into a target network you get a frantic call from the organization’s security team. They report that they are under a denial of service attack. When you stop your scan, the smurf attack event stops showing up on the organization’s IDS monitor. How can you modify your scan to prevent triggering this event in the IDS?

Options:

A.

Scan more slowly.

B.

Do not scan the broadcast IP.

C.

Spoof the source IP address.

D.

Only scan the Windows systems.

Question 60

While performing a ping sweep of a subnet you receive an ICMP reply of Code 3/Type 13 for all the pings sent out.

What is the most likely cause behind this response?

Options:

A.

The firewall is dropping the packets.

B.

An in-line IDS is dropping the packets.

C.

A router is blocking ICMP.

D.

The host does not respond to ICMP packets.

Question 61

Who is an Ethical Hacker?

Options:

A.

A person who hacks for ethical reasons

B.

A person who hacks for an ethical cause

C.

A person who hacks for defensive purposes

D.

A person who hacks for offensive purposes

Question 62

You have initiated an active operating system fingerprinting attempt with nmap against a target system:

Question # 62

What operating system is the target host running based on the open ports shown above?

Options:

A.

Windows XP

B.

Windows 98 SE

C.

Windows NT4 Server

D.

Windows 2000 Server

Question 63

Bob has been hired to perform a penetration test on XYZ.com. He begins by looking at IP address ranges owned by the company and details of domain name registration. He then goes to News Groups and financial web sites to see if they are leaking any sensitive information of have any technical details online.

Within the context of penetration testing methodology, what phase is Bob involved with?

Options:

A.

Passive information gathering

B.

Active information gathering

C.

Attack phase

D.

Vulnerability Mapping

Question 64

Doug is conducting a port scan of a target network. He knows that his client target network has a web server and that there is a mail server also which is up and running. Doug has been sweeping the network but has not been able to elicit any response from the remote target. Which of the following could be the most likely cause behind this lack of response? Select 4.

Options:

A.

UDP is filtered by a gateway

B.

The packet TTL value is too low and cannot reach the target

C.

The host might be down

D.

The destination network might be down

E.

The TCP windows size does not match

F.

ICMP is filtered by a gateway

Question 65

SNMP is a protocol used to query hosts, servers, and devices about performance or health status data. This protocol has long been used by hackers to gather great amount of information about remote hosts.

Which of the following features makes this possible? (Choose two)

Options:

A.

It used TCP as the underlying protocol.

B.

It uses community string that is transmitted in clear text.

C.

It is susceptible to sniffing.

D.

It is used by all network devices on the market.

Question 66

A specific site received 91 ICMP_ECHO packets within 90 minutes from 47 different sites. 77 of the ICMP_ECHO packets had an ICMP ID:39612 and Seq:57072. 13 of the ICMP_ECHO packets had an ICMP ID:0 and Seq:0. What can you infer from this information?

Options:

A.

The packets were sent by a worm spoofing the IP addresses of 47 infected sites

B.

ICMP ID and Seq numbers were most likely set by a tool and not by the operating system

C.

All 77 packets came from the same LAN segment and hence had the same ICMP ID and Seq number

D.

13 packets were from an external network and probably behind a NAT, as they had an ICMP ID 0 and Seq 0

Question 67

While reviewing the result of scanning run against a target network you come across the following:

Question # 67

Which among the following can be used to get this output?

Options:

A.

A Bo2k system query.

B.

nmap protocol scan

C.

A sniffer

D.

An SNMP walk

Question 68

Use the traceroute results shown above to answer the following question:

Question # 68

The perimeter security at targetcorp.com does not permit ICMP TTL-expired packets out.

Options:

A.

True

B.

False

Question 69

Which one of the following attacks will pass through a network layer intrusion detection system undetected?

Options:

A.

A teardrop attack

B.

A SYN flood attack

C.

A DNS spoofing attack

D.

A test.cgi attack

Question 70

Basically, there are two approaches to network intrusion detection: signature detection, and anomaly detection. The signature detection approach utilizes well-known signatures for network traffic to identify potentially malicious traffic. The anomaly detection approach utilizes a previous history of network traffic to search for patterns that are abnormal, which would indicate an intrusion. How can an attacker disguise his buffer overflow attack signature such that there is a greater probability of his attack going undetected by the IDS?

Options:

A.

He can use a shellcode that will perform a reverse telnet back to his machine

B.

He can use a dynamic return address to overwrite the correct value in the target machine computer memory

C.

He can chain NOOP instructions into a NOOP "sled" that advances the processor's instruction pointer to a random place of choice

D.

He can use polymorphic shell code-with a tool such as ADMmutate - to change the signature of his exploit as seen by a network IDS

Question 71

Bob reads an article about how insecure wireless networks can be. He gets approval from his management to implement a policy of not allowing any wireless devices on the network. What other steps does Bob have to take in order to successfully implement this? (Select 2 answer.)

Options:

A.

Train users in the new policy.

B.

Disable all wireless protocols at the firewall.

C.

Disable SNMP on the network so that wireless devices cannot be configured.

D.

Continuously survey the area for wireless devices.

Question 72

The Slammer Worm exploits a stack-based overflow that occurs in a DLL implementing the Resolution Service.

Which of the following Database Server was targeted by the slammer worm?

Options:

A.

Oracle

B.

MSSQL

C.

MySQL

D.

Sybase

E.

DB2

Question 73

Several of your co-workers are having a discussion over the etc/passwd file. They are at odds over what types of encryption are used to secure Linux passwords.(Choose all that apply.

Options:

A.

Linux passwords can be encrypted with MD5

B.

Linux passwords can be encrypted with SHA

C.

Linux passwords can be encrypted with DES

D.

Linux passwords can be encrypted with Blowfish

E.

Linux passwords are encrypted with asymmetric algrothims

Question 74

If you receive a RST packet while doing an ACK scan, it indicates that the port is open.(True/False).

Options:

A.

True

B.

False

Question 75

WEP is used on 802.11 networks, what was it designed for?

Options:

A.

WEP is designed to provide a wireless local area network (WLAN) with a level of security and privacy comparable to what it usually expected of a wired LAN.

B.

WEP is designed to provide strong encryption to a wireless local area network (WLAN) with a lever of integrity and privacy adequate for sensible but unclassified information.

C.

WEP is designed to provide a wireless local area network (WLAN) with a level of availability and privacy comparable to what is usually expected of a wired LAN.

D.

WEOP is designed to provide a wireless local area network (WLAN) with a level of privacy comparable to what it usually expected of a wired LAN.

Question 76

Vulnerability mapping occurs after which phase of a penetration test?

Options:

A.

Host scanning

B.

Passive information gathering

C.

Analysis of host scanning

D.

Network level discovery

Question 77

An Evil Cracker is attempting to penetrate your private network security. To do this, he must not be seen by your IDS, as it may take action to stop him. What tool might he use to bypass the IDS?

Select the best answer.

Options:

A.

Firewalk

B.

Manhunt

C.

Fragrouter

D.

Fragids

Question 78

Kevin has been asked to write a short program to gather user input for a web application. He likes to keep his code neat and simple. He chooses to use printf(str) where he should have ideally used printf(?s? str). What attack will his program expose the web application to?

Options:

A.

Cross Site Scripting

B.

SQL injection Attack

C.

Format String Attack

D.

Unicode Traversal Attack

Question 79

Bryan notices the error on the web page and asks Liza to enter liza' or '1'='1 in the email field. They are greeted with a message "Your login information has been mailed to johndoe@gmail.com". What do you think has occurred?

Options:

A.

The web application picked up a record at random

B.

The web application returned the first record it found

C.

The server error has caused the application to malfunction

D.

The web application emailed the administrator about the error

Question 80

In order to attack a wireless network, you put up an access point and override the signal of the real access point. As users send authentication data, you are able to capture it. What kind of attack is this?

Options:

A.

Rouge access point attack

B.

Unauthorized access point attack

C.

War Chalking

D.

WEP attack

Question 81

An employee wants to defeat detection by a network-based IDS application. He does not want to attack the system containing the IDS application.

Which of the following strategies can be used to defeat detection by a network-based IDS application? (Choose the best answer)

Options:

A.

Create a network tunnel.

B.

Create a multiple false positives.

C.

Create a SYN flood.

D.

Create a ping flood.

Question 82

Pandora is used to attack __________ network operating systems.

Options:

A.

Windows

B.

UNIX

C.

Linux

D.

Netware

E.

MAC OS

Question 83

One of the better features of NetWare is the use of packet signature that includes cryptographic signatures. The packet signature mechanism has four levels from 0 to 3.

In the list below which of the choices represent the level that forces NetWare to sign all packets?

Options:

A.

0 (zero)

B.

1

C.

2

D.

3

Question 84

Which of the following wireless technologies can be detected by NetStumbler? (Select all that apply)

Options:

A.

802.11b

B.

802.11e

C.

802.11a

D.

802.11g

E.

802.11

Question 85

Which is the right sequence of packets sent during the initial TCP three way handshake?

Options:

A.

FIN, FIN-ACK, ACK

B.

SYN, URG, ACK

C.

SYN, ACK, SYN-ACK

D.

SYN, SYN-ACK, ACK

Question 86

What type of Trojan is this?

Question # 86

Options:

A.

RAT Trojan

B.

E-Mail Trojan

C.

Defacement Trojan

D.

Destructing Trojan

E.

Denial of Service Trojan

Question 87

More sophisticated IDSs look for common shellcode signatures. But even these systems can be bypassed, by using polymorphic shellcode. This is a technique common among virus writers ?it basically hides the true nature of the shellcode in different disguises.

How does a polymorphic shellcode work?

Options:

A.

They encrypt the shellcode by XORing values over the shellcode, using loader code to decrypt the shellcode, and then executing the decrypted shellcode

B.

They convert the shellcode into Unicode, using loader to convert back to machine code then executing them

C.

They reverse the working instructions into opposite order by masking the IDS signatures

D.

They compress shellcode into normal instructions, uncompress the shellcode using loader code and then executing the shellcode

Question 88

Shayla is an IT security consultant, specializing in social engineering and external penetration tests. Shayla has been hired on by Treks Avionics, a subcontractor for the Department of Defense. Shayla has been given authority to perform any and all tests necessary to audit the company's network security.

No employees for the company, other than the IT director, know about Shayla's work she will be doing. Shayla's first step is to obtain a list of employees through company website contact pages. Then she befriends a female employee of the company through an online chat website. After meeting with the female employee numerous times, Shayla is able to gain her trust and they become friends. One day, Shayla steals the employee's access badge and uses it to gain unauthorized access to the Treks Avionics offices.

What type of insider threat would Shayla be considered?

Options:

A.

She would be considered an Insider Affiliate

B.

Because she does not have any legal access herself, Shayla would be considered an Outside Affiliate

C.

Shayla is an Insider Associate since she has befriended an actual employee

D.

Since Shayla obtained access with a legitimate company badge; she would be considered a Pure Insider

Question 89

Stephanie works as a records clerk in a large office building in downtown Chicago. On Monday, she went to a mandatory security awareness class (Security5) put on by her company's IT department. During the class, the IT department informed all employees that everyone's Internet activity was thenceforth going to be monitored.

Stephanie is worried that her Internet activity might give her supervisor reason to write her up, or worse get her fired. Stephanie's daily work duties only consume about four hours of her time, so she usually spends the rest of the day surfing the web. Stephanie really enjoys surfing the Internet but definitely does not want to get fired for it.

What should Stephanie use so that she does not get in trouble for surfing the Internet?

Options:

A.

Stealth IE

B.

Stealth Anonymizer

C.

Stealth Firefox

D.

Cookie Disabler

Question 90

David is a security administrator working in Boston. David has been asked by the office's manager to block all POP3 traffic at the firewall because he believes employees are spending too much time reading personal email. How can David block POP3 at the firewall?

Options:

A.

David can block port 125 at the firewall.

B.

David can block all EHLO requests that originate from inside the office.

C.

David can stop POP3 traffic by blocking all HELO requests that originate from inside the office.

D.

David can block port 110 to block all POP3 traffic.

Question 91

TCP/IP Session Hijacking is carried out in which OSI layer?

Options:

A.

Datalink layer

B.

Transport layer

C.

Network layer

D.

Physical layer

Question 92

Which of the following type of scanning utilizes automated process of proactively identifying vulnerabilities of the computing systems present on a network?

Options:

A.

Port Scanning

B.

Single Scanning

C.

External Scanning

D.

Vulnerability Scanning

Question 93

Which of the following countermeasure can specifically protect against both the MAC Flood and MAC Spoofing attacks?

Options:

A.

Configure Port Security on the switch

B.

Configure Port Recon on the switch

C.

Configure Switch Mapping

D.

Configure Multiple Recognition on the switch

Question 94

Consider the following code:

<a href="URL:http://www.certified.com/search.pl?">URL:http://www.certified.com/search.pl?</a>

text=<script>alert(document.cookie)</script>

If an attacker can trick a victim user to click a link like this, and the Web application does not validate input, then the victim's browser will pop up an alert showing the users current set of cookies. An attacker can do much more damage, including stealing passwords, resetting your home page, or redirecting the user to another Web site.

What is the countermeasure against XSS scripting?

Options:

A.

Create an IP access list and restrict connections based on port number

B.

Replace "<" and ">" characters with "& l t;" and "& g t;" using server scripts

C.

Disable Javascript in IE and Firefox browsers

D.

Connect to the server using HTTPS protocol instead of HTTP

Question 95

The following script shows a simple SQL injection. The script builds an SQL query by concatenating hard-coded strings together with a string entered by the user:

Question # 95

The user is prompted to enter the name of a city on a Web form. If she enters Chicago, the query assembled by the script looks similar to the following:

SELECT * FROM OrdersTable WHERE ShipCity = 'Chicago'

How will you delete the OrdersTable from the database using SQL Injection?

Options:

A.

Chicago'; drop table OrdersTable --

B.

Delete table'blah'; OrdersTable --

C.

EXEC; SELECT * OrdersTable > DROP --

D.

cmdshell'; 'del c:\sql\mydb\OrdersTable' //

Question 96

The SYN flood attack sends TCP connections requests faster than a machine can process them.

  • Attacker creates a random source address for each packet
  • SYN flag set in each packet is a request to open a new connection to the server from the spoofed IP address
  • Victim responds to spoofed IP address, then waits for confirmation that never arrives (timeout wait is about 3 minutes)
  • Victim's connection table fills up waiting for replies and ignores new connections
  • Legitimate users are ignored and will not be able to access the server

How do you protect your network against SYN Flood attacks?

Options:

A.

SYN cookies. Instead of allocating a record, send a SYN-ACK with a carefully constructed sequence number generated as a hash of the clients IP address, port number, and other information. When the client responds with a normal ACK, that special sequence number will be included, which the server then verifies. Thus, the server first allocates memory on the third packet of the handshake, not the first.

B.

RST cookies - The server sends a wrong SYN/ACK back to the client. The client should then generate a RST packet telling the server that something is wrong. At this point, the server knows the client is valid and will now accept incoming connections from that client normally

C.

Check the incoming packet's IP address with the SPAM database on the Internet and enable the filter using ACLs at the Firewall

D.

Stack Tweaking. TCP stacks can be tweaked in order to reduce the effect of SYN floods. Reduce the timeout before a stack frees up the memory allocated for a connection

E.

Micro Blocks. Instead of allocating a complete connection, simply allocate a micro record of 16-bytes for the incoming SYN object

Question 97

In TCP communications there are 8 flags; FIN, SYN, RST, PSH, ACK, URG, ECE, CWR. These flags have decimal numbers assigned to them:

FIN = 1

SYN = 2

RST = 4

PSH = 8

ACK = 16

URG = 32

ECE = 64

CWR = 128

Jason is the security administrator of ASPEN Communications. He analyzes some traffic using Wireshark and has enabled the following filters.

Question # 97

What is Jason trying to accomplish here?

Options:

A.

SYN, FIN, URG and PSH

B.

SYN, SYN/ACK, ACK

C.

RST, PSH/URG, FIN

D.

ACK, ACK, SYN, URG

Question 98

In what stage of Virus life does a stealth virus gets activated with the user performing certain actions such as running an infected program?

Options:

A.

Design

B.

Elimination

C.

Incorporation

D.

Replication

E.

Launch

F.

Detection

Question 99

In Trojan terminology, what is required to create the executable file chess.exe as shown below?

Question # 99

Options:

A.

Mixer

B.

Converter

C.

Wrapper

D.

Zipper

Question 100

Which of the following tool would be considered as Signature Integrity Verifier (SIV)?

Options:

A.

Nmap

B.

SNORT

C.

VirusSCAN

D.

Tripwire

Question 101

TCP SYN Flood attack uses the three-way handshake mechanism.

1. An attacker at system A sends a SYN packet to victim at system B.

2. System B sends a SYN/ACK packet to victim A.

3. As a normal three-way handshake mechanism system A should send an ACK packet to system B, however, system A does not send an ACK packet to system B. In this case client B is waiting for an ACK packet from client A.

This status of client B is called _________________

Options:

A.

"half-closed"

B.

"half open"

C.

"full-open"

D.

"xmas-open"

Question 102

You receive an e-mail with the following text message.

"Microsoft and HP today warned all customers that a new, highly dangerous virus has been discovered which will erase all your files at midnight. If there's a file called hidserv.exe on your computer, you have been infected and your computer is now running a hidden server that allows hackers to access your computer. Delete the file immediately. Please also pass this message to all your friends and colleagues as soon as possible."

You launch your antivirus software and scan the suspicious looking file hidserv.exe located in c:\windows directory and the AV comes out clean meaning the file is not infected. You view the file signature and confirm that it is a legitimate Windows system file "Human Interface Device Service".

What category of virus is this?

Options:

A.

Virus hoax

B.

Spooky Virus

C.

Stealth Virus

D.

Polymorphic Virus

Question 103

Which of the following are password cracking tools? (Choose three.)

Options:

A.

BTCrack

B.

John the Ripper

C.

KerbCrack

D.

Nikto

E.

Cain and Abel

F.

Havij

Question 104

A company has made the decision to host their own email and basic web services. The administrator needs to set up the external firewall to limit what protocols should be allowed to get to the public part of the company's network. Which ports should the administrator open? (Choose three.)

Options:

A.

Port 22

B.

Port 23

C.

Port 25

D.

Port 53

E.

Port 80

F.

Port 139

G.

Port 445

Question 105

June, a security analyst, understands that a polymorphic virus has the ability to mutate and can change its known viral signature and hide from signature-based antivirus programs. Can June use an antivirus program in this case and would it be effective against a polymorphic virus?

Options:

A.

Yes. June can use an antivirus program since it compares the parity bit of executable files to the database of known check sum counts and it is effective on a polymorphic virus

B.

Yes. June can use an antivirus program since it compares the signatures of executable files to the database of known viral signatures and it is very effective against a polymorphic virus

C.

No. June can't use an antivirus program since it compares the signatures of executable files to the database of known viral signatures and in the case the polymorphic viruses cannot be detected by a signature-based anti-virus program

D.

No. June can't use an antivirus program since it compares the size of executable files to the database of known viral signatures and it is effective on a polymorphic virus

Question 106

You are trying to hijack a telnet session from a victim machine with IP address 10.0.0.5 to Cisco router at 10.0.0.1. You sniff the traffic and attempt to predict the sequence and acknowledgement numbers to successfully hijack the telnet session.

Here is the captured data in tcpdump.

Question # 106

What are the next sequence and acknowledgement numbers that the router will send to the victim machine?

Options:

A.

Sequence number: 82980070 Acknowledgement number: 17768885A.

B.

Sequence number: 17768729 Acknowledgement number: 82980070B.

C.

Sequence number: 87000070 Acknowledgement number: 85320085C.

D.

Sequence number: 82980010 Acknowledgement number: 17768885D.

Question 107

Harold just got home from working at Henderson LLC where he works as an IT technician. He was able to get off early because they were not too busy. When he walks into his home office, he notices his teenage daughter on the computer, apparently chatting with someone online. As soon as she hears Harold enter the room, she closes all her windows and tries to act like she was playing a game. When Harold asks her what she was doing, she acts very nervous and does not give him a straight answer. Harold is very concerned because he does not want his daughter to fall victim to online predators and the sort. Harold doesn't necessarily want to install any programs that will restrict the sites his daughter goes to, because he doesn't want to alert her to his trying to figure out what she is doing. Harold wants to use some kind of program that will track her activities online, and send Harold an email of her activity once a day so he can see what she has been up to. What kind of software could Harold use to accomplish this?

Options:

A.

Install hardware Keylogger on her computer

B.

Install screen capturing Spyware on her computer

C.

Enable Remote Desktop on her computer

D.

Install VNC on her computer

Question 108

After a client sends a connection request (SYN) packet to the server, the server will respond (SYN-ACK) with a sequence number of its choosing, which then must be acknowledged (ACK) by the client. This sequence number is predictable; the attack connects to a service first with its own IP address, records the sequence number chosen, and then opens a second connection from a forged IP address. The attack doesn't see the SYN-ACK (or any other packet) from the server, but can guess the correct responses. If the source IP address is used for authentication, then the attacker can use the one-sided communication to break into the server. What attacks can you successfully launch against a server using the above technique?

Options:

A.

Denial of Service attacks

B.

Session Hijacking attacks

C.

Web page defacement attacks

D.

IP spoofing attacks

Question 109

You are the security administrator for a large network. You want to prevent attackers from running any sort of traceroute into your DMZ and discovering the internal structure of publicly accessible areas of the network. How can you achieve this?

Options:

A.

There is no way to completely block tracerouting into this area

B.

Block UDP at the firewall

C.

Block TCP at the firewall

D.

Block ICMP at the firewall

Question 110

Bill is a security analyst for his company. All the switches used in the company's office are Cisco switches. Bill wants to make sure all switches are safe from ARP poisoning. How can Bill accomplish this?

Options:

A.

Bill can use the command: ip dhcp snooping.

B.

Bill can use the command: no ip snoop.

C.

Bill could use the command: ip arp no flood.

D.

He could use the command: ip arp no snoop.

Question 111

Which of the following items of a computer system will an anti-virus program scan for viruses?

Options:

A.

Boot Sector

B.

Deleted Files

C.

Windows Process List

D.

Password Protected Files

Question 112

Which tool is used to automate SQL injections and exploit a database by forcing a given web application to connect to another database controlled by a hacker?

Options:

A.

DataThief

B.

NetCat

C.

Cain and Abel

D.

SQLInjector

Question 113

Which of the following Exclusive OR transforms bits is NOT correct?

Options:

A.

0 xor 0 = 0

B.

1 xor 0 = 1

C.

1 xor 1 = 1

D.

0 xor 1 = 1

Question 114

A company is using Windows Server 2003 for its Active Directory (AD). What is the most efficient way to crack the passwords for the AD users?

Options:

A.

Perform a dictionary attack.

B.

Perform a brute force attack.

C.

Perform an attack with a rainbow table.

D.

Perform a hybrid attack.

Question 115

Which of the following is a hashing algorithm?

Options:

A.

MD5

B.

PGP

C.

DES

D.

ROT13

Question 116

Simon is security analyst writing signatures for a Snort node he placed internally that captures all mirrored traffic from his border firewall. From the following signature, what will Snort look for in the payload of the suspected packets?

alert tcp $EXTERNAL_NET any -> $HOME_NET 27374 (msG. "BACKDOOR SIG - SubSseven 22";flags: A+; content: "|0d0a5b52504c5d3030320d0a|"; reference:arachnids, 485;) alert

Options:

A.

The payload of 485 is what this Snort signature will look for.

B.

Snort will look for 0d0a5b52504c5d3030320d0a in the payload.

C.

Packets that contain the payload of BACKDOOR SIG - SubSseven 22 will be flagged.

D.

From this snort signature, packets with HOME_NET 27374 in the payload will be flagged.

Question 117

You are trying to package a RAT Trojan so that Anti-Virus software will not detect it. Which of the listed technique will NOT be effective in evading Anti-Virus scanner?

Options:

A.

Convert the Trojan.exe file extension to Trojan.txt disguising as text file

B.

Break the Trojan into multiple smaller files and zip the individual pieces

C.

Change the content of the Trojan using hex editor and modify the checksum

D.

Encrypt the Trojan using multiple hashing algorithms like MD5 and SHA-1

Question 118

Which vital role does the U.S. Computer Security Incident Response Team (CSIRT) provide?

Options:

A.

Incident response services to any user, company, government agency, or organization in partnership with the Department of Homeland Security

B.

Maintenance of the nation’s Internet infrastructure, builds out new Internet infrastructure, and decommissions old Internet infrastructure

C.

Registration of critical penetration testing for the Department of Homeland Security and public and private sectors

D.

Measurement of key vulnerability assessments on behalf of the Department of Defense (DOD) and State Department, as well as private sectors

Question 119

What type of port scan is represented here.

Question # 119

Options:

A.

Stealth Scan

B.

Full Scan

C.

XMAS Scan

D.

FIN Scan

Question 120

Which of the following is a protocol that is prone to a man-in-the-middle (MITM) attack and maps a 32-bit address to a 48-bit address?

Options:

A.

ICPM

B.

ARP

C.

RARP

D.

ICMP

Question 121

A computer technician is using a new version of a word processing software package when it is discovered that a special sequence of characters causes the entire computer to crash.  The technician researches the bug and discovers that no one else experienced the problem.  What is the appropriate next step?

Options:

A.

Ignore the problem completely and let someone else deal with it.

B.

Create a document that will crash the computer when opened and send it to friends.

C.

Find an underground bulletin board and attempt to sell the bug to the highest bidder.

D.

Notify the vendor of the bug and do not disclose it until the vendor gets a chance to issue a fix.

Question 122

When analyzing the IDS logs, the system administrator noticed an alert was logged when the external router was accessed from the administrator's computer to update the router configuration. What type of an alert is this?

Options:

A.

False positive 

B.

False negative

C.

True positve

D.

True negative

Question 123

When using Wireshark to acquire packet capture on a network, which device would enable the capture of all traffic on the wire?

Options:

A.

Network tap

B.

Layer 3 switch

C.

Network bridge

D.

Application firewall

Question 124

A Security Engineer at a medium-sized accounting firm has been tasked with discovering how much information can be obtained from the firm's public facing web servers. The engineer decides to start by using netcat to port 80.

The engineer receives this output:

HTTP/1.1 200 OK

Server: Microsoft-IIS/6

Expires: Tue, 17 Jan 2011 01:41:33 GMT

DatE. Mon, 16 Jan 2011 01:41:33 GMT

Content-TypE. text/html

Accept-Ranges: bytes

Last-ModifieD. Wed, 28 Dec 2010 15:32:21 GMT

ETaG. "b0aac0542e25c31:89d"

Content-Length: 7369

Which of the following is an example of what the engineer performed?

Options:

A.

Cross-site scripting

B.

Banner grabbing

C.

SQL injection

D.

Whois database query

Question 125

Which of the following items is unique to the N-tier architecture method of designing software applications?

Options:

A.

Application layers can be separated, allowing each layer to be upgraded independently from other layers.

B.

It is compatible with various databases including Access, Oracle, and SQL.

C.

Data security is tied into each layer and must be updated for all layers when any upgrade is performed.

D.

Application layers can be written in C, ASP.NET, or Delphi without any performance loss.

Question 126

In keeping with the best practices of layered security, where are the best places to place intrusion detection/intrusion prevention systems? (Choose two.)

Options:

A.

HID/HIP (Host-based Intrusion Detection/Host-based Intrusion Prevention)

B.

NID/NIP (Node-based Intrusion Detection/Node-based Intrusion Prevention)

C.

NID/NIP (Network-based Intrusion Detection/Network-based Intrusion Prevention)

D.

CID/CIP (Computer-based Intrusion Detection/Computer-based Intrusion Prevention)

Question 127

What is the purpose of conducting security assessments on network resources?

Options:

A.

Documentation

B.

Validation

C.

Implementation

D.

Management

Question 128

What is a successful method for protecting a router from potential smurf attacks?

Options:

A.

Placing the router in broadcast mode

B.

Enabling port forwarding on the router

C.

Installing the router outside of the network's firewall

D.

Disabling the router from accepting broadcast ping messages

Question 129

While conducting a penetration test, the tester determines that there is a firewall between the tester's machine and the target machine. The firewall is only monitoring TCP handshaking of packets at the session layer of the OSI model.  Which type of firewall is the tester trying to traverse?

Options:

A.

Packet filtering firewall

B.

Application-level firewall

C.

Circuit-level gateway firewall

D.

Stateful multilayer inspection firewall

Question 130

Which NMAP feature can a tester implement or adjust while scanning for open ports to avoid detection by the network’s IDS?

Options:

A.

Timing options to slow the speed that the port scan is conducted

B.

Fingerprinting to identify which operating systems are running on the network

C.

ICMP ping sweep to determine which hosts on the network are not available

D.

Traceroute to control the path of the packets sent during the scan

Question 131

For messages sent through an insecure channel, a properly implemented digital signature gives the receiver reason to believe the message was sent by the claimed sender. While using a digital signature, the message digest is encrypted with which key?

Options:

A.

Sender's public key

B.

Receiver's private key

C.

Receiver's public key

D.

Sender's private key

Page: 1 / 88
Total 878 questions