New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium GAQM CEH-001 Dumps Questions Answers

Page: 1 / 33
Total 878 questions

Certified Ethical Hacker (CEH) Questions and Answers

Question 1

Which of the following ICMP message types are used for destinations unreachables?

Options:

A.

0

B.

3

C.

11

D.

13

E.

17

Buy Now
Question 2

Name two software tools used for OS guessing? (Choose two.

Options:

A.

Nmap

B.

Snadboy

C.

Queso

D.

UserInfo

E.

NetBus

Question 3

While performing a ping sweep of a subnet you receive an ICMP reply of Code 3/Type 13 for all the pings sent out.

What is the most likely cause behind this response?

Options:

A.

The firewall is dropping the packets.

B.

An in-line IDS is dropping the packets.

C.

A router is blocking ICMP.

D.

The host does not respond to ICMP packets.

Question 4

Doug is conducting a port scan of a target network. He knows that his client target network has a web server and that there is a mail server also which is up and running. Doug has been sweeping the network but has not been able to elicit any response from the remote target. Which of the following could be the most likely cause behind this lack of response? Select 4.

Options:

A.

UDP is filtered by a gateway

B.

The packet TTL value is too low and cannot reach the target

C.

The host might be down

D.

The destination network might be down

E.

The TCP windows size does not match

F.

ICMP is filtered by a gateway

Question 5

What type of port scan is shown below?

Options:

A.

Idle Scan

B.

Windows Scan

C.

XMAS Scan

D.

SYN Stealth Scan

Question 6

The following excerpt is taken from a honeyput log. The log captures activities across three days. There are several intrusion attempts; however, a few are successful. Study the log given below and answer the following question:

(Note: The objective of this questions is to test whether the student has learnt about passive OS fingerprinting (which should tell them the OS from log captures): can they tell a SQL injection attack signature; can they infer if a user ID has been created by an attacker and whether they can read plain source – destination entries from log entries.)

What can you infer from the above log?

Options:

A.

The system is a windows system which is being scanned unsuccessfully.

B.

The system is a web application server compromised through SQL injection.

C.

The system has been compromised and backdoored by the attacker.

D.

The actual IP of the successful attacker is 24.9.255.53.

Question 7

One of your team members has asked you to analyze the following SOA record. What is the version?

Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600

3600 604800 2400.

Options:

A.

200303028

B.

3600

C.

604800

D.

2400

E.

60

F.

4800

Question 8

Neil notices that a single address is generating traffic from its port 500 to port 500 of several other machines on the network. This scan is eating up most of the network bandwidth and Neil is concerned. As a security professional, what would you infer from this scan?

Options:

A.

It is a network fault and the originating machine is in a network loop

B.

It is a worm that is malfunctioning or hardcoded to scan on port 500

C.

The attacker is trying to detect machines on the network which have SSL enabled

D.

The attacker is trying to determine the type of VPN implementation and checking for IPSec

Question 9

To what does “message repudiation” refer to what concept in the realm of email security?

Options:

A.

Message repudiation means a user can validate which mail server or servers a message was passed through.

B.

Message repudiation means a user can claim damages for a mail message that damaged their reputation.

C.

Message repudiation means a recipient can be sure that a message was sent from a particular person.

D.

Message repudiation means a recipient can be sure that a message was sent from a certain host.

E.

Message repudiation means a sender can claim they did not actually send a particular message.

Question 10

A specific site received 91 ICMP_ECHO packets within 90 minutes from 47 different sites. 77 of the ICMP_ECHO packets had an ICMP ID:39612 and Seq:57072. 13 of the ICMP_ECHO packets had an ICMP ID:0 and Seq:0. What can you infer from this information?

Options:

A.

The packets were sent by a worm spoofing the IP addresses of 47 infected sites

B.

ICMP ID and Seq numbers were most likely set by a tool and not by the operating system

C.

All 77 packets came from the same LAN segment and hence had the same ICMP ID and Seq number

D.

13 packets were from an external network and probably behind a NAT, as they had an ICMP ID 0 and Seq 0

Question 11

Snort has been used to capture packets on the network. On studying the packets, the penetration tester finds it to be abnormal. If you were the penetration tester, why would you find this abnormal?

05/20-17:0645.061034 192.160.13.4:31337 --> 172.16.1.101:1

TCP TTL:44 TOS:0x10 ID:242

***FRP** Seq:0xA1D95  Ack:0x53  Win: 0x400

What is odd about this attack? (Choose the most appropriate statement)

Options:

A.

This is not a spoofed packet as the IP stack has increasing numbers for the three flags.

B.

This is back orifice activity as the scan comes from port 31337.

C.

The attacker wants to avoid creating a sub-carrier connection that is not normally valid.

D.

There packets were created by a tool; they were not created by a standard IP stack.

Question 12

What are two things that are possible when scanning UDP ports? (Choose two.

Options:

A.

A reset will be returned

B.

An ICMP message will be returned

C.

The four-way handshake will not be completed

D.

An RFC 1294 message will be returned

E.

Nothing

Question 13

What is the following command used for?

net use \targetipc$ "" /u:""

Options:

A.

Grabbing the etc/passwd file

B.

Grabbing the SAM

C.

Connecting to a Linux computer through Samba.

D.

This command is used to connect as a null session

E.

Enumeration of Cisco routers

Question 14

Your XYZ trainee Sandra asks you which are the four existing Regional Internet Registry (RIR's)?

Options:

A.

APNIC, PICNIC, ARIN, LACNIC

B.

RIPE NCC, LACNIC, ARIN, APNIC

C.

RIPE NCC, NANIC, ARIN, APNIC

D.

RIPE NCC, ARIN, APNIC, LATNIC

Question 15

You are scanning into the target network for the first time. You find very few conventional ports open. When you attempt to perform traditional service identification by connecting to the open ports, it yields either unreliable or no results. You are unsure of which protocols are being used. You need to discover as many different protocols as possible.

Which kind of scan would you use to achieve this? (Choose the best answer)

Options:

A.

Nessus scan with TCP based pings.

B.

Nmap scan with the –sP (Ping scan) switch.

C.

Netcat scan with the –u –e switches.

D.

Nmap with the –sO (Raw IP packets) switch.

Question 16

Which of the following tools can be used to perform a zone transfer?

Options:

A.

NSLookup

B.

Finger

C.

Dig

D.

Sam Spade

E.

Host

F.

Netcat

G.

Neotrace

Question 17

The use of alert thresholding in an IDS can reduce the volume of repeated alerts, but introduces which of the following vulnerabilities?

Options:

A.

An attacker, working slowly enough, can evade detection by the IDS.

B.

Network packets are dropped if the volume exceeds the threshold.

C.

Thresholding interferes with the IDS’ ability to reassemble fragmented packets.

D.

The IDS will not distinguish among packets originating from different sources.

Question 18

After a client sends a connection request (SYN) packet to the server, the server will respond (SYN-ACK) with a sequence number of its choosing, which then must be acknowledged (ACK) by the client. This sequence number is predictable; the attack connects to a service first with its own IP address, records the sequence number chosen, and then opens a second connection from a forged IP address. The attack doesn't see the SYN-ACK (or any other packet) from the server, but can guess the correct responses. If the source IP address is used for authentication, then the attacker can use the one-sided communication to break into the server. What attacks can you successfully launch against a server using the above technique?

Options:

A.

Denial of Service attacks

B.

Session Hijacking attacks

C.

Web page defacement attacks

D.

IP spoofing attacks

Question 19

A company is using Windows Server 2003 for its Active Directory (AD). What is the most efficient way to crack the passwords for the AD users?

Options:

A.

Perform a dictionary attack.

B.

Perform a brute force attack.

C.

Perform an attack with a rainbow table.

D.

Perform a hybrid attack.

Question 20

You are trying to hijack a telnet session from a victim machine with IP address 10.0.0.5 to Cisco router at 10.0.0.1. You sniff the traffic and attempt to predict the sequence and acknowledgement numbers to successfully hijack the telnet session.

Here is the captured data in tcpdump.

What are the next sequence and acknowledgement numbers that the router will send to the victim machine?

Options:

A.

Sequence number: 82980070 Acknowledgement number: 17768885A.

B.

Sequence number: 17768729 Acknowledgement number: 82980070B.

C.

Sequence number: 87000070 Acknowledgement number: 85320085C.

D.

Sequence number: 82980010 Acknowledgement number: 17768885D.

Question 21

You are trying to package a RAT Trojan so that Anti-Virus software will not detect it. Which of the listed technique will NOT be effective in evading Anti-Virus scanner?

Options:

A.

Convert the Trojan.exe file extension to Trojan.txt disguising as text file

B.

Break the Trojan into multiple smaller files and zip the individual pieces

C.

Change the content of the Trojan using hex editor and modify the checksum

D.

Encrypt the Trojan using multiple hashing algorithms like MD5 and SHA-1

Question 22

Which of the following Exclusive OR transforms bits is NOT correct?

Options:

A.

0 xor 0 = 0

B.

1 xor 0 = 1

C.

1 xor 1 = 1

D.

0 xor 1 = 1

Question 23

What is the main reason the use of a stored biometric is vulnerable to an attack?

Options:

A.

The digital representation of the biometric might not be unique, even if the physical characteristic is unique.

B.

Authentication using a stored biometric compares a copy to a copy instead of the original to a copy.

C.

A stored biometric is no longer "something you are" and instead becomes "something you have".

D.

A stored biometric can be stolen and used by an attacker to impersonate the individual identified by the biometric.

Question 24

In order to show improvement of security over time, what must be developed?

Options:

A.

Reports

B.

Testing tools

C.

Metrics

D.

Taxonomy of vulnerabilities

Question 25

You are performing a port scan with nmap. You are in hurry and conducting the scans at the fastest possible speed. However, you don't want to sacrifice reliability for speed. If stealth is not an issue, what type of scan should you run to get very reliable results?

Options:

A.

Stealth scan

B.

Connect scan

C.

Fragmented packet scan

D.

XMAS scan

Question 26

Blake is in charge of securing all 20 of his company's servers. He has enabled hardware and software firewalls, hardened the operating systems, and disabled all unnecessary services on all the servers. Unfortunately, there is proprietary AS400 emulation software that must run on one of the servers that requires the telnet service to function properly. Blake is especially concerned about this since telnet can be a very large security risk in an organization. Blake is concerned about how this particular server might look to an outside attacker so he decides to perform some footprinting, scanning, and penetration tests on the server. Blake telnets into the server using Port 80 and types in the following command:

HEAD / HTTP/1.0

After pressing enter twice, Blake gets the following results: What has Blake just accomplished?

Options:

A.

Downloaded a file to his local computer

B.

Submitted a remote command to crash the server

C.

Poisoned the local DNS cache of the server

D.

Grabbed the Operating System banner

Question 27

The GET method should never be used when sensitive data such as credit card is being sent to a CGI program. This is because any GET command will appear in the URL, and will be logged by any servers. For example, let's say that you've entered your credit card information into a form that uses the GET method. The URL may appear like this:

The GET method appends the credit card number to the URL. This means that anyone with access to a server log will be able to obtain this information. How would you protect from this type of attack?

Options:

A.

Never include sensitive information in a script

B.

Use HTTPS SSLv3 to send the data instead of plain HTTPS

C.

Replace the GET with POST method when sending data

D.

Encrypt the data before you send using GET method

Question 28

Keystroke logging is the action of tracking (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored.

How will you defend against hardware keyloggers when using public computers and Internet Kiosks? (Select 4 answers)

Options:

A.

Alternate between typing the login credentials and typing characters somewhere else in the focus window

B.

Type a wrong password first, later type the correct password on the login page defeating the keylogger recording

C.

Type a password beginning with the last letter and then using the mouse to move the cursor for each subsequent letter.

D.

The next key typed replaces selected text portion. E.g. if the password is "secret", one could type "s", then some dummy keys "asdfsd".

Then these dummies could be selected with mouse, and next character from the password "e" is typed, which replaces the dummies

"asdfsd"

E.

The next key typed replaces selected text portion. E.g. if the password is "secret", one could type "s", then some dummy keys "asdfsd".

Then these dummies could be selected with mouse, and next character from the password "e" is typed, which replaces the dummies

"asdfsd"

Question 29

During a penetration test, the tester conducts an ACK scan using NMAP against the external interface of the DMZ firewall. NMAP reports that port 80 is unfiltered. Based on this response, which type of packet inspection is the firewall conducting?

Options:

A.

Host

B.

Stateful

C.

Stateless

D.

Application

Question 30

John runs a Web server, IDS and firewall on his network. Recently his Web server has been under constant hacking attacks. He looks up the IDS log files and sees no intrusion attempts but the Web server constantly locks up and needs rebooting due to various brute force and buffer overflow attacks but still the IDS alerts no intrusion whatsoever. John becomes suspicious and views the Firewall logs and he notices huge SSL connections constantly hitting his Web server. Hackers have been using the encrypted HTTPS protocol to send exploits to the Web server and that was the reason the IDS did not detect the intrusions. How would John protect his network from these types of attacks?

Options:

A.

Install a proxy server and terminate SSL at the proxy

B.

Enable the IDS to filter encrypted HTTPS traffic

C.

Install a hardware SSL "accelerator" and terminate SSL at this layer

D.

Enable the Firewall to filter encrypted HTTPS traffic

Question 31

An attacker is attempting to telnet into a corporation's system in the DMZ. The attacker doesn't want to get caught and is spoofing his IP address. After numerous tries he remains unsuccessful in connecting to the system. The attacker rechecks that the target system is actually listening on Port 23 and he verifies it with both nmap and hping2. He is still unable to connect to the target system. What could be the reason?

Options:

A.

The firewall is blocking port 23 to that system

B.

He needs to use an automated tool to telnet in

C.

He cannot spoof his IP and successfully use TCP

D.

He is attacking an operating system that does not reply to telnet even when open

Question 32

Which of the following conditions must be given to allow a tester to exploit a Cross-Site Request Forgery (CSRF) vulnerable web application?

Options:

A.

The victim user must open the malicious link with an Internet Explorer prior to version 8.

B.

The session cookies generated by the application do not have the HttpOnly flag set.

C.

The victim user must open the malicious link with a Firefox prior to version 3.

D.

The web application should not use random tokens.

Question 33

What do you call a pre-computed hash?

Options:

A.

Sun tables

B.

Apple tables

C.

Rainbow tables

D.

Moon tables

Question 34

Hayden is the network security administrator for her company, a large finance firm based in Miami. Hayden just returned from a security conference in Las Vegas where they talked about all kinds of old and new security threats; many of which she did not know of. Hayden is worried about the current security state of her company's network so she decides to start scanning the network from an external IP address. To see how some of the hosts on her network react, she sends out SYN packets to an IP range. A number of IPs responds with a SYN/ACK response. Before the connection is established she sends RST packets to those hosts to stop the session. She does this to see how her intrusion detection system will log the traffic. What type of scan is Hayden attempting here?

Options:

A.

Hayden is attempting to find live hosts on her company's network by using an XMAS scan

B.

She is utilizing a SYN scan to find live hosts that are listening on her network

C.

The type of scan, she is using is called a NULL scan

D.

Hayden is using a half-open scan to find live hosts on her network

Question 35

This method is used to determine the Operating system and version running on a remote target system. What is it called?

Options:

A.

Service Degradation

B.

OS Fingerprinting

C.

Manual Target System

D.

Identification Scanning

Question 36

In which location, SAM hash passwords are stored in Windows 7?

Options:

A.

c:\windows\system32\config\SAM

B.

c:\winnt\system32\machine\SAM

C.

c:\windows\etc\drivers\SAM

D.

c:\windows\config\etc\SAM

Question 37

When a normal TCP connection starts, a destination host receives a SYN (synchronize/start) packet from a source host and sends back a SYN/ACK (synchronize acknowledge). The destination host must then hear an ACK (acknowledge) of the SYN/ACK before the connection is established. This is referred to as the "TCP three-way handshake." While waiting for the ACK to the SYN ACK, a connection queue of finite size on the destination host keeps track of connections waiting to be completed. This queue typically empties quickly since the ACK is expected to arrive a few milliseconds after the SYN ACK. How would an attacker exploit this design by launching TCP SYN attack?

Options:

A.

Attacker generates TCP SYN packets with random destination addresses towards a victim host

B.

Attacker floods TCP SYN packets with random source addresses towards a victim host

C.

Attacker generates TCP ACK packets with random source addresses towards a victim host

D.

Attacker generates TCP RST packets with random source addresses towards a victim host

Question 38

A Trojan horse is a destructive program that masquerades as a benign application. The software initially appears to perform a desirable function for the user prior to installation and/or execution, but in addition to the expected function steals information or harms the system.

The challenge for an attacker is to send a convincing file attachment to the victim, which gets easily executed on the victim machine without raising any suspicion. Today's end users are quite knowledgeable about malwares and viruses. Instead of sending games and fun executables, Hackers today are quite successful in spreading the Trojans using Rogue security software.

What is Rogue security software?

Options:

A.

A flash file extension to Firefox that gets automatically installed when a victim visits rogue software disabling websites

B.

A Fake AV program that claims to rid a computer of malware, but instead installs spyware or other malware onto the computer. This kind of software is known as rogue security software.

C.

Rogue security software is based on social engineering technique in which the attackers lures victim to visit spear phishing websites

D.

This software disables firewalls and establishes reverse connecting tunnel between the victim's machine and that of the attacker

Question 39

Within the context of Computer Security, which of the following statements describes Social Engineering best?

Options:

A.

Social Engineering is the act of publicly disclosing information

B.

Social Engineering is the means put in place by human resource to perform time accounting

C.

Social Engineering is the act of getting needed information from a person rather than breaking into a system

D.

Social Engineering is a training program within sociology studies

Question 40

_____________ is a type of symmetric-key encryption algorithm that transforms a fixed-length block of plaintext (unencrypted text) data into a block of ciphertext (encrypted text) data of the same length.

Options:

A.

Stream Cipher

B.

Block Cipher

C.

Bit Cipher

D.

Hash Cipher

Question 41

Jess the hacker runs L0phtCrack's built-in sniffer utility that grabs SMB password hashes and stores them for offline cracking. Once cracked, these passwords can provide easy access to whatever network resources the user account has access to. But Jess is not picking up hashes from the network. Why?

Options:

A.

The network protocol is configured to use SMB Signing

B.

The physical network wire is on fibre optic cable

C.

The network protocol is configured to use IPSEC

D.

L0phtCrack SMB sniffing only works through Switches and not Hubs

Question 42

Bob has a good understanding of cryptography, having worked with it for many years. Cryptography is used to secure data from specific threats, but it does not secure the application from coding errors. It can provide data privacy; integrity and enable strong authentication but it cannot mitigate programming errors. What is a good example of a programming error that Bob can use to explain to the management how encryption will not address all their security concerns?

Options:

A.

Bob can explain that using a weak key management technique is a form of programming error

B.

Bob can explain that using passwords to derive cryptographic keys is a form of a programming error

C.

Bob can explain that a buffer overflow is an example of programming error and it is a common mistake associated with poor programming technique

D.

Bob can explain that a random number generator can be used to derive cryptographic keys but it uses a weak seed value and this is a form of a programming error

Question 43

William has received a Chess game from someone in his computer programming class through email. William does not really know the person who sent the game very well, but decides to install the game anyway because he really likes Chess.

After William installs the game, he plays it for a couple of hours. The next day, William plays the Chess game again and notices that his machine has begun to slow down. He brings up his Task Manager and sees the following programs running:

What has William just installed?

Options:

A.

Zombie Zapper (ZoZ)

B.

Remote Access Trojan (RAT)

C.

Bot IRC Tunnel (BIT)

D.

Root Digger (RD)

Question 44

Yancey is a network security administrator for a large electric company. This company provides power for over 100, 000 people in Las Vegas. Yancey has worked for his company for over 15 years and has become very successful. One day, Yancey comes in to work and finds out that the company will be downsizing and he will be out of a job in two weeks. Yancey is very angry and decides to place logic bombs, viruses, Trojans, and backdoors all over the network to take down the company once he has left. Yancey does not care if his actions land him in jail for 30 or more years, he just wants the company to pay for what they are doing to him. What would Yancey be considered?

Options:

A.

Yancey would be considered a Suicide Hacker

B.

Since he does not care about going to jail, he would be considered a Black Hat

C.

Because Yancey works for the company currently; he would be a White Hat

D.

Yancey is a Hacktivist Hacker since he is standing up to a company that is downsizing

Question 45

You want to know whether a packet filter is in front of 192.168.1.10. Pings to 192.168.1.10 don't get answered. A basic nmap scan of 192.168.1.10 seems to hang without returning any information. What should you do next?

Options:

A.

Run NULL TCP hping2 against 192.168.1.10

B.

Run nmap XMAS scan against 192.168.1.10

C.

The firewall is blocking all the scans to 192.168.1.10

D.

Use NetScan Tools Pro to conduct the scan

Question 46

In this attack, a victim receives an e-mail claiming from PayPal stating that their account has been disabled and confirmation is required before activation. The attackers then scam to collect not one but two credit card numbers, ATM PIN number and other personal details.

Ignorant users usually fall prey to this scam. Which of the following statement is incorrect related to this attack?

Options:

A.

Do not reply to email messages or popup ads asking for personal or financial information

B.

Do not trust telephone numbers in e-mails or popup ads

C.

Review credit card and bank account statements regularly

D.

Antivirus, anti-spyware, and firewall software can very easily detect these type of attacks

E.

Do not send credit card numbers, and personal or financial information via e-mail

Question 47

E-mail tracking is a method to monitor and spy the delivered e-mails to the intended recipient.

Select a feature, which you will NOT be able to accomplish with this probe?

Options:

A.

When the e-mail was received and read

B.

Send destructive e-mails

C.

GPS location and map of the recipient

D.

Time spent on reading the e-mails

E.

Whether or not the recipient visited any links sent to them

F.

Track PDF and other types of attachments

G.

Set messages to expire after specified time

Question 48

This is an attack that takes advantage of a web site vulnerability in which the site displays content that includes un-sanitized user-provided data.

">See foobar

What is this attack?

Options:

A.

Cross-site-scripting attack

B.

SQL Injection

C.

URL Traversal attack

D.

Buffer Overflow attack

Question 49

In which step Steganography fits in CEH System Hacking Cycle (SHC)

Options:

A.

Step 2: Crack the password

B.

Step 1: Enumerate users

C.

Step 3: Escalate privileges

D.

Step 4: Execute applications

E.

Step 5: Hide files

F.

Step 6: Cover your tracks

Question 50

What is the command used to create a binary log file using tcpdump?

Options:

A.

tcpdump -w ./log

B.

tcpdump -r log

C.

tcpdump -vde logtcpdump -vde ? log

D.

tcpdump -l /var/log/

Question 51

Which of the following steganography utilities exploits the nature of white space and allows the user to conceal information in these white spaces?

Options:

A.

Image Hide

B.

Snow

C.

Gif-It-Up

D.

NiceText

Question 52

Which of the following open source tools would be the best choice to scan a network for potential targets?

Options:

A.

NMAP

B.

NIKTO

C.

CAIN

D.

John the Ripper

Question 53

Which of the following algorithms provides better protection against brute force attacks by using a 160-bit message digest?

Options:

A.

MD5

B.

SHA-1

C.

RC4

D.

MD4

Question 54

The precaution of prohibiting employees from bringing personal computing devices into a facility is what type of security control?

Options:

A.

Physical

B.

Procedural

C.

Technical

D.

Compliance

Question 55

Which system consists of a publicly available set of databases that contain domain name registration contact information?

Options:

A.

WHOIS

B.

IANA

C.

CAPTCHA

D.

IETF

Question 56

Which of the following is a primary service of the U.S. Computer Security Incident Response Team (CSIRT)?

Options:

A.

CSIRT provides an incident response service to enable a reliable and trusted single point of contact for reporting computer security incidents worldwide.

B.

CSIRT provides a computer security surveillance service to supply a government with important intelligence information on individuals travelling abroad.

C.

CSIRT provides a penetration testing service to support exception reporting on incidents worldwide by individuals and multi-national corporations.

D.

CSIRT provides a vulnerability assessment service to assist law enforcement agencies with profiling an individual's property or company's asset.

Question 57

Which protocol and port number might be needed in order to send log messages to a log analysis tool that resides behind a firewall?

Options:

A.

UDP 123

B.

UDP 541

C.

UDP 514

D.

UDP 415

Question 58

A technician is resolving an issue where a computer is unable to connect to the Internet using a wireless access point. The computer is able to transfer files locally to other machines, but cannot successfully reach the Internet. When the technician examines the IP address and default gateway they are both on the 192.168.1.0/24. Which of the following has occurred?

Options:

A.

The gateway is not routing to a public IP address.

B.

The computer is using an invalid IP address.

C.

The gateway and the computer are not on the same network.

D.

The computer is not using a private IP address.

Question 59

Which of the following is a strong post designed to stop a car?

Options:

A.

Gate

B.

Fence

C.

Bollard

D.

Reinforced rebar

Question 60

How can a policy help improve an employee's security awareness?

Options:

A.

By implementing written security procedures, enabling employee security training, and promoting the benefits of security

B.

By using informal networks of communication, establishing secret passing procedures, and immediately terminating employees

C.

By sharing security secrets with employees, enabling employees to share secrets, and establishing a consultative help line

D.

By decreasing an employee's vacation time, addressing ad-hoc employment clauses, and ensuring that managers know employee strengths

Question 61

Which of the following is a hardware requirement that either an IDS/IPS system or a proxy server must have in order to properly function?

Options:

A.

Fast processor to help with network traffic analysis

B.

They must be dual-homed

C.

Similar RAM requirements

D.

Fast network interface cards

Question 62

Which of the following is a preventive control?

Options:

A.

Smart card authentication

B.

Security policy

C.

Audit trail

D.

Continuity of operations plan

Question 63

A botnet can be managed through which of the following?

Options:

A.

IRC

B.

E-Mail

C.

Linkedin and Facebook

D.

A vulnerable FTP server

Question 64

Which technical characteristic do Ethereal/Wireshark, TCPDump, and Snort have in common?

Options:

A.

They are written in Java.

B.

They send alerts to security monitors.

C.

They use the same packet analysis engine.

D.

They use the same packet capture utility.

Question 65

Which of the following levels of algorithms does Public Key Infrastructure (PKI) use?

Options:

A.

RSA 1024 bit strength

B.

AES 1024 bit strength

C.

RSA 512 bit strength

D.

AES 512 bit strength

Question 66

A pentester is using Metasploit to exploit an FTP server and pivot to a LAN. How will the pentester pivot using Metasploit?

Options:

A.

Issue the pivot exploit and set the meterpreter.

B.

Reconfigure the network settings in the meterpreter.

C.

Set the payload to propagate through the meterpreter.

D.

Create a route statement in the meterpreter.

Question 67

A penetration tester is hired to do a risk assessment of a company's DMZ. The rules of engagement states that the penetration test be done from an external IP address with no prior knowledge of the internal IT systems. What kind of test is being performed?

Options:

A.

white box

B.

grey box

C.

red box

D.

black box

Question 68

Fingerprinting VPN firewalls is possible with which of the following tools?

Options:

A.

Angry IP

B.

Nikto

C.

Ike-scan

D.

Arp-scan

Question 69

What is the problem with this ASP script (login.asp)?

Options:

A.

The ASP script is vulnerable to Cross Site Scripting attack

B.

The ASP script is vulnerable to Session Splice attack

C.

The ASP script is vulnerable to XSS attack

D.

The ASP script is vulnerable to SQL Injection attack

Question 70

What file system vulnerability does the following command take advantage of?

type c:\anyfile.exe > c:\winnt\system32\calc.exe:anyfile.exe

Options:

A.

HFS

B.

Backdoor access

C.

XFS

D.

ADS

Question 71

Jayden is a network administrator for her company. Jayden wants to prevent MAC spoofing on all the Cisco switches in the network. How can she accomplish this?

Options:

A.

Jayden can use the commanD. ip binding set.

B.

Jayden can use the commanD. no ip spoofing.

C.

She should use the commanD. no dhcp spoofing.

D.

She can use the commanD. ip dhcp snooping binding.

Question 72

This type of Port Scanning technique splits TCP header into several packets so that the packet filters are not able to detect what the packets intends to do.

Options:

A.

UDP Scanning

B.

IP Fragment Scanning

C.

Inverse TCP flag scanning

D.

ACK flag scanning

Question 73

You are the security administrator of Jaco Banking Systems located in Boston. You are setting up e-banking website authentication system. Instead of issuing banking customer with a single password, you give them a printed list of 100 unique passwords. Each time the customer needs to log into the e-banking system website, the customer enters the next password on the list. If someone sees them type the password using shoulder surfing, MiTM or keyloggers, then no damage is done because the password will not be accepted a second time. Once the list of 100 passwords is almost finished, the system automatically sends out a new password list by encrypted e-mail to the customer.

You are confident that this security implementation will protect the customer from password abuse.

Two months later, a group of hackers called "HackJihad" found a way to access the one-time password list issued to customers of Jaco Banking Systems. The hackers set up a fake website and used phishing attacks to direct ignorant customers to it. The fake website asked users for their e-banking username and password, and the next unused entry from their one-time password sheet. The hackers collected 200 customer 's username/passwords this way. They transferred money from the customer's bank account to various offshore accounts.

Your decision of password policy implementation has cost the bank with USD 925, 000 to hackers. You immediately shut down the e-banking website while figuring out the next best security solution

What effective security solution will you recommend in this case?

Options:

A.

Implement Biometrics based password authentication system. Record the customers face image to the authentication database

B.

Configure your firewall to block logon attempts of more than three wrong tries

C.

Enable a complex password policy of 20 characters and ask the user to change the password immediately after they logon and do not store password histories

D.

Implement RSA SecureID based authentication system

Question 74

Most cases of insider abuse can be traced to individuals who are introverted, incapable of dealing with stress or conflict, and frustrated with their job, office politics, and lack of respect or promotion. Disgruntled employees may pass company secrets and intellectual property to competitors for monitory benefits.

Here are some of the symptoms of a disgruntled employee:

a. Frequently leaves work early, arrive late or call in sick

b. Spends time surfing the Internet or on the phone

c. Responds in a confrontational, angry, or overly aggressive way to simple requests or comments

d. Always negative; finds fault with everything

These disgruntled employees are the biggest threat to enterprise security. How do you deal with these threats? (Select 2 answers)

Options:

A.

Limit access to the applications they can run on their desktop computers and enforce strict work hour rules

B.

By implementing Virtualization technology from the desktop to the data centre, organizations can isolate different environments with varying levels of access and security to various employees

C.

Organizations must ensure that their corporate data is centrally managed and delivered to users just and when needed

D.

Limit Internet access, e-mail communications, access to social networking sites and job hunting portals

Question 75

Neil is a network administrator working in Istanbul. Neil wants to setup a protocol analyzer on his network that will receive a copy of every packet that passes through the main office switch. What type of port will Neil need to setup in order to accomplish this?

Options:

A.

Neil will have to configure a Bridged port that will copy all packets to the protocol analyzer.

B.

Neil will need to setup SPAN port that will copy all network traffic to the protocol analyzer.

C.

He will have to setup an Ether channel port to get a copy of all network traffic to the analyzer.

D.

He should setup a MODS port which will copy all network traffic.

Question 76

Which of the following type of scanning utilizes automated process of proactively identifying vulnerabilities of the computing systems present on a network?

Options:

A.

Port Scanning

B.

Single Scanning

C.

External Scanning

D.

Vulnerability Scanning

Question 77

Which of the following statements would NOT be a proper definition for a Trojan Horse?

Options:

A.

An authorized program that has been designed to capture keyboard keystroke while the user is unaware of such activity being performed

B.

An unauthorized program contained within a legitimate program. This unauthorized program performs functions unknown (and probably unwanted) by the user

C.

A legitimate program that has been altered by the placement of unauthorized code within it; this code performs functions unknown (and probably unwanted) by the user

D.

Any program that appears to perform a desirable and necessary function but that (because of unauthorized code within it that is unknown to the user) performs functions unknown (and definitely unwanted) by the user

Question 78

You run nmap port Scan on 10.0.0.5 and attempt to gain banner/server information from services running on ports 21, 110 and 123.

Here is the output of your scan results:

Which of the following nmap command did you run?

Options:

A.

nmap -A -sV -p21, 110, 123 10.0.0.5

B.

nmap -F -sV -p21, 110, 123 10.0.0.5

C.

nmap -O -sV -p21, 110, 123 10.0.0.5

D.

nmap -T -sV -p21, 110, 123 10.0.0.5

Question 79

What does ICMP (type 11, code 0) denote?

Options:

A.

Source Quench

B.

Destination Unreachable

C.

Time Exceeded

D.

Unknown Type

Question 80

You are the Security Administrator of Xtrinity, Inc. You write security policies and conduct assessments to protect the company's network. During one of your periodic checks to see how well policy is being observed by the employees, you discover an employee has attached cell phone 3G modem to his telephone line and workstation. He has used this cell phone 3G modem to dial in to his workstation, thereby bypassing your firewall. A security breach has occurred as a direct result of this activity. The employee explains that he used the modem because he had to download software for a department project. How would you resolve this situation?

Options:

A.

Reconfigure the firewall

B.

Enforce the corporate security policy

C.

Install a network-based IDS

D.

Conduct a needs analysis

Question 81

Samuel is the network administrator of DataX Communications, Inc. He is trying to configure his firewall to block password brute force attempts on his network. He enables blocking the intruder's IP address for a period of 24 hours' time after more than three unsuccessful attempts. He is confident that this rule will secure his network from hackers on the Internet.

But he still receives hundreds of thousands brute-force attempts generated from various IP addresses around the world. After some investigation he realizes that the intruders are using a proxy somewhere else on the Internet which has been scripted to enable the random usage of various proxies on each request so as not to get caught by the firewall rule.

Later he adds another rule to his firewall and enables small sleep on the password attempt so that if the password is incorrect, it would take 45 seconds to return to the user to begin another attempt. Since an intruder may use multiple machines to brute force the password, he also throttles the number of connections that will be prepared to accept from a particular IP address. This action will slow the intruder's attempts.

Samuel wants to completely block hackers brute force attempts on his network.

What are the alternatives to defending against possible brute-force password attacks on his site?

Options:

A.

Enforce a password policy and use account lockouts after three wrong logon attempts even though this might lock out legit users

B.

Enable the IDS to monitor the intrusion attempts and alert you by e-mail about the IP address of the intruder so that you can block them at the

Firewall manually

C.

Enforce complex password policy on your network so that passwords are more difficult to brute force

D.

You cannot completely block the intruders attempt if they constantly switch proxies

Question 82

Jack Hacker wants to break into Brown Co.'s computers and obtain their secret double fudge cookie recipe. Jack calls Jane, an accountant at Brown Co., pretending to be an administrator from Brown Co. Jack tells Jane that there has been a problem with some accounts and asks her to verify her password with him ''just to double check our records.'' Jane does not suspect anything amiss, and parts with her password. Jack can now access Brown Co.'s computers with a valid user name and password, to steal the cookie recipe. What kind of attack is being illustrated here?

Options:

A.

Reverse Psychology

B.

Reverse Engineering

C.

Social Engineering

D.

Spoofing Identity

E.

Faking Identity

Question 83

Consider the following code:

text=

If an attacker can trick a victim user to click a link like this, and the Web application does not validate input, then the victim's browser will pop up an alert showing the users current set of cookies. An attacker can do much more damage, including stealing passwords, resetting your home page, or redirecting the user to another Web site.

What is the countermeasure against XSS scripting?

Options:

A.

Create an IP access list and restrict connections based on port number

B.

Replace "<" and ">" characters with "& l t;" and "& g t;" using server scripts

C.

Disable Javascript in IE and Firefox browsers

D.

Connect to the server using HTTPS protocol instead of HTTP

Question 84

You receive an e-mail with the following text message.

"Microsoft and HP today warned all customers that a new, highly dangerous virus has been discovered which will erase all your files at midnight. If there's a file called hidserv.exe on your computer, you have been infected and your computer is now running a hidden server that allows hackers to access your computer. Delete the file immediately. Please also pass this message to all your friends and colleagues as soon as possible."

You launch your antivirus software and scan the suspicious looking file hidserv.exe located in c:\windows directory and the AV comes out clean meaning the file is not infected. You view the file signature and confirm that it is a legitimate Windows system file "Human Interface Device Service".

What category of virus is this?

Options:

A.

Virus hoax

B.

Spooky Virus

C.

Stealth Virus

D.

Polymorphic Virus

Question 85

An attacker has successfully compromised a remote computer. Which of the following comes as one of the last steps that should be taken to ensure that the compromise cannot be traced back to the source of the problem?

Options:

A.

Install patches

B.

Setup a backdoor

C.

Install a zombie for DDOS

D.

Cover your tracks

Question 86

A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confusing in concluding the Operating System (OS) version installed. Considering the NMAP result below, which of the following is likely to be installed on the target machine by the OS?

Starting NMAP 5.21 at 2011-03-15 11:06

NMAP scan report for 172.16.40.65

Host is up (1.00s latency).

Not shown: 993 closed ports

PORT STATE SERVICE

21/tcp open ftp

23/tcp open telnet

80/tcp open http

139/tcp open netbios-ssn

515/tcp open

631/tcp open ipp

9100/tcp open

MAC Address: 00:00:48:0D:EE:89

Options:

A.

The host is likely a Windows machine.

B.

The host is likely a Linux machine.

C.

The host is likely a router.

D.

The host is likely a printer.

Question 87

A security consultant decides to use multiple layers of anti-virus defense, such as end user desktop anti-virus and E-mail gateway. This approach can be used to mitigate which kind of attack?

Options:

A.

Forensic attack

B.

ARP spoofing attack

C.

Social engineering attack

D.

Scanning attack

Question 88

A consultant has been hired by the V.P. of a large financial organization to assess the company's security posture. During the security testing, the consultant comes across child pornography on the V.P.'s computer. What is the consultant's obligation to the financial organization?

Options:

A.

Say nothing and continue with the security testing.

B.

Stop work immediately and contact the authorities.

C.

Delete the pornography, say nothing, and continue security testing.

D.

Bring the discovery to the financial organization's human resource department.

Question 89

The intrusion detection system at a software development company suddenly generates multiple alerts regarding attacks against the company's external webserver, VPN concentrator, and DNS servers. What should the security team do to determine which alerts to check first?

Options:

A.

Investigate based on the maintenance schedule of the affected systems.

B.

Investigate based on the service level agreements of the systems.

C.

Investigate based on the potential effect of the incident.

D.

Investigate based on the order that the alerts arrived in.

Question 90

Which of the following is an advantage of utilizing security testing methodologies to conduct a security audit?

Options:

A.

They provide a repeatable framework.

B.

Anyone can run the command line scripts.

C.

They are available at low cost.

D.

They are subject to government regulation.

Question 91

Which of the following is an example of two factor authentication?

Options:

A.

PIN Number and Birth Date

B.

Username and Password

C.

Digital Certificate and Hardware Token

D.

Fingerprint and Smartcard ID

Question 92

A security policy will be more accepted by employees if it is consistent and has the support of

Options:

A.

coworkers.

B.

executive management.

C.

the security officer.

D.

a supervisor.

Question 93

Which of the following is an application that requires a host application for replication?

Options:

A.

Micro

B.

Worm

C.

Trojan

D.

Virus

Question 94

Which of the following processes of PKI (Public Key Infrastructure) ensures that a trust relationship exists and that a certificate is still valid for specific operations?

Options:

A.

Certificate issuance

B.

Certificate validation

C.

Certificate cryptography

D.

Certificate revocation

Question 95

How can a rootkit bypass Windows 7 operating system’s kernel mode, code signing policy?

Options:

A.

Defeating the scanner from detecting any code change at the kernel

B.

Replacing patch system calls with its own version that hides the rootkit (attacker's) actions

C.

Performing common services for the application process and replacing real applications with fake ones

D.

Attaching itself to the master boot record in a hard drive and changing the machine's boot sequence/options

Question 96

What is the purpose of conducting security assessments on network resources?

Options:

A.

Documentation

B.

Validation

C.

Implementation

D.

Management

Question 97

Which tool can be used to silently copy files from USB devices?

Options:

A.

USB Grabber

B.

USB Dumper

C.

USB Sniffer

D.

USB Snoopy

Question 98

Which of the following is an example of IP spoofing?

Options:

A.

SQL injections

B.

Man-in-the-middle

C.

Cross-site scripting

D.

ARP poisoning

Question 99

How can telnet be used to fingerprint a web server?

Options:

A.

telnet webserverAddress 80

HEAD / HTTP/1.0

B.

telnet webserverAddress 80

PUT / HTTP/1.0

C.

telnet webserverAddress 80

HEAD / HTTP/2.0

D.

telnet webserverAddress 80

PUT / HTTP/2.0

Question 100

An engineer is learning to write exploits in C++ and is using the exploit tool Backtrack. The engineer wants to compile the newest C++ exploit and name it calc.exe. Which command would the engineer use to accomplish this?

Options:

A.

g++ hackersExploit.cpp -o calc.exe

B.

g++ hackersExploit.py -o calc.exe

C.

g++ -i hackersExploit.pl -o calc.exe

D.

g++ --compile –i hackersExploit.cpp -o calc.exe

Question 101

Which results will be returned with the following Google search query?

site:target.com -site:Marketing.target.com accounting

Options:

A.

Results matching all words in the query

B.

Results matching “accounting” in domain target.com but not on the site Marketing.target.com

C.

Results from matches on the site marketing.target.com that are in the domain target.com but do not include the word accounting

D.

Results for matches on target.com and Marketing.target.com that include the word “accounting”

Question 102

Bluetooth uses which digital modulation technique to exchange information between paired devices?

Options:

A.

PSK (phase-shift keying)

B.

FSK (frequency-shift keying)

C.

ASK (amplitude-shift keying)

D.

QAM (quadrature amplitude modulation)

Question 103

A file integrity program such as Tripwire protects against Trojan horse attacks by:

Options:

A.

Automatically deleting Trojan horse programs

B.

Rejecting packets generated by Trojan horse programs

C.

Using programming hooks to inform the kernel of Trojan horse behavior

D.

Helping you catch unexpected changes to a system utility file that might indicate it had been replaced by a Trojan horse

Question 104

What file system vulnerability does the following command take advantage of?

type c:\anyfile.exe > c:\winnt\system32\calc.exe:anyfile.exe

Options:

A.

HFS

B.

ADS

C.

NTFS

D.

Backdoor access

Question 105

A user on your Windows 2000 network has discovered that he can use L0phtcrack to sniff the SMB exchanges which carry user logons. The user is plugged into a hub with 23 other systems. However, he is unable to capture any logons though he knows that other users are logging in.

What do you think is the most likely reason behind this?

Options:

A.

There is a NIDS present on that segment.

B.

Kerberos is preventing it.

C.

Windows logons cannot be sniffed.

D.

L0phtcrack only sniffs logons to web servers.

Question 106

When discussing passwords, what is considered a brute force attack?

Options:

A.

You attempt every single possibility until you exhaust all possible combinations or discover the password

B.

You threaten to use the rubber hose on someone unless they reveal their password

C.

You load a dictionary of words into your cracking program

D.

You create hashes of a large number of words and compare it with the encrypted passwords

E.

You wait until the password expires

Question 107

Which of the following represents the initial two commands that an IRC client sends to join an IRC network?

Options:

A.

USER, NICK

B.

LOGIN, NICK

C.

USER, PASS

D.

LOGIN, USER

Question 108

Susan has attached to her company’s network. She has managed to synchronize her boss’s sessions with that of the file server. She then intercepted his traffic destined for the server, changed it the way she wanted to and then placed it on the server in his home directory. What kind of attack is Susan carrying on?

Options:

A.

A sniffing attack

B.

A spoofing attack

C.

A man in the middle attack

D.

A denial of service attack

Question 109

Windows LAN Manager (LM) hashes are known to be weak. Which of the following are known weaknesses of LM? (Choose three)

Options:

A.

Converts passwords to uppercase.

B.

Hashes are sent in clear text over the network.

C.

Makes use of only 32 bit encryption.

D.

Effective length is 7 characters.

Question 110

If a token and 4-digit personal identification number (PIN) are used to access a computer system and the token performs off-line checking for the correct PIN, what type of attack is possible?

Options:

A.

Birthday

B.

Brute force

C.

Man-in-the-middle

D.

Smurf

Question 111

How can you determine if an LM hash you extracted contains a password that is less than 8 characters long?

Options:

A.

There is no way to tell because a hash cannot be reversed

B.

The right most portion of the hash is always the same

C.

The hash always starts with AB923D

D.

The left most portion of the hash is always the same

E.

A portion of the hash will be all 0's

Question 112

After an attacker has successfully compromised a remote computer, what would be one of the last steps that would be taken to ensure that the compromise is not traced back to the source of the problem?

Options:

A.

Install pactehs

B.

Setup a backdoor

C.

Cover your tracks

D.

Install a zombie for DDOS

Question 113

Exhibit:

You have captured some packets in Ethereal. You want to view only packets sent from 10.0.0.22. What filter will you apply?

Options:

A.

ip = 10.0.0.22

B.

ip.src == 10.0.0.22

C.

ip.equals 10.0.0.22

D.

ip.address = 10.0.0.22

Question 114

What ports should be blocked on the firewall to prevent NetBIOS traffic from not coming through the firewall if your network is comprised of Windows NT, 2000, and XP?(Choose all that apply.

Options:

A.

110

B.

135

C.

139

D.

161

E.

445

F.

1024

Question 115

Which one of the following instigates a SYN flood attack?

Options:

A.

Generating excessive broadcast packets.

B.

Creating a high number of half-open connections.

C.

Inserting repetitive Internet Relay Chat (IRC) messages.

D.

A large number of Internet Control Message Protocol (ICMP) traces.

Question 116

_________ is a tool that can hide processes from the process list, can hide files, registry entries, and intercept keystrokes.

Options:

A.

Trojan

B.

RootKit

C.

DoS tool

D.

Scanner

E.

Backdoor

Question 117

What is a NULL scan?

Options:

A.

A scan in which all flags are turned off

B.

A scan in which certain flags are off

C.

A scan in which all flags are on

D.

A scan in which the packet size is set to zero

E.

A scan with a illegal packet size

Question 118

Which definition among those given below best describes a covert channel?

Options:

A.

A server program using a port that is not well known.

B.

Making use of a protocol in a way it is not intended to be used.

C.

It is the multiplexing taking place on a communication link.

D.

It is one of the weak channels used by WEP which makes it insecure.

Question 119

Jason's Web server was attacked by a trojan virus. He runs protocol analyzer and notices that the trojan communicates to a remote server on the Internet. Shown below is the standard "hexdump" representation of the network packet, before being decoded. Jason wants to identify the trojan by looking at the destination port number and mapping to a trojan-port number database on the Internet. Identify the remote server's port number by decoding the packet?

Options:

A.

Port 1890 (Net-Devil Trojan)

B.

Port 1786 (Net-Devil Trojan)

C.

Port 1909 (Net-Devil Trojan)

D.

Port 6667 (Net-Devil Trojan)

Question 120

____________ will let you assume a users identity at a dynamically generated web page or site.

Options:

A.

SQL attack

B.

Injection attack

C.

Cross site scripting

D.

The shell attack

E.

Winzapper

Question 121

Why do you need to capture five to ten million packets in order to crack WEP with AirSnort?

Options:

A.

All IVs are vulnerable to attack

B.

Air Snort uses a cache of packets

C.

Air Snort implements the FMS attack and only encrypted packets are counted

D.

A majority of weak IVs transmitted by access points and wireless cards are not filtered by contemporary wireless manufacturers

Question 122

In order to attack a wireless network, you put up an access point and override the signal of the real access point. As users send authentication data, you are able to capture it. What kind of attack is this?

Options:

A.

Rouge access point attack

B.

Unauthorized access point attack

C.

War Chalking

D.

WEP attack

Question 123

In order to attack a wireless network, you put up an access point and override the signal of the real access point. As users send authentication data, you are able to capture it. What kind of attack is this?

Options:

A.

WEP attack

B.

Drive by hacking

C.

Rogue access point attack

D.

Unauthorized access point attack

Question 124

Sandra is conducting a penetration test for XYZ.com. She knows that XYZ.com is using wireless networking for some of the offices in the building right down the street. Through social engineering she discovers that they are using 802.11g. Sandra knows that 802.11g uses the same 2.4GHz frequency range as 802.11b. Using NetStumbler and her 802.11b wireless NIC, Sandra drives over to the building to map the wireless networks. However, even though she repositions herself around the building several times, Sandra is not able to detect a single AP.

What do you think is the reason behind this?

Options:

A.

Netstumbler does not work against 802.11g.

B.

You can only pick up 802.11g signals with 802.11a wireless cards.

C.

The access points probably have WEP enabled so they cannot be detected.

D.

The access points probably have disabled broadcasting of the SSID so they cannot be detected.

E.

802.11g uses OFDM while 802.11b uses DSSS so despite the same frequency and 802.11b card cannot see an 802.11g signal.

F.

Sandra must be doing something wrong, as there is no reason for her to not see the signals.

Question 125

Clive is conducting a pen-test and has just port scanned a system on the network. He has identified the operating system as Linux and been able to elicit responses from ports 23, 25 and 53. He infers port 23 as running Telnet service, port 25 as running SMTP service and port 53 as running DNS service. The client confirms these findings and attests to the current availability of the services. When he tries to telnet to port 23 or 25, he gets a blank screen in response. On typing other commands, he sees only blank spaces or underscores symbols on the screen. What are you most likely to infer from this?

Options:

A.

The services are protected by TCP wrappers

B.

There is a honeypot running on the scanned machine

C.

An attacker has replaced the services with trojaned ones

D.

This indicates that the telnet and SMTP server have crashed

Question 126

Which of the following buffer overflow exploits are related to Microsoft IIS web server? (Choose three)

Options:

A.

Internet Printing Protocol (IPP) buffer overflow

B.

Code Red Worm

C.

Indexing services ISAPI extension buffer overflow

D.

NeXT buffer overflow

Question 127

In an attempt to secure his wireless network, Bob turns off broadcasting of the SSID. He concludes that since his access points require the client computer to have the proper SSID, it would prevent others from connecting to the wireless network. Unfortunately unauthorized users are still able to connect to the wireless network.

Why do you think this is possible?

Options:

A.

Bob forgot to turn off DHCP.

B.

All access points are shipped with a default SSID.

C.

The SSID is still sent inside both client and AP packets.

D.

Bob’s solution only works in ad-hoc mode.

Question 128

Windump is the windows port of the famous TCPDump packet sniffer available on a variety of platforms. In order to use this tool on the Windows platform you must install a packet capture library.

What is the name of this library?

Options:

A.

NTPCAP

B.

LibPCAP

C.

WinPCAP

D.

PCAP

Question 129

Which of the following is one of the key features found in a worm but not seen in a virus?

Options:

A.

The payload is very small, usually below 800 bytes.

B.

It is self replicating without need for user intervention.

C.

It does not have the ability to propagate on its own.

D.

All of them cannot be detected by virus scanners.

Question 130

Peter is a Network Admin. He is concerned that his network is vulnerable to a smurf attack. What should Peter do to prevent a smurf attack?

Select the best answer.

Options:

A.

He should disable unicast on all routers

B.

Disable multicast on the router

C.

Turn off fragmentation on his router

D.

Make sure all anti-virus protection is updated on all systems

E.

Make sure his router won't take a directed broadcast

Question 131

Which of the following statements best describes the term Vulnerability?

Options:

A.

A weakness or error that can lead to a compromise

B.

An agent that has the potential to take advantage of a weakness

C.

An action or event that might prejudice security

D.

The loss potential of a threat.

Page: 1 / 33
Total 878 questions